Watching you watch: the tracking system of over-the-top TV streaming devices

February 10, 2020February 5, 2020 ~ adriancolyer ~ 14 Comments

Watching you watch: the tracking ecosystem of over-the-top TV streaming devices, Moghaddam et al., CCS'19 The results from this paper are all too predictable: channels on Over-The-Top (OTT) streaming devices are insecure and riddled with privacy leaks. The authors quantify the scale of the problem, and note that users have even less viable defence mechanisms … Continue reading Watching you watch: the tracking system of over-the-top TV streaming devices

Towards multiverse databases

June 17, 2019June 13, 2019 ~ adriancolyer ~ 16 Comments

Towards multiverse databases Marzoev et al., HotOS'19 A typical backing store for a web application contains data for many users. The application makes queries on behalf of an authenticated user, but it is up to the application itself to make sure that the user only sees data they are entitled to see. Any frontend can … Continue reading Towards multiverse databases

Protecting user privacy: an approach for untraceable web browsing history and unambiguous user profiles

February 20, 2019February 14, 2019 ~ adriancolyer ~ 2 Comments

Protecting user privacy: an approach for untraceable web browsing history and unambiguous user profiles Beigi et al., WSDM'19 Maybe you’re reading this post online at The Morning Paper, and you came here by clicking a link in your Twitter feed because you follow my paper write-up announcements there. It might even be that you fairly … Continue reading Protecting user privacy: an approach for untraceable web browsing history and unambiguous user profiles

An empirical analysis of anonymity in Zcash

September 14, 2018September 7, 2018 ~ adriancolyer

An empirical analysis of anonymity in Zcash Kappos et al., USENIX Security'18 As we’ve seen before, in practice Bitcoin offers little in the way of anonymity. Zcash on the other hand was carefully designed with privacy in mind. It offers strong theoretical guarantees concerning privacy. So in theory users of Zcash can remain anonymous. In … Continue reading An empirical analysis of anonymity in Zcash

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes

September 7, 2018September 6, 2018 ~ adriancolyer ~ 3 Comments

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes Cabañas et al., USENIX Security 2018 Earlier this week we saw how the determined can still bypass most browser and tracker-blocking extension protections to track users around the web. Today’s paper is a great example of why you should care about that. Cabañas … Continue reading Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes

Oblix: an efficient oblivious search index

July 6, 2018July 5, 2018 ~ adriancolyer ~ 9 Comments

Oblix: an efficient oblivious search index Mishra et al., IEEE Security & Privacy 2018 Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is … Continue reading Oblix: an efficient oblivious search index

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

July 3, 2018July 1, 2018 ~ adriancolyer ~ 6 Comments

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018 This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII. Specifically, we show how the adversary can … Continue reading Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

PrivacyGuide: towards an implementation of the EU GDPR on Internet privacy policy evaluation

April 16, 2018April 15, 2018 ~ adriancolyer ~ 9 Comments

PrivacyGuide: Towards an implementation of the EU GDPR on Internet privacy policy evaluation Tesfay et al., IWSPA'18 (Note: the above link takes you to the ACM Digital Library, where the paper should be accessible when accessed from the blog site. If you’re reading this via the email subscription and don’t have ACM DL access, please … Continue reading PrivacyGuide: towards an implementation of the EU GDPR on Internet privacy policy evaluation

Information flow reveals prediction limits in online social activity

March 26, 2018March 24, 2018 ~ adriancolyer ~ 4 Comments

Information flow reveals prediction limits in online social activity Bagrow et al., arVix 2017 If I know your friends, then I know a lot about you! Suppose you don’t personally use a given app/service, and so the provider doesn’t have data on you directly. However, many of your friends do use the app/service, and there’s … Continue reading Information flow reveals prediction limits in online social activity

Three years of the Right To Be Forgotten

March 22, 2018March 17, 2018 ~ adriancolyer

Three years of the Right To Be Forgotten Bertram et al., 2018 With thanks to Elie Bursztein for bringing this paper to my attention. See also Elie’s blog post ‘Insights about the first three years of the Right To Be Forgotten requests at Google.’ Following on from the GDPR we looked at yesterday, and which … Continue reading Three years of the Right To Be Forgotten