05/14: Zheng

[shevajia]

Comment below with questions or thoughts about the reading for this week's workshop.

Please make your comments by Wednesday 11:59 PM, and upvote at least five of your peers' comments on Thursday prior to the workshop. You need to use 'thumbs-up' for your reactions to count towards 'top comments,' but you can use other emojis on top of the thumbs up.

[bhargavvader]

I'm a big fan of your work Prof. Zheng - I was in a Technology Policy class at the Law School when I first came across your jamming techniques. One of the books we had to read for that course was _Surveillance Capitalism_ by Zuboff, and we often discussed the insidious nature of companies not caring much for our privacy - going at great lengths to circumvent existing laws (and goodwill). Collecting some kinds of data to make informed decisions (or every advertisements) makes sense, if done in an ethical way where all parties know what kind of data is being collected: but because their entire money making practices are based on selling psychological models of our behaviour, their data collection processes are proprietary, and exactly how they use our data will more or less remain a mystery (or at least the extent to which they do). I wonder sometimes if by now Google knows who I live with, who I am dating, who my siblings are, and so on, just so they can better sell me pants or Animal Crossing.

Anyway... my questions is: how long do we have to be constantly on the defensive, coming up with jamming techniques, and camera blockers on our laptop, and using VPNs, and all that jazz? Why can't we expect to not be tracked online? Of course, you will have some individuals who will go out of their way to track you (and that's a whole other ball game), but why large corporations? Why is it that the only way most of silicon valley can "innovate" is through invasive advertisements?

That is a rhetorical question in a sense, but my general question is why we are forced to come up with these methods on our own and why there can't be a significant change in the way these companies make money - or to at least start doing it in a way which isn't invasive. What are your motivations behind doing this kind of work, and what do you think is the Computer Scientists role in stopping such practices? Thank you very much for the contribution to the cause!

[bakerwho]

Hello and thanks for presenting! I don't have a strong background in computer security, so please forgive the broad nature of my question.

I'm curious about the changing nature of privacy concerns. In the early days of the internet, people were concerned about keeping their data safe from untrusted third parties. Today, we see people more and more concerned about keeping their data safe from the very services that are storing and dealing with that data. Your work on wearable jammers for confounding devices like home assistants is illustrative of this. What steps do you see software giants like Google or Amazon taking to reinforce trust and security in cases like this? Considering their obvious incentive in mining these data for targetted advertisements, can we even rely on them for a solution? Do you see products like your wearable jammer becoming available in the market to meet this need? What challenges might this involve?

Thanks again!

[di-Tong]

Thanks for doing these great work to protect our privacy in this world filled with smart devices! While you mention that the smart devices and their surveillance are ubiquitous in our daily lives, I wonder if there're any patterns regarding what kind of smart-device-related companies/products/services or digital platforms are more likely to impose/induce privacy risks. If there's no pattern at all---all players who have the capacity of surveillance would utilize the smart devices to do so, do you see any alternatives to structurally change the situation (e.g., enhance people's privacy awareness and then collectively promote law/policy change or companies' behavioral change) instead of developing individual defense products? If there are , what are they and what are the major obstacles? If you don't see any possibility, what prevents such structural change from happening?

I'm thinking about that if privacy becomes one of consumers' key concern, products/services that excel in privacy-protection would have an edge to win in the market, and could consequently prompting overall changes in the market. For instance, telegram becomes extremely popular amid social movements as it protects privacy much better than messenger and whatup. I understand that it is difficult to let people give up on using certain apps if they have developed extensive networks on it or give up on using wi-fi/smartphones even when they get to know the privacy problems involved. I would like to hear more of your thoughts on these issues. Many thanks!

[wanitchayap]

Thank you so much for your presentation! I also don't have any background in computer security, so I am asking more of a broad/conceptual question. I think addressing privacy issues from technologies are very important, and like others already mentioned, we (consumers) gradually become more and more aware of this possible harm. However, from my own experience, not everyone realizes this issue or realizes but doesn't understand it enough to evaluate potential harms. Some populations I have in mind are older people and populations with low SES. These people are probably the most vulnerable to privacy problems due to a lack of familiarity with technologies and/or inaccessibility to protecting resources. Are the field and relevant tech companies in their current states concerned with this problem at all? How do you envision the field and private sector to address this problem?

[nwrim]

Thank you for the really important work! As a person who is almost obsessed with these privacy concerns, I think your research touches upon one of the most important topic in the internet of things era.

That being said, my concern is that while technologies based on voice recognition (i.e. Alexa) are often seen as in the perspective of convenience or a threat to privacy concern/data collection of large corporations (as @bhargavvader expresses very clearly), it could also be seen as accessibility aid/improving the life quality of people with disabilities/accessibility needs (for example, the article An overview of the Internet of Things for people with disabilities mainly talks about RFID based measure, but it mentions that the voice-activated interface could be crucial in aiding Visually impaired people).

Building on this, in your article Wearable Microphone Jamming, you briefly touch upon this issue by saying

more work is necessary to understand the impact of ultrasonic signals on these devices and to design workarounds (p. 9)

Can you tell us what kind of approach is being taken to balance the privacy concern/accessibility aid tradeoff? While I am curious about jamming approaches, it will be great to get a perspective from a researcher who is actively working on digital securities on the more bird-view of this matter!

[ChivLiu]

Thank you for the presentation! WiFi attacks and the location results from sensors are very interesting topics. Since the topics are related to the detection of human behaviors, I wonder whether we could turn the results to vectorized routes and train the routes to learn the patterns of specific groups of people. I am sure there would be a lot of applications using the data. However, an ethical question is that would the detections violate people's privacy? If possible, when protecting the WiFi devices, would people be able to read user terms to understand whether their motions could be recorded?

[ydeng117]

Thank you so much for the presentation! Privacy and cybersecurity have always been one of the major concerns since we entered the internet era. Many pieces of literature, films, and games had shown us a world with "Big brother" and hackers who can easily access people's data and use it in wicked ways. We seem to live in a cyberpunk world! However, many people also believe that people choose to trade their data for convenient and efficient lifestyles. As your title for the WiFi attacks gives a reference to the assassination of Julius Caesar, the Roman dictator said the phrase because he had trusted Brutus. By comparison, people may not necessarily trust the device but cannot afford the loss of their convenience and efficiency. As we are increasingly integrated into the cyberspace, how should we play the trust game with the large corporations? With a random evil hacker? How would your device, which aims to protect our privacy, not become an accomplice for criminals to conceal themselves from the police?

[policyglot]

Dr. Zheng, Thank you for sharing your work with us. I would second @bhargavvader in his concerns of corporate intrusion that makes these jammers necessary. We might soon have a situation like an arms war of science. Researchers like you come up with a way to jam the signal, then some other researchers come up with a new method that doesn't get jammed. The back-and-forth could go on forever. What we need more of is to understand the psychology of users and designers alike.

As you pointed out, devices at home are particularly prone to attack because they're always listening for commands that initiate their activity (like 'Hey Google' or 'Alexa'). From a user experience perspective, what other methods could exist that maintain this convenience without compromising user security (by always being on)? What about old-school remotes for activation, instead of voice commands?

[YuxinNg]

Dear Professor Zheng, Thank you for your work! I am a big fan! I've took a cyber security course years ago and knew how important security is in the digital era. I am really looking forward to hear the practical defense mechanisms you are going to present tomorrow. I heard scholars said that nobody actually knows how advance the technologies in the security fields are, because other than the published academic article, many works conducted by military and intelligence organization are classified. So I am wondering how can scholars really tell if the practical defense mechanisms they found are effective?

[lulululugagaga]

Hi Dr. Zheng, thanks for your great work. I believe nearly all of us have come across cases that the keywords we mentioned in our daily conversations soon transformed into an Amazon product recommendation on our smartphone. It seems that these technology companies are definitely monitoring our sounds/behaviors. But is it our responsibility to refuse such surveillance? Or we should protest against technology companies for their excessive surveillance and use legislation to restrict them?

[ShuyanHuang]

Thank you for sharing your work with us! Your examples show that some features of our smart devices do pose security and privacy risks to us. But these are also what make our devices "smart" and can make our life more convenient, if used properly. For example, recommender systems can make more accurate recommendations if more information about the user is collected through microphone; with WIFI signals, smart lights can light and dim themselves as people walk around the house, and no additional sensors are needed. Is it possible to build a authentication system, which allows trusted uses of this kind of data, while defensing untrusted ones?

[vinsonyz]

Thanks for your great presentation, Professor Zheng! I really like your research on privacy and smart devices. My question is that what can social science do to protect the privacy?

[Yilun0221]

Thanks for the presentation! My question is, in the era of big data, from your point of view, what is the limit of data privacy? Who should own the privacy data generated by users while using Internet products?

[SoyBison]

Thanks for presenting at our workshop Professor Zheng.

My question is two-fold and is connected to @bhargavvader and @policyglot's questions: Do you think that this sort of arms-race approach to privacy will work? Is there some top-end where an algorithm can adapt to jamming techniques as they are invented? To what extent should we just demand that processing vis-a-vis always-on techniques or personalization methods be done on-site, and that improving of those methods be done through research at the expense of the companies? One of the major concerns that I've been experiencing with working in data science has to do with the distribution of the burden of research. The research and data collection from these devices is placed on the consumer instead of the researcher, in many cases without their knowledge. Even in the case of a service product like social media, the company monetizes data on their platform, when as far as the user is aware, they only monetize through advertisement. This is all to say, how do we build a sustainable system for this? Many of the solutions I've seen seem unsustainable in some way or another, the lassez-faire system leads to a condensation of power in large companies, many regulatory systems that have been proposed, however, place responsibility for that data in the hands of the government, which can lead to human rights abuses. Is there a way for us to build automated systems that manage our data without it being exploited by whomever has access to it?

[MegicLF]

Thank you so much for bringing the topic of privacy in the digital era onto the table. I am pretty interested in your wearable microphone jamming, so I wonder how you anticipate the feasibility of introducing such equipment into the market, and what concerns you have on this equipment. Also, can you also discuss any potential issues or conflicts this equipment may have with technology firms like Apple and Google?

[liu431]

Thank you for presenting. I am thinking about people's different reactions to bearing the cost to use wearable microphone jamming. Certainly, some people have low thresholds of privacy protection and will not become this device's customers. But some people, like government agencies, need to ensure privacy as much as they can. I am wondering if there is any research on looking at what influences people's awareness of privacy.

[sunying2018]

Thanks for your presentation! I am interested in the future application of this device for general people, who may not hope to present it public or do not have the necessary need to buy a separate device. Is it possible to embed this device in the widely used equipment such as cellphones, Apple Watch or others?

[linghui-wu]

How to protect privacy is a topic to my great interest. The big data technologies have brought enormous convenience to our everyday life. Obviously, everyone has a different level of tolerance in sacrificing their personal information. However, the common practice in real life is that the access to goods and services is denied to individuals who refuse to accept "the terms of use". My question is is there a way that can balance the various levels of personal information disclosure without infringing those who are willing to provide more privacy?

[chiayunc]

Thank you very much for your presentation. The recent COVID-19 crisis has added a new dimension to the data privacy issue. While many of us claim the right to our own data privacy, we are very much willing to give that up and send it to governments and private companies' way to get a little more sense of security. In the face of public interest, we put on a willing blindness toward giving up privacy. Do you think this should be concerning? we have much focused on the 'unethical' private profit big companies make by the inequitable use of our data when we discuss data privacy, but what about when it's for the so-called public interest? do you think it's dangerous that people might choose to back off on that front?

Another question I have is regarding equity. The wave of technological innovation always hit the social-economically disadvantaged the hardest. We see today students can't even be educated if they don't have fast and stable internet. Is the solution/paths we are on of solving technological privacy issues with even more technology fair? If the data-privacy action is based on human rights, how should privacy-protecting technology address this and prevent itself from becoming merely extra protection for the haves and even more burden for the have-nots?

[lyl010]

It is quite important for every individual to think about their how much privacy is needed for safety in today's society. I am curious about how much we can do in today's trade off between convenience and privacy for two reasons: for one thing, being transparent seems to be an powerful strength that is hard to hold up: even we can protect ourselves from detecting our life, the gradual pictures are still drawn in high resolution with great details. For another, there exists a tendency: personal recommendation based on huge data analysis, and those who participate in giving their data will benefit from the aggregated wise extracted from data of many people. So I am wondering is there exist any baseline to keep our privacy? Thank you a lot!

[nt546]

Thanks for presenting your work! I am curious about the role of gesture/hand movements in reducing the blind spots. How does the degree\absence of movements affect the efficiency of the device?

[dongchengecon]

Thank you so much for your presentation! It is really great to see your research on the wearable microphone jammer. And you have proved that the newly designed device outperforms the state-of-the-art jammers with respect to the direction issue. As for the future improvement, what will be the specific technical difficulties to make the jammer smaller? On the other hand, I am wondering if this would finally become an endless technology competing game in the two-sided market. What would you think could be a better policy design to switch it into a more healthy market?

[RuoyunTan]

Thank you for sharing our work. Companies like Amazon and Google or other smaller ones need more computation power if they want to achieve a higher level of data security. How much overhead do you think is necessary and/or acceptable in practice?

[tonofshell]

As our homes accumulate more smart devices, there are increasing concerns about privacy. The novel ways in which you and your colleagues are weaponizing smart devices is really interesting, so thank you for sharing it with us! Your research on wearable microphone jamming was entirely conducted using English with one speech to text engine. It seems like the technology should be language agnostic, but do you think there would be significant differences in your results using different speech to text engines and/or different languages?

[jtschoi]

Thank you in advance for your presentation. I see many of the other MACSS students have expressed concerns about the tit-for-tat measures about attacks on and defense for privacy, and I personally believe that by doing so we might be misallocating scarce resources (not just in terms of physical resources but also human capital). In light of this, do you think there might be some flaws or deficiencies in how we perceive privacy that lead to an endless "arms race"?

[WMhYang]

Thank you very much for sharing your papers! In fact I am not very familiar with computer security, but I find protecting the privacy quite important and controversial in real life. My question is a little philosophical. In this time and age, it is almost impossible to avoid giving out your private information. However, sometimes it yields satisfying results. For example, Amazon "knows" what books you want to read and what food you enjoy eating by analyzing your search history, while some financial intermediaries know your wealth and give you meaningful suggestions by searching your banking account and balance. It is not just to gather the information without your agreement, but it really makes your life easier. Do you think these actions should be allowed or prohibited?

[fulinguo]

Thanks so much for your presentation! My question is regarding how we shall deal with the tradeoff between the social benefits of privacy data and their risks/negative effects. For example, knowing the data of criminals may help police to locate and arrest them, so it may be a way to prevent criminal activities. Of course, the privacy data might also be used in inappropriate ways. My question is how we could balance these two and whether it is reasonable for people to give up individual privacy for the larger benefits of the society. Thanks!

[sanittawan]

Thank you for sharing your research with us. I am looking forward to your talk tomorrow! The attack you and your coauthors present in the Alexa paper really worries me because of its simplicity. I am curious about the experiments. How do you select devices and locations? I am not familiar with research validation in this field. How confident can you be in generalizing the results that the attack would work elsewhere too? Another related question is if you have to omit certain details of the attack from the research paper or not–for "non-reproducible" purpose perhaps.

ps. I love that, in Table V of the Alexa paper, cats and dogs can affect the sensing(?) and their movements are not distinguishable from humans. It seems like another perk of having pets!

[Yawei-Li]

Thank you for joining us! I've never considered Internet privacy issues such a rich topic for research. However, your work really inspired me to look into it and also be aware of my own Internet tracks. My question is, how do you consider authoritarian governments on this issue?

[goldengua]

Thanks for your work in addressing such an important question. I don't have any background in computer security but I do have a broad question. Sometimes our data were collected to better inform our later decisions. We got recommendations from the websites based on our last purchases, most viewed videos, last travel destination, most frequent typed words. How can the company make a trade-off between wise decisions and privacy? Is there a systematic way to make sure that the company is collecting the right amount of information to make the life of consumers easier without violating the privacy too much?

[minminfly68]

Thanks for presenting! I am wondering what's the difference for International security among different countries as well as among governments and corporations? If you could provide more information on that, it would be very helpful.

[tianyueniu]

Thank you so much for your work! Through your work I learned for the first time that wifi signal can be used to detect physical motions. This is really mind-blowing. My questions are, how would you predict the future of these jamming techniques? Do you think our society would develop to a state where every private home would own 'unsafe' electronic devices and jamming devices at the same time? Have researchers evaluated related health concerns?

[ruixili]

Thanks for the presentation! This topic is really interesting and up-to-date. I guess many people are concerned about their privacy over phones and computers. For example, people can always see brands appearing in ads which he or she just talked about. It's kind of creepy and scary. My question is, although you talked about mechanisms to avoid two risks you mentioned. However, do you think it is possible for people to hide their trace in the current days? Combined with recent COVID-19 pandemic, Google is developing ways to notify users who had close contact with the confirmed cases. If every user intentionaly hides their own trace, how can this technology work?

[chun-hu]

Thanks for the presentation! Like others have mentioned, many digital applications can easily access our data, and we are inevitably trading our privacy to convenience in life. My question is how should we, as customers, and companies that have our data find the balance in between?

[zeyuxu1997]

Thanks for your presentation. The protection of privacy is a topic related to all of us. However, I wonder if you could make a cost-benefit analysis on protecting privacy. Although people care about their privacies, there is still implicit price for people’s privacy. In some cases, people are willing to trade some of their privacies for some services. Policies that aim to protect privacies may bring extra cost or do unexpected harm to technical advance. So I think it’s necessary to do some analysis to find out the best way to balance the cost and benefit of the protection of privacy.

[JuneZzj]

Thank you for presenting. I have read the article "When Commodity WiFi Devices Turn into Adversarial Motion Sensors" and fond the assumptions of the adversary are very interesting. I am wondering did you test on those assumptions, or do they testable in some sense? What if they have been violated? Would it cause a different result of the study? Thank you.

[boyangqu]

Thanks in advance for your presentation. While information leaking hurts people's privacy, sometimes it is inevitable in today's world with new technologies and even a result of useful technologies, and it can even helps people. For example, Blackberry phones are much better at protecting privacy then iPhones, but most people today prefer iPhones to Blackberry phones. Also, the information obtained sometimes can be useful such as pushing advertisements that some customers actually need. How do you consider the pros and cons of these issues?

[HaowenShang]

Thanks for your presentation! Privacy is really important in the digital world. However, some advertising companies tried to track users data to do marketing analysis. For example, some companies try to use users browsing history and contextual Intelligence to decide what advertising are fit for that user. But I think browsing history is sensitive data for users. I am wondering how to protect users privacy in this kind of marketing analysis.

[TianxinZheng]

Thanks for your presentation! On one hand, many internet service providers need private data to provide better services; on the other, the abuse of private data could hurt the benefits of users. How do you think we could balance between these two aspects?

[SiyuanPengMike]

Thanks a lot for your interesting opinions and devices. The attitudes toward privacy data are quite different among people. On one hand, Robin Li (the founder of Baidu) has said that Chinese people are willing to sacrifice their privacy data for exchange convenient services. On the other hand, western people are extremely sensitive to the abuse of their private data. How do you view these differences among regions? What's your opinion about the market expectation of those jamming devices?

[romanticmonkey]

Thank you so much for your presentation! Concerning your research, I wonder how cybersecurity measures can be brought to less developed countries. How to implement policies when people have less vigilance on their privacy issues?

[harryx113]

Thank you for the very insightful work! My question is on the neutrality of the cybersecurity companies/products. Microphone jamming seems like a good idea, but many cybersecurity companies get exposed to more privacy-related data due to the nature of its product. How do we ensure their neutrality and responsibility in handling the data?

[heathercchen]

Thank you very much for your presentation in advance! My question is how do you distinguish between microphone jamming that might cause invasion to individual privacy and natural data collection process of the app?

[YanjieZhou]

Thanks very much for your presentation! In this era of smart devices, the problem of cybersecurity is extremely important and my question is that in some countries where privacy has faced severe problems and the leak of it is even regarded common, how can we compensate for the loss of privacy and awaken poeple's recognition of privacy?

[yutianlai]

Thank you so much for coming! I'm wondering how to balance data privacy and the need to develop better internet service.

[jsgenan]

Thanks for bringing your fantastic work to us! Another possible application of the cybersecurity jammers are fighting against mal-microcameras, especially for women. My apologies that I don't have much background in communication devices, so my question might be irrelavant, but I am looking forward to tomorrow. If your jammers could be put into use, how much functioning power would depend on the user's awareness of privacy?

[anqi-hu]

Thank you for sharing your work with us! The ubiquity of surveillance technologies indeed places us consumers in fairly hopeless situations where there does not seem to be any way out. Recently, several states have/are starting to issue statewide consumer privacy acts (e.g. California) where individuals have the option of opting out of having their data released/used for commercial purposes. How do you envision the extent to which these acts can effectively protect us and our data privacy?

[luyingjiang]

Thank you for your presentation. I really enjoy reading the Wearable Microphone Jamming and watching the project presentation. As many others have mentioned the ads showed in various websites have always been a problem of mine about my personal data securities. Often, the next page I open will display the product I searched for. How can we achieve the balance between using the product (e.g. smartphone applications, web service) and our personal privacy? How could we ensure the responsibility of firms handling those data?

[Leahjl]

Thank you so much for your presentation! The idea of cybersecurity and data privacy is really interesting. I'm curious about the tradeoff between data privacy and advanced product application.

[timqzhang]

Thank you for your presentation ! I have the similar questions as before, which is that what customers and service providers do to together create a mechanism for the personal privacy?