Publications
"Analysis, Modelling and Protection of Online Private Data"
Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and Online communications generate a consistent amount of data flowing among users, services and applications. This information results from the interactions between different parties, and once collected, it is used for a variety of purposes, from marketing profiling to product recommendations, from news filtering to relationship suggestions. Understanding how data is shared and used by services on behalf of users is the motivation behind this work. When a user creates a new account on a certain platform, this creates a logical container that will be used to store the user's activity. The service aims to profile the user. Therefore, every time some data is created, shared or accessed, information about the user’s behaviour and interests is collected and analysed. Users produce this data but are unaware of how it will be handled by the service, and of whom it will be shared with. More importantly, once aggregated, this data could reveal more over time that the same users initially intended. Information revealed by one profile could be used to obtain access to another account, or during social engineering attacks. The main focus of this dissertation is modelling and analysing how user data flows among different applications and how this represents an important threat for privacy. A framework defining privacy violation is used to classify threats and identify issues where user data is effectively mishandled. User data is modelled as categorised events, and aggregated as histograms of relative frequencies of online activity along predefined categories of interests. Furthermore, a paradigm based on hypermedia to model online footprints is introduced. This emphasises the interactions between different user-generated events and their effects on the user’s measured privacy risk. Finally, the lessons learnt from applying the paradigm to different scenarios are discussed.
Ph.D. dissertation, Universitat Politècnica de Catalunya, Jun. 2017
citation: S. Puglisi. (2017). "Analysis, Modelling and Protection of Online Private Data." Ph.D. dissertation, Universitat Politècnica de Catalunya, Jun. 2017.
"On the Anonymity Risk of Time-Varying User Profiles"
Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and analysed. Every time a user publishes a new post or creates a link with another entity, either another user, or some online resource, new information is added to the user profile. Exposing private data does not only reveal information about single users’ preferences, increasing their privacy risk, but can expose more about their network that single actors intended. This mechanism is self-evident in social networks where users receive suggestions based on their friends’ activities. We propose an information-theoretic approach to measure the differential update of the anonymity risk of time-varying user profiles. This expresses how privacy is affected when new content is posted and how much third-party services get to know about the users when a new activity is shared. We use actual Facebook data to show how our model can be applied to a real-world scenario.
citation: S. Puglisi, D. Rebollo-Monedero, J. Forne. (2017). "On the Anonymity Risk of Time-Varying User Profiles." Entropy 2017. 19(5), 190
journal: Entropy 2017
"MobilitApp: Analysing Mobility Data of Citizens in the Metropolitan Area of Barcelona"
MobilitApp is a platform designed to provide smart mobility services in urban areas. It is designed to help citizens and transport authorities alike. Citizens will be able to access the MobilitApp mobile application and decide their optimal transportation strategy by visualising their usual routes, their carbon footprint, receiving tips, analytics and general mobility information, such as traffic and incident alerts. Transport authorities and service providers will be able to access information about the mobility pattern of citizens to offer their best services, improve costs and planning. The MobilitApp client runs on Android devices and records synchronously, while running in the background, periodic location updates from its users. The information obtained is processed and analysed to understand the mobility patterns of our users in the city of Barcelona, Spain.
citation: Silvia Puglisi, Ángel Torres Moreira, Gerard Marrugat Torregrosa, Mónica Aguilar Igartua and Jordi Forné. (2016). "MobilitApp: Analysing Mobility Data of Citizens in the Metropolitan Area of Barcelona." Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series. Vol. 169.
proceedings: 'Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series'
"On Web user tracking: How third-party http requests track users' browsing patterns for personalised advertising"
On today's Web, users trade access to their private data for content and services. Advertising sustains the business model of many websites and applications. Efficient and successful advertising relies on predicting users' actions and tastes to suggest a range of products to buy. It follows that, while surfing the Web users leave traces regarding their identity in the form of activity patterns and unstructured data. We analyse how advertising networks build user footprints and how the suggested advertising reacts to changes in the user behaviour.
citation: S. Puglisi, D. Rebollo-Monedero, J. Forne. (2016). "On Web user tracking: How third-party http requests track users' browsing patterns for personalised advertising." Ad Hoc Networking Workshop (Med-Hoc-Net), 2016 Mediterranean.
proceedings: 'Ad Hoc Networking Workshop (Med-Hoc-Net), 2016 Mediterranean'
"RESTful Rails Development: Building Open Applications and Services"
The Web is slowly but surely changing from a model in which a human reader browses content on web pages to a model in which services and clients (not necessarily humans) exchange information. And because of this, author Silvia Puglisi explains, it makes more sense to build platforms instead of just products or applications. Platforms are like ecosystems interconnecting different applications, services, users, developers, and partners, and offer many benefits.
citation: S. Puglisi. (2017). "RESTful Rails Development: Building Open Applications and Services." OReilly Media.
"You never surf alone. Ubiquitous tracking of users’ browsing habits"
n the early age of the internet users enjoyed a large level of anonymity. At the time web pages were just hypertext documents; almost no personalisation of the user experience was offered. The Web today has evolved as a world wide distributed system following specific architectural paradigms. On the web now, an enormous quantity of user generated data is shared and consumed by a network of applications and services, reasoning upon users expressed preferences and their social and physical connections. Advertising networks follow users' browsing habits while they surf the web, continuously collecting their traces and surfing patterns. We analyse how users tracking happens on the web by measuring their online footprint and estimating how quickly advertising networks are able to profile users by their browsing habits.
citation: S. Puglisi, D. Rebollo-Monedero, J. Forné. (2015). "You never surf alone. Ubiquitous tracking of users’ browsing habits." Proceeding Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance. 9481 (273-280).
proceedings: 'Proceeding Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance'
"On Content-Based Recommendation and User Privacy in Social-Tagging Systems"
We investigate the effects of different privacy enhancing technologies in content-based recommendation systems.
We study the interplay between the degree of privacy and the potential degradation of the quality of the recommendation.
We evaluate three different tag forgery strategies: optimised tag forgery, uniform tag forgery and TrackMeNot.
We carry out an experimental evaluation on a real dataset extracted from Delicious.
Recommended citation: S. Puglisi, J. Parra-Arnau, J. Forné, D. Rebollo-Monedero. (2015). "On Content-Based Recommendation and User Privacy in Social-Tagging Systems" Computer Standards & Interfaces. 41 (17-27).
citation: 'S. Puglisi, J. Parra-Arnau, J. Forné, D. Rebollo-Monedero. (2015). "On Content-Based Recommendation and User Privacy in Social-Tagging Systems." Computer Standards & Interfaces. 41 (17-27).'
journal: 'Computer Standards & Interfaces - Volume 41'
"Potential mass surveillance and privacy violations in proximity-based social applications"
Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim's online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity.
citation: 'S. Puglisi, D. Rebollo-Monedero, J. Forné (2010). "Potential mass surveillance and privacy violations in proximity-based social applications." TRUSTCOM 15 Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA. 1 (1045-1052).'
proceedings: 'TRUSTCOM 15 Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA'