Silvia Puglisi

Silvia Puglisi, Javier Parra-Arnau, Jordi Forné et al.

Recommendation systems and content filtering approaches based on annotations and ratings, essentially rely on users expressing their preferences and interests through their actions, in order to provide personalised content. This activity, in which users engage collectively, has been named social tagging. Although it has opened a myriad of new possibilities for application interoperability on the semantic web, it is also posing new privacy threats. Social tagging consists in describing online or online resources by using free-text labels (i.e. tags), therefore exposing the user's profile and activity to privacy attacks. Tag forgery is a privacy enhancing technology consisting of generating tags for categories or resources that do not reflect the user's actual preferences. By modifying their profile, tag forgery may have a negative impact on the quality of the recommendation system, thus protecting user privacy to a certain extent but at the expenses of utility loss. The impact of tag forgery on content-based recommendation is, therefore, investigated in a real-world application scenario where different forgery strategies are evaluated, and the consequent loss in utility is measured and compared.

Silvia Puglisi, David Rebollo-Monedero, Jordi Forné

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim's online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity.

Angel Torres Moreira, Monica Aguilar Igartua, Silvia Puglisi

The MobilitApp application is able to obtain mobility data and type of activity performed by a person. It runs in the background and stores the information in synchronous periodic locations. The main work of this project was to develop tools that facilitate the exploitation of the information obtained, add elements that make it attractive to use the application and spread it to a wider audience. With these new procedures, we manage to increase the number of connected users, improve security with which sensitive user information is managed and establish channels that will be used to add additional functionality to the application in future works.