The long-term vision of the CRC 1223 was to find a unified approach to privacy by following, contrasting and blending the top-down and bottom-up method. Therefore, the following research goals were addressed:
Assessing privacy in open Web-based scenarios
Personal information is being widely dispersed in the Web. Social networks in particular have become a focal point for collecting data from billions of people. It is impossible, today, for regular users to understand the privacy implications entailed, like the spreading of private posts within their network, or the possible effects of linking information across multiple sites. Helping users assess their privacy situation in the reality of today’s Internet is a major challenge that involves information extraction, modeling, and prediction in a highly distributed environment, with multimodal contents, at massive scale, and under highly incomplete information.
Privacy in mobile computing
Sophisticated mobile computing, sensing and recording devices, in particular smartphones, have become our daily companions, thus blurring the distinction between the online and offline worlds. While these devices, and emerging ones like Google Glasses, enable transformative new applications and services, they also introduce entirely new threats to users’ privacy. A deluge of smartphone apps request users to grant access to their highly sensitive personal data and privacy-critical functionality, in particular offering the possibility to build up a complete record of the user’s location, online and offline activities, and social encounters, including an audiovisual record. Helping users understand the privacy-relevant behavior of third-party software, to protect users’ privacy when interacting with software and other mobile device users, and to ultimately aid app developers to enforce privacy by design constitutes a formidable challenge. It in particular includes software analysis and enforcement on third-party software, secure programming principles for privacy by design, and privacy-friendly solutions for a wide range of communications and interactions amongst mobile device users.
Anonymity in online interactions
Users disseminate personal information not only actively, through postings in social networks etc., but also passively as a side effect of their online interactions, with Web service providers or other communication partners. This source of privacy loss is more subtle, yet no less threatening: a Web service provider typically learns who accesses a service for what purposes; communication technologies typically do not conceal from an observer who is communicating with whom, and sometimes do not even protect the content of the conversation. Information collectors tacitly observe user interactions, for advertising and other purposes. Preserving anonymity in such interactions, yet without inhibiting their functionality, involves challenges such as the development of novel cryptographic solutions to resolve the tension between anonymity and functionality on the algorithmic level, as well as complementary solutions on the network level to ensure anonymous yet reliable communication and interaction.