research-article

Public Access

Heimdall: A Privacy-Respecting Implicit Preference Collection Framework

Authors:

Earlence Fernandes,

Atul PrakashAuthors Info & Claims

MobiSys '17: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

Pages 453 - 463

https://doi.org/10.1145/3081333.3081334

Published: 16 June 2017 Publication History

Abstract

Many of the everyday decisions a user makes rely on the suggestions of online recommendation systems. These systems amass implicit (e.g.,location, purchase history, browsing history) and explicit (e.g.,reviews, ratings) feedback from multiple users, produce a general consensus, and provide suggestions based on that consensus. However, due to privacy concerns, users are uncomfortable with implicit data collection, thus requiring recommendation systems to be overly dependent on explicit feedback. Unfortunately, users do not frequently provide explicit feedback. This hampers the ability of recommendation systems to provide high-quality suggestions. We introduce Heimdall, the first privacy-respecting implicit preference collection framework that enables recommendation systems to extract user preferences from their activities in a privacy respecting manner. The key insight is to enable recommendation systems to run a collector on a user's device and precisely control the information a collector transmits to the recommendation system back-end. Heimdall introduces immutable blobs as a mechanism to guarantee this property. We implemented Heimdall on the Android platform and wrote three example collectors to enhance recommendation systems with implicit feedback. Our performance results suggest that the overhead of immutable blobs is minimal, and a user study of 166 participants indicates that privacy concerns are significantly less when collectors record only specific information--a property that Heimdall enables.

References

[1]

Advertising id. https://support.google.com/googleplay/android-developer/answer/6048248.

[2]

Apple Q&A on location data - April 27, 2011. http://www.apple.com/pr/library/2011/04/27Apple-Q-A-on-Location-Data.html.

[3]

Google Brillo OS for IoT. https://developers.google.com/brillo/.

[4]

Google Weave for IoT. https://developers.google.com/weave/.

[5]

JIF. http://www.cs.cornell.edu/jif/.

[6]

Quantcast number of visitors ranking. https://www.quantcast.com/top-sites/US/1.

[7]

Why Do Consumers Leave Reviews? https://www.getfivestars.com/blog/survey-why-do-consumers-leave-reviews/.

[8]

G. Adomavicius and A. Tuzhilin. Toward the next generation of recommender systems: A survey of the state-of-the-art and possible extensions. Knowledge and Data Engineering, IEEE Transactions on, 17(6):734--749, 2005.

Digital Library

[9]

N. F. Awad and M. S. Krishnan. The personalization privacy paradox: An empirical evaluation of information transparency and the willingness to be profiled online for personalization. MIS Q., 30(1):13--28, Mar. 2006.

[10]

J. L. Boyles, A. Smith, and M. Madden. Privacy and data management on mobile devices. Pew Internet & American Life Project, 4, 2012.

[11]

J. A. Calandrino, A. Kilzer, A. Narayanan, E. W. Felten, and V. Shmatikov. "you might also like: " privacy risks of collaborative filtering. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, pages 231--246, Washington, DC, USA, 2011. IEEE Computer Society.

Digital Library

[12]

I. T. R. Center. Breach report 2014. 2014.

[13]

V. Chandramouli, V. N. Abhijnan Chakraborty, S. Guha, V. Padmanabhan, and R. Ramjee. Insider: Towards breaking down mobile app silos. In TRIOS Workshop held in conjunction with the SIGOPS SOSP 2015, September 2015.

[14]

E. Chin, A. P. Felt, V. Sekar, and D. Wagner. Measuring user confidence in smartphone security and privacy. In Proceedings of the Eighth Symposium on Usable Privacy and Security, page 1. ACM, 2012.

Digital Library

[15]

Z. Fang, W. Han, and Y. Li. Permission based android security: Issues and countermeasures. computers & security, 43:205--218, 2014.

[16]

A. P. Felt, K. Greenwood, and D. Wagner. The effectiveness of application permissions. In Proceedings of the 2nd USENIX conference on Web application development, pages 7--7, 2011.

Digital Library

[17]

E. Fernandes, J. Paupore, A. Rahmati, D. Simionato, M. Conti, and A. Prakash. Flowfence: Practical data protection for emerging iot application frameworks. In 25th USENIX Security Symposium (USENIX Security 16), pages 531--548, Austin, TX, Aug. 2016. USENIX Association.

[18]

E. Fernandes, O. Riva, and S. Nath. Appstract: On-the-fly app content semantics with better privacy. In Proceedings of the 22Nd Annual International Conference on Mobile Computing and Networking, MobiCom '16, pages 361--374, New York, NY, USA, 2016. ACM.

Digital Library

[19]

N. Geri and Y. Geri. The information age measurement paradox: Collecting too much data. Informing Science: the International Journal of an Emerging Transdiscipline, 14:47--59, 2011.

[20]

G. Greenwald. No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State. Metropolitan Books, May 2014.

Digital Library

[21]

J. Hamari, J. Koivisto, and H. Sarsa. Does gamification work?--a literature review of empirical studies on gamification. In System Sciences (HICSS), 2014 47th Hawaii International Conference on, pages 3025--3034. IEEE, 2014.

Digital Library

[22]

E. Junqué de Fortuny, D. Martens, and F. Provost. Predictive modeling with big data: is bigger really better? Big Data, 1(4):215--226, 2013.

[23]

K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Incognito: Efficient full-domain k-anonymity. In Proceedings of the 2005 ACM SIGMOD international conference on Management of data, pages 49--60. ACM, 2005.

Digital Library

[24]

K. LeFevre, D. J. DeWitt, and R. Ramakrishnan. Mondrian multidimensional k-anonymity. In Data Engineering, 2006. ICDE'06. Proceedings of the 22nd International Conference on, pages 25--25. IEEE, 2006.

Digital Library

[25]

N. Li, T. Li, and S. Venkatasubramanian. t-closeness: Privacy beyond k-anonymity and l-diversity. In Data Engineering, 2007. ICDE 2007. IEEE 23rd International Conference on, pages 106--115. IEEE, 2007.

[26]

X. Li and L. M. Hitt. Self-selection and information role of online product reviews. Information Systems Research, 2008.

[27]

M. Luca. Reviews, reputation, and revenue: The case of yelp. com. Com (September 16, 2011). Harvard Business School NOM Unit Working Paper, (12-016), 2011.

[28]

A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD), 1(1):3, 2007.

Digital Library

[29]

W. Mason and S. Suri. Conducting behavioral research on amazon's mechanical turk. Behavior Research Methods, 44(1):1--23, 2012.

[30]

McKinsey&Company. Telecommunications, media, technology - iconsumers: Life online. 2013.

[31]

A. C. Myers. Jflow: Practical mostly-static information flow control. In Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL '99, pages 228--241, New York, NY, USA, 1999. ACM.

Digital Library

[32]

A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In Security and Privacy, 2008. SP 2008. IEEE Symposium on, pages 111--125. IEEE, 2008.

Digital Library

[33]

N. Ramakrishnan, B. J. Keller, B. J. Mirza, A. Y. Grama, and G. Karypis. Privacy risks in recommender systems. IEEE Internet Computing, 5(6):54--62, Nov. 2001.

Digital Library

[34]

S. Saroiu, A. Wolman, and S. Agarwal. Policy-carrying data: A privacy abstraction for attaching terms of service to mobile data. In Proceedings of the 16th International Workshop on Mobile Computing Systems and Applications, HotMobile '15, pages 129--134, New York, NY, USA, 2015. ACM.

Digital Library

[35]

G. Sarwar, O. Mehani, R. Boreli, and D. Kaafar. On the effectiveness of dynamic taint analysis for protecting against private information leaks on android-based devices. In SECRYPT 2013, 10th International Conference on Security and Cryptography, pages 461--467, Reykjávik, Iceland, jul 2013. SciTePress.

[36]

E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP '10, pages 317--331, Washington, DC, USA, 2010. IEEE Computer Society.

Digital Library

[37]

M. Sheppard. Smartphone apps, permissions and privacy. In Office of the Privacy Commissioner of Canada, 2013.

[38]

L. Sweeney. Achieving k-anonymity privacy protection using generalization and suppression. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):571--588, 2002.

Digital Library

[39]

L. Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):557--570, 2002.

Digital Library

[40]

L. Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(05):557--570, 2002.

Digital Library

[41]

P. Tambe. Big data investment, skills, and firm value. Management Science, 60(6):1452--1469, 2014.

Digital Library

[42]

E. Toch, Y. Wang, and L. F. Cranor. Personalization and privacy: A survey of privacy risks and remedies in personalization-based systems. User Modeling and User-Adapted Interaction, 22(1--2):203--220, Apr. 2012.

Digital Library

[43]

B. Zhang, N. Wang, and H. Jin. Privacy concerns in online recommender systems: Influences of control and user data input. pages 159--173. USENIX Association, 9999.

[44]

D. Zhang, A. Askarov, and A. C. Myers. Predictive mitigation of timing channels in interactive systems. In Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS '11, pages 563--574, New York, NY, USA, 2011. ACM.

Digital Library

[45]

D. Zhang, A. Askarov, and A. C. Myers. Language-based control and mitigation of timing channels. In Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI '12, pages 99--110, New York, NY, USA, 2012. ACM.

Digital Library

[46]

H. Zhang, K. E. Nejad, A. Rahmati, and H. V. Madhyastha. Towards comprehensive repositories of opinions. In Proceedings of the 15th ACM Workshop on Hot Topics in Networks, HotNets '16, pages 15--21, New York, NY, USA, 2016. ACM.

Digital Library

Cited By

Jin HLiu GHwang DKumar SAgarwal YHong J(2022)Peekaboo: A Hub-Based Approach to Enable Transparency in Data Processing within Smart Homes2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833629(303-320)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833629
Corner MLevine B(2018)MicroMobileProceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3210240.3210326(310-322)Online publication date: 10-Jun-2018
https://dl.acm.org/doi/10.1145/3210240.3210326

Index Terms

Heimdall: A Privacy-Respecting Implicit Preference Collection Framework

Recommendations

Using Implicit Feedback for Neighbors Selection: Alleviating the Sparsity Problem in Collaborative Recommendation Systems
WebMedia '17: Proceedings of the 23rd Brazillian Symposium on Multimedia and the Web

The most popular Recommender systems (RSs) employ Collaborative Filtering (CF) algorithms where users explicitly rate items. Based on these ratings, a user-item rating matrix is generated and used to select the items to be recommended for a target user. ...
Collaborative Filtering with Topic and Social Latent Factors Incorporating Implicit Feedback
Survey Papers and Regular Papers

Recommender systems (RSs) provide an effective way of alleviating the information overload problem by selecting personalized items for different users. Latent factors-based collaborative filtering (CF) has become the popular approaches for RSs due to ...
A time-based approach to effective recommender systems using implicit feedback

Recommender systems provide personalized recommendations on products or services to customers. Collaborative filtering is a widely used method of providing recommendations using explicit ratings on items from users. In some e-commerce environments, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

MobiSys '17: Proceedings of the 15th Annual International Conference on Mobile Systems, Applications, and Services

June 2017

520 pages

ISBN:9781450349284

DOI:10.1145/3081333

General Chairs:
Tanzeem Choudhury
Cornell University, USA
,
Steve Ko
University at Buffalo, USA
,
Program Chairs:
Andrew Campbell
Dartmouth College, USA
,
Deepak Ganesan
University of Massachusetts, USA

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing

In-Cooperation

SIGOPS: ACM Special Interest Group on Operating Systems

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

NSF

Conference

MobiSys'17

Sponsor:

SIGMOBILE

MobiSys'17: The 15th Annual International Conference on Mobile Systems, Applications, and Services

June 19 - 23, 2017

New York, Niagara Falls, USA

Acceptance Rates

MobiSys '17 Paper Acceptance Rate 34 of 188 submissions, 18%;

Overall Acceptance Rate 274 of 1,679 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
372
Total Downloads

Downloads (Last 12 months)54
Downloads (Last 6 weeks)11

Reflects downloads up to 23 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jin HLiu GHwang DKumar SAgarwal YHong J(2022)Peekaboo: A Hub-Based Approach to Enable Transparency in Data Processing within Smart Homes2022 IEEE Symposium on Security and Privacy (SP)10.1109/SP46214.2022.9833629(303-320)Online publication date: May-2022
https://doi.org/10.1109/SP46214.2022.9833629
Corner MLevine B(2018)MicroMobileProceedings of the 16th Annual International Conference on Mobile Systems, Applications, and Services10.1145/3210240.3210326(310-322)Online publication date: 10-Jun-2018
https://dl.acm.org/doi/10.1145/3210240.3210326

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents