Suchergebnisse

In recent times, we are witnessing an increasing concern by governments and intelligence agencies to deploy mass-surveillance systems that help them fight terrorism. In this paper, we conduct a formal analysis of the overall cost of such surveillance systems. Our analysis starts with a fairly-known result in statistics, namely, the false-positive paradox. We propose a quantitative measure of the total cost of a monitoring program, and study a detection system that is designed to minimize it, subject to a constraint in the number of terrorists the agency wishes to capture. In the absence of real, accurate behavioral models, we perform our analysis on the basis of several simple but insightful examples. With these examples, we illustrate the different parameters involved in the design of the detection system, and provide some indicative and representative figures of the cost of the monitoring program.

In recent times, we are witnessing an increasing concern by governments and intelligence agencies to deploy mass-surveillance systems that help them fight terrorism. In this paper, we conduct a formal analysis of the overall cost of such surveillance systems. Our analysis starts with a fairly-known result in statistics, namely, the false-positive paradox. We propose a quantitative measure of the total cost of a monitoring program, and study a detection system that is designed to minimize it, subject to a constraint in the number of terrorists the agency wishes to capture. In the absence of real, accurate behavioral models, we perform our analysis on the basis of several simple but insightful examples. With these examples, we illustrate the different parameters involved in the design of the detection system, and provide some indicative and representative figures of the cost of the monitoring program.

© . This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/ ; Identification and authentication (IA) are security procedures that are ubiquitous in our online life, and that constantly require disclosing personal, sensitive information to non-fully trusted service providers, or to fully trusted providers that unintentionally may fail to protect such information. Although user IA processes are extensively supported by heterogeneous software and hardware, the simultaneous protection of user privacy is an open problem. From a legal point of view, the European Union legislation requires protecting the processing of personal data and evaluating its impact on privacy throughout the whole IA procedure. Privacy Threat Analysis (PTA) is one of the pillars for the required Privacy Impact Assessment (PIA). Among the few existing approaches for conducting a PTA, LINDDUN is a very promising framework, although generic, in the sense that it has not been specifically conceived for IA. In this work, we investigate an extension of LINDDUN that allows performing a reliable and systematically-reproducible PTA of user IA processes, thereby contributing to one of the cornerstones of PIA. Specifically, we propose a high-level description of the IA verification process, which we illustrate with an UML use case. Then, we design an identification and authentication modelling framework, propose an extension of two critical steps of the LINDDUN scheme, and adapt and tailor the trust boundary concept applied in the original framework. Finally, we propose a systematic methodology aimed to help auditors apply the proposed improvements to the LINDDUN framework. ; The authors are thankful for the support through the research project "INRISCO", ref. TEC2014-54335-C4-1-R, "MAGOS", TEC2017-84197-C4-3-R, and the project "Sec-MCloud", ref. TIN2016-80250-R. J. Parra-Arnau is the recipient of a Juan de la Cierva postdoctoral fellowship, IJCI-2016–28239, from the Spanish Ministry of Economy and Competitiveness. J. Parra-Arnau is with the UNESCO Chair in Data Privacy, but the views in this paper are his own and are not necessarily shared by UNESCO. ; Peer Reviewed ; Postprint (author's final draft)

© 2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ; Within the online advertising ecosystem, viewability is defined as the metric that measures if an ad impression had the chance of being viewable by a potential consumer. Although this metric has been presented as a potential game-changer within the ad industry, it has not been fully adopted by the stakeholders, mainly due to disagreement between the different parties on the standards to implement and measure it, and its potential benefits and drawbacks. In this study, we present a survey of the role that viewability can have on the main challenges of the online advertising ecosystem depicting the main applications, benefits and issues. With this objective, we provide an overall picture of how viewability can fit within the ecosystem, which can help the different stakeholders to work on its adoption, integration and establishing a research agenda. ; This work was supported by the Plan de Doctorados Industriales de la Secretaría de Universidades e Investigación del Departamento de Empresa y Conocimiento de la Generalitat de Catalunya under the Grant 2018-DI-059 and by ExoClick. Furthermore, this work received support from the Fellowship through ''la Caixa'' Foundation under Grant ID100010434, from the European Union's Horizon 2020 Research and Innovation Program through Marie Skłodowska-Curie Grant under Agreement 847648, from the Fellowship under Grant CF/BQ/PR20/11770009, from the Spanish Ministry of Economy and Competitiveness through Juan de la Cierva Formación Program under Grant FJCI-2017-34926 and from the Spanish Government under Grant PID2020-113795RB-C31 ''COMPROMISE''. ; Peer Reviewed ; Postprint (published version)

In the scenario of social bookmarking, a user browsing the Web bookmarks web pages and assigns free-text labels (i.e., tags) to them according to their personal preferences. The benefits of social tagging are clear – tags enhance Web content browsing and search. However, since these tags may be publicly available to any Internet user, a privacy attacker may collect this information and extract an accurate snapshot of users' interests or user profiles, containing sensitive information, such as health-related information, political preferences, salary or religion. In order to hinder attackers in their efforts to profile users, this report focuses on the practical aspects of capturing user interests from their tagging activity. More accurately, we study how to categorise a collection of tags posted by users in one of the most popular bookmarking services, Delicious (http://delicious.com). ; Preprint

In the scenario of social bookmarking, a user browsing the Web bookmarks web pages and assigns free-text labels (i.e., tags) to them according to their personal preferences. The benefits of social tagging are clear – tags enhance Web content browsing and search. However, since these tags may be publicly available to any Internet user, a privacy attacker may collect this information and extract an accurate snapshot of users' interests or user profiles, containing sensitive information, such as health-related information, political preferences, salary or religion. In order to hinder attackers in their efforts to profile users, this report focuses on the practical aspects of capturing user interests from their tagging activity. More accurately, we study how to categorise a collection of tags posted by users in one of the most popular bookmarking services, Delicious (http://delicious.com). ; Preprint

© 2019 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ; Online tracking has become a great enabler of massive surveillance so it is now a critical vector for threatening the privacy of users. Despite the benefits of online tracking for personalized advertising, the complexity of the involved platforms makes it a threat for democracy. In this work, online tracking is measured in Ecuador, a country with a developing adoption of online advertising technologies, having the highest Internet penetration rate in Latin America, but lacking regulation for privacy. By finding out the third party connections triggered through the most popular Ecuadorian websites, the concentration of online tracking is measured in Ecuador. Its impact is also analyzed by studying some particularities in government websites, the usage of advanced mechanisms of tracking, and the adoption of transparency practices in advertising platforms. Our final aim is exposing potential privacy violations. ; This work was partly supported by the Spanish Ministry ofEconomy and Competitiveness (MINECO) through the project"MAGOS", ref. TEC2017-84197-C4-3-R. J. Parra-Arnau wassupported by the Spanish government under grant TIN2016-80250-R and by the Catalan government under grant 2017SGR 00705 and is currently the recipient of a Juan de la Ciervapostdoctoral fellowship, IJCI-2016-28239, from the SpanishMinistry of Economy and Competitiveness. ; Peer Reviewed ; Postprint (author's final draft)

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ; For a long time, the Internet and web technologies have supported a more fluid interaction between public institutions and citizens through e-government. With this spirit, several public services are being offered online. One of such services, though not a standard one, is transparency. Strongly encouraged by open-data initiatives, transparency is being marketed as a powerful mechanism to fight corruption. Leveraging communication technologies, societies are broadly adopting online transparency practices to give the general public more control over the scrutiny of state institutions. However, a neglected implementation of transparency may cause almost unlimited access to large amounts of information, a side effect we call hyper-transparency. Inevitably, serious privacy risks arise for the individuals in this context. In this work, we analyze the emergence of hyper-transparent practices in Ecuador, a country recently involved in a fierce attempt to offer free access to public information as a fundamental right enabled through e-government. Moreover, we systematically dissect the large amount of microdata released online by Ecuadorian public institutions. Accordingly, we also unveil here a scenario where sensitive information of public employees is openly released under transparency laws. After exposing potential privacy violations, we elaborate on some mechanisms aimed at protecting citizens from such violations ; Peer Reviewed ; Postprint (author's final draft)

© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. ; For a long time, the Internet and web technologies have supported a more fluid interaction between public institutions and citizens through e-government. With this spirit, several public services are being offered online. One of such services, though not a standard one, is transparency. Strongly encouraged by open-data initiatives, transparency is being marketed as a powerful mechanism to fight corruption. Leveraging communication technologies, societies are broadly adopting online transparency practices to give the general public more control over the scrutiny of state institutions. However, a neglected implementation of transparency may cause almost unlimited access to large amounts of information, a side effect we call hyper-transparency. Inevitably, serious privacy risks arise for the individuals in this context. In this work, we analyze the emergence of hyper-transparent practices in Ecuador, a country recently involved in a fierce attempt to offer free access to public information as a fundamental right enabled through e-government. Moreover, we systematically dissect the large amount of microdata released online by Ecuadorian public institutions. Accordingly, we also unveil here a scenario where sensitive information of public employees is openly released under transparency laws. After exposing potential privacy violations, we elaborate on some mechanisms aimed at protecting citizens from such violations ; Peer Reviewed ; Postprint (author's final draft)

This research work is part of J. Estrada-Jiménez's Ph.D. thesis ; The ability of the online marketing industry to track and pro le users' Web-browsing activity is what enables effective, tailored-made advertising services. The intrusiveness of these practices and the increasing invasiveness of digital advertising, however, have raised serious concerns regarding user privacy. Although the level of ubiquity of tracking and advertising has been investigated in top-world sites based in North America and Western Europe, the extent to which those practices are carried out in territories with less or no legal coverage in terms of data protection has not been studied so far. In this work, we present the rst detailed measurement of online tracking and advertising conducted to date in one of those regions, namely, Ibero-America, by analyzing local websites (e.g., education and government sites). In doing so, our measurement study aims to nd out how user location as well as the type of publisher may impact on tracking and advertising and thus user privacy. Lastly, our thorough, extensive analysis also explores whether differences are appreciated between Latin America and the EU with regard to the third-party tracking conducted from and towards the corresponding countries. ; This work was supported by the Spanish Ministerio de Economía y Competitividad (MINECO) through the project ``Secure SMArt Grid using Open Source Intelligence. Data Privacy and Reliable Communications (MAGOS)'', ref. TEC2017-84197-C4-3-R. The research was also supported by the La Caixa Foundation under Grant ID 100010434, in part by the European Union's Horizon 2020 Research and Innovation Programme through the Marie Sklodowska-Curie under Grant 847648, and in part by the Fellowship under Grant LCF/BQ/PR20/11770009. ; Peer Reviewed ; Postprint (published version)