a curious case of consent button
play

A Curious Case of Consent Button [... neither do I want to accept, - PowerPoint PPT Presentation

Apr 14, 2023 •490 likes •656 views

A Curious Case of Consent Button [... neither do I want to accept, nor decline ...] Nurul Momen & Lothar Fritsch Karlstad University 19 July, 2019. HotPETs, KTH, Stockholm 1 / 15 I want to find an app to wash my hands ... Image

  1. A Curious Case of “Consent Button” [... neither do I want to accept, nor decline ...] Nurul Momen & Lothar Fritsch Karlstad University 19 July, 2019. HotPETs, KTH, Stockholm 1 / 15

  2. I want to find an app to wash my hands ... Image source: running faucet by Steve Johnson (CC-BY-2.0) 2 / 15

  3. What happens next? ◮ Personal data access: a lot more than a user can observe. ◮ Partial identities can be extracted from privilege usage data. Paper I. How much Privilege does an App Need? Investigating Resource Usage of Android Apps ; N Momen, T Pulls, L Fritsch, and S Lindskog; In Proceedings of the Fifteenth International Conference on Privacy, Security and Trust (PST), Calgary, Canada, August 28-30 , IEEE, 2017. Paper II. Derived Partial Identities Generated from App Permissions ; L Fritsch, and N Momen; In Proceedings of the Open Identity Summit 2017; Lecture Notes in Informatics (LNI) 277, ISSN 1617-5468, ISBN 978-3-88579-671-8, October 05–06, 2017; Karlstad, Sweden. , Gesellschaft f¨ ur Informatik e.V., 2017. 3 / 15

  4. Good and bad behavior of apps 1. Requirement types (price): what does it ask for & how much of the privilege is being used? 2. Legal requirements: does it comply with the regulations? 3. Crowd-sourced user feedback: what do other users think? 4 / 15

  5. Let’s judge an apps’ behavior ... ix. Fitbit: 20 (9/3/3/T) [Threat count, T=5] SMS CALENDAR SENSORS CALL_LOG Legend Permission-groups requested in Manifest. Clarification missing in privacy policy. Permission access whithout user interaction during runtime. STORAGE CAMERA PHONE CONTACTS MICROPHONE LOCATION Paper III: A Multilateral Privacy Impact Analysis Method for Android Apps ; M Hatamian, N Momen, L Fritsch, K Rannenberg; In Proceedings of Annual Privacy Forum 2019 , Rome, Italy, page 87-106. 5 / 15

  6. Let’s compare with other apps ... i. Lifesum: 13 (5/3/4/T) [Threat count, T=1] ii. Endomondo: 9 (5/0/2/T) [Threat count, T=2] iii. 30dayFitnessChal.: 6 (2/2/0/T) [Threat count, T=2] iv. Runkeeper: 19 (6/4/3/T) [Threat count, T=6] SMS CALENDAR SMS CALENDAR SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION v. Pedometer: 13 (6/3/2/T) [Threat count, T=2] vi. MyFitnessPal: 9 (6/2/0/T) [Threat count, T=1] vii. Runtastic: 15 (6/1/4/T) [Threat count, T=4] viii. 7minsWorkout: 6 (2/2/0/T) [Threat count, T=2] SMS CALENDAR SMS CALENDAR SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG SENSORS CALL_LOG STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA STORAGE CAMERA PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION MICROPHONE LOCATION ix. Fitbit: 20 (9/3/3/T) [Threat count, T=5] x. GoogleFit: 10 (5/0/3/T) [Threat count, T=2] SMS CALENDAR SMS CALENDAR SENSORS CALL_LOG SENSORS CALL_LOG Legend Permission-groups requested in Manifest. Clarification missing in privacy policy. STORAGE CAMERA STORAGE CAMERA Permission access whithout user interaction during runtime. PHONE CONTACTS PHONE CONTACTS MICROPHONE LOCATION MICROPHONE LOCATION Paper III: A Multilateral Privacy Impact Analysis Method for Android Apps ; M Hatamian, N Momen, L Fritsch, K Rannenberg; In Proceedings of Annual Privacy Forum 2019 , Rome, Italy, page 87-106. 6 / 15

  7. But, apps change requirements! Pre-GDPR collection GDPR Quarantine period Quarantine period Post-GDPR collection May 25, 2018 Mar 2017 Dec 2018 Feb 2019 Nov 2017 t Permission use Permission use Permission manifest Permission manifest User concerns User concerns Data collection Overview of data collection periods. Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. 7 / 15

  8. 8 / 15 Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. A B C D E F G H I J iHeartRadio (1) + - JangoRadio (2) - PlayMusic (3) - - - Deezer (4) Music apps BBCiPlayer (5) SongFlip (6) Tidal (7) - - - + Shazam (8) - - + - SoundCloud (9) - - Spotify (10) - - Weather&Radar (11) - - Yr (12) PalmaryWeather (13) - - - YahooWeather (14) - - - - - Weather apps Weather&Clock (15) - WeatherBug (16) - GoWeather (17) - WeatherApp (18) - - - Accuweather (19) - + - weather.com (20) - - - GoogleFit (21) - - MyFitnessPal (22) + 7 minWorkout (23) Fitbit (24) - - Fitness apps 30dayFitness (25) Endomodo (26) - + < Reduced Lifesum (27) + Not used Runtastic (28) Added - In use Pedometer (29) - Runkeeper (30) + + Change of privilege-requirements TikTok (31) + - + - Tumblr (32) Linkedin (33) - Foursquare (34) Social apps Pinterest (35) + - - Slack (36) Snapchat (37) - Twitter (38) Instagram (39) Facebook (40) WhatsApp (41) Hangout (42) Line (43) Communication apps WeChat (44) - + Imo (45) - - Messenger (46) Skype (47) - - Tango (48) - Viber (49) - Telegram (50) - R G A S N E E S S E A O R T O N N R M G D E C O O O A L I S N _ M A T H H S R L A N O E A T P P L L C N C O E T A A O S C O R S C L C C I M

  9. 9 / 15 Paper IV: Did app privacy improve after GDPR? N Momen, M Hatamian, L Fritsch; To appear in IEEE Security Privacy Magazine 2019. K K L M N O P Q R S T -100 iHeartRadio (1) 5 4 JangoRadio (2) 48 48 PlayMusic (3) -100 -100 -100 -100 -100 -100 -100 -100 -13 -13 -13 -13 100 100 -13 -13 100 100 -90 Deezer (4) Music apps BBCiPlayer (5) 16 16 36 36 -80 SongFlip (6) Tidal (7) 10 10 2 Shazam (8) -100 -100 -100 -100 -100 -100 -100 -100 -25 -25 -40 -40 -41 -41 -70 SoundCloud (9) 10 10 14 14 -73.91 -73.91 Spotify (10) -20 -20 -58.97 -58.97 -60 Weather&Radar (11) -5 -5 -75 -75 Yr (12) -94.87 -94.87 -96.15 -96.15 PalmaryWeather (13) 11.63 11.63 -55.88 -55.88 -50 YahooWeather (14) -100 -100 -100 -100 -100 -100 -45.1 -45.1 -100 -100 -26 -26 -100 -100 -30 -30 -68.6 -68.6 Weather apps Weather&Clock (15) -85.71 -85.71 100 100 37.5 37.5 -40 WeatherBug (16) -100 -100 -12 -12 -15 -15 GoWeather (17) -100 -100 -9 -9 -5 -5 -10 -10 WeatherApp (18) -100 -100 -15 -15 -13 -13 -30 Accuweather (19) -100 -100 10 10 -6 -6 weather.com (20) -100 -100 -15 -15 -15 -15 -26 -26 -20 GoogleFit (21) -100 -100 -100 -100 100 100 -20 -20 -75 -75 -100 -100 -98.94 -98.94 MyFitnessPal (22) -100 -100 -100 -100 7 minWorkout (23) -8 -8 -10 Fitbit (24) -100 -100 -100 -100 -100 -100 -100 -100 -85 -85 40 40 65.76 65.76 Fitness apps 30dayFitness (25) -100 -100 -16 -16 0 Endomodo (26) 7 7 -86.36 -86.36 Lifesum (27) 100 100 10 10 -83.91 -83.91 -71.74 -71.74 Runtastic (28) 100 100 43.72 43.72 100 100 100 100 10 Pedometer (29) 100 100 60 60 Runkeeper (30) 100 100 -97.4 -97.4 -75 -75 -100 -100 Change of privilege usage pattern 20 TikTok (31) 3 -76 -76 Tumblr (32) -100 -100 -26 -26 -26 -26 -10 -10 Linkedin (33) 100 100 -92.59 -92.59 30 Foursquare (34) 83.33 83.33 100 100 100 100 Social apps Pinterest (35) -14 -14 40 Slack (36) -7 -7 -16 -16 Snapchat (37) -100 -100 -100 -100 -15 -15 -30 -30 Twitter (38) -8 -8 85.71 85.71 16.67 16.67 50 Instagram (39) -28 -28 -36 -36 Facebook (40) -100 -100 -100 -100 71.05 71.05 3 -67.86 -67.86 100 100 100 100 60 WhatsApp (41) -100 -100 -17 -17 9 28.95 28.95 -73 -73 -68.29 -68.29 Hangout (42) -33.33 -33.33 100 100 -58.54 -58.54 -21.95 -21.95 41.46 41.46 -98.29 -98.29 -56.63 -56.63 Line (43) 100 100 100 100 1 8 8 20 20 70 Communication apps WeChat (44) -92.31 -92.31 -100 -100 100 100 100 100 2.44 2.44 100 100 Imo (45) -100 -100 -100 -100 -100 -100 -6 -6 31.76 31.76 100 100 -13 -13 44.19 44.19 80 Messenger (46) 100 100 100 100 Skype (47) -100 -100 -100 -100 -29 -29 37 37 -16 -16 75.76 75.76 Tango (48) -43 -43 4 -42 -42 -89 -89 90 Viber (49) -100 -100 -13 -13 81.25 81.25 -58.62 -58.62 -47 -47 -82.61 -82.61 Telegram (50) -68.42 -68.42 -59.52 -59.52 -56.52 -56.52 -82.22 -82.22 100 R G A S N E E S S E A O R T O N N R M G D E C O O O A L I S N _ M A T H H S R L A N O E A T P P L L C N C O E T A A O S C O R S C L C C I M

  10. Wait, wait ... That’s a lot to consider! How can a user re-evaluate decisions taken earlier with ease? 10 / 15

  11. Accept Maybe Decline Confused? I don’t know! 11 / 15

  12. Confused? I don’t know! So, maybe? Accept Maybe Decline Paper V: Partial Commitment–“Try Before You Buy” and “Buyer’s Remorse” for Personal Data in Big Data Machine Learning ; L Fritsch; IFIP International Conference on Trust Management, page 3-11. 11 / 15

  13. Partial commitment Consent with an expiry date. Consent for a subset of data. Consent for limited access. 12 / 15

  14. At expiration? Evaluation of privacy-preserving-performance. Decision to continue or revoke access. Intervenability. 13 / 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The curious case he curious case of of Eos Eosinophilia inophilia in in the the

The curious case he curious case of of Eos Eosinophilia inophilia in in the the

The curious case he curious case of of Eos Eosinophilia inophilia in in the the night night time time Tom Konikoff 6.6.17 Internal medicine D Patient background 17 y/o female Healthy No meds No

579 views • 34 slides
Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN ..

Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN ..

Living beyond type 1 With Victoria Rettie and Roddy Riddle The curious case of T1D to DSN .. The beginning The curious case of T1D to DSN .. The beginning The curious case of T1D to DSN .. The beginning The first foray into healthcare

391 views • 37 slides
Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not

Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not

Informed Consent in Research in Japan: A Case for Broad Consent Addendum: I regret I could not give adequate explanations in response to the questions posed after my presentation in Bali Convention Center on August 22, 2014. Supplemental slides

241 views • 21 slides
A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John

A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John

A Curious Case of Convulsions Dhishna Chaudhary MD, Ramez Morcos MD, Mishah Azhar MD, John Malcynski MD, Patricio S. Espinosa MD Florida Atlantic University Charles E. Schmidt College of Medicine Case Presentation at Bethesda A 30-year-old

555 views • 13 slides
Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26

Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26

Bl Blowi owing Sm Smok oke: e: The curious case of the mangled metric Clarkson University 26 September 2014 Crispin Pemberton Pigott SeTAR Centre Department of Geography Environmental Management and Energy Studies University of Johannesburg

157 views • 12 slides
Informed Consent in Research consent has been firmly established in clinical practice and

Informed Consent in Research consent has been firmly established in clinical practice and

2014/9/18 Requirement of Informed Consent In Japan, like many other countries, the doctrine of informed Informed Consent in Research consent has been firmly established in clinical practice and research. in Japan: A Case for Broad Consent In the

533 views • 6 slides
Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint

Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint

Topology from enrichment: the curious case of partial metrics Isar Stubbe (reporting on a joint paper with Dirk Hofmann) Universit du Littoral, France TACL in Prague, June 2630, 2017 . . . Metrics Frchet [1906]: Metric space ( X, d )

624 views • 48 slides
Button Click Many ways use Button in Android SetOnClickListener (just click button)

Button Click Many ways use Button in Android SetOnClickListener (just click button)

Button Click Many ways use Button in Android SetOnClickListener (just click button) SetOnLongClickListener (on long press) SetOnTouchListener (until button is pressed) OnClick (simple click using XML) Many other ways

470 views • 30 slides
HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button

HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button

January 2015 HV302 Hands-on Training HV302 Controls Scan Button Rotation Button Scan Button Rotation Button Slope/Alignment Buttons HI-/Manual- Standby - LED Level-LED Battery Status LED Power Button Manual/Single Slope Mode/ Standby

612 views • 38 slides
Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ?

Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ?

Informed Consent R Jane McKay Informed Consent Consent why and when do we need it ? Patient Autonomy All individuals have right to determine what is done to them Treatment is much broader than surgery involves IM

471 views • 32 slides
The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids

The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids

The Curiosity Frontier Roni Harnik, Fermilab Why Are We Here? We are curious . We are like kids that have many many questions. We receive great pleasure from finding things out. What are we curious about? A Curiosity List: (Partial! In no

743 views • 63 slides
1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold

1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold

1 Micro SIMs s are use sed in Tabs 2 3 Press the button again Press the button and hold Swipe the Screen once slightly to lock the until tablet starts screen 4 Battery level with percentage Mobile data signal strength {H+ (100%) / H

1.03k views • 30 slides
LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp;

LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp;

LOOK, TASTE AND BE CURIOUS DIRECT &amp; REGULAR AIRPORT CONNECTION EUROPE, NORTH AMERICA &amp; ASIA THE PERFECT WEATHER More than 320 days of sun in a year. Enjoy our endless summer. MLAGA CULTURAL For CURIOus Culturalists art is everywhere,

563 views • 12 slides
2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in

2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in

2 Curious Chimeras present... models for Educational Practitioners Pedagogy &amp; Play in Teaching Today Hello! We are the Curious Chimeras. We are here because we design playable experiences and create game worlds. You can find us on

841 views • 41 slides
Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Presentation Outline Consent a Key Principle in PHIPA General Consent Provisions of

Consent Requirements Under the Personal Health Information Protection Act Debra Grant Debra Grant Office of the Information and Privacy Commissioner of Ontario EHIL Webinar May 11, 2011 Presentation Outline Consent a Key Principle in

520 views • 14 slides
CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the

CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the

S E S S I O N 3 CONSENT PROCESS SPECIAL POPULATIONS CONSENT Com m on Rule ANPRM Current provisions of the The regulations would be revised to provide greater specificity Common Rule provide only about how consent forms should

218 views • 3 slides
Inferring Social Status and Rich Club Effects in Enterprise Communication Networks Yuxiao Dong,

Inferring Social Status and Rich Club Effects in Enterprise Communication Networks Yuxiao Dong,

Interdisciplinary Center for Network Science and Applications @IC 2 S 2 Inferring Social Status and Rich Club Effects in Enterprise Communication Networks Yuxiao Dong, Jie Tang, Nitesh V. Chawla Tiancheng Lou, Yang Yang, Bai Wang

359 views • 18 slides
Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems

Fast and Vulnerable A Story of Telematic Failures Center for Automotive Embedded Systems Security Ian Foster, Andrew Prudhomme, Karl Koscher, and Stefan Savage Telematic Control Units Connects to cars OBD-II port Monitors

1.02k views • 28 slides
CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall

CS 5410 - Computer and Network Security: Cellular Network Security Professor Kevin Butler Fall 2015 Southeastern Security for Enterprise and Infrastructure (SENSEI) Center Reminders Poster showcase next Monday For final project: turn

533 views • 34 slides
Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki

Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki

Mobile and Ubiquitous Computing CS 525M: A Survey of Mobile Malware in the Wild Hiromu Enoki Computer Science Dept. Worcester Polytechnic Institute (WPI) 1 Introduction Mobile Malware is fairly recent July 2004 Cabir virus came out on

487 views • 24 slides
Mathematical and computational modelling of bulk ferromagnets Tom a s Roub cek and

Mathematical and computational modelling of bulk ferromagnets Tom a s Roub cek and

March 14-16, 2005: MULTIMAT, Paris Mathematical and computational modelling of bulk ferromagnets Tom a s Roub cek and Martin Kru z k Charles University &amp; Academy of Sci., Prague

514 views • 18 slides
GPU Programming Alan Gray EPCC The University of Edinburgh Overview Motivation and need

GPU Programming Alan Gray EPCC The University of Edinburgh Overview Motivation and need

GPU Programming Alan Gray EPCC The University of Edinburgh Overview Motivation and need for CUDA Introduction to CUDA CUDA kernels, decompositions CUDA memory management C and Fortran OpenCL 2 NVIDIA CUDA

1.24k views • 37 slides
Chai ned SM S W hy use SM S? Typi cal M ass SM S Don't forget about the meet up! Typi

Chai ned SM S W hy use SM S? Typi cal M ass SM S Don't forget about the meet up! Typi

Chai ned SM S W hy use SM S? Typi cal M ass SM S Don't forget about the meet up! Typi cal M ass SM S Do you want to give us some money? OK then! M ass SM S scr een Ext r a r equi r em ent s M or e com pl ex quest

518 views • 18 slides
Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul

Security Analysis of Emerging Smart Home Applica6ons Earlence Fernandes, Jaeyeon Jung, Atul Prakash Presented by: Gohar Irfan Chaudhry IEEE Security and Privacy 24 May 2016 Smart Door Locks nsors Connected Ovens Plugs IP Cameras Emerging

484 views • 31 slides

More recommend