SlideShare a Scribd company logo

Operando Presentation in Athens 2018

Operando Consortium, profile picture
Operando Consortium

The OPERANDO project aims to implement an innovative privacy enforcement framework that enables privacy as a service. It was funded by the Horizon 2020 Programme to address issues like users lacking control over their private data and inability to revoke consent for data access. The OPERANDO approach involves a privacy service provider that stores users' data in a vault and allows them to control access to their data via a dashboard. It also provides tools for online service providers to easily implement privacy policies and get certification.

Internet
1 of 37
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Constantinos Patsakis University of Piraeus, Greece OPERANDO Online Privacy Enforcement, Rights Assurance & Optimization H2020 Project Clustering Workshop
OPERANDO • Funded under the Horizon 2020 Programme (H2020), as part of the DS-01-2014 - Privacy call (GA no. 653704) • We implement and validate an innovative privacy enforcement framework that will enable: Privacy as a Service • The project is Open Source available in Github
Consortium
GDPR • On 27 April 2016, the EU adopted new rules for the protection of personal data, via the General Data Protection Regulation (GDPR). The GDPR will become applicable on 25 May 2018, and its impact will be felt in many areas in the next few years that service providers will have to integrate it in their services. • Will everyone do it? • What happens till then? • What happens with non-conforming services?
Main concept of the project • Ground truth: Users do not have control of their private data. • They consume numerous services, sharing their private data with many entities many of which they do not know. • Users do not have control of who accesses their private data, when, which data and why. • Users are not able to revoke their consent. • Common users do not have the knowledge and means to enforce their privacy preferences. • Note that the project was submitted before GDPR.
The OPERANDO approach • “One size fits all” doesn’t actually work • The project is split in G2C and B2C approaches to cater for the different needs. • The research part of the project has several contributions that many of you are already using.
The G2C case
Current status • Users browse the Internet sharing a lot of private information, without knowing what they share, when or being able to filter it. • Big companies are monetizing this information as it enables them to efficiently profile users. • Users have an “one-time” deal, “share data” or no-service. • Many of the data that companies are collecting are not needed for the service provision.
How does it work? (User side) • Users registered to a Privacy Service Provider (PSP) who provides them with a “vault” for their data • Users then register to affiliated online service providers. • The PSP provides an easy-to-use dashboard to manage all private data. • The user can: • See which data each OSP requests, • Why they are requested, • When they are processed, • Who requests them • Revoke/grant access
OSP side • The Online Service Provider (OSP) is not always the bad guy, actually most OSPs are not, they just want to provide a service. • How do they prove that they “don’t do evil”? • How can they get certification of their services? • How they can deploy easily services?
OPERANDO PSP side • OPERANDO provides the vault which is monitored by the PSP. All data coming, processed and leaving are continuously monitored and logged. • To facilitate development all database transactions are made using a RESTful interface which allows developers to query the database using OData. • Before executing any query, the role and permissions of each user are checked to determine whether he is authorized to perform the query. Then, the affected/returned rows are checked against the user preferences to determine whether user is allowed to perform this query in row level.
OPERANDO PSP side • The PSP logs all transactions and shows you what is done with your data. • The PSP monitors any transactions and enforces your privacy policies. • The OSP cannot arbitrarily access your data. • The OSP can handle user policies without writing any code. • Opting in and out is seamless.
Basic concept of OPERANDO G2C
The AMI use case
Operando Presentation in Athens 2018
Operando Presentation in Athens 2018
Operando Presentation in Athens 2018
Operando Presentation in Athens 2018
The B2C case
DeFault Settings • Times New Roman Syndrome – The default font for everything • The users’ assumption that Online Service Providers had given careful consideration on their default privacy settings • Privacy Settings not easily accessible to novice users Consumer privacy is exposed to multiple dangers Keep in mind that using a free online service means that most probably you are the product. User Profiling • Targeted Ads • 3rd party trackers • Social media buttons Unique identifiers to stalk users’ behavior
• Remember that FB app you used once 2 years ago? – It still has access to your social network data • Excessive permissions granted to mobile and browser apps • Spam emails after registration on websites • Exposed after data breach of the Service Provider – e.g. Ashley Madison hack • Malware software lurking on the internet Forgotten & Suspicious Apps Email Malware Consumer privacy is exposed to multiple dangers
The complete guide to privacyLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neque. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neqe. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neque. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necCras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus,
iOS & Android Apps Hide their email identity Ad blocking and anti-tracking capabilities Control all of social network privacy settings Do their own privacy-for-benefit deals Control the browser’s extensions permissions Control apps connected to their data Chrome ExtensionPlusPrivacy empowers users to from a unified Dashboard
The users have to make only one choice. Clicking the Single click privacy button will automatically change all the privacy options in your social network accounts to their most privacy-friendly settings.
Takes place on the browser, +P does not have access on users’ data.
Tweak your privacy settings from the dashboard
Ad Blocking Anti-Tracking Block Malware Domains
Inspect the Permissions of Extensions Enable/Disable or Delete
Just a click away from getting rid of redundant or privacy-polluting apps Inspect Apps connected to
Up to 20 alternative email identities Remailed to your email address, and your reply will be mailed back to the original sender, without disclosing your real email address +P does not keep any data
Privacy-for-Benefit Allows users to get economic benefits in exchange for access to their private data (that today they provide for free!)
Easy to Use User Interface on Mobile Platforms
Research
You are already using our results • A big part of our research is focused on improving S&P of Android and fixes have been already pushed. • Android OS: • CVEs: 2017-0807 & 2016-6715 • Unauthorized access to user’s location and user files. • Apps: • Skype • Reported vulnerabilities to 20 of the most widely used medical apps
Operando Presentation in Athens 2018
Contact us Project webpage: https://www.operando.eu/ +Privacy has a dedicated web page: https://plusprivacy.com/ We share all our code on Github: https://github.com/OPERANDOH2020/ Social: https://www.operando.eu/ https://twitter.com/OperandoH2020 https://www.facebook.com/OperandoH2020/
Constantinos Patsakis, University of Piraeus Email: kpatsak@unipi.gr http://cs.unipi.gr/kpatsak/ Any Questions

More Related Content

PPTX
Empowering users to reclaim their Privacy
Operando Consortium
 
PDF
How to see whatsapp messages
davidgeffens
 
PPTX
Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Michael Scheidell
 
PPT
40 Minutes on Business Model Innovation
Alexander Osterwalder
 
PPT
Business Model Innovation
KR Krishna CBAP, PMP
 
PDF
EBE 2020 How to put the consumer in the driving seat of the European Digital ...
E-Commerce Berlin EXPO
 
PDF
170424 isaca lux slides
Henri Kuiper
 
PPT
Sample Presentation
cacurtis123
 
Empowering users to reclaim their Privacy
Operando Consortium
 
How to see whatsapp messages
davidgeffens
 
Bring Your Own Policy: Internet Use/BYOD Policy by consensus
Michael Scheidell
 
40 Minutes on Business Model Innovation
Alexander Osterwalder
 
Business Model Innovation
KR Krishna CBAP, PMP
 
EBE 2020 How to put the consumer in the driving seat of the European Digital ...
E-Commerce Berlin EXPO
 
170424 isaca lux slides
Henri Kuiper
 
Sample Presentation
cacurtis123
 

Similar to Operando Presentation in Athens 2018 (20)

PDF
Pitch Deck Premium Classic
Improve Presentation
 
PPT
Social Media Basics & Application (for Indexers)
Sara Truscott
 
PDF
English Essay Steel. Online assignment writing service.
Christine Jones
 
PDF
Avoid costly data warehouse upgrades
Appfluent Technology
 
PDF
Review Types - Testing Traveler, The Post About Review Types
Charlie Congdon
 
PDF
Venkatraman 5 webs 3 horizons
N. Venkat Venkatraman
 
PPTX
Pitch deck premium
energiadeportugal2015
 
PPT
2 Day Workshop on Business Model Design
Alexander Osterwalder
 
PDF
Empowering Digital Lifestyle in Internet of Things
Dr. Mazlan Abbas
 
PDF
Diseño 02---herramienta
Jairo Rodriguez
 
DOCX
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!.docx
simonlbentley59018
 
DOCX
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!.docx
ADDY50
 
DOCX
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!
LilianaJohansen814
 
PPT
Improving Your Email Communications (and making your life easier in the process)
Reid Dossinger
 
PPTX
AnnualReport_Aqua plantilla pptx de power point
Nash748137
 
PPT
Management20 competitive-advantage-through-business-model-design-innovation-1...
Divyapratap Mehta
 
PDF
Diseño 04---modelo de negocio
Jairo Rodriguez
 
PDF
Outside the Comfort Zone: Cross Industry Use Cases in Big Data Analytics
Rising Media Ltd.
 
PDF
Content cooperation with Cheetah Mobile
Tango Wu
 
PDF
New 4Th Grade Opinion Essay Examples Pics - Exam
Amanda Detwiler
 
Pitch Deck Premium Classic
Improve Presentation
 
Social Media Basics & Application (for Indexers)
Sara Truscott
 
English Essay Steel. Online assignment writing service.
Christine Jones
 
Avoid costly data warehouse upgrades
Appfluent Technology
 
Review Types - Testing Traveler, The Post About Review Types
Charlie Congdon
 
Venkatraman 5 webs 3 horizons
N. Venkat Venkatraman
 
Pitch deck premium
energiadeportugal2015
 
2 Day Workshop on Business Model Design
Alexander Osterwalder
 
Empowering Digital Lifestyle in Internet of Things
Dr. Mazlan Abbas
 
Diseño 02---herramienta
Jairo Rodriguez
 
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!.docx
simonlbentley59018
 
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!.docx
ADDY50
 
Aliquam sed lectus ac nibh ultrices rutrumPg. 3More inside!
LilianaJohansen814
 
Improving Your Email Communications (and making your life easier in the process)
Reid Dossinger
 
AnnualReport_Aqua plantilla pptx de power point
Nash748137
 
Management20 competitive-advantage-through-business-model-design-innovation-1...
Divyapratap Mehta
 
Diseño 04---modelo de negocio
Jairo Rodriguez
 
Outside the Comfort Zone: Cross Industry Use Cases in Big Data Analytics
Rising Media Ltd.
 
Content cooperation with Cheetah Mobile
Tango Wu
 
New 4Th Grade Opinion Essay Examples Pics - Exam
Amanda Detwiler
 
Ad

Recently uploaded (20)

PPT
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
PDF
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
PDF
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
PPTX
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PDF
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
PDF
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PPTX
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
PPTX
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
PDF
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
PPTX
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
PPTX
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
PPTX
Digital Literacy And Online Safety on internet
riksa rifqi
 
DOC
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
PPTX
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
PDF
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
PPTX
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
PPTX
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Design_with_Watersergyerge45hrbgre4top (1).ppt
DiogoRibeiro730590
 
Tenda Login Guide: Access Your Router in 5 Easy Steps
tendawifi16
 
The New Creative Director: How AI Tools for Social Media Content Creation Are...
SageTitans
 
SAP Ariba Sourcing PPT for learning material
NKKumar16
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
An introduction to the IFRS (ISSB) Stndards.pdf
farhankhan13694
 
Slides PDF The World Game (s) Eco Economic Epochs.pdf
Steven McGee
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
Slides PPTX World Game (s) Eco Economic Epochs.pptx
Steven McGee
 
newyork.pptxirantrafgshenepalchinachinane
PrashantKoirala12
 
FINAL CALL-6th International Conference on Networks & IOT (NeTIOT 2025)
IJMIT JOURNAL
 
June-4-Sermon-Powerpoint.pptx USE THIS FOR YOUR MOTIVATION
KuyaRogie
 
artificialintelligenceai1-copy-210604123353.pptx
b45r14
 
Digital Literacy And Online Safety on internet
riksa rifqi
 
Rose毕业证学历认证,利物浦约翰摩尔斯大学毕业证国外本科毕业证
acoqwo
 
presentation_pfe-universite-molay-seltan.pptx
yahyamohibme
 
Vigrab.top – Online Tool for Downloading and Converting Social Media Videos a...
Vigrab Top
 
Power Point - Lesson 3_2.pptx grad school presentation
JoyPPD
 
Introduction to Information and Communication Technology
AkmadArzieAyao1
 
Ad

Operando Presentation in Athens 2018

  • 1. Constantinos Patsakis University of Piraeus, Greece OPERANDO Online Privacy Enforcement, Rights Assurance & Optimization H2020 Project Clustering Workshop
  • 2. OPERANDO • Funded under the Horizon 2020 Programme (H2020), as part of the DS-01-2014 - Privacy call (GA no. 653704) • We implement and validate an innovative privacy enforcement framework that will enable: Privacy as a Service • The project is Open Source available in Github
  • 4. GDPR • On 27 April 2016, the EU adopted new rules for the protection of personal data, via the General Data Protection Regulation (GDPR). The GDPR will become applicable on 25 May 2018, and its impact will be felt in many areas in the next few years that service providers will have to integrate it in their services. • Will everyone do it? • What happens till then? • What happens with non-conforming services?
  • 5. Main concept of the project • Ground truth: Users do not have control of their private data. • They consume numerous services, sharing their private data with many entities many of which they do not know. • Users do not have control of who accesses their private data, when, which data and why. • Users are not able to revoke their consent. • Common users do not have the knowledge and means to enforce their privacy preferences. • Note that the project was submitted before GDPR.
  • 6. The OPERANDO approach • “One size fits all” doesn’t actually work • The project is split in G2C and B2C approaches to cater for the different needs. • The research part of the project has several contributions that many of you are already using.
  • 8. Current status • Users browse the Internet sharing a lot of private information, without knowing what they share, when or being able to filter it. • Big companies are monetizing this information as it enables them to efficiently profile users. • Users have an “one-time” deal, “share data” or no-service. • Many of the data that companies are collecting are not needed for the service provision.
  • 9. How does it work? (User side) • Users registered to a Privacy Service Provider (PSP) who provides them with a “vault” for their data • Users then register to affiliated online service providers. • The PSP provides an easy-to-use dashboard to manage all private data. • The user can: • See which data each OSP requests, • Why they are requested, • When they are processed, • Who requests them • Revoke/grant access
  • 10. OSP side • The Online Service Provider (OSP) is not always the bad guy, actually most OSPs are not, they just want to provide a service. • How do they prove that they “don’t do evil”? • How can they get certification of their services? • How they can deploy easily services?
  • 11. OPERANDO PSP side • OPERANDO provides the vault which is monitored by the PSP. All data coming, processed and leaving are continuously monitored and logged. • To facilitate development all database transactions are made using a RESTful interface which allows developers to query the database using OData. • Before executing any query, the role and permissions of each user are checked to determine whether he is authorized to perform the query. Then, the affected/returned rows are checked against the user preferences to determine whether user is allowed to perform this query in row level.
  • 12. OPERANDO PSP side • The PSP logs all transactions and shows you what is done with your data. • The PSP monitors any transactions and enforces your privacy policies. • The OSP cannot arbitrarily access your data. • The OSP can handle user policies without writing any code. • Opting in and out is seamless.
  • 13. Basic concept of OPERANDO G2C
  • 14. The AMI use case
  • 20. DeFault Settings • Times New Roman Syndrome – The default font for everything • The users’ assumption that Online Service Providers had given careful consideration on their default privacy settings • Privacy Settings not easily accessible to novice users Consumer privacy is exposed to multiple dangers Keep in mind that using a free online service means that most probably you are the product. User Profiling • Targeted Ads • 3rd party trackers • Social media buttons Unique identifiers to stalk users’ behavior
  • 21. • Remember that FB app you used once 2 years ago? – It still has access to your social network data • Excessive permissions granted to mobile and browser apps • Spam emails after registration on websites • Exposed after data breach of the Service Provider – e.g. Ashley Madison hack • Malware software lurking on the internet Forgotten & Suspicious Apps Email Malware Consumer privacy is exposed to multiple dangers
  • 22. The complete guide to privacyLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neque. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neqe. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necLorem ipsum dolor sit amet, consectetur adipiscing elit. Proin quis ultrices lorem, eu luctus mi. Praesent dapibus ligula ipsum, eget pretium felis semper quis. Nulla congue mauris eget felis ornare mattis. Cras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus, non tempor orci cursus quis. Sed ullamcorper iaculis libero, id luctus arcu faucibus vitae. Suspendisse a sodales neque. Maecenas eget sagittis magna. Phasellus quam tellus, suscipit molestie tortor eget, porta mattis urna. Ut auctor et odio quis vehicula. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse bibendum augue id neque porttitor, quis semper tellus gravida. Nam aliquam augue eget elit convallis rutrum. Vivamus pharetra purus id metus volutpat, ac elementum magna posuere. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia Curae; Vestibulum condimentum dui necCras sed augue sem. Etiam ac risus vulputate tellus fringilla placerat a id mauris. Vestibulum elementum tellus a lorem viverra ullamcorper. Curabitur sagittis metus lorem, ut consectetur urna dignissim nec. Mauris non bibendum lorem. Vestibulum posuere velit quis justo gravida gravida. Ut lacinia erat ut nisi volutpat sagittis. Interdum et malesuada fames ac ante ipsum primis in faucibus. Fusce et tristique nisi, ac luctus ex. Praesent sagittis quam et aliquet molestie. In sit amet massa viverra, rhoncus massa eget, aliquam tellus. Nam tortor velit, hendrerit ac lectus a, molestie vestibulum arcu. Sed eget augue eget urna lacinia ullamcorper sit amet non dolor. Vivamus at massa a magna pulvinar dictum eu id nisi. Nullam hendrerit id sem imperdiet varius. Quisque tortor felis, malesuada ut libero vel, hendrerit placerat enim. Nam lectus elit, pellentesque ac scelerisque sit amet, tincidunt in sem. Praesent fringilla magna a enim ullamcorper dignissim. Nulla sollicitudin tellus mauris, ut egestas purus scelerisque et. Sed eu magna a nulla malesuada tincidunt eget sed leo. Vivamus convallis, urna aliquam accumsan vulputate, nisl neque viverra tortor, sit amet elementum est ipsum aliquet lorem. Aenean iaculis nulla vulputate arcu posuere maximus. Praesent odio turpis, viverra at augue vestibulum, cursus eleifend libero. Proin lobortis imperdiet ex eget tempor. Proin tempus lobortis lacus,
  • 23. iOS & Android Apps Hide their email identity Ad blocking and anti-tracking capabilities Control all of social network privacy settings Do their own privacy-for-benefit deals Control the browser’s extensions permissions Control apps connected to their data Chrome ExtensionPlusPrivacy empowers users to from a unified Dashboard
  • 24. The users have to make only one choice. Clicking the Single click privacy button will automatically change all the privacy options in your social network accounts to their most privacy-friendly settings.
  • 25. Takes place on the browser, +P does not have access on users’ data.
  • 26. Tweak your privacy settings from the dashboard
  • 28. Inspect the Permissions of Extensions Enable/Disable or Delete
  • 29. Just a click away from getting rid of redundant or privacy-polluting apps Inspect Apps connected to
  • 30. Up to 20 alternative email identities Remailed to your email address, and your reply will be mailed back to the original sender, without disclosing your real email address +P does not keep any data
  • 31. Privacy-for-Benefit Allows users to get economic benefits in exchange for access to their private data (that today they provide for free!)
  • 32. Easy to Use User Interface on Mobile Platforms
  • 34. You are already using our results • A big part of our research is focused on improving S&P of Android and fixes have been already pushed. • Android OS: • CVEs: 2017-0807 & 2016-6715 • Unauthorized access to user’s location and user files. • Apps: • Skype • Reported vulnerabilities to 20 of the most widely used medical apps
  • 36. Contact us Project webpage: https://www.operando.eu/ +Privacy has a dedicated web page: https://plusprivacy.com/ We share all our code on Github: https://github.com/OPERANDOH2020/ Social: https://www.operando.eu/ https://twitter.com/OperandoH2020 https://www.facebook.com/OperandoH2020/
  • 37. Constantinos Patsakis, University of Piraeus Email: kpatsak@unipi.gr http://cs.unipi.gr/kpatsak/ Any Questions