CAREER: Presentation and Mitigation of Privacy Risks for Online Users

职业：在线用户隐私风险的呈现和缓解

• 批准号: 1942014
• 负责人: Kassem Fawaz
• 金额: $ 50.83万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-04-01 至 2025-03-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1942014&HistoricalAwards=false
• 关键词: CAREER; Presentation; Mitigation; Privacy; Risks

It is a long-standing challenge to make the users of online systems "privacy-aware" where one understands the privacy practices and controls of the online service being used. For decades, the "Notice and Choice" framework has been the governing practice for the disclosure and control of online privacy practices. Privacy notices, manifesting in lengthy privacy policies, inform users about how websites, devices, apps, or service providers handle their data. Notices pave the way for choices to be made by users. Through online settings and menus, users can opt-in for data collection, authorize the transfer of their data to third-party ad networks, or control the extent to which their data is shared. However, in their current forms, policies are hard for users to comprehend, and control settings are not user-friendly. While some providers have improved the readability of their privacy policies, these notices remain long and hard to follow. Further, unreachable privacy settings make it very hard for users to control their privacy effectively. Thus, users are far more likely to rely on default options rather than fine-tuning their settings for each service they use. When the service provider's behavior does not match the user's privacy preferences, privacy risks arise. Providing users with the means to understand and control how their data is handled remains an open problem. This project explores and addresses the challenges associated with developing interfaces to present and mitigate online privacy risks for users. The main impact of this research is to educate users more effectively about privacy risks and to offer them user-friendly tools to reduce these risks. The research in this project has three thrusts: (i) Technology probes-based methodology for designing better privacy-enhancing interfaces: Using basic privacy-interfaces to probe users about what they perceive as missing and inconvenient design elements, this thrust aims to develop a set of user-driven guidelines for designing privacy interfaces that are easier to adopt and use; (ii) A comprehensive framework to make the privacy practices and controls of service providers machine-readable: Through contributions in the natural-language processing of privacy text and the automated analysis of online privacy menus, this framework overcomes challenges due to heterogeneity, vagueness, or complexity in an online platform's presentation of its privacy practices and controls. It automatically conceptualizes the privacy practices and controls of a service provider as a graph by associating the user's data with the provider's fine-grained privacy practices and controls. The framework will also enable designing new interfaces through querying its automatically generated graph without collaboration from the service provider, thus addressing scalability; (iii) A set of usable interfaces for understanding and controlling privacy risk without requiring providers to adopt changes: Combining the identified design guidelines with the framework's querying capabilities, the focus here is a dialog interface that allows users to inquire about privacy practices and control privacy settings using natural-language queries, even on UI-limited devices. It also introduces privacy nudges to add privacy as a factor when users are shopping for services. The methodologies will be tested in real systems through collaboration with DuckDuckGo and other companies. The developed products will be made available to public as browser plugins, apps, and APIs, as appropriate. A set of education initiatives, including privacy modules for the public, privacy as a design dimension for capstone undergraduate classes, and an advanced privacy course at the graduate level, complement the research effort.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

这是一个长期的挑战，使在线系统的用户“隐私意识”，其中一个了解隐私的做法和控制的在线服务正在使用。几十年来，“通知和选择”框架一直是披露和控制在线隐私实践的管理实践。隐私声明以冗长的隐私政策形式出现，告知用户网站、设备、应用程序或服务提供商如何处理其数据。通知为用户做出选择铺平了道路。通过在线设置和菜单，用户可以选择接受数据收集，授权将其数据传输到第三方广告网络，或控制其数据共享的程度。但是，在当前形式下，策略对用户来说很难理解，并且控件设置对用户不友好。虽然一些提供商已经提高了其隐私政策的可读性，但这些通知仍然很长，很难遵循。此外，无法访问的隐私设置使得用户很难有效地控制他们的隐私。因此，用户更有可能依赖默认选项，而不是为他们使用的每个服务微调他们的设置。当服务提供商的行为与用户的隐私偏好不匹配时，隐私风险就会出现。为用户提供了解和控制其数据处理方式的方法仍然是一个悬而未决的问题。该项目探讨并解决了与开发界面相关的挑战，以呈现和减轻用户的在线隐私风险。这项研究的主要影响是更有效地教育用户有关隐私风险，并为他们提供用户友好的工具来降低这些风险。本项目的研究有三个重点：（i）以技术探索为基础的方法来设计更好的隐私增强界面：使用基本的隐私界面来探索用户认为缺失和不便的设计元素，这一重点旨在开发一套用户驱动的指南，用于设计更容易采用和使用的隐私界面;（ii）一个使服务提供者的隐私做法和控制措施可机器读取的综合框架：通过在隐私文本的自然语言处理和在线隐私菜单的自动分析方面的贡献，该框架克服了由于异质性，复杂性，或在线平台对其隐私实践和控制的介绍的复杂性。它通过将用户的数据与提供商的细粒度隐私实践和控制相关联，自动将服务提供商的隐私实践和控制概念化为图形。该框架还将通过查询其自动生成的图形而无需服务提供商的协作来设计新的接口，从而解决可扩展性问题;（iii）一组用于理解和控制隐私风险的可用接口，而无需提供商进行更改：将所确定的设计准则与框架的查询能力相结合，这里的重点是一个对话界面，它允许用户使用自然语言查询来查询隐私实践和控制隐私设置，即使在UI有限的设备上也是如此。它还引入了隐私轻推，将隐私作为用户购买服务时的一个因素。这些方法将通过与DuckDuckGo和其他公司的合作在真实的系统中进行测试。开发的产品将作为浏览器插件、应用程序和API向公众提供。一套教育计划，包括隐私模块为公众，隐私作为一个顶点本科课程的设计维度，并在研究生水平的高级隐私课程，补充研究工作。这个奖项反映了NSF的法定使命，并已被认为是值得通过使用基金会的智力价值和更广泛的影响审查标准进行评估的支持。

项目成果

Limitations of Face Image Generation

• DOI: 10.1609/aaai.v38i13.29403
• 发表时间: 2023-09
• 作者: Harrison Rosenberg;Shimaa Ahmed;Guruprasad V Ramesh;Ramya Korlakai Vinayak;Kassem Fawaz

PowerCut and Obfuscator: An Exploration of the Design Space for Privacy-Preserving Interventions for Smart Speakers

• 发表时间: 2018-12
• 作者: Varun Chandrasekaran;Suman Banerjee;Bilge Mutlu;Kassem Fawaz

Towards More Robust Keyword Spotting for Voice Assistants

• 发表时间: 2022
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: Shimaa Ahmed;Ilia Shumailov;Nicolas Papernot;Kassem Fawaz

Unpacking Privacy Labels: A Measurement and Developer Perspective on Google's Data Safety Section

揭开隐私标签的面纱：谷歌数据安全部分的衡量和开发者视角

• DOI: 10.48550/arxiv.2306.08111
• 发表时间: 2023
• 期刊: ArXiv
• 作者: Rishabh Khandelwal;Asmit Nayak;Paul Chung;Kassem Fawaz
• 通讯作者: Kassem Fawaz

Experimental Security Analysis of Sensitive Data Access by Browser Extensions

• DOI: 10.1145/3589334.3645683
• 发表时间: 2024-05
• 期刊: Proceedings of the ACM on Web Conference 2024
• 作者: Asmit Nayak;Rishabh Khandelwal;Earlence Fernandes;Kassem Fawaz