Users are increasingly required to give away private Email addresses in order be reachable by service providers, e.g., to be receive invoices, digital receipts, or newsletters. While this is especially true for digital services, also physical interactions increasingly shift toward involving digital information exchanges. Most notably, paper-based receipts are being replaced by digital equivalents. However, digital receipts do not carry over the same privacy model physical customers are accustomed to: Digital receipts are either sent to the customer via Email, accessible via smartphone apps, or otherwise fetched from the service provider’s servers. All of these models bear the risk that service providers may try and link different interactions (e.g., purchases) and gain additional information (e.g., buyer profiles) from analyzing such information without the customer’s consent. Further, an over-reliance on the service provider’s communication channels introduces additional availability requirements on their side and may limit interoperability between the information flows by different service providers. The Solid Project aims to establish a decentralized infrastructure that empowers users to take control of their personal online storage while ensuring high availability and interoperability. However, Solid is focused more on access control than user privacy at the moment. In this thesis, you will hence explore the aptitude of Solid’s design to also boost user privacy and realize the information flows outlined above in a truly privacy-preserving manner. To this end, you will model privacy requirements for the above settings, analyze related Solid standards for compatibility with a privacy-focused approach, and you will design, implement, and evaluate a prototypic Solid-based infrastructure enhanced with different Privacy-Enhancing Technologies (PETs) that boost user privacy. Finally, you will assess the the pros and cons of different PETs in terms of privacy benefits, functionality tradeoffs, and performance overhead.
Thesis Type |
|
Status |
Open |
Supervisor(s) |
Stefan Decker |
Advisor(s) |
Roman Matzutt |
Contact |
roman.matzutt@fit.fraunhofer.de |
Objectives
- Develop a privacy model for few-shot privacy-focused communication.
- Investigate the aptitude of Solid to implement the outlined communication patterns in a privacy-focused setting.
- Evaluate possible approaches to extend Solid with user privacy in mind based on their effectiveness, generalizability to other use cases, and performance overheads
References
- The Solid Project
- R. Dedecker, W. Slabbinck, J. Wright, P. Hochstenbach, P. Colpaert, R. Verborgh. What’s in a Pod? A knowledge graph interpretation for the Solid ecosystem
- R. Verborgh. Re-decentralizing the Web, For Good This Time. Linking the World’s Information: Essays on Tim Berners-Lee’s Invention of the World Wide Web (1st ed.), pp. 215–230, ACM, 2023.
- Coding knowledge in Python, TypeScript (to work with the Community Solid Server implementation)
- Background in cryptography and privacy, and experience with PETs are not strictly required but especially helpful