Use & Abuse of Personal Information, Part II: Robust Generation of Fake IDs for Privacy Experimentation
-
Published:2024-08-11
Issue:3
Volume:4
Page:546-571
-
ISSN:2624-800X
-
Container-title:Journal of Cybersecurity and Privacy
-
language:en
-
Short-container-title:JCP
Author:
Kolenbrander Jack1ORCID, Husmann Ethan1ORCID, Henshaw Christopher1ORCID, Rheault Elliott1, Boswell Madison1, Michaels Alan J.1ORCID
Affiliation:
1. Virginia Tech National Security Institute, Blacksburg, VA 24060, USA
Abstract
When personal information is shared across the Internet, we have limited confidence that the designated second party will safeguard it as we would prefer. Privacy policies offer insight into the best practices and intent of the organization, yet most are written so loosely that sharing with undefined third parties is to be anticipated. Tracking these sharing behaviors and identifying the source of unwanted content is exceedingly difficult when personal information is shared with multiple such second parties. This paper formulates a model for realistic fake identities, constructs a robust fake identity generator, and outlines management methods targeted towards online transactions (email, phone, text) that pass both cursory machine and human examination for use in personal privacy experimentation. This fake ID generator, combined with a custom account signup engine, are the core front-end components of our larger Use and Abuse of Personal Information system that performs one-time transactions that, similar to a cryptographic one-time pad, ensure that we can attribute the sharing back to the single one-time transaction and/or specific second party. The flexibility and richness of the fake IDs also serve as a foundational set of control variables for a wide range of social science research questions revolving around personal information. Collectively, these fake identity models address multiple inter-disciplinary areas of common interest and serve as a foundation for eliciting and quantifying personal information-sharing behaviors.
Funder
National Science Foundation
Reference136 articles.
1. Michaels, A.J., and George, K.B. (2024, July 09). Use and Abuse of Personal Information. Available online: https://www.blackhat.com/us-21/briefings/schedule/#use–abuse-of-personal-information-22688. 2. Harrison, J., Lyons, J., Anderson, L., Maunder, L., O’Donnell, P., George, K.B., and Michaels, A.J. (2021, January 2–3). Quantifying Use and Abuse of Personal Information. Proceedings of the 2021 IEEE International Conference on Intelligence and Security Informatics (ISI), San Antonio, TX, USA. 3. Spam!;Cranor;Commun. ACM,1998 4. Roesner, F., Kohno, T., and Wetherall, D. (, January 25–27April). Detecting and Defending Against Third-Party Tracking on the Web. Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12), San Jose, CA, USA. Available online: https://www.usenix.org/conference/nsdi12/technical-sessions/presentation/roesner. 5. Nguyen, T., Yeates, G., Ly, T., and Albalawi, U. (2023). A Study on Exploring the Level of Awareness of Privacy Concerns and Risks. Appl. Sci., 13.
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
|
|