Presentation at the Workshop on Privacy Indicators, as a part of the 12th Symposium on Usable Privacy and Security (SOUPS 2016). The paper is available here: https://infoscience.epfl.ch/record/218900 Video slides are available here: https://www.youtube.com/watch?v=1YK_SeoQ2q8 You can find more about my work on my personal website: http://hamzaharkous.com

1. Data-Driven
Hamza Harkous, Rameez Rahman, Karl Aberer
PrivacyIndicators
EPFL, Switzerland
WorkshoponPrivacyIndicators,SOUPS2016

2. 2
Permissionsin3rdPartyApps
Android
Facebook

3. 3
Permissionsin3rdPartyApps
Dropbox
11/26/2015 Request for Permission
AllowDeny
Pdf Merger would like to:
View and manage Google Drive files and folders that
you have opened or created with this app
View and manage the files in your Google Drive
By clicking Allow, you allow this app and Google to use your information in
accordance with their respective terms of service and privacy policies. You can
change this and other Account Permissions at any time.
GoogleDrive

4. 3
Permissionsin3rdPartyApps
Dropbox
AllowDeny
Pdf Merger would like to:
View and manage Google Drive files and folders that
you have opened or created with this app
View and manage the files in your Google Drive
By clicking Allow, you allow this app and Google to use your information in
accordance with their respective terms of service and privacy policies. You can
change this and other Account Permissions at any time.
GoogleDrive

5. 3
Permissionsin3rdPartyApps
Dropbox
AllowDeny
Pdf Merger would like to:
View and manage Google Drive files and folders that
you have opened or created with this app
View and manage the files in your Google Drive
By clicking Allow, you allow this app and Google to use your information in
accordance with their respective terms of service and privacy policies. You can
change this and other Account Permissions at any time.
GoogleDrive
Challenges
Onesizefitsall
Habituationeffects
Differentfromuserexpectations

6. 4
Data-DrivenPrivacyIndicators(DDPIS)
Dynamicindicatorsasafunctionofusers’data

7. 4
Data-DrivenPrivacyIndicators(DDPIS)
Dynamicindicatorsasafunctionofusers’data
Serviceproviderdeliversinsightsthathelpusersmakeprivacy-awaredecisions.

8. 5
Focuson3rdPartyCloudApps

9. 6
Your Files
CSPs
3rd
party apps
Files

10. 7
Problem1:
DealingwithAppOver-privilege

11. 8
DealingwithAppOver-privilege
64%of 3rd party apps request
more data than needed*
*H. Harkous, R. Rahman, B. Karlas, and K. Aberer.
"The Curious Case of the PDF Converter that Likes Mozart:
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps", PoPETs

12. ZIP Extractor wants to:
Current Interface
View your basic profile info
View your email address
View and manage Google Drive files and folders
that you have opened or created with this app.
View the files in your Google Drive
9
per-file access
full access

13. ZIP Extractor wants to:
View your basic profile info
View your email address
View and manage Google Drive files and folders
that you have opened or created with this app.
View the files in your Google Drive
obtain permissions it needs to function
obtain permissions it doesn't need
9

14. ZIP Extractor wants to:
View your basic profile info
View your email address
View and manage Google Drive files and folders
that you have opened or created with this app.
View the files in your Google Drive
obtain permissions it needs to function
obtain permissions it doesn't need
Labelling
9

15. 10privyseal.epfl.ch

16. Immediate
Insights
(examples)
from your
Data
1- Immediate Insights
10privyseal.epfl.ch

17. 11
They tell the app that you have the below image,
named ‘brithday21.jpg':
2- Immediate Insights1- Immediate Insights
privyseal.epfl.ch

18. 12
They tell the app that you have an image, named‘dinner.jpg’, which
was captured at this location:
2- Immediate Insights1- Immediate Insights
privyseal.epfl.ch

19. Far-reaching
Insights
from your
Data
2- Far-reaching Insights
13privyseal.epfl.ch

20. Far-reaching
Insights
from your
Data
2- Far-reaching Insights
13privyseal.epfl.ch

21. 14
…with Entities/Concepts/Topics
3- Far-reaching Insights2- Far-reaching Insights
privyseal.epfl.ch

22. 15
…Sentiments
3- Far-reaching Insights2- Far-reaching Insights
privyseal.epfl.ch

23. 16
…Top Collaborators
3- Far-reaching Insights2- Far-reaching Insights
privyseal.epfl.ch

24. 17
…Shared Interests
3- Far-reaching Insights2- Far-reaching Insights
privyseal.epfl.ch

25. 18
3- Far-reaching Insights
…Faces with Context
2- Far-reaching Insights
privyseal.epfl.ch

26. 19
3- Far-reaching Insights
…Faces on Map
2- Far-reaching Insights
privyseal.epfl.ch

27. 20
InefficacyofBaselinePermissions
16%
23%
39%
Baseline Immediate Far-reaching
AcceptanceLikelihood
(Percentageofuserswhowouldstillacceptover-privilegedapps)
• Onlineexperiment
• Actualuser’sdata
• 160participantsin3groups
• GLMMsforsignificancetests
*H. Harkous, R. Rahman, B. Karlas, and K. Aberer.
"The Curious Case of the PDF Converter that Likes Mozart:
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps", PoPETs

28. 21
ThePowerofRelationalInsights
<
They tell the app that you have the
below image, named ‘brithday21.jpg':
Acceptance
Likelihood

29. 22
ImpactofFaceRecognition
<Acceptance
Likelihood
8% 21%

30. 23
Problem2:
MinimizingInterdependentPrivacy

31. Company 1 Company 2 Company 3 Company 4 Company 5 Company 6
24

32. Company 1 Company 2 Company 3 Company 4 Company 5 Company 6
TooManyShareholders→
LargerAttackSurface
24

33. Company 1 Company 2 Company 3
25

34. Company 1 Company 2 Company 3
FewerShareholders→
BetterPrivacy
25

35. 26
History-basedInsights
Keep data with a minimum number of vendors
When possible, install apps from vendors that already have
access to your data, either directly or from collaborators.

36. 27
BaselinePermissionModel

37. 28
History-based(HB)InsightsModel

38. 29
Findings

39. 30
SuperiorityoftheHBInsights
75-84%
42-56%
Baseline History-based
(Percentageofuserswhowouldfavortheappwithexistingaccesstotheirdata)
• Onlineexperiment(CrowdFlower)
• Role-playingscenario
• 141participantsin2groups
• Fisher’stestforsignificance

40. 31
UserMotivations
cross-app compatibility
interface familiarity
satisfaction with the previous vendor

41. 31
UserMotivations
cross-app compatibility
interface familiarity
satisfaction with the previous vendor
Users’ data can be used to highlight the other
advantages of taking privacy-aware decisions

42. 32
FurtherApplicationsofDDPIs

43. 33
ExtensionsofFRand HBInsights
mobile/social networking platforms
browser extensions (visualize browser history contents)
visualize the power of 4th party ad providers

44. 34
NewDDPIs
consequences of privacy settings
how others view my encrypted data
visualize which of the user’s apps still operate with encryption

45. 35
Post-installationScenario
insights based on downloaded files
insights based on accessed location*
* H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L. F. Cranor, and Y. Agarwal.
Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. CHI 2015

46. Limitations
36

47. 37
TheBusinessCase
The provider is interested in strengthening the ecosystem
Could privacy be the selling point?

48. 38
TheEconomicCost
extra computational cost
data analysis already run for other purposes (e.g. search)

49. 39
UsabilityChallenges
How to stay minimize information overload?
How to prioritize messages when multiple optimizations are possible?

50. 40
DDPIS
Privacy
Assistants
What’sNext?

51. 41
Questions/Feedback?
hamza.harkous@gmail.com
hamzaharkous.com

52. 42
Image/MediaCredits
Markus Magnusson: slide 8
David Holm: slide 24
Freepik: slide 23
Fab Design: slide 41