On purpose and by necessity: compliance under the GDPR

March 21, 2018 ~ Adrian Colyer ~ 5 Comments

On purpose and by necessity: compliance under the GDPR Basin et al., FC'18 A year ago it seemed like hardly anyone in a technical role had heard of GDPR. Now it seems to be front of mind for everyone! Not surprising perhaps, as it comes into force on the 25th May this year. In today’s ... Continue Reading

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations

March 7, 2018 ~ Adrian Colyer ~ 2 Comments

Investigating ad transparency mechanisms in social media: a case study of Facebook’s explanations Andreou et al., NDSS’18 Let me start out by saying that I think it’s good Facebook are making an effort to provide more transparency to advertising. It’s good that Twitter announced they will do something similar too. It’s a shame though that ... Continue Reading

Bug fixes, improvements, … and privacy leaks

March 6, 2018 ~ Adrian Colyer ~ Leave a comment

Bug fixes, improvements, ... and privacy leaks. A longitudinal study of PII leaks across Android app versions Ren et al., NDSS’18 It’s another cut of similar data today, but this time looking at how privacy information is leaked over time in different versions of an (Android mobile) app. You probably don’t need to read the ... Continue Reading

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem

March 5, 2018 ~ Adrian Colyer ~ 2 Comments

Apps, trackers, privacy, and regulators: a global study of the mobile tracking ecosystem Razaghpanah et al., NDSS’18 Sadly you probably won’t be surprised to learn that this study reveals user tracking is widespread within the mobile app (Android) ecosystem. The focus is on third-party services included in apps, identified by the network domains they try ... Continue Reading

DStress: Efficient differentially private computations on distributed data

June 1, 2017 ~ Adrian Colyer ~ 3 Comments

DStress: Efficient differentially private computations on distributed data Papadimitriou et al., EuroSys'17 Regulators would like to assess and manage the systemic risk in the banking system - for example, the likelihood that a few initial bankruptcies could cause a failure cascade. In theory, it would be possible to quantify the risk of such a cascading ... Continue Reading

Trajectory recovery from Ash: User privacy is NOT preserved in aggregated mobility data

May 15, 2017 ~ Adrian Colyer ~ 11 Comments

Trajectory recovery from Ash: User privacy is NOT preserved in aggregated mobility data Xu et al., WWW'17 Borrowing a little from Simon Wardley's marvellous Enterprise IT Adoption Cycle, here's roughly how my understanding progressed as I read through this paper: Huh? What? How? Nooooo, Oh No, Oh s*@\#! Xu et al. show us that even ... Continue Reading

Semi-supervised knowledge transfer for deep learning from private training data

May 9, 2017November 11, 2019 ~ Adrian Colyer ~ 1 Comment

Semi-supervised knowledge transfer for deep learning from private training data Papernot et al., ICLR'17 How can you build deep learning models that are trained on sensitive data (e.g., concerning individuals), and be confident to deploy those models in the wild knowing that they won't leak any information about the individuals in the training set? As ... Continue Reading

If you can’t beat them, join them: a usability approach to interdependent privacy in cloud apps

April 4, 2017November 11, 2019 ~ Adrian Colyer ~ 2 Comments

If you can't beat them, join them: a usability approach to interdependent privacy in cloud apps Harkous & Aberer, CODASPY '17 I'm quite used to thinking carefully about permissions before installing a Chrome browser extensions (they all seem to want permission to see absolutely everything - no thank you!). A similar issue comes up with ... Continue Reading

Zerocash: Decentralized anonymous payments from Bitcoin

February 21, 2017November 11, 2019 ~ Adrian Colyer ~ 3 Comments

Zerocash: Decentralized anonymous payments from Bitcoin Ben-Sasson et al., 2014 Yesterday we saw that de-anonymising techniques can learn a lot about the true identities of participants in Bitcoin transactions. Ben-Sasson et al. point out that given this, Bitcoin could be considered significantly less private than traditional schemes: While users may employ many identities (or pseudonyms) ... Continue Reading

A fistful of Bitcoins: Characterizing payments among men with no names

February 20, 2017November 11, 2019 ~ Adrian Colyer ~ 13 Comments

A fistful of bitcoins: characterizing payments among men with no names Meiklejohn et al., USENIX ;login: 2013 This week we're going to be looking at the five papers from the ACM Queue Research for Practice selections on 'Cryptocurrencies, Blockchains, and Smart Contracts.' These papers are chosen by Arvind Narayanan and Andrew Miller, co-authors of the ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Privacy