Lecture 24: Privacy duke

Q: What is Louis Brandeis’s classic definition of privacy?

The right to be left alone.

Q: What is Alan Westin’s definition of privacy?

The right to control, edit, and decide how personal information is shared.

Q: How is privacy different from security?

Privacy is about controlling information flow; security is about preventing unauthorized access.

Q: What are examples of privacy-sensitive information?

Identity, location, activity, health records, browsing history.

Q: How do IP addresses compromise privacy?

They uniquely identify your computer and are visible to every website you visit.

Q: What are cookies used for?

Tracking preferences and user behavior across sessions and websites.

Q: Why are online social networks (OSNs) risky for privacy?

They centralize personal data, making it easier to misuse or expose.

Q: What was the Facebook Beacon scandal?

A case where Facebook shared private user data without consent.

Q: What is one threat of centralized OSNs?

A single point of attack where data is no longer fully under user control.

Q: What are some alternatives to centralized data collection?

Anonymization, encryption, decentralization.

Q: What is a proxy server used for?

To anonymize IP addresses by routing traffic through a third party.

Q: What’s the danger of deanonymization?

Even anonymized data can be re-identified by cross-referencing with public data.

Q: What famous case showed the limits of anonymization?

The Netflix Prize dataset where users were re-identified using IMDb data.

Q: What does the Netflix case teach about privacy?

Removing names isn’t enough — aggregated data can still reveal identities.

Q: What’s a key privacy issue with mobile phones?

They constantly track and share location and device information.

Q: What are location-based services trading off?

Functionality versus personal location privacy.

Q: What did the AppScope study reveal?

Many Android apps silently sent location and device ID data to advertisers.

Q: How many apps in the study sent location data to ad servers?

15 out of 30 apps.

Q: How many apps sent phone or device identifiers?

7 sent IMEI numbers, 2 sent phone info like number.

Q: Were users made aware of this data sharing in EULAs?

Rarely — only one app even mentioned it.

Q: What’s a benefit of decentralizing networks?

Users get more control over their personal data.

Q: What is the tradeoff of decentralization?

Increased maintenance burden, cost, and usability challenges