Research Result :: Protecting privacy in the mobile internet age
(22/03/2012) How much information about you is on the internet? If you are an avid user of social networking sites such as Facebook, a member of online gaming communities such as World of Warcraft or Travian, or have geo-location apps on your smart phone, the answer is probably more than you realise. EU-funded researchers are developing technology to protect privacy and manage trust in this mobile, context-rich, geo-tagged and social-networked age.
Some people might say they're not worried what information about them is accessible online, that they've got nothing to hide, but no one in their right mind wants private information shared on the internet,' says Prof. Kai Rannenberg, the Deutsche Telekom Chair of Mobile Business & Multilateral Security at Goethe University in Frankfurt, Germany.
Few people, for example, would want their credit card details published for all the world to see, compromising photos shared with family members or co-workers, or let anyone know their exact location at any given time. However, such information can find its way online and end up in the wrong hands: either because people willingly put it there but erroneously think only certain trusted people can see it, or, increasingly, because applications broadcast such information automatically - a problem particularly true of geo-location apps and location-based social networks on smart phones.
That is the thinking behind the 'Privacy and Identity Management for Community Services' PICOS project, a pioneering initiative coordinated by Prof. Rannenberg and his team, involving 11 academic and industrial partners in seven European countries. Supported by EUR 4 million in funding from the European Commission, the PICOS researchers studied ways to use technology to enhance privacy and manage trust in social networks, focusing particularly on people accessing services from mobile devices. They developed a range of concepts and tools to enable people to protect private and sensitive information while still being able to interact and share the information they want with whom they want.
Designed to be installed on a smart phone, the PICOS application incorporates features for identity management, controlling information flows, sharing files securely, blurring geo-location information, and dynamically and intelligently alerting users to potential privacy issues in their online activities. The system was designed in close consultation with three potential end-user communities: recreational anglers, online gamers, and self-employed taxi-drivers. Two of those communities - anglers in Austria and Germany and online gamers in Austria and the Czech Republic - also tested the completed platform and the applications on their smartphones in a series of field trials.
My identity and location... more or less
'The aim of PICOS is to help people better manage and more clearly understand the information they are sharing and with whom they are sharing it. This is important for all social networks, but especially when location information is involved, something that can be highly sensitive,' Prof. Rannenberg explains.
Users can, for example, use the platform to create partial identities for different purposes, using a more complete profile for interactions with trusted friends in an online social network, while showing much less information about themselves to acquaintances, other community members or the public. Similarly, they can control information flows into the community or sub-groups of the community, and easily manage which files they want to share and with whom.
'The anglers usage scenario clearly shows the advantages of the platform,' Prof. Rannenberg explains. 'Though there are many communities that could benefit from this technology, we chose anglers because they are a particularly appropriate group for mobile social networking: They want to share and discover information about where fish are, they are geographically dispersed and they have time, while waiting for a fish to bite, to socialise in social networks via their mobile devices. However, they also don't want to give too much information away, for example they don't want to tell everyone about their best fishing spot.'
Using one identity an angler might ask for tips from the wider community about bait and water conditions in an area. If they then want to show off what they have caught, they might publish a photo using a different identity to only a subset of trusted friends. Another feature, called Privacy Advisor, intelligently monitors users' interactions and alerts them automatically if they are about to publish potentially sensitive or private information.
'The Privacy Advisor offers a kind of double check to make sure people are fully aware of what they are putting online and who will be able to see it,' Prof. Rannenberg says.
Another feature of the PICOS platform, geo-location blurring, is also designed to offer just enough information, but not too much. Whereas many location-based apps and social networks on mobile devices broadcast a person's exact location, the PICOS application can blur their location to within a set radius.
'The user could define the accuracy to within 500 meters, a kilometre or five kilometres and the system will only report their general location, not their exact location,' the project coordinator notes. 'Their location is offset within the blurred radius so they cannot be pinpointed precisely.'
While anglers might use it to avoid giving away the location of good fishing spots, online gamers - another set of PICOS trial users - found it useful to keep their online and real lives separate.
'Multiplayer online games such as World of Warcraft go on 24/7 and even while members of such gaming communities are not actually playing they will often chat, plan and define strategies with other players in online forums. Often, however, for personal or professional reasons they may not want their real and virtual lives to cross over too much - having partial online identities and geo-location blurring helps with this,' explains Christian Kahl, a researcher on the PICOS project.
Anglers and online gamers are just a couple of examples of communities that could benefit from better online privacy and trust management.
'The concepts we defined in PICOS could apply anywhere to anyone who shares information online, from taxi drivers to business people,' Prof. Rannenberg notes. 'As more and more people join online communities and society becomes more knowledge-focused, ensuring trust and privacy will become ever more important.'
Members of the PICOS consortium are continuing research in the field in an effort to ensure a sustainable impact from their work. For instance, one German SME partner, IT-Objects, has already developed an Android version of the PICOS application to be used for commercial and leisure applications.
PICOS received research funding under the European Union's Seventh Framework Programme (FP7).