Consumer Privacy and Security Control in Crowdsourcing Platforms

Abstract

Security and Privacy are important issues in crowdsourcing platforms, especially in a time when data collection is becoming easier and data mining techniques are becoming more efficient. It is no surprise that research on protecting the privacy of individuals and authenticating the data in real-time have received many contributions from many fields such as computer science, statistics, economics, and social science. In this thesis, we consider three different crowdsourcing platforms, namely, crowdsourcing peer-to-peer distribution systems (such as eYeka and CrowdFlik), crowdsourced survey platforms (such as Amazon Mechanical Turk and Google Consumer Surveys) and, crowdsourced recommender systems (such as Amazon and NetFlix). We then address possible security and privacy issues and propose models and mechanisms to provide the control to the end users over such threats.

First, we address the issue of data authentication in crowdsourcing platforms. We note that currently available crowdsourced media streaming platforms (e.g., CrowdFlik, Jumpcam) may consist of untrusted users or malicious content, have multiple points of access, and therefore the authenticity of the content being streamed to a mobile device is of critical importance. Traditional security mechanisms do not suffice: secret key solutions are vulnerable to insider attacks, and digital signatures are not robust to packet loss and are too resource intensive for frequent application. We explore how the structure of the Merkle tree can be adapted to improve playback performance for streaming content. We develop a new unbalanced tree structure which is a generalization of the Merkle tree. Furthermore we demonstrate that our authentication scheme reduce start-up delays without affecting play-back stall rates.

Second, we propose the architecture of Loki, a privacy preserving crowdsourcing survey platform that allows users to obfuscate their responses at-source to control their privacy loss without having to trust any external entity. Existing crowdsourcing platforms such as Amazon Mechanical Turk and Google Consumer Surveys have no mechanisms to protect privacy of user responses. In our work, we show that how easily privacy can be compromised in a crowdsourcing platform, highlighting that trusting any external entity may not be an acceptable solution to protect user privacy. As a result, we develop Loki, a crowdsourcing platform that does not require a trusted broker, allowing users to obfuscate their input based on their level of comfort. Then we devise an algorithm that allows the platform to balance the trade-offs between privacy, accuracy and cost by leverage the user-prior history to select suitable set of users for a given survey. We then present our prototype that we built on iOS/Android mobile devices and demonstrate that our approach aligns well with user perception of privacy and yields accurate results.

Finally, we investigate the privacy loss that happens when the users of the recommender systems rate products they have consumed, and some form of collaborative filtering is used by the recommender system to find the other users with the similar tastes. We consider a recommender system that allows the users to obfuscate their ratings based on their comfort level and evaluate the trade-off between privacy and utility from the point of view of a single privacy-conscious user, and measure also how the trade-off is influenced by the fraction of other users in the system, who take measures to protect their privacy. Then we propose PrivacyCanary, an interactive system that assists the users in understanding and controlling how accurately the recommender system has profiled them. We evaluate the performance of our system with an off-line recommendations dataset, and show its effectiveness in balancing recommender accuracy with user privacy, compared to approaches that focus on a fixed privacy level.

Few topics today arouse as much heated discussion as issues of user privacy. This thesis focuses on making practical decisive step towards understanding and providing tools for achieving a viable balance between two seemingly opposing needs - user data-driven innovation and privacy.