GULYÁS, Gábor György, Ph.D.


Using privacy enhancing technologies properly

2013-10-16 | Gabor

Back to the archives

Beside many privacy infringing products and services, there are also a great variety of privacy enhancing tools to choose from. However, we need to pay attention to maintain a strong level of privacy in the long run.

The role of awareness: be a rational consumer

Although many privacy infringements are related to technology, the underlying issue is not a technical one. As time passes, new security flaws can emerge, the given technology can be aged for the purposes it was created for, or circumvented somehow. Thus, considering technical utilities alone is not enough, and in order to maintain privacy, the control should remain in our hands. (Besides, privacy is rather like a team game: we should always raise awareness of others.)

The first step towards this goal is being a rational consumer. Before using a new service (or product) we should think over why is it good for us and how safe our data would be with it. If we are uncertain, or there are seemingly unnecessary requests for information, we should use false information created for that single transaction (e.g., registration under a false name with disposable email). Later, we can still use valid data for a second transaction, but not the other way around.

We should also consider what we share publicly on the web – just remember how burglars used social media in order to find empty homes. However, seemingly private information should be given away with caution, too. Several recent academic attempts warn us that even anonymously published (or privately submitted) data can be easily re-identified by using auxiliary meta-data – so anything that gets out there should be reckoned as a possible target of deanonymization attacks. For example, researchers showed that 99% of users in the anonymous Netflix movie rating database can be deanonymized by using public votes from IMDb.

Regarding both government and commercial actions it is also recommended to avoid mass surveillance, as we don’t know for what reason and how the collected data will be used. Although both parties seem vastly powerful compared to the user, yet they have limited resources on tweaking their observation capabilities – making it possible to stay private.

Anonymity, identifiability and intermediate levels

Both anonymity and (personal) identifiability can be easily understood, but can be rarely achieved in practice – at most times, the anonymity level of the entity in question is somewhere in between these two. Loosely speaking, we could approximate the level of anonymity by considering the number of actions that can be associated with the entity.

Let’s take telephony as an example. In this case personal identifiability would mean having a postpaid subscription with a fixed number – all calls can be related to the owner person. In contrast, anonymity could be represented by the use of coin-operated telephone booths, where each transaction is individual, cannot be linked with others. Prepaid mobile phones and telephone cards represent intermediate levels of anonymity (and also vary in the degree of identifiability).

Therefore we can conclude if privacy is important, you should always start from anonymity. As it is always possible to reveal more information (allowing more linkability of your actions) than to make the system forget what it already knows about you. For example, if you surf the web anonymously, it is possible to come up with a new identity from time to time (e.g., to avoid being exploited by a given reseller). But if you use a regular browser, you can come up with arbitrary new identities, all will be associated together.

Misusing privacy-enhancing technologies

There are a few additional things to be taken into consideration while using PETs. One such thing is the anonymity paradox: be sure that your tool is used by a relatively large user base (large enough to be hidden). Furthermore, it is wiser preferring a professional solution instead home-brew compilations (e.g., using Tor Browser Bundle/JondoFox vs. customized Firefox). As in security, the strength of your PET is defined by the weakest point it has – a self-made configuration of PETs is more likely to be vulnerable that way. In some cases, auxiliary channels should also be considered as the weakest points; e.g., it doesn’t matter if someone is not disclosing anything on social networks if her friends do it instead (like tagging unregistered people on photos).

Unfortunately, even finding a good solution does not mean you can settle for a lifetime: technology will change, age, and different parties will find workarounds for wide-spread solutions. This is a typical cat-and-mouse game. On the web, advertising parties initially used tracking cookies to profile users. After a while users figured out to delete cookies regularly, then next the advertising industry shifted to Flash cookies, and lately started to move onto fingerprinting (for a similar reason). Therefore it is recommended to revise the technology in use from time to time, and change if necessary.

This post was originally written for the Tresorit Blog.

Tags: anonymity paradox, privacy-enhancing technologies, rationality, disposable email

Back to the archives

Blog tagcloud

CSP (1), Content-Security-Policy (1), ad industry (1), adblock (1), ads (1), advertising wars (1), amazon (1), announcement (1), anonymity (9), anonymity measure (2), anonymity paradox (3), anonymity set (1), boundary (1), bug (2), code (1), control (1), crawling (1), data privacy (1), data retention (1), data surveillance (1), de-anonymization (2), definition (1), demo (1), device fingerprint (2), device identifier (1), disposable email (1), ebook (1), el capitan (1), email privacy (1), encryption (1), end (1), extensions (1), fairness (1), false-beliefs (1), fingerprint (3), fingerprint blocking (1), fingerprinting (3), firefox (1), firegloves (1), font (1), future of privacy (2), google (1), google glass (1), home (1), hungarian keyboard layout (1), inkscape (1), interesting paper (1), internet measurement (1), keys (1), kmap (1), latex (1), location guard (1), location privacy (1), logins (1), mac (1), machine learning (3), neural networks (1), nsa (2), osx (2), paper (2), pet symposium (2), plot (1), price of privacy (1), prism (1), privacy (8), privacy enhancing technology (1), privacy-enhancing technologies (2), privacy-enhancing technology (1), profiling (2), projects (1), raising awareness (1), rationality (1), re-identification (1), simulation (1), social network (2), surveillance (2), tbb (1), thesis contest (1), tor (1), tracemail (1), tracking (12), tracking cookie (1), transparency (1), tresorit blog (4), uniqueness (3), visualization (1), web bug (3), web privacy (3), web security (1), web tracking (3), win (1), you are the product (1)

Gábor György Gulyás, PhD – © 2021 all rights reserved