On purpose and by necessity: compliance under the GDPR

March 21, 2018March 17, 2018 ~ adriancolyer ~ 5 Comments

On purpose and by necessity: compliance under the GDPR Basin et al., FC'18 A year ago it seemed like hardly anyone in a technical role had heard of GDPR. Now it seems to be front of mind for everyone! Not surprising perhaps, as it comes into force on the 25th May this year. In today’s … Continue reading On purpose and by necessity: compliance under the GDPR

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

March 7, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations Andreou et al., NDSS’18 Let me start out by saying that I think it’s good Facebook are making an effort to provide more transparency to advertising. It’s good that Twitter announced they will do something similar too. It’s a shame though that … Continue reading Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

Bug fixes, improvements, … and privacy leaks

March 6, 2018March 4, 2018 ~ adriancolyer

Bug fixes, improvements, ... and privacy leaks. A longitudinal study of PII leaks across Android app versions Ren et al., NDSS’18 It’s another cut of similar data today, but this time looking at how privacy information is leaked over time in different versions of an (Android mobile) app. You probably don’t need to read the … Continue reading Bug fixes, improvements, … and privacy leaks

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

March 5, 2018March 4, 2018 ~ adriancolyer ~ 2 Comments

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem Razaghpanah et al., NDSS’18 Sadly you probably won’t be surprised to learn that this study reveals user tracking is widespread within the mobile app (Android) ecosystem. The focus is on third-party services included in apps, identified by the network domains they try … Continue reading Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

DStress: Efficient differentially private computations on distributed data

June 1, 2017May 28, 2017 ~ adriancolyer ~ 3 Comments

DStress: Efficient differentially private computations on distributed data Papadimitriou et al., EuroSys'17 Regulators would like to assess and manage the systemic risk in the banking system - for example, the likelihood that a few initial bankruptcies could cause a failure cascade. In theory, it would be possible to quantify the risk of such a cascading … Continue reading DStress: Efficient differentially private computations on distributed data

Trajectory recovery from Ash: User privacy is NOT preserved in aggregated mobility data

May 15, 2017May 13, 2017 ~ adriancolyer ~ 11 Comments

Trajectory recovery from Ash: User privacy is NOT preserved in aggregated mobility data Xu et al., WWW'17 Borrowing a little from Simon Wardley's marvellous Enterprise IT Adoption Cycle, here's roughly how my understanding progressed as I read through this paper: Huh? What? How? Nooooo, Oh No, Oh s*@\#! Xu et al. show us that even … Continue reading Trajectory recovery from Ash: User privacy is NOT preserved in aggregated mobility data

Semi-supervised knowledge transfer for deep learning from private training data

May 9, 2017May 6, 2017 ~ adriancolyer ~ 1 Comment

Semi-supervised knowledge transfer for deep learning from private training data Papernot et al., ICLR'17 How can you build deep learning models that are trained on sensitive data (e.g., concerning individuals), and be confident to deploy those models in the wild knowing that they won't leak any information about the individuals in the training set? As … Continue reading Semi-supervised knowledge transfer for deep learning from private training data

If you can’t beat them, join them: a usability approach to interdependent privacy in cloud apps

April 4, 2017March 29, 2017 ~ adriancolyer ~ 2 Comments

If you can't beat them, join them: a usability approach to interdependent privacy in cloud apps Harkous & Aberer, CODASPY '17 I'm quite used to thinking carefully about permissions before installing a Chrome browser extensions (they all seem to want permission to see absolutely everything - no thank you!). A similar issue comes up with … Continue reading If you can’t beat them, join them: a usability approach to interdependent privacy in cloud apps

Zerocash: Decentralized anonymous payments from Bitcoin

February 21, 2017July 31, 2017 ~ adriancolyer ~ 3 Comments

Zerocash: Decentralized anonymous payments from Bitcoin Ben-Sasson et al., 2014 Yesterday we saw that de-anonymising techniques can learn a lot about the true identities of participants in Bitcoin transactions. Ben-Sasson et al. point out that given this, Bitcoin could be considered significantly less private than traditional schemes: While users may employ many identities (or pseudonyms) … Continue reading Zerocash: Decentralized anonymous payments from Bitcoin

A fistful of Bitcoins: Characterizing payments among men with no names

February 20, 2017July 31, 2017 ~ adriancolyer ~ 13 Comments

A fistful of bitcoins: characterizing payments among men with no names Meiklejohn et al., USENIX ;login: 2013 This week we're going to be looking at the five papers from the ACM Queue Research for Practice selections on 'Cryptocurrencies, Blockchains, and Smart Contracts.' These papers are chosen by Arvind Narayanan and Andrew Miller, co-authors of the … Continue reading A fistful of Bitcoins: Characterizing payments among men with no names