< Back to previous page

Publication

Chaff-Based Profile Obfuscation

Book - Dissertation

Driven by the economics of surveillance capitalism, online service providers profile users to infer information about them, feeding automated decision-making processes such as targeted advertising or user experimentation that prompt grave concerns about people's privacy, autonomy and democratic sovereignty, among other rights. Market forces and lack of state intervention have forestalled the emergence of privacy-preserving alternatives, forcing individuals to choose between being profiled or relinquishing online services altogether. In response to this failure, researchers and developers have advanced the deployment of privacy enhancing technologies (PETs) and, in particular, PETs that rely on obfuscation. Obfuscation tools enable users to protect themselves against profiling by degrading the data profilers collect about them, thereby reducing the amount of information profilers learn from those data. Of special interest is utility-preserving obfuscation, enabling users to escape trade-offs between utility and privacy. In this thesis we contribute to the advance of privacy engineering through utility-preserving obfuscation. We propose a conceptual framework to distinguish between utility-preserving and utility-degrading obfuscation, and identify personal and social utility requirements that inform the choice of either type of obfuscation. We study chaff as a utility-preserving obfuscation method and provide a model and analytical framework to inform and assist the design and analysis of chaff-based profile obfuscation tools, with a focus on defence strategies and usability. We illustrate the design and analysis of chaff-based profile obfuscation through two use cases: web search and online communication. We examine existing chaff-based private web search tools, uncovering systematic design flaws; we study and assist the design of obfuscation tools that conceal communication patterns, attending in particular to their deployment on social networking sites. Lastly, we propose a new privacy design pattern to systematise profile obfuscation through chaff and discuss further implications of our research, exposing gaps and identifying promising research avenues.
Publication year:2019
Accessibility:Open