PresentationPDF Available

The CAPrice Initiative: A socio-technical solution to digital privacy. An invited presentation by Ioannis Chrysakis at the 6th Google GDG Dev Fest Greece 2018 that took place in Heraklion.

  • December 2018
Authors:
Ioannis Chrysakis at Foundation for Research and Technology - Hellas
Ioannis Chrysakis
Download file PDF
Read file
Download citation
Content uploaded by Ioannis Chrysakis
Author content
All content in this area was uploaded by Ioannis Chrysakis on Dec 04, 2018
Content may be subject to copyright.
The CAPrice Initiative: A socio-technical solution to digital privacy
Speaker: Ioannis Chrysakis (FORTH-ICS) www.chrysakis.eu
01/12/2018, 6th Google GDG Dev Fest Greece 2018, Heraklion
#devfestgr18
Ioannis Chrysakis chrysakis.eu
What do you think when you hear the
word…
SMART
2
Ioannis Chrysakis chrysakis.eu
3
Ioannis Chrysakis chrysakis.eu
The digital age:
The SMART present and the future
4
Smartphones and apps
Smart home
Connected Cars
Smart Cities
Smart toys
Ioannis Chrysakis chrysakis.eu
The power of data
The “big data” era
Lots of data, and the ability to process them
Machine learning, deep learning, data science
Hidden correlations
Predict epidemics, personalized medicine, …
But also personality identification, identifying habits and
personal preferences, vote manipulation, …
5
Bloomberg: smart meters can profile homes and habits, including what you watch on TV (via device
profiling of energy consumption).
Personality Identification: online services can analyze your personality based on authored text.
ApplyMagicSauge: can tell your personality from facebook/twitter posts.
Vote Manipulation: allegations that Cambridge Analytica and other big data companies used targeted
micro-advertising and personalized emotional triggers to help in the success of the Brexit and Trump
campaigns.
Ioannis Chrysakis chrysakis.eu
Smart Devices and Privacy
Smart devices are everywhere…
However, consumers generally unaware of the data
being accessed and/or transmitted by their devices1
6
The Wall Street Journal: the examination of 101 popular smartphone apps revealed that:
56 apps transmitted the phone's unique device ID to other companies without users' awareness
or consent.
47 apps transmitted the phone's location in some way.
5 sent age, gender and other personal details to outsiders.
Ioannis Chrysakis chrysakis.eu
Terms of Service (ToS)
ToS documents
Lengthy1
Hard to read/understand
Change often
Real versus digital world
Different behaviour with regards to privacy2,3
7
1. NCC : Reading ToS for an average Norwegian would take 32 hours (250.000 words)
2. Purple: 22.000 users agreed to 1.000 hours of community service (including cleaning animal waste
and relieving sewer blockages) in exchange for free wifi
3. Video: If your shop assistant was an app (hidden camera) @ youtube
Ioannis Chrysakis chrysakis.eu
Our Goal
How do we enable users to:
understand and be aware of what they gain and what they lose
when they use digital services?
decide collectively and make explicit their privacy preferences.
How can we convince developers that respecting users’
privacy is profit-maximizing?
Create a trusted-market where we can bring together
users, hackers and developers.
8
Ioannis Chrysakis chrysakis.eu
Our Plan
1.Awareness: By this way people could understand the problem
and start considering solutions.
2. Action: Participating in the collaborative process of annotating
ToS documents, stating privacy concerns, creating and configuring
collective privacy norms etc.
3. Crowdsourced activities: Tools and services that allow users to
finally create more digital more privacy-friendly products and
services.
9
Ioannis Chrysakis chrysakis.eu
Our Solution
10
Ioannis Chrysakis chrysakis.eu
Tools and Services (1/2)
11
User’s Privacy Corner
Privacy Dashboard: Understanding apps’ behaviour
Community Review
Ioannis Chrysakis chrysakis.eu
Tools and Services (2/2)
12
ToS Annotator CAPrice Repository
Ioannis Chrysakis chrysakis.eu
Communication Channels
Our website:
www.caprice-community.net
Social Network (#CapriceCommunity)
Facebook: www.fb.com/CapriceCommunity
Twitter (@CapriceSociety)
Youtube (CAPrice Community)
Gamification Activities
The CAPrice Game: https://www.caprice-community.net/game
13
Ioannis Chrysakis chrysakis.eu
The CAPrice Game - Level 0
A mobile game based on famous android apps and their
respective permissions as appeared in Google Play
Store.
But before start playing let’s talk about apps and
permissions…
14
Ioannis Chrysakis chrysakis.eu
15
access USB storage
filesystem
read calendar events plus confidential information
read call log
read phone status and identity (in 2 Groups)
read sensitive log data
read the contents of your USB storage (in 2 Groups)
read your contacts
read your own contact card
read your text messages (SMS or MMS)
read your Web bookmarks and history
view Wi
-Fi connections
retrieve running apps
find accounts on the device (in 2 Groups)
body sensors (like heart rate monitors)
approximate location (network
-based)
precise location (GPS and network
-based)
add or modify calendar events and send email to guests without owners' knowledge
add or remove accounts
modify or delete the contents of your USB storage (in 2 Groups)
modify your contacts
write call log
edit your text messages (SMS or MMS)
reroute outgoing calls
directly call phone numbers
receive text messages (SMS)
send SMS messages
take pictures and videos
record audio
VIEW
ACTION
App Permissions
Ioannis Chrysakis chrysakis.eu
The CAPrice Game
From your mobile device go to kahoot.it
Enter the requested PIN
Enter your alias and get ready!
Rules:
Each question has exactly one correct answer
For each question you select a color that corresponds to only one
answer.
The fastest and the most correct 3 players will be awarded.
Tip: You get extra points if you give sequential correct answers.
16
Ioannis Chrysakis chrysakis.eu
Time for Discussion
How do you find the results of the CAPrice Game ?
17
Ioannis Chrysakis chrysakis.eu
Android apps and permissions
18
0
5
10
15
20
25
12
21
16
8
16
24
19
14
11 10
1
Basic permissions (Max 28)
12
21 16
8
16
24 19 14 11 10
1
13
22
19
9
20
24
18
18
16 18
4
0
5
10
15
20
25
30
35
40
45
50
Basic + Other permissions
Basic Other
Ioannis Chrysakis chrysakis.eu
Time for action
Be part of the solution by joining in the CAPrice Community
Via website [caprice-community.net]
Giving feedback, voting, etc
https://www.caprice-community.net/feedback/
Learn about actual cases of privacy threats
Discover cutting edge technical solutions
Via e-mail:
https://www.caprice-community.net/get-involved/
Via social media
19
Ioannis Chrysakis chrysakis.eu
References
The CAPrice promotional video:
https://youtu.be/4L8gOfU9MXg
If your shop assistant was an app (hidden camera):
https://youtu.be/xYZtHIPktQg
The #toyfail case
https://youtu.be/lAOj0H5c6Yc
How long does it take to read Amazon Kindle's terms and
conditions?
https://youtu.be/sxygkyskucA
Conference Paper [CoopIS 2018]
Giorgos Flouris, Theodore Patkos, Ioannis Chrysakis, Ioulia Konstantinou,
Nikolay Nikolov, Panagiotis Papadakos, Jeremy Pitt, Dumitru Roman, Alexander
Stan, Chrysostomos Zeginis: Towards A Collective Awareness Platform for
Privacy Concerns and Expectations.
20
Ioannis Chrysakis chrysakis.eu
Thank you for your attention
21
Theodore Patkos
Giorgos FlourisDimitris Plexousakis
Konstantinos Kreatsoulas
Ioannis Chrysakis
Panagiotis PapadakosChrysostomos Zeginis
ResearchGate has not been able to resolve any citations for this publication.
ResearchGate has not been able to resolve any references for this publication.