3PS - Online Privacy through Group Identities
This addresses privacy concerns for users under regulations like GDPR by enabling personalized content without broad data collection, though it is an incremental improvement on existing privacy-preserving methods.
The paper tackles the problem of balancing personalized online services with privacy by proposing 3PS, a system using group identities to allow plausible deniability for sensitive interests, achieving over 98% personalization accuracy in tests while effectively protecting against attacks.
Limiting online data collection to the minimum required for specific purposes is mandated by modern privacy legislation such as the General Data Protection Regulation (GDPR) and the California Consumer Protection Act. This is particularly true in online services where broad collection of personal information represents an obvious concern for privacy. We challenge the view that broad personal data collection is required to provide personalised services. By first developing formal models of privacy and utility, we show how users can obtain personalised content, while retaining an ability to plausibly deny their interests in topics they regard as sensitive using a system of proxy, group identities we call 3PS. Through extensive experiment on a prototype implementation, using openly accessible data sources, we show that 3PS provides personalised content to individual users over 98% of the time in our tests, while protecting plausible deniability effectively in the face of worst-case threats from a variety of attack types.