Another interview I had during the past few weeks is with Saikat Guha, an online privacy expert and engineer. His earlier researches have dealt largely with social network’s privacy service from the benefit for both the user and the advertiser: how to maximize the user experience with least risking of privacy and secrecy on one hand, and to reach the targeted market more efficiently on the other hand. Saikat’s latest research has shifted from the encryption of profile database to that of locative media related information processing. The privacy concern of the latter has outgrown the former with latest shifts in the technology use and more pervasive forms of information sharing.
Me: In your paper “NOYB: Privacy in Online Social Networks” you described the way NOYB encryption model(NOYB standing for “None of Your Business”) works is by replacing one users name and age with another friends’ name and age?
Saikat: Yeah. Or anyone else’s name really. NOYB can loosely be defined as traditional encryption combined with steganography. How the other “atoms” (index of data that kept one type of information of the user) are picked is based on traditional encryption, but on top, the final result is something believable, whereas traditional encryption outputs what appears to be garbage or noise. So basically the benefit is that it’s as secure as traditional encryption, but can’t be easily detected like steganography.
Me: How does it benefit the social network users then?
Saikat: It benefits them in the sense that if Facebook were to start banning users that upload info that’s not real, it’s harder for Facebook to detect the NOYB users, vs. users that are uploading “garbage looking stuff” that traditional encryption produces.
Me: It can then allow one to shares false information about themselves?
Saikat: Well, whether the information is false or not is not where the encryption looks at, but rather by using NOYB, real meaningful information appears to others as false information, and only a select few can extract the real information out of it. So it is about sharing your information only to a specific type of group. The user has the selection of who can see his data, and specifically, he can say no one at Facebook should be able to read his profile, which he cannot do today. Or say that some random third-party facebook application developer or random facebook-connect website cannot read his profile, which he cannot now either.
Me: But in reality, the situation of giving permission can vary from time to time and person to person, that is sometimes you want to use the authenticity of the information to present yourself in a certain way you choose, and sometimes you don’t. and there are people you are not sure if you should give them access or not. So are there also technological solutions that provides a hierarchy of access permission?
Saikat: Giving different people different permissions is doable, for example, the paper by researchers from University of Maryland called Persona in Sigcomm. The problem is what happens when the permissions given to a person changes over time. If they are given greater access, that’s fine. But if their access is curtailed, then you can’t erase from their memory what they’ve already seen. At best you can limit any future content from being seen by them.
Me: Then, in this sense, is eliminating archived data a possible solution for protecting identity and personal information?
Saikat: the problem with that is it can result in people changing history for nefarious means. Privacy is one thing, but propaganda is another, and maybe even more worrying.
Me: I see. And in your other paper “Identity Trail: Covert Surveillance Using DNS” you have experimented different methods of tracking them geographically based on DNS addresses. Can I ask if it is also possible to track someone on 3G networks?
Saikat: Technically it’s very hard problem. There are many papers being written on how to do it. But location from 3G address is the least of people’s concerns if you ask me. Applications on the phone have your GPS coordinates and they are sending it out willy nilly to strangers. There are a good half of applications on smart devices that had no business knowing your location data (for the purposes of the application) were collecting it nevertheless and sending to random third parties on the web.
Me: Locative media is tricky in terms of the way it gives out your privacy. How can we really hide with GPS data?
Saikat: This is exactly what we are trying to do now with our current research! The way it works basically, is that your location can be hidden in a way that neither the application learns where you are, nor anyone on the web. but they can still offer you location based services- alerts of who are nearby, or Foursquare-like applications etc. It’s not difficult to do. But the key question is what applications cannot be built using the tricks we use. If there are very few such applications, then the trick we use can become the default and everything is rosy. But if our proposal doesn’t become the default, then applications – that make money by selling your location – will continue to invade your privacy.
Me: Because locational data does not work in the way profile data works?
Saikat: Right. In profile data you need exact matches. “Soccer” is not the same as “saucer”… But with location data you need proximity “LA” might be the same as “Santa Monica” depending on the application. That extra bit of information you need for proximity can leak more than you bargained for. The reason you need the latitude-longitude data is so you know the distance between two points so you can compute “near” in a technological sense. If you could compute “near” without access to lat-long data, there would be no reason to expose your lat-long while still letting you do proximity, which would be a much safer approach.