New system helps you to secure your data

MIT scientists have developed a new system that can protect your privacy by allowing you to pick and choose what data to share with websites and mobile apps.

Newly downloaded cell phone apps routinely ask to access your location information, your address book, or other apps, and even websites like Amazon or Netflix track your browsing history in the interest of making personalised recommendations.

Recent studies have shown that it’s shockingly easy to identify unnamed individuals in supposedly “anonymised” data sets, even ones containing millions of records.

Researchers at The Massachusetts Institute of Technology (MIT) have developed a prototype system, called personal data store (openPDS) that stores data from your digital devices in a single location that you specify: It could be an encrypted server in the cloud, but it could also be a computer in a locked box under your desk.

Any cell phone app, online service, or big-data research team that wants to use your data has to query your data store, which returns only as much information as is required.

With openPDS, “you share code; you don’t share data. Instead of you sending data to Pandora, for Pandora to define what your musical preferences are, it’s Pandora sending a piece of code to you for you to define your musical preferences and send it back to them,” said Yves-Alexandre de Montjoye, a graduate student in media arts and sciences and first author on the new paper.

After an initial deployment involving 21 people who used openPDS to regulate access to their medical records, the researchers are now testing the system with several telecommunications companies in Italy and Denmark.

Although openPDS can, in principle, run on any machine of the user’s choosing, in the trials, data is being stored in the cloud.

One of the benefits of openPDS, de Montjoye said, is that it requires applications to specify what information they need and how it will be used.

“When you install an application, it tells you ‘this application has access to your fine-grained GPS location,’ or it ‘has access to your SD card.’ You as a user have absolutely no way of knowing what that means. The permissions don’t tell you anything,” said de Montjoye.

In fact, applications frequently collect much more data than they really need. Service providers and application developers don’t always know in advance what data will prove most useful, so they store as much as they can against the possibility that they may want it later.

OpenPDS preserves all that potentially useful data, but in a repository controlled by the end user, not the application developer or service provider.

A developer who discovers that a previously unused bit of information is useful must request access to it from the user. If the request seems unnecessarily invasive, the user can simply deny it.

The research was published in the journal PLOS One.

………….PTI