Category: Privacy & Security
-
User Perceptions of Smart Home Internet of Things (IoT) Privacy
by Noah Apthorpe This post summarizes a research paper, authored by Serena Zheng, Noah Apthorpe, Marshini Chetty, and Nick Feamster from Princeton University, which is available here. The paper will be presented at the ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW) on November 6, 2018. Smart home Internet of Things (IoT) devices…
-
Disaster Information Flows: A Privacy Disaster?
By Madelyn R. Sanfilippo and Yan Shvartzshnaider Last week, the test of the Presidential Alert system, which many objected to on partisan grounds, brought the Wireless Emergency Alert system (WEA) into renewed public scrutiny. WEA, which distributes mobile push notifications about various emergencies, crises, natural disasters, and amber alerts based on geographic relevance, became operational…
-
Building Respectful Products using Crypto: Lea Kissner at CITP
How can we build respect into products and systems? What role does cryptography play in respectful design? Speaking today at CITP is Lea Kissner (@LeaKissner), global lead of Privacy Technology at Google. Lea has spent the last 11 years designing and building security and privacy for Google projects from the grittiest layers of infrastructure to…
-
PrivaCI Challenge: Context Matters
by Yan Shvartzshnaider and Marshini Chetty In this post, we describe the Privacy through Contextual Integrity (PrivaCI) challenge that took place as part of the symposium on applications of contextual integrity sponsored by Center for Information Technology Policy and Digital Life Initiative at Princeton University. We summarize the key takeaways from the unfolded discussion. We welcome…
-
How can we scale private, smart contracts? Ed Felten on Arbitrum
Smart contracts are powerful virtual referees for holding money and carrying out agreed-on procedures in cases of disputes, but they can’t guarantee privacy and have strict scalability limitations. How can we improve on these constraints? Here at the Center for IT Policy, it’s the first event of our weekly Tuesday lunch series. Speaking today is…
-
Thoughts on California’s Proposed Connected Device Privacy Bill (SB-327)
This post was authored by Noah Apthorpe. On September 6, 2018, the California Legislature presented draft legislation to Governor Brown regarding security and authentication of Internet-connected devices. This legislation would extend California’s existing reasonable data security requirement—which already applies to online services—to Internet-connected devices. The intention of this legislation to prevent default passwords and…
-
Privacy, ethics, and data access: A case study of the Fragile Families Challenge
This blog post summarizes a paper describing the privacy and ethics process by which we organized the Fragile Families Challenge. The paper will appear in a special issue of the journal Socius. Academic researchers, companies, and governments holding data face a fundamental tension between risk to respondents and benefits to science. On one hand, these…
-
What Are Machine Learning Models Hiding?
Machine learning is eating the world. The abundance of training data has helped ML achieve amazing results for object recognition, natural language processing, predictive analytics, and all manner of other tasks. Much of this training data is very sensitive, including personal photos, search queries, location traces, and health-care records. In a recent series of papers,…
-
Demystifying The Dark Web: Peeling Back the Layers of Tor’s Onion Services
by Philipp Winter, Annie Edmundson, Laura Roberts, Agnieskza Dutkowska-Żuk, Marshini Chetty, and Nick Feamster Want to find US military drone data leaks online? Frolick in a fraudster’s paradise for people’s personal information? Or crawl through the criminal underbelly of the Internet? These are the images that come to most when they think of the dark…
-
Internet of Things in Context: Discovering Privacy Norms with Scalable Surveys
by Noah Apthorpe, Yan Shvartzshnaider, Arunesh Mathur, Nick Feamster Privacy concerns surrounding disruptive technologies such as the Internet of Things (and, in particular, connected smart home devices) have been prevalent in public discourse, with privacy violations from these devices occurring frequently. As these new technologies challenge existing societal norms, determining the bounds of “acceptable” information handling…
-
Against privacy defeatism: why browsers can still stop fingerprinting
In this post I’ll discuss how a landmark piece of privacy research was widely misinterpreted, how this misinterpretation deterred the development of privacy technologies rather than spurring it, how a recent paper set the record straight, and what we can learn from all this. The research in question is about browser fingerprinting. Because of differences…
-
Fast Web-based Attacks to Discover and Control IoT Devices
By Gunes Acar, Danny Y. Huang, Frank Li, Arvind Narayanan, and Nick Feamster Two web-based attacks against IoT devices made the rounds this week. Researchers Craig Young and Brannon Dorsey showed that a well known attack technique called “DNS rebinding” can be used to control your smart thermostat, detect your home address or extract unique…