1 / 20

Visualizing Privacy II

Visualizing Privacy II. March 9, 2006 Janice Tsai. Outline. Visualizing privacy Anonymity Levels of Anonymity Usability Building a Successful Anonymity Network Wireless Privacy. Anonymity. Definition: The state of not being identifiable in the anonymity set (the crowd). Purpose:

lorene
Download Presentation

Visualizing Privacy II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Visualizing Privacy II March 9, 2006 Janice Tsai

  2. Outline • Visualizing privacy • Anonymity • Levels of Anonymity • Usability • Building a Successful Anonymity Network • Wireless Privacy

  3. Anonymity • Definition: The state of not being identifiable in the anonymity set (the crowd). • Purpose: • Protects user identity • Actions may be observed, but not linked back to the originator • Achieve privacy goals

  4. Levels of Anonymity • Nymity - amount of information revealed • Verinymity • Pseudonymity • Linkable Anonymity • Unlinkable Anonymity • Examples of Each? I. Goldberg. A pseudonymous communications infrastructure for the internet. PhD thesis, University of California Berkeley, 2000.

  5. Anonymity Tools • Proxy Services (Anonymizer.com) • E-mail Remailers • Type 0: anon.penet.fi • Type I: Cypherpunks Remailers • Type II: MixMaster • Type III: MixMinion • Nymservers • Mix Networks • Onion Routing

  6. Attacks on Anonymity Networks • Some Simple Attacks on Anonymity • Single Points of Failure • Central Location Database • Traffic Analysis • Message Length • Timing Attacks • Others? • Legal Attacks

  7. Usability for Security • Security involves collaboration • Usability risks • Insecure modes of operation • Optional • Inconvenient • Confusing • Badly labeled interface • Too many options • False sense of security

  8. Usability for Anonymity • Anonymity involves collaboration • Anonymity networks • Distributed Trust Infrastructure • Independently controlled nodes • Path of traffic is called a circuit • Two Classes of Networks • High-Latency • Resist strong attacks • Tradeoff: Slow • Low-Latency • Fast(er) • Tradeoff: Susceptible to strong attacks

  9. Usability for Anonymity • Goal: To solicit as many users as possible • Purpose: Create “cover traffic” • Solution: Normalization • Design default configurations to be secure and convenient. • Make it easy to use, but to use properly!

  10. Building a Successful Network • Challenges • Starting up (Bootstrapping) • Attract low-end users • Create an aura of perceived usability • Create a Positive Public Perception • Diversity of user-base - Reputability • Lack of Reputability • Reduces sustainability • Attracts attackers

  11. Examples • Mixminion and MIME • Anonymous email network • MIME: Multipurpose Internet Mail Extensions • Flexibility of MIME makes it easy to distinguish originating email system. • Weakness: • Susceptible to Traffic Analysis • Constricts users of certain email program • Solution: • Normalized as much as possible • Warn users about email program information leakage

  12. Mixminion • Quick Glance: http://mixminion.net/ • First impression?

  13. Java Anon Proxy (JAP) • Anonymous web browsing network • Allows users to choose entrance and exit node locations. • JAP Class Feedback http://anon.inf.tu-dresden.de/index_en.html

  14. Wireless Privacy • Non-encrypted communications easily intercepted • Information intercepted: • Web searches (i.e. Google, MSN, Yahoo!) • Instant Messenger • Email • Online postings (Google Groups, Yahoo Groups)

  15. Peripheral Notification Study • Objective: • Inform users about personal information leakage on the wireless network using a peripheral display. • Experiment: Capture traffic on CMU wireless network • Display high frequency “snippets” • Use a consistent font/text per person • Display word immediately • Protect the privacy of the user

  16. Methods: • Selected a non-CS or engineering graduate workspace for the peripheral display. • Solicit participant from that workspace. • Displayed privacy notifications for a week. • Results: • IM/Network usage did not change significantly. • Several participants did become more self-conscious.

  17. Mental Models: • Peripheral display = capture of IM words. • How could you better convey the problems, risk, and solutions? Discuss for 15 minutes in your groups.

  18. Tools • Instant Messaging • OTR (Off The Record Messaging) http://www.cypherpunks.ca/otr/ • Google Mail • Use HTTPS instead of HTTP. https://mail.google.com/mail • General Web Traffic • VPN (Virtual Private Networking) http://www.cmu.edu/computing/documentation/VPN/index.html

  19. Visualization of Privacy • What symbols indicate “Privacy”?

More Related