Why do people use anonymity-granting technologies when surfing the Internet? Anecdotal evidence suggests that people often resort to using online anonymity services, like the Tor network, because ...they are concerned about the possibility of their government infringing their civil and political rights, especially in highly repressive regimes. This claim has yet to be subject to rigorous cross-national, over time testing. In this article, econometric analysis of newly compiled data on Tor network usage from 2011 to 2013 shows that the relationship between political repression and the use of the Tor network is U-shaped. Political repression drives usage of Tor the most in both highly repressive and highly liberal contexts. The shape of this relationship plausibly emerges as a function of people’s opportunity to use Tor and their need to use anonymity-granting technologies to express their basic political rights in highly repressive regimes.
Blockchain, as a decentralized and distributed public ledger technology in peer-to-peer network, has received considerable attention recently. It applies a linked block structure to verify and store ...data, and applies the trusted consensus mechanism to synchronize changes in data, which makes it possible to create a tamper-proof digital platform for storing and sharing data. It is believed that blockchain can be utilized in diverse Internet interactive systems (e.g., Internet of Things, supply chain systems, identity management, and so on). However, there are some privacy challenges that may hinder the applications of blockchain. The goal of this survey is to provide some insights into the privacy issues associated with blockchain. We analyze the privacy threats in blockchain and discuss existing cryptographic defense mechanisms, i.e., anonymity and transaction privacy preservation. Furthermore, we summarize some typical implementations of privacy preservation mechanisms in blockchain and explore future research challenges that still need to be addressed in order to preserve privacy when blockchain is used.
Can we improve Internet transparency without worsening user anonymity? For a long time, researchers have been proposing transparency systems, where traffic reports produced at strategic network ...points help assess network behavior and verify service-level agreements or neutrality compliance. However, such reports necessarily reveal when certain traffic appeared at a certain network point, and this information could, in principle, be used to compromise low-latency anonymity networks like Tor. In this paper, we examine whether more Internet transparency necessarily means less anonymity. We start from the information that a basic transparency solution would publish about a network and study how that would impact the anonymity of the network’s users. Then we study how to change, in real time, the time granularity of traffic reports in order to preserve both user anonymity and report utility. We evaluate with real and synthetic data and show that our algorithm can offer a good anonymity/utility balance, even in adversarial scenarios where aggregates consist of very few flows.
Enabled by the industrial Internet, intelligent transportation has made remarkable achievements such as autonomous vehicles by carnegie mellon university (CMU) Navlab, Google Cars, Tesla, etc. ...Autonomous vehicles benefit, in various aspects, from the cooperation of the industrial Internet and cyber-physical systems. In this process, users in autonomous vehicles submit query contents, such as service interests or user locations, to service providers. However, privacy concerns arise since the query contents are exposed when the users are enjoying the services queried. Existing works on privacy preservation of query contents rely on location perturbation or k-anonymity, and they suffer from insufficient protection of privacy or low query utility incurred by processing multiple queries for a single query content. To achieve sufficient privacy preservation and satisfactory query utility for autonomous vehicles querying services in cyber-physical systems, this article proposes a novel privacy notion of client-based personalized k-anonymity (CPkA). To measure the performance of CPkA, we present a privacy metric and a utility metric, based on which, we formulate two problems to achieve the optimal CPkA in term of privacy and utility. An approach, including two modules, to establish mechanisms which achieve the optimal CPkA is presented. The first module is to build in-group mechanisms for achieving the optimal privacy within each content group. The second module includes linear programming-based methods to compute the optimal grouping strategies. The in-group mechanisms and the grouping strategies are combined to establish optimal CPkA mechanisms, which achieve the optimal privacy or the optimal utility. We employ real-life datasets and synthetic prior distributions to evaluate the CPkA mechanisms established by our approach. The evaluation results illustrate the effectiveness and efficiency of the established mechanisms.
•We propose AttriChain, a framework that allows users to interact with the network using anonymous and traceable identities in a permissioned blockchain.•We define the functionality of AttriChain in ...the universal composable (UC) model. We provide the protocol of AttriChain based on a delicate selection of the underlying cryptographic schemes that form an attribute-based signature scheme, including threshold/distributed tag-based encryption for transaction tracing, signatures for unforgeability and zero-knowledge proofs for anonymity.•We run a permissioned instance of Ethereum and present a prototype of AttriChain with Solidity smart contracts, performing the attributes authentication, transaction signing and tracing. We evaluate its performance and costs accordingly.
In this paper, we propose a framework named AttriChain that supports transactions with anonymous sender identity and threshold traceability in permissioned blockchain. AttriChain realizes on-chain access control and distributed identity governance by allowing users to create transactions anonymously using their transaction keys and their attributes. It provides unlinkability and anonymity of transactions belonging to legitimate users whereas provides accountability for those whom other members in the network regard as questionable or malicious. The design of threshold traceability of anonymous transactions allows network members to trace transactions back to the sender without violating the decentralized property of blockchain. In AttriChain, the spontaneous tracing of misbehaviors in the network distributes the power of identity governance to multiple independent tracing members instead of depending on single-point management. It significantly increases user privacy and autonomy in a permissioned network and facilitates auditing at the same time. We define the functionality and the protocol of AttriChain in the universal composable model. We also provide an implementation of an AttriChain prototype for performance analysis.
•We propose a new notion of anonymity, called set-theoretic conditional anonymity.•We compare the hierarchy of strong anonymity and the hierarchy of conditional anonymity.•We define a metric for ...set-theoretic conditional anonymity.•We improve an existing metric for probabilistic conditional anonymity.•We study the loss of anonymity of systems with multiple observable outputs.
Conditional anonymity, in comparison to classical strong anonymity, provides a novel perspective on anonymity and has been applied to analyzing anonymizing protocols. While the existing research on conditional anonymity is limited to the probabilistic setting, in this paper we introduce the notion of set-theoretic conditional anonymity by considering the threat from non-probabilistic adversary. Then we refine the understanding of the relationship between strong anonymity and conditional anonymity. Moreover, in order to quantitatively evaluate system’s degree of anonymity, we propose a metric for set-theoretic conditional anonymity and a variant of an existing metric for probabilistic conditional anonymity. We formally show that a system will lose more (at best preserve equal) anonymity when adversary obtains more observable outputs from the system, which confirms the intuition that observations reveal sensitive information.
This study focuses on the perceptions and practices of anonymous communication with friends enabled by tie-based anonymous apps. Based on qualitative analysis of in-depth interviews with users of the ...application Secret, the strategies deployed by interviewees in order to de-anonymize other users are emphasized and placed within the broader context of the real-name web. The article shows that Secret was not only based on pre-existing social networks but also drew on the network as a structure of thought. The concept of networked anonymity is introduced to account for the ways that anonymous actors imagine one another as “someone,” rather than as an unknown “anyone.” As such, the survivability of this communicative model is inherently limited by competing forces—the drive to connectivity, on the one hand, and to anonymity, on the other.
In this paper we study conditions to approximate a given graph by a regular one. We obtain optimal conditions for a few metrics such as the edge rotation distance for graphs, the rectilinear and the ...Euclidean distance over degree sequences. Then, we require the approximation to have at least k copies of each value in the degree sequence, this is a property proceeding from data privacy that is called k-degree anonymity.
We give a sufficient condition in order for a degree sequence to be graphic that depends only on its length and its maximum and minimum degrees. Using this condition we give an optimal solution of k-degree anonymity for the Euclidean distance when the sum of the degrees in the anonymized degree sequence is even. We present algorithms that may be used for obtaining all the mentioned anonymizations.
Publishing datasets plays an essential role in open data research and promoting transparency of government agencies. However, such data publication might reveal users' private information. One of the ...most sensitive sources of data is spatiotemporal trajectory datasets. Unfortunately, merely removing unique identifiers cannot preserve the privacy of users. Adversaries may know parts of the trajectories or be able to link the published dataset to other sources for the purpose of user identification. Therefore, it is crucial to apply privacy preserving techniques before the publication of spatiotemporal trajectory datasets. In this paper, we propose a robust framework for the anonymization of spatiotemporal trajectory datasets termed as machine learning based anonymization (MLA). By introducing a new formulation of the problem, we are able to apply machine learning algorithms for clustering the trajectories and propose to use <inline-formula><tex-math notation="LaTeX">k</tex-math> <mml:math><mml:mi>k</mml:mi></mml:math><inline-graphic xlink:href="shaham-ieq1-2964658.gif"/> </inline-formula>-means algorithm for this purpose. A variation of <inline-formula><tex-math notation="LaTeX">k</tex-math> <mml:math><mml:mi>k</mml:mi></mml:math><inline-graphic xlink:href="shaham-ieq2-2964658.gif"/> </inline-formula>-means algorithm is also proposed to preserve the privacy in overly sensitive datasets. Moreover, we improve the alignment process by considering multiple sequence alignment as part of the MLA. The framework and all the proposed algorithms are applied to T-Drive, Geolife, and Gowalla location datasets. The experimental results indicate a significantly higher utility of datasets by anonymization based on MLA framework.