Users today have access to a broad range of free, web-based social services. All of these services operate under a similar model:  Users entrust the service provider with their personal information and content, and in return, the service provider makes their service available for free by monetizing the user-provided information and selling the results to third parties (e.g., advertisers).  In essence, users pay for these services by providing their data (i.e., giving up their privacy) to the provider.

This project explored techniques to use cloud computing to re-architect web-based services, allowing end users to regain privacy and control over their data.  In this approach--a confederated architecture--each user provides the computing resources necessary to support her use of the service via cloud providers.  All user data is encrypted and not exposed to any third-parties, users retain control over their information, and users access the service via a web browser as normal.

Intellectual Merit:

The first major component of this project was the development of the Priv.io service.  We developed techniques that allow a service similar to today's online social networks to be implemented in a manner where each user stores their content on a storage provider of their choice (e.g., Amazon's S3, Dropbox, etc).  All content is encrypted, and priv.io works with unmodified web browsers on both desktop and mobile devices.  Overall, the successful implementation of Priv.io demonstrated that alternate architectures exist that can support systems similar to popular online social networks, while providing users much greater control over their data and privacy.

The second major component of this project was a close study of the online advertising services that enable popular sites like Facebook today.  We developed a technique to determine the price that advertisers must pay to target different demographics, and developed further techniques to be able to make consistent measurements.  Through the exploration of suggested bid data for different demographics, we find dramatic differences in prices paid across different user interests and locations.

The third major component of this project was a technique to detect when web sites and applications are leaking users' personal information (e.g., web trackers, advertisers, etc).  We developed a novel method that can automatically discover various types of PI carried in network traffic, given only the network traffic itself as input. Our results empower users and organizations to detect when websites and applications are transmitting their PI across the network.

Broader Impact:

The incredible popularity of today's web-based services has lead to significant concerns over privacy and user control over data.  Addressing these concerns requires a re-thinking of the current popular web-based business models, and, unfortunately, existing providers are dis-incentivized from doing so. The impact of this project will hopefully be felt by the millions of users who use today's popular services, who will be provided with an alternative to the business models of today.  Additionally, we make all of the code and data that resulted from this project available to the research community.

Last Modified: 09/09/2016
Modified by: Alan Mislove