W3C home > Mailing lists > Public > www-tag@w3.org > August 2012

Re: [ietf-privacy] New Version Notification for draft-iab-privacy-considerations-03.txt

From: David Singer <singer@apple.com>
Date: Thu, 09 Aug 2012 16:10:02 -0700
Message-id: <F4D2ADF3-C3F3-4164-9B10-238B9878170B@apple.com>
To: www-tag@w3.org, ietf-privacy@ietf.org

On Aug 9, 2012, at 4:48 , Ashok Malhotra <ashok.malhotra@oracle.com> wrote:

> Fascinating!  So if the Geolocation says "Boston" your algorithms, based on past
> behavior I presume, can pinpoint the location.

well, all sorts of heuristics can be used.  Are the locations plausible?  If the algorithm is to add random noise to each location, you'll get cases where the user appeared to have moved absurdly fast between two locations.  If the locations are associated with photos, what's the closest plausible actual location for the image?  

In general, the more data points (successive locations) supplied, the more data you are supplying, and the easier it is to sift noise from signal.  This is generally true, alas, and if you add in real-world knowledge (e.g. that it's unusual to be in the middle of an ornamental lake, or move at 200 mph in a city), further noise removal is possible.

I have the same intuition on other data as well; fuzzing that will be amenable to de-noising techniques…e.g. fuzzing the contents of a shopping cart (doing 'harmless' like-substitutions for some items) will probably reveal the ones that you have substituted as being 'less likely', and so on, and easier to detect if have previous fuzzed carts from the same person.  and so on.

> All the best, Ashok
> On 8/8/2012 5:49 PM, Martin Thomson wrote:
>> On 8 August 2012 15:37, Ashok Malhotra<ashok.malhotra@oracle.com>  wrote:
>>> In the Geolocation work, one of the features that was discussed was an
>>> option that would
>>> provide an indistinct location such as the town or the county or perhaps
>>> even only the country.
>>> This adds fuzziness although not noise.  If you add noise then, in the
>>> location case, you could end
>>> up with an incorrect location which may not be acceptable
>> Speaking as someone intimately involved in the research into location
>> "fuzzing", the geopriv working group came to an interesting set of
>> conclusions:
>> First and foremost, don't bother.  Every algorithm we developed could
>> be easily attacked or circumvented by someone who has more information
>> than the fuzzer.  We had some good algorithms that would be really
>> effective at hiding the location of someone who is moving randomly
>> across salt flats, desert or ocean.  For real-world applications those
>> same algorithms sucked.  Human beings are just far too predictable.
>> Now I don't know this for certain, but - intuitively - this same
>> conclusion most likely applies to other aspects of data minimization.
>> --Martin
> _______________________________________________
> ietf-privacy mailing list
> ietf-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/ietf-privacy

David Singer
Multimedia and Software Standards, Apple Inc.
Received on Thursday, 9 August 2012 23:10:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:47 UTC