Watching you watch: the tracking system of over-the-top TV streaming devices

February 10, 2020May 25, 2020 ~ Adrian Colyer ~ 14 Comments

Watching you watch: the tracking ecosystem of over-the-top TV streaming devices, Moghaddam et al., CCS'19 The results from this paper are all too predictable: channels on Over-The-Top (OTT) streaming devices are insecure and riddled with privacy leaks. The authors quantify the scale of the problem, and note that users have even less viable defence mechanisms ... Continue Reading

Towards multiverse databases

June 17, 2019May 25, 2020 ~ Adrian Colyer ~ 16 Comments

Towards multiverse databases Marzoev et al., HotOS'19 A typical backing store for a web application contains data for many users. The application makes queries on behalf of an authenticated user, but it is up to the application itself to make sure that the user only sees data they are entitled to see. Any frontend can ... Continue Reading

Protecting user privacy: an approach for untraceable web browsing history and unambiguous user profiles

February 20, 2019May 25, 2020 ~ Adrian Colyer ~ 2 Comments

Protecting user privacy: an approach for untraceable web browsing history and unambiguous user profiles Beigi et al., WSDM'19 Maybe you’re reading this post online at The Morning Paper, and you came here by clicking a link in your Twitter feed because you follow my paper write-up announcements there. It might even be that you fairly ... Continue Reading

An empirical analysis of anonymity in Zcash

September 14, 2018 ~ Adrian Colyer ~ Leave a comment

An empirical analysis of anonymity in Zcash Kappos et al., USENIX Security'18 As we’ve seen before, in practice Bitcoin offers little in the way of anonymity. Zcash on the other hand was carefully designed with privacy in mind. It offers strong theoretical guarantees concerning privacy. So in theory users of Zcash can remain anonymous. In ... Continue Reading

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes

September 7, 2018 ~ Adrian Colyer ~ 3 Comments

Unveiling and quantifying Facebook exploitation of sensitive personal data for advertising purposes Cabañas et al., USENIX Security 2018 Earlier this week we saw how the determined can still bypass most browser and tracker-blocking extension protections to track users around the web. Today’s paper is a great example of why you should care about that. Cabañas ... Continue Reading

Oblix: an efficient oblivious search index

July 6, 2018 ~ Adrian Colyer ~ 9 Comments

Oblix: an efficient oblivious search index Mishra et al., IEEE Security & Privacy 2018 Unfortunately, many known schemes that enable search queries on encrypted data achieve efficiency at the expense of security, as they reveal access patterns to the encrypted data. In this paper we present Oblix, a search index for encrypted data that is ... Continue Reading

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface

July 3, 2018 ~ Adrian Colyer ~ 6 Comments

Privacy risks with Facebook’s PII-based targeting: auditing a data broker’s advertising interface Venkatadri et al., IEEE Security and Privacy 2018 This is one of those jaw-hits-the-floor, can’t quite believe what I’m reading papers. The authors describe an attack exploiting Facebook’s custom audience feature, that can leak your PII. Specifically, we show how the adversary can ... Continue Reading

PrivacyGuide: towards an implementation of the EU GDPR on Internet privacy policy evaluation

April 16, 2018 ~ Adrian Colyer ~ 9 Comments

PrivacyGuide: Towards an implementation of the EU GDPR on Internet privacy policy evaluation Tesfay et al., IWSPA'18 (Note: the above link takes you to the ACM Digital Library, where the paper should be accessible when accessed from the blog site. If you’re reading this via the email subscription and don’t have ACM DL access, please ... Continue Reading

Information flow reveals prediction limits in online social activity

March 26, 2018 ~ Adrian Colyer ~ 4 Comments

Information flow reveals prediction limits in online social activity Bagrow et al., arVix 2017 If I know your friends, then I know a lot about you! Suppose you don’t personally use a given app/service, and so the provider doesn’t have data on you directly. However, many of your friends do use the app/service, and there’s ... Continue Reading

Three years of the Right To Be Forgotten

March 22, 2018 ~ Adrian Colyer ~ Leave a comment

Three years of the Right To Be Forgotten Bertram et al., 2018 With thanks to Elie Bursztein for bringing this paper to my attention. See also Elie’s blog post ‘Insights about the first three years of the Right To Be Forgotten requests at Google.’ Following on from the GDPR we looked at yesterday, and which ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Privacy