How a Box Could Solve the Personal Data Conundrum

The MIT Technology Review has a  nice article on our new Databox paper, and it was also followed by coverage in the Guardian. The idea is to be able to index all your personal data, ready for cross-correlations and research! Please had a read:


Hamed Haddadi, Heidi Howard, Amir Chaudhry, Jon Crowcroft, Anil Madhavapeddy, Richard Mortier, "Personal Data: Thinking Inside the Box”,  January 2015, available on arXiv [paper , MIT Technology Review, Guardian]

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

Have you ever wondered how individuals' in countries with restricted Internet use services such as Facebook and Twitter? Are these users safe from their governments' ability to monitor their browsing behaviour? In many such places, Commercial Virtual Private Network (VPN) services have become a popular and convenient way for users seeking privacy and anonymity. They have been applied to a wide range of use cases, with commercial providers often making bold claims regarding their ability to fulfil each of these needs, e.g., censorship circumvention, anonymity and protection from monitoring and tracking.

In our new paper, to appear in The 15th Privacy Enhancing Technologies Symposium (PETS 2015),  we investigated the claims of privacy and anonymity in commercial VPN services. We analyse 14 of the most popular ones, inspecting their internals and their infrastructures. To our surprise, and despite being a known issue, our experimental study reveals that the majority of VPN services suffer from IPv6 traffic leakage.

IPv6 is an increasingly popular web access method being adopted worldwide. Hence, our paper highlights that people using these VPN services may actually have their web browsing habits leaked to any organisation monitoring them. Perhaps most concerning is the unfounded common belief that these VPN services are actually securely hiding users' web browsing activities. We have informed all of these VPN providers about this study and our findings, and we hope they will address this issue immediately.


Vasile Claudiu Perta, Marco Valerio Barbera, Gareth Tyson, Hamed Haddadi, Alessandro Mei, "A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients”,  The 15th Privacy Enhancing Technologies Symposium (PETS 2015), June 30 – July 2, 2015, Philadelphia, PA, USA (paper)            

WeChat – A good example of bad API security!

In last few days Muhammad Haris was looking into network traffic data of mobile applications for related research on mobile privacy and security. However, in the process, we figure out shocking vulnerability in very famous WeChat messenger application. First, for those of you who never heard of Wechat: it is a primary messenger app in the Asian region specifically China, used by half a billion of individuals. 

This app has one important feature named moments. By this feature users can share photos and status with their friends only.  For the sake of privacy, photos and status shared by your friends are only visible to you in your moment (not the default friends-of-friends like in Facebook wall). Similarly there is another feature of album; which lets you see all pictures and status shared by a particular friend. You can visit your friends’ album through their profile. Important point to note here is that official explanation by WeChat mentioned that things shared on moments (and album) are visible to your friends only.  However it seems like backend communicationa between the WeChat application and its server suffer from serious security flaws. Let me take you there step by step.

To capture mobile application data Haris used fiddler which is very nice proxy; should you wish to use fiddler to capture your mobile data you can follow this nice tutorial by Troy Hunt. 

If you visit WeChat moments in phone, all the pictures visible in your moments are being loaded over HTTP. Hence by just looking at the mobile traffic data from fiddler you can get all the moments' pictures.  Picture:1 shows Haris's WeChat moments, his friend has shared some photos of his hiking trip. 

Now in the picture:2 as we browse over moments, the highlighted packets are sent by WeChat server to the application in the phone. Notice that protocol used for these packets is HTTP, which means photo data is not sent over secured HTTPS channel. 

In picture:3 and picture:4 we see selected individual packets, you can see the same pictures of his friend which are in the moments here.

This simply means that if a WiFi provider collect the raw packets on the channel from mobile devices, they can easily get all the photos of your friends as soon as you visits moments on your WeChat. As a result on one hand personal photos (of you and your friends) can be leaked and on the other hand a malicious WiFi provider can also infer your social links by looking at the pictures. This just illustrates the point of how harmful a poorly implemented API (application programming interface) security can be!

In comparison with other OSNs, Instagram seems to be still suffering form similar security issues, but in case of WeChat there is no need to hijack any sessions, it's all open by default! Google offered full encryption as an option for Gmail in 2008, but two years later made it the default. Facebook switched it on by default in January 2011. 

Privacy-preserving Adsense Systems Using Delay Tolerant Networking

an undergrad student of mine did this work based on our research on MobiAd, which I found pretty impressive!



With the ever-increasing number of smart phones, a growing num- bers of people view advertisements on their phones and hence the smart phone advertising market has become rich and noticeable. To raise click-through rate and maximize profit, ad brokers ensure their ads are more personalized and targeted. Therefore, they col- lect personal information to build an accurate user profile. The use of sensitive and personal information may raise privacy concerns. In this paper we focus using Delay Tolerant Networking (DTN) to anonymize click reports, aiming to stop attackers tracking and identifying users based on behaviour and location. The results of our simulations prove that a few-hop DTN-based system can protect users’ identity and privacy while not heavily increasing their energy costs.

http://www.eecs.qmul.ac.uk/~hamed/papers/advdtn.pdf

Do-Not-Record-Me: Quantified Self and the Privacy Challenge

We are increasingly surrounded by recording and quantifying devices. Devices such as Google Glass can record images and sound from an individual, even of the owner of the device has no such intensions. Can we use a Privacy-Beacon to avoid this? something like, a local area broadcast, that forces, or at least politely asks the intruding device, to either not record an individual, or remove their data after recording has been done? In a short note, myself and Ian Brown think this is possible! here's a short note on this topic:

The increasing availability of personal activity monitors, tracking devices, wearable recording devices, and associated smartphone apps has given rise to a wave of Quantified Self individuals and applications. The data from these apps and sensors are usually collected by associated apps and uploaded to the software developers for feedback to individual and their selected partners. In this paper we highlight the privacy risks associated with this practice, demonstrating the ease with which an app provider can infer individuals co-location and joint activities without having access to specific location data. We highlight a number of potential solution to this challenge in order to minimise the privacy leakage from these applications.

http://www.eecs.qmul.ac.uk/~hamed/papers/qselfprivacy2014.pdf

The Rise of Panopticons: Examining Region-Specific Third-Party Web Tracking

Today’s web has a huge, diverse ecosystem of third party websites collecting information about users and providing them with content such as targeted advertisements. In this paper we study this ecosystem of third-party websites. We sample every continent, targeting the 500 most popular websites in the US, UK, Australia, China, Egypt, Iran and Syria. This allows us to contrast the commonplace, western-dominated views of the web with less studied countries. We find 2,097 third-party websites, reflecting the diversity of services and types of application/content they involve, e.g., advertisement, ad trackers, CDNs, news, sport, and pornography. We find those third-party websites offering ad tracking services to be the most prevalent. In addition to the usual suspects (e.g., DoubleClick and Google), we find a rich ecosystem of local third-party websites that are country and language dependent.

Marjan Falahrastegar, Hamed Haddadi, Steve Uhlig, and Richard Mortier, “The Rise of Panopticons: Examining Region-Specific Third-Party Web Tracking”, In Sixth Workshop on Traffic Monitoring and Analysis (TMA), London, UK, April 2014. 

Promoted tweets versus promoted trends

Advertising on Twitter? There are a number of factors to consider: use of hashtags, use of keywords, target audience and locations. But also choosing the type of adverts is important: promoted tweets, or promoted trends? Our research shows that promoted trends lead to higher number of tweets, while promoted tweets lead to higher user engagement, which may be the ultimate measure of success. For a use-case study, see:


Shana Dacres, Hamed Haddadi, Matthew Purver, “Topic and Sentiment Analysis on OSNs: a Case Study of Advertising Strategies on Twitter”, arXiv, December 2013 (PDF)


Meeyoung Cha, Hamed Haddadi, Fabricio Benevenuto, Krishna Gummadi, "Measuring User Influence in Twitter: The Million Follower Fallacy", in ICWSM 2010, 4th Int'l AAAI Conference on Weblogs and Social Media, May 23-26, 2010, George Washington University, Washington, DC (paper) (NYTimes coverage ) (Harvard Business Review coverage ) (Media coverage)