ABSTRACT
There has been a huge spike in the usage of social media platforms during the COVID-19 lockdowns. These lockdown periods have resulted in a set of new cybercrimes, thereby allowing attackers to victimise social media users with a range of threats. This paper performs a large-scale study to investigate the impact of a pandemic and the lockdown periods on the security and privacy of social media users. We analyse 10.6 Million COVID-related tweets from 533 days of data crawling and investigate users' security and privacy behaviour in three different periods (i.e., before, during, and after the lockdown). Our study shows that users unintentionally share more personal identifiable information when writing about the pandemic situation (e.g., sharing nearby coronavirus testing locations) in their tweets. The privacy risk reaches 100% if a user posts three or more sensitive tweets about the pandemic. We investigate the number of suspicious domains shared on social media during different phases of the pandemic. Our analysis reveals an increase in the number of suspicious domains during the lockdown compared to other lockdown phases. We observe that IT, Search Engines, and Businesses are the top three categories that contain suspicious domains. Our analysis reveals that adversaries' strategies to instigate malicious activities change with the country's pandemic situation. © 2013 IEEE.
ABSTRACT
In the past decade, the gaming industry has seen a sharp rise in popularity, particularly in mobile gaming, and these numbers have only increased with the recent COVID-19 pandemic. Given the amount of user information being collected and shared by these gaming apps as well as the demographics of its users such as minors, it is critical to examine these apps' privacy vulnerabilities. In this study, we reviewed and analyzed 20 popular gaming apps' privacy policies and evaluated their explicit privacy protections or lack thereof. In particular, we examined if any specific privacy protections are provided to vulnerable groups like children and teenagers. Results found that although these gaming apps have privacy protections listed in their policies, only a few of them explicitly identify individual's consent and choice. Also, most of the privacy protections on minors like children and teenagers provided by these gaming apps are only at a basic level. Results from this study can provide guidance to both app users and app developers on the measures that each app is already taking on privacy protections, as well as identifying the vulnerabilities and potential privacy risks that currently exist. Furthermore, it can provide guidance for implementing appropriate privacy policies to protect users' personal data. © 2022 IEEE.
ABSTRACT
The COVID-19 pandemic has killed millions and gravely disrupted the world's economy. A safe and effective vaccine was developed remarkably swiftly, but as of yet, uptake of the vaccine has been slow. This paper explores one potential explanation of delayed adoption of the vaccine, which is data privacy concerns. We explore two contrasting regulations that vary across U.S. states that have the potential to affect the perceived privacy risk associated with receiving a COVID-19 vaccine. The first regulation—an "identification requirement”—increases privacy concerns by requiring individuals to verify residency with government approved documentation. The second regulation—"anonymity protection”—reduces privacy concerns by allowing individuals to remove personally identifying information from state-operated immunization registry systems. We investigate the effects of these privacy-reducing and privacy-protecting regulations on U.S. state-level COVID-19 vaccination rates. Using a panel data set, we find that identification requirements decrease vaccine demand but that this negative effect is offset when individuals are able to remove information from an immunization registry. Our results remain consistent when controlling for CDC-defined barriers to vaccination, levels of misinformation, vaccine incentives, and states' phased distribution of vaccine supply. These findings yield significant theoretical and practical contributions for privacy policy and public health. © 2022 INFORMS.
ABSTRACT
Given the importance of privacy, many Internet protocols are nowadays designed with privacy in mind (e.g., using TLS for confidentiality). Foreseeing all privacy issues at the time of protocol design is, however, challenging and may become near impossible when interaction out of protocol bounds occurs. One demonstrably not well understood interaction occurs when DHCP exchanges are accompanied by automated changes to the global DNS (e.g., to dynamically add hostnames for allocated IP addresses). As we will substantiate, this is a privacy risk: one may be able to infer device presence and network dynamics from virtually anywhere on the Internet — and even identify and track individuals — even if other mechanisms to limit tracking by outsiders (e.g., blocking pings) are in place. We present a first of its kind study into this risk. We identify networks that expose client identifiers in reverse DNS records and study the relation between the presence of clients and said records. Our results show a strong link: in 9 out of 10 cases, records linger for at most an hour, for a selection of academic, enterprise and ISP networks alike. We also demonstrate how client patterns and network dynamics can be learned, by tracking devices owned by persons named Brian over time, revealing shifts in work patterns caused by COVID-19 related work-from-home measures, and by determining a good time to stage a heist. © 2022 Copyright held by the owner/author(s).
ABSTRACT
Governments and businesses routinely disclose large amounts of private data on individuals, for data analytics. However, despite attempts by data controllers to anonymise data, attackers frequently deanonymise disclosed data by matching it with their prior knowledge. When is a chosen anonymisation method adequate? For this, a data controller must consider attackers befitting their scenario;how does attacker knowledge affect disclosure risk? We present a multi-dimensional conceptual framework for assessing privacy risks given prior knowledge about data. The framework defines three dimensions: distinctness (of input records), informedness (of attacker), and granularity (of anonymisation program output). We model three well-known types of disclosure risk: identity disclosure, attribute disclosure, and quantitative attribute disclosure. We demonstrate how to apply this framework in a health record privacy scenario: We analyse how informing the attacker with COVID-19 infection rates affects privacy risks. We perform this analysis using Privug, a method that uses probabilistic programming to do standard statistical analysis with Bayesian Inference. © 2022 ACM.
ABSTRACT
We propose a conceptual model of acceptance of contact tracing apps based on the privacy calculus perspective. Moving beyond the duality of personal benefits and privacy risks, we theorize that users hold social considerations (i.e., social benefits and risks) that underlie their acceptance decisions. To test our propositions, we chose the context of COVID-19 contact tracing apps and conducted a qualitative pre-study and longitudinal quantitative main study with 589 participants from Germany and Switzerland. Our findings confirm the prominence of individual privacy calculus in explaining intention to use and actual behavior. While privacy risks are a significant determinant of intention to use, social risks (operationalized as fear of mass surveillance) have a notably stronger impact. Our mediation analysis suggests that social risks represent the underlying mechanism behind the observed negative link between individual privacy risks and contact tracing apps' acceptance. Furthermore, we find a substantial intention–behavior gap.
ABSTRACT
This article explores Canadians’ response to their federal government’s release of the COVID-19 Tracing app for smartphones in 2020 during the pandemic. Researchers and industry have proposed cellphone-based contact tracing to help contain the spread of SARS-COV-2 virus in people during the COVID-19 pandemic. However, the efficacy of contact tracing requires a certain threshold of participants and for people to enable specific access to communication ports on their mobile devices. Privacy and confidentiality concerns over users’ data on their personal devices have existed for years. Rightfully, industry watchdogs have raised concerns about the long-term consequences of contact tracing. As well questioning the potential confidentiality risks, privacy experts have also raised questions about whether contact tracing can curb the spread of the SARS-COV-2 virus. The uncertainty of this technology and pre-existing privacy concern could affect the adoption by the public. It is unknown how people perceive their security regarding contact tracing during the COVID-19 pandemic. This article presents early theoretical work and survey data taken from an ongoing study on participants’ perceptions of security and privacy perceptions of the COVID Alert contact-tracing app released in several Canadian provinces and territories during the 2020–2021 pandemic. © 2021, Springer Nature Switzerland AG.
ABSTRACT
China's unprecedented measures to mobilize its diverse surveillance apparatus played a key part in the country's successful containment of the ongoing coronavirus pandemic. Critics worldwide believe these invasive technologies, in the hands of an authoritarian regime, could trample the right to privacy and curb fundamental civil and human rights. However, there is little domestic public resistance in China about technology-related privacy risks during the pandemic. Drawing on academic research and a semantic network analysis of media frames, we explore the contextual political and cultural belief systems that determine public support for authorities' ever-expanding access to personal data. We interrogate the longer-term trajectories-including the guardian model of governance, sociotechnical imagination of technology, and communitarian values-by which the understanding of technology and privacy in times of crisis has been shaped. China's actions shed light on the general acceptance of the handover of personal data for anti-epidemic purposes in East Asian societies like South Korea and Singapore.