mfioretti: anonymity*

Bookmarks on this page are managed by an admin user.

19 bookmark(s) - Sort by: Date ↓ / Title / Voting / - Bookmarks from other users for this tag

  1. Since Islam instructs followers to pray 5x daily at specific times, I wondered if one could identify devout Muslim hacks solely from their trip data. For drivers that do pray regularly, there are surely difficulties finding a place to park, wash up and pray at the exact time, but in many cases banding near prayer times is quite clear. I plotted a few examples.
    Each image shows fares for one cabbie in 2013. Yellow=active fare (carrying passengers). A minute is 1 pixel wide; a day is 2 pixels tall. Blue stripes indicate the 5 daily prayer start times which vary with the sun’s position throughout the year.
    Tags: , , , , by M. Fioretti (2017-10-17)
    Voting 0
  2. FREQUENT visitors to the Hustler Club, a gentlemen’s entertainment venue in New York, could not have known that they would become part of a debate about anonymity in the era of “big data”. But when, for sport, a data scientist called Anthony Tockar mined a database of taxi-ride details to see what fell out of it, it became clear that, even though the data concerned included no direct identification of the customer, there were some intriguingly clustered drop-off points at private addresses for journeys that began at the club. Stir voter-registration records into the mix to identify who lives at those addresses (which Mr Tockar did not do) and you might end up creating some rather unhappy marriages.

    The anonymisation of a data record typically means the removal from it of personally identifiable information. Names, obviously. But also phone numbers, addresses and various intimate details like dates of birth. Such a record is then deemed safe for release to researchers, and even to the public, to make of it what they will. Many people volunteer information, for example to medical trials, on the understanding that this will happen.

    But the ability to compare databases threatens to make a mockery of such protections.
    Voting 0
  3. Anonimato e crittografia, rappresentano, oggi come ieri, dei sassolini che vengono posti su una bilancia particolare. Come rapportiamo anonimato e cifratura dei dati rispetto all'esigenza di reprimere crimini spesso particolarmente odiosi? E, d'altra parte, come rapportiamo anonimato e cifratura dei dati rispetto all'esigenza di tutelare diritti fondamentali dell'uomo (o anche la stessa vita umana) quando usi distorti dell'autorità - soprattutto in Paesi scarsamente democratici (per usare un eufemismo) in cui vengano utilizzati come strumenti di controllo e di repressione?

    Consideriamo, infine, un ulteriore elemento: il quasi-anonimato, ovvero quello che dovrebbe consentire di risalire all'identità in caso emerga l'esigenza di reprimere crimini, o la quasi-cifratura sono concetti possibili da un punto di vista ideologico ma impossibile da un punto di vista tecnico. Il quasi-anonimato, l'anonimato disanonimizzabile, è un non-anonimato. La quasi-cifratura, in cui almeno un soggetto "pubblico" abbia la chiave da usare "solo in caso di assoluta emergenza" è una non-cifratura.

    E allora le questioni dovrebbero essere diverse. Siamo proprio sicuri che anonimato e cifratura rappresentino degli ostacoli insormontabili per la repressione dei crimini? È possibile che gli strumenti "tradizionali" di indagine siano completamente sorpassati e non consentano più di perseguire condotte criminose? Sono queste alcune delle domande alle quali dovremmo tentare di dare una risposta. Ma teniamo ben presente, prima di rispondere, che il presupposto di partenza è che anonimato e crittografia sono strumenti neutri e, in quanto tali, le attività coperte da anonimato o che sfruttino la crittografia non sono di per sé illecite.
    Voting 0
  4. Security researchers have been warning for a while that simply using hash functions is an ineffective way to anonymize data. In this case, it’s substantially worse because of the structured format of the input data. This anonymization is so poor that anyone could, with less then 2 hours work, figure which driver drove every single trip in this entire dataset. It would be even be easy to calculate drivers’ gross income, or infer where they live.

    There are a number of ways these data could have been better anonymized. Two good ones include:

    assigning a totally random number to each hack licence number and medallion number once, and re-using it throughout the dump file
    creating a secret AES key, and encrypting each value individually
    Tags: , , , , by M. Fioretti (2014-10-16)
    Voting 0
  5. Researchers from UCL, Stanford Engineering, Google, Chalmers and Mozilla Research have built a new system that protects Internet users' privacy whilst increasing the flexibility for web developers to build web applications that combine data from different web sites, dramatically improving the safety of surfing the web.
    Tags: , , , , , by M. Fioretti (2014-10-14)
    Voting 0
  6. Gmail is far from the only online service that fails to play nice with Tor. A recent blog post from the Tor Project lamented that many people have problems with popular websites when using the network. After mentioning that pressure from policy makers or Internet service providers can make it difficult for Tor to expand, the blog states: “We missed a third threat to Tor's success: a growing number of websites treat users from anonymity services differently.” For example, “Slashdot doesn't let you post comments over Tor, Wikipedia won't let you edit over Tor, and Google sometimes gives you a captcha when you try to search.”

    You could possibly add 'Google locking the email accounts of people accessing their services over Tor.’

    Google has not yet responded to our questions about the situation.

    This is not a dig at Google. The company has been a sponsor of the Tor Project since 2007, according to a list maintained by the organization. But it does highlight that more work needs to be done to allow people to use Tor, while also accessing more mainstream services.
    Tags: , , , , by M. Fioretti (2014-10-16)
    Voting 0
  7. The last panel of the day focussed on policy. Christine O’Keefe (CSIRO), Keith Spicer (ONS), Tanvi Desai (ADS) and our own Jeni Tennison (ODI) discussed data access mechanisms and policy implications. There is a spectrum of access methods and a more granular approach of who needs access and what they want to access will put in better safeguards for data sharing.

    Statistical disclosure control in the future may involve specialist hackers and for data that is not open, records and accountability of who has access, are crucial to engender trust.

    Anonymisation remains an important tool for anyone publishing data. While we should have sophisticated discussions on the future of personal data in our society, the crucial step for an individual is to consider data in its context.
    Voting 0
  8. The most recent incident cited in that post of a re-identification exercise to demonstrate the myth of data anonymity is that of a Harvard professor who accurately re-identified volunteers in a DNA study. You can find a detailed report on Harvard Medical's Personal Genome Project re-identification demonstration in a Forbes post.

    Lest you think re-identification is only recently possible and only by a few brainiacs at Harvard, allow me to disillusion you on that post haste. Here is an early demonstration by a MIT graduate student as explained in the Harvard post:

    "In the mid-1990s, the Massachusetts Group Insurance Commission (GIC) released data on individual hospital visits by state employees in order to aid important research. As Massachusetts Governor Bill Weld assured employees, their data had been 'anonymized,' with all obvious identifiers, such as name, address, and Social Security number, removed. But Latanya Sweeney, then an MIT graduate student, wasn't buying it. When, in 1996, Weld collapsed at a local event and was admitted to the hospital, she set out to show that she could re-identify his GIC entry. For twenty dollars, she purchased the full roll of Cambridge voter-registration records, and by linking the two data sets, which individually were innocuous enough, she was able to re-identify his GIC entry. As privacy law scholar Paul Ohm put it, 'In a theatrical flourish, Dr. Sweeney sent the Governor's health records (which included diagnoses and prescriptions) to his office.' Sweeney's demonstration led to important changes in privacy law, especially under HIPAA. But that demonstration was just the beginning."
    Voting 0
  9. There are a great many other applications and projects working on anonymous communication and I2P has been inspired by much of their efforts. This is not a comprehensive list of anonymity resources - both freehaven's Anonymity Bibliography and GNUnet's related projects serve that purpose well. That said, a few systems stand out for further comparison. The following are discussed on this page:

    Tor / Onion Routing
    Voting 0
  10. When you access a Web site over an encrypted connection, you're using a protocol called HTTPS. But not all HTTPS connections are created equal. In the first few milliseconds after a browser connects securely to a server, an important choice is made: the browser sends a list of preferences for what kind of encryption it's willing to support, and the server replies with a verification certificate and picks a choice for encryption from the browser's list. These different encryption choices are called "cipher suites." Most of the time, users don't have to worry about which suite the browsers and servers are using, but in some cases it can make a big difference.
    Voting 0

Top of the page

First / Previous / Next / Last / Page 1 of 2 Online Bookmarks of M. Fioretti: Tags: anonymity

About - Propulsed by SemanticScuttle