120 likes | 248 Views
Privacy and Security in the Location-enhanced World Wide Web. Jason Hong Gaetano Boriello James Landay David McDonald Bill Schilit Doug Tygar. UC Berkeley Intel / UW Intel / UW UW Intel UC Berkeley. PlaceLab Overview.
E N D
Privacy and Security in the Location-enhanced World Wide Web Jason Hong Gaetano Boriello James Landay David McDonald Bill Schilit Doug Tygar UC Berkeley Intel / UW Intel / UW UW Intel UC Berkeley
PlaceLab Overview • Location-enhanced computing major ubicomp focus for over a decade, but few real apps out there • Need low-cost and convenient location finding tech • Need critical mass of useful location-based services • Need techniques to address privacy • Goal of PlaceLab • Provide open software base and community building • Catalyze adoption of location-based services
~city block A ~few meters B C Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can use overlapping hotspots for better estimation
Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Continuously updated directories of hotspot locations • Access point MAC address -> Location • Local computation, local storage • Only you know where you are
Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Can cache location-enhanced content as well • Occasionally connected computing • Ex. Zagat restaurant guide • Location-enhanced web content • Local computation, local storage
Key Ideas in PlaceLab • Can use WiFi to determine rough location • Can cache directories of hotspots locally on devices • Can cache location-enhanced content as well • Can choose when to share location data with others
Privacy of Stakeholders in PlaceLab • End-Users • Network service providers, Web service providers • Anonymizers, mixes, pre-fetching, etc (see workshop paper) • Access point owners • Co-opted for new purpose in PlaceLab • Turn off broadcasting of Access Point (opt out) • Encrypt cached directories • Make location of AP visible only if person actually nearby
Discussion • PlaceBar is a kind of privacy widget, other kinds? • PlaceLab is decentralized, starts with data at edge of network to drive adoption. Applicable elsewhere? • Privacy cuts across HW, OS, networking, UI. What mechanisms and support are needed in these layers? • Ex. How to build plausible deniability into systems? • What are actual privacy concerns for location? • Spatial Granularity, ex. City -> zip -> street • Temporal Granularity, ex. At Tahoe “last month” vs “July 1” • Freshness, ex. “You can have my location if over week old”
Privacy of Stakeholders in PlaceLab • End-Users • Disconnected mode is relatively safe • Connected mode managed via PlaceBar • Spoofing of personal device’s MAC address • WiFi range ~150 meters, some plausible deniability
Privacy of Stakeholders in PlaceLab • End-Users • Access point owners • Network Service Providers and End-Users • Can use mixes to aggregate and redirect traffic • Access points tend to dynamically assign IP addresses • Overall, hard for network service provides to identify individuals
Privacy of Stakeholders in PlaceLab • End-Users • Access point owners • Network Service Providers and End-Users • Web Service Providers and End-Users • Can correlate past IP addresses with locations • Use anonymizers • Web service provides might not be able to link to identifiable info • P3P extensions? • Pre-fetch chunks of data at a time