Evaluación de Protección de Privacidad de una Herramienta de Navegador Web

##plugins.themes.bootstrap3.article.main##

José Antonio Estrada

Escuela Politécnica Nacional

A. Rodríguez

Escuela Politécnica Nacional, Facultad de Ingeniería Eléctrica y Electrónica


Resumen

Internet ha construido un escenario en el que la información del usuario es utilizada para identificarlo y clasificarlo. Muy pocas herramientas han sido propuestas para proteger al usuario ante este inminente riesgo de privacidad. Una de ellas es TrackMeNot, que implementa un mecanismo de perturbación de las consultas de búsqueda del usuario para ofuscar su perfil. Lamentablemente, no existen muchos estudios que determinen si este mecanismo es efectivo y en qué grado. En este trabajo se evalúa TrackMeNot, midiendo su efectividad en base a métricas justificadas de privacidad. Encontramos que, frente a ataques sencillos de identificación, TrackMeNot mejora la privacidad del usuario, pero que, frente a ataques más sofisticados, este mecanismo implementado de ofuscación no tiene ningún éxito

Abstract:Internet has constructed a scenario where the information of a user is used to identify and classify his interests. There are only a few tools that have been proposed to protect the user's privacy. TrackMeNot is one of these tools. It implements a perturbation mechanism of the user’s search queries in order to obfuscate his profile. There is no certainty, however, about the effectiveness of such mechanism, neither about the extent to which privacy is being protected. An evaluation of TrackMeNot is done in this work, by measuring its effectiveness based on justified privacy metrics. We found thatit successfully enhances user’s privacy against identification attacks but completely fails on protecting privacy in front of classification attacks.



Descargas

Descargas

Los datos de descargas todavía no están disponibles.

Detalles del artículo

Biografía del autor/a

José Antonio Estrada, Escuela Politécnica Nacional

Departamento de Electrónica, Telecomunicaciones y Redes de Información (DETRI)

Profesor - Investigador

Citas

A. Erola, J. Castelló-Roca, A. Viejo, & J. Mateo-Sanz, "Exploiting social networks to provide privacy in personalized web search". Journal of Systems and Software, 84(10), 1734-1745, 2011.

A. Narayanan y V. Shmatikov, "Robust De-anonymization of Large Sparse Datasets", en Security and Privacy, 2008. SP 2008. IEEE Symposium on, C1, 2008.

C. Chow, M. Mokbel, & X. Liu, "A peer-to-peer spatial cloaking algorithm for anonymous location-based service", en Proceedings of the 14th annual ACM international symposium on Advances in geographic information systems (pp. 171-178). ACM, 2006.

D. Howe, & H. Nissenbaum, "TrackMeNot: Resisting surveillance in web search". Lessons from the Identity Trail: Anonymity, Privacy, and Identity in a Networked Society, 417-436, 2009.

D. L. Chaum, "Untraceable electronic mail, return addresses, and digital pseudonyms", en Communications of the ACM, 24(2), 84-90, 1981.

D. Rebollo-Monedero, J. Parra-Arnau, Claudia Diaz and J. Forné, "On the Measurement of Privacy as an Attacker's Estimation Error", en Springer, International Journal of Information Security, vol. 12, n. 2, pp. 129-149, 2013.

D.Rebollo-Monedero, J. Forné, y J. Domingo-Ferrer, "Query Profile Obfuscation by Means of Optimal Query Exchange between Users", en IEEE Trans. Depend., Secure Comput., 2012.

DoNotTrackMe, [Online] Disponible: https://addons.mozilla.org/ en-US/ firefox/addon/donottrackplus/?

E. Pfanner, "Internet Providers in Deal for Tailored Ads". En The New York Times, Technology. [Online] Disponible: http://www.nytimes.com/2008/02/18/technology/18target.html?_r=2&oref=slogin&, Feb. 2008.

Ghostery. [Online] Disponible: http://www.ghostery.com/

Google Sharing. [Online] Disponible: https://addons.mozilla.org/ en-us/firefox/addon/googlesharing/

J. Becker y H. Chen, "Measuring Privacy Risk in Online Social Networks". En Proceedings of W2SP 2009: Web 2.0 Security and Privacy, 2009.

J. Canny, "Collaborative filtering with privacy", en Security and Privacy, 2002. Proc. 2002 IEEE Symposium on (pp. 45-57). IEEE, 2002.

J. Domingo-Ferrer, A. Solanas, & J. Castelló-Roca, "k-private information retrieval from privacy-uncooperative queryable databases", en Online Information Review, 33(4), 720-744, 2009.

J. Estrada-Jiménez, "Implementation of a Firefox Extension that Measures User Privacy Risk in Web Search", Master Thesis, Universitat Politecnica de Catalunya, 2013.

J. Parra-Arnau, A. Perego, E. Ferrari, J. Forné y D. Rebollo-Monedero, "Privacy-Preserving Enhanced Collaborative Tagging", en IEEE Trans. Knowl. Data Eng., 2012.

J. Parra-Arnau, D. Rebollo-Monedero y J. Forné, "A Privacy-Preserving Architecture for the Semantic Web based on Tag Suppression", en Proc. Int. Conf. Trust, Priv., Secur., Digit. Bus., Bilbao, España, pp. 58-68, 2010.

J. Parra-Arnau, D. Rebollo-Monedero, J. Forné, "Measuring the Privacy of User Profiles in Personalized Information Systems", en Future Generation Computer Systems, 2013.

J. Parra-Arnau, D. Rebollo-Monedero, J. Forné, J. L. Muñoz y O. Esparza, "Optimal tag suppression for privacy protection in the semantic Web", en Data, Knowl. Eng., vol. 81-82, pp. 46-66, 2012.

K. Hafner, "Google Resists U.S. Subpoena of Search Data", en The New York Times, Technology. [Online] Disponible: http://www.nytimes.com /2006/01/20/technology/20google.html?_r=1, Enero 2006.

M. Barbaro y T. Zeller Jr., "A Face Is Exposed for AOL Searcher No. 4417749", en The New York Times, Technology. [Online] Disponible: http://www.nytimes.com/2006/08/09/technology/ 09aol.html? pagewanted=all, Agosto 2006.

M. Fire, D. Kagan, A. Elishar, y Y. Elovici, "Social Privacy Protector - Protecting User' Privacy in Social Networks".

M. Reiter, & A. Rubin, "Crowds: Anonymity for web transactions", en ACM Transactions on Information and System Security (TISSEC), 1(1), 66-92, 1998.

Maone, Giorgio. NoScript. [Online] Disponible: http://noscript.net, 2009.

P. Eckersley, "How Unique Is Your Web Browser?". [Online] Disponible: https://panopticlick.eff.org/

Palant, Wladimir: Adblock Plus: Save your time and traffic. [Online] Disponible: http://adblockplus.org/.

Polat, H., & Du, W., "Privacy-preserving collaborative filtering using randomized perturbation techniques", en Data Mining, 2003. ICDM 2003. Third IEEE International Conference on (pp. 625-628). IEEE, 2003.

R. Ostrovsky, W. Skeith III, "A survey of single-database private information retrieval: Techniques and applications", en Public Key Cryptography-PKC 2007 (pp. 393-411). Springer Berlin Heidelberg, 2007.

Russia Today, "Google se enfrenta al FBI para no revelar datos privados de los usuarios". [Online] Disponible: http://actualidad.rt.com/actualidad/view/90908-google-fbi-revelar-datos-usuarios, Abril 2013.

S. Teja Peddinti y N. Saxena, "On the Privacy of Web Search Based on Query Obfuscation: A Case Study of TrackMeNot". En 10th International Symposium, PETS, 2010.

S. Vi-a, G. News, S. Vi-b, I. Browsing, and I. Explorer, "REPRIV: Re-Envisioning In-Browser Privacy."

TechCrunch, "AOL Proudly Releases Massive Amounts of Private Data". [Online] Disponible: http://techcrunch.com/2006/08/06 /aol-proudly-releases-massive-amounts-of-user-search-data/.

V. Toubiana, D. Boneh, H. Nissenbaum, y S. Barocas, "Adnostic: Privacy Preserving Targeted Advertising ∗". Proc. of the 17th Annual Network and Distributed System Security Symposium (NDSS), 2009.

Y. Wang, & A. Kobsa, "Privacy-enhancing technologies. Social and Organizational Liabilities", en Information Security, 203-227, 2006.

Barra lateral del artículo

Barra lateral del artículo

PDF
Publicado
feb 1, 2014
Número
Vol. 33 Núm. 1 (2014): Revista Politécnica
Sección
Artículos
Cómo citar
Estrada, J. A., & Rodríguez, A. (2014). Evaluación de Protección de Privacidad de una Herramienta de Navegador Web. Revista Politécnica, 33(1). Recuperado a partir de https://revistapolitecnica.epn.edu.ec/ojs2/index.php/revista_politecnica2/article/view/166