"Internet Privacy Diffusion: A longitudinal perspective"
Balachander Krishnamurthy
AT&T Labs - Research
SWS Colloquium
Balachander Krishnamurthy has been with AT&T Labs--Research since his
PhD. His main focus of research of late is in the areas of Internet
privacy, Online Social Networks, and Internet measurements. He has
authored and edited ten books, published more than 75 technical papers,
holds twenty patents, and has given invited talks in over thirty countries.
He co-founded the successful Internet Measurement Conference and
Steps to Reducing Unwanted Traffic on the Internet workshop. In 2008
he co-founded the ACM SIGCOMM Workshop on Online Social Networks.
He has been on the thesis committee of several PhD students, collaborated
with over seventy researchers worldwide, and given tutorials at several
industrial sites and conferences.
His most recent book "Internet Measurements: Infrastructure, Traffic and
Applications" (525pp, John Wiley & Sons, co-authored with Mark Crovella),
was published in July 2006 and is the first book focusing on Internet
Measurement.
For the last few years we have been examining the leakage of privacy
on the Internet from one specific angle: how information related to
individual users is aggregated as they browse seemingly unrelated
Web sites. Thousands of Web sites across numerous categories, countries,
and languages were studied to generate a privacy "footprint". This talk
reports on our longitudinal study consisting of multiple snapshots of
our examination of such diffusion over four years. We examine the various
technical ways by which third-party aggregators acquire data and the
depth of user-related information acquired. We study techniques for
protecting privacy diffusion as well as limitations of such techniques.
We introduce the concept of secondary privacy damage.
Our results show increasing aggregation of user-related data by a
steadily decreasing number of entities. A handful of companies
are able to track users' movement across almost all of the popular
Web sites. Virtually all the protection techniques have significant
limitations highlighting the seriousness of the problem and the
need for alternate solutions.
I will also talk about a recent discovery of large-scale leakage of
personally identifiable information (PII) via Online Social Networks
(OSN). Third-parties can link PII with user actions both within OSN
sites and elsewhere on non-OSN sites.