UAB - The University of Alabama at Birmingham

Privacy and Anonymity on the Internet

Today’s internet is being used by millions of users worldwide for a variety of applications, such as web browsing, streaming video/audio, Voice over-IP (VoIP), social networking, text messaging/chat, web search and peer-to-peer (P2P) applications (file sharing, video streaming). Such internet usage via these applications, however, illicitly leaks certain information that can be privy to the users and can lead to identity-theft, unwanted tracking (such as RIAA’s tracking of users sharing pirated/copyrighted content using P2P applications) and an adverse psychological impact on users. Public release of AOL web search queries is a well-known example that shows that current internet usage can have serious consequences on users’ privacy.  The same applies to user’s location privacy in the context of location-based services and user’s attribute privacy in the context of online social networks, such as Facebook . Moreover, for reasons such as to enjoy “freedom of speech”, it might be beneficial for the users to remain anonymous on the internet.

In this project, our focus is on technological solutions that can help address the problem of  user’s privacy. In particular, we are interested in protecting the privacy of user’s queries when performing web search and location-based search. Many techniques have been proposed aiming to address the problem. One set of solutions involves the use of private information retrieval (PIR) protocols, which are a generic body of work. However, current PIR protocols, due to their high communication and computation overload, are not feasible to be deployed in practice with the existing infrastructure. A second class of solutions is based on the principle of query obfuscation, where a client-side software injects {noisy} queries into the stream of real queries transmitted to the service. These methods may protect the user against profiling, thereby preventing implicit privacy violations. We posit, however, that an adversarial service provider can distinguish between user’s queries and obfuscation queries with high accuracy, and can identify a large fraction of user’s queries.

Breaking Location Privacy: Our results show that it is possible to correlate actual source/destination pairs even when noisy pairs are inserted

Another approach involves the use of third-party infrastructure such as a single proxy, e.g., Scroogle or an anonymizing network, e.g., Tor.  The use of single proxy is problematic because it requires the users to impose (unwanted) trust on to a single server hosted by a third-party company. Web search over an anonymizing network, which is the focus of our paper, certainly provides better protection and fault-tolerance than the use of a single proxy.  An anonymizing network is typically implemented using onion routing and it involves routing one’s queries over a path consisting of a series of nodes (called relay servers) distributed all over the internet. This way the actual source of a query would potentially remain hidden from the service provider.

In this project, we launch a deep investigation as to the level of privacy protection provided to the users when posing search queries via an anonymizing network or using a query obfuscation tool. On a broader note, we believe that the insights drawn from our work will help guide the design of future privacy-preserving tools, better resistant to automated privacy attacks. In fact, we identify areas for improvement in the existing query obfuscation tools, making them more robust to such automated attacks. As part of the project, we are also exploring sensing-enabled channels for anonymous communication (e.g., covert messages delivered to a mobile device via a TV or radio program).