With the advent of GPS and camera-equipped smartphones and the growing popularity of online social networks (OSNs), people interact with an increasing number of devices, services, and individuals, and in an unprecedented number of ways. Be it through the Web, mobile phones, or social media, in their daily activities, people produce increasing amounts of data, such as traces of their location over time, their social ties, their preferences, even their personal genome. And these data are traded in exchange for many services. Undoubtedly, much of the data that is made available very often involves (and has privacy implications for) data subjects other than the individual who shares it online; and these individuals often have no control over the sharing decision, or might not even be aware of the fact that the data was made available. Sadly, grasping the extent of where and how this data, which is often held by corporations, is and could be used is a massive challenge. The consequences of this sharing can often be very dramatic, even when there is no malicious intent from the individual who shared the data. Another aspect of the problem is that people’s opinions on the topic of privacy differ and their awareness regarding privacy threats is also variable and often insufficient.
At LCA1, we have investigated interdependent privacy issues, notably in online social networks and mobile applications. We have exposed new privacy challenges that stem from the natural interdependencies in the data shared by individuals and have shown that privacy is now part of the interpersonal realm. Specifically, we have shown how from the genomic data that our relatives share on dedicated online platforms, our own genomic code can be inferred and how co-locations (potentially shared by others) can be effectively used by an adversary to better localize users. We have also analysed how users’ divergent behaviors can affect the global privacy of OSN users, and we have identified the driving factors of their decisions to share location and co-location information. Furthermore, we have proposed mechanisms to be implemented by service providers – notably in the case of sharing of photos online: These mechanisms mitigate the privacy threats caused by others’ sharing decisions, by improving users’ awareness, and by giving them the option to control whether to permit the data to be shared, as a pre-emptive step to its misuse.
A. M. Olteanu, “Interdependent and Multi-Subject Privacy: Threats, Analysis and Protection.” 2019.
M. Humbert, “When Others Impinge upon Your Privacy Interdependent Risks and Protection in a Connected World.”, DOI: 10.5075/epfl-thesis-6515, 2015.
- A. M. Olteanu, M. Humbert, K. Huguenin, and J.-P. Hubaux. The (Co)-Location Sharing Game. In 19th Privacy Enhancing Technologies Symposium (PoPETs), 2019.
- A.-M. Olteanu, K. Huguenin, I. Dacosta, and J.-P. Hubaux. Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2018. Media coverage
- A.-M. Olteanu, K. Huguenin, R. Shokri, M. Humbert, J.-P. Hubaux. Quantifying Interdependent Privacy Risks with Location Data. In IEEE Transactions on Mobile Computing (IEEE TMC), 2017.
- M. Humbert, E. Ayday, J.-P. Hubaux, and A. Telenti. Quantifying Interdependent Risks in Genomic Privacy. In ACM Transactions on Privacy and Security (ACM TOPS), 2017.
- M. Humbert, E. Ayday, J.-P. Hubaux, A. Telenti. On Non-cooperative Genomic Privacy. In 19th International Conference on Financial Cryptography and Data Security (FC), 2015.
- A.-M. Olteanu, K. Huguenin, R. Shokri and J.-P. Hubaux. Quantifying the Effect of Co-location Information on Location Privacy. In Proc. of the 14th Privacy Enhancing Technologies Symposium (PETS), Amsterdam, The Netherlands, 2014.
- N. Vratonjic, K. Huguenin, V. Bindschaedler and J.-P. Hubaux. A Location-Privacy Threat Stemming from the Use of Shared Public IP Addresses. In IEEE Transactions on Mobile Computing (IEEE TMC), vol. 13, 2014.
- Mathias Humbert, Erman Ayday, Jean-Pierre Hubaux, and Amalio Telenti. Addressing the Concerns of the Lacks Family: Quantification of Kin Genomic Privacy. In 20th ACM Conference on Computer and Communications Security (CCS), Berlin, Germany, 2013.
- M. Humbert, T. Studer, M. Grossglauser, J.-P. Hubaux. Nowhere to Hide: Navigating around Privacy in Online Social Networks. In 18th European Symposium on Research in Computer Security (ESORICS), 2013.
- I. Bilogrevic, K. Huguenin, M. Jadliwala, F. Lopez and J.-P. Hubaux. Inferring Social Ties in Academic Networks Using Short-Range Wireless Communications. In Proc. of the 12th ACM Workshop on Privacy in the Electronic Society (WPES), Berlin, Germany, 2013.
- N. Vratonjic, K. Huguenin, V. Bindschaedler and J.-P. Hubaux. How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots. In Proc. of the 13th Privacy Enhancing Technologies Symposium (PETS), Bloomington, IN, USA, 2013.
Sanitized privacy/benefits preference factors dataset (Facebook usage). This dataset contains survey participants’ responses to three questions used to quantify the relative benefits of sharing/viewing location and co-location information, and the associated relative costs in terms of location privacy. Specifically, we assessed the participants’ preferences regarding, respectively, (1) sharing vs. viewing posts with location information (i.e., check-in posts), (2) sharing posts with location information vs. sharing posts with colocation information, and (3) location privacy vs. benefits of sharing location information. We designed these survey questions by following a rigorous full-profile conjoint analysis approach. The datasets also contains general information about the participants’ Facebook general usage and location and co-location sharing on Facebook. The data was collected in early 2016, from 250 active Facebook users recruited via the Amazon Mechanical Turk platform, through an online survey. The survey participants were asked to rank by preference a number of scenarios in which posts were removed from Facebook (e.g., “two of your recent posts are kept and one of your friend’s recent posts is kept”, “none of your recent posts is kept and one of your friend’s recent posts is kept”). Preference factors can be extracted from the responses. Please e-mail firstname.lastname@example.org to obtain the dataset. The dataset is in the CSV File Format. Please cite the following article if you use our dataset in your research: