Columbia Engineering Researchers Develop XRay, First Step in Understanding How Personal Data is Being Used on Web Services like Google, Amazon, and YouTube
The web can be an opaque black box: it leverages our personal information without our knowledge or control. When, for instance, a user sees an ad about depression online, she may not realize that she is seeing it because she recently sent an email about being sad. Roxana Geambasu and Augustin Chaintreau, both assistant professors of computer science at Columbia Engineering, are seeking to change that, and in doing so bring more transparency to the web.
Along with their PhD student, Mathias Lecuyer, the researchers have developed XRay, a new tool that reveals which data in a web account, such as emails, searches, or viewed products, are being used to target which outputs, such as ads, recommended products, or prices. They will be presenting the prototype, which is designed to make the online use of personal data more transparent, at USENIX Security on August 20.
The researchers have posted the open source system, as well as their findings, online for other researchers interested in studying how web services use personal data to leverage and extend.
“Today we have a problem: the web is not transparent. We see XRay as an important first step in exposing how websites are using your personal data,” says Geambasu, who is also a member of Columbia’s Institute for Data Sciences and Engineering’s Cybersecurity Center.
We live in a “big data” world, where staggering amounts of personal data—our locations, search histories, emails, posts, photos, and more—are constantly being collected and analyzed by Google, Amazon, Facebook, and many other web services. While harnessing big data can certainly improve our daily lives (Amazon offerings, Netflix suggestions, emergency response Tweets, etc.), these beneficial uses have also generated a big data frenzy, with web services aggressively pursuing new ways to acquire and commercialize the information.
“It’s critical, now more than ever, to reconcile our privacy needs with the exponential progress in leveraging this big data,” says Chaintreau, a member of the Institute for Data Sciences and Engineering’s New Media Center. Geambasu adds, “If we leave it unchecked, big data’s exciting potential could become a breeding ground for data abuses, privacy vulnerabilities, and unfair or deceptive business practices.”
Determined to provide checks and balances on data abuse, XRay is designed to be the first fine-grained, scalable personal data tracking system for the web. For example, one can use the XRay prototype to study why a user might be shown a specific ad in Gmail. Geambasu and Chaintreau found, for example, that a Gmail user who sees ads about various forms of spiritualism might have received them because he or she sent an email message about depression.
Developing XRay was challenging, say the researchers. “The science of understanding the use of personal web data at a fine grain—looking at individual emails, photos, posts, etc.—is largely non-existent,” Geambasu notes. “There really isn’t anything out there that can accurately pinpoint which specific input—which search query, visited site, or viewed product—or combination of inputs explains which output. It was clear that we needed to come up with a new, robust auditing tool, one that can be applied effectively to many different services.”
How it Works
“We knew from the start that our biggest challenge in achieving transparency would be scale—how do we continue to track more data while using minimum resources?” Chaintreau says. “The theoretical results were encouraging, but seemed too good to be true. So we tested XRay in actual situations, learning from experiments we ran on Gmail, Amazon, and YouTube, and refining the design multiple times. The final design surprised us: XRay succeeded in all the experiments we ran, and it matched our theoretical predictions in increasingly complex cases. That is when we finally thought that achieving web transparency at large is not a dream in a distant future but something we can start building toward now."
The current XRay system works with Gmail, Amazon, and YouTube. However, XRay’s core functions are service-agnostic and easy to instantiate for new services, and they can track data within and across services. The key idea in XRay is to use black-box correlation of data inputs and outputs to detect data use.
To assess XRay’s practical value, the researchers created an XRay-based demo service that continuously collects and diagnoses Gmail ads related to a set of topics, including various diseases, pregnancy, race, sexual orientation, divorce, debt, etc. They created emails that included keywords closely related to one topic and then launched XRay’s Gmail ad collection and examined the targeting associations. XRay’s data is now available online to anyone interested in sensitive-topic ad targeting in Gmail.
“We've just started to peek into XRay's targeting data and even at this early stage, we've seen a lot of interesting behaviors,” Geambasu says. “We know that we need larger-scale experience to formalize and quantify our conclusions, but we can already make several interesting observations.”
The researchers note that (1) It is definitely possible to target sensitive topics in users’ inboxes, including cancer, depression, or pregnancy. (2) For many ads, targeting was extremely obscure and non-obvious to end-users, which opens them up to abuses. (3) The researchers have already seen signs of such abuses, for instance, a number of subprime loan ads for used cars targeting debt in users' inboxes. Examples of ads and their targeted topics can be found on the XRay website.
The tool can be used to increase user awareness about how their data is being used, as well as provide much needed tools for auditors, such as researchers, journalists, and investigators, to keep that use under scrutiny. Geambasu and Chaintreau, who recently won a Magic Grant from the Brown institute for Media Innovation to build better transparency tools, have made the XRay prototype available for auditors at http://xray.cs.columbia.edu.
“Our work calls for and promotes the best practice of voluntary transparency,” says Chaintreau, “while at the same time empowering investigators and watchdogs with a significant new tool for increased vigilance, something we need more of every day.”
Director of Strategic Communications and Media Rel
Holly Evarts | newswise
New technology enables 5-D imaging in live animals, humans
16.01.2017 | University of Southern California
Fraunhofer FIT announces CloudTeams collaborative software development platform – join it for free
10.01.2017 | Fraunhofer-Institut für Angewandte Informationstechnik FIT
Among the general public, solar thermal energy is currently associated with dark blue, rectangular collectors on building roofs. Technologies are needed for aesthetically high quality architecture which offer the architect more room for manoeuvre when it comes to low- and plus-energy buildings. With the “ArKol” project, researchers at Fraunhofer ISE together with partners are currently developing two façade collectors for solar thermal energy generation, which permit a high degree of design flexibility: a strip collector for opaque façade sections and a solar thermal blind for transparent sections. The current state of the two developments will be presented at the BAU 2017 trade fair.
As part of the “ArKol – development of architecturally highly integrated façade collectors with heat pipes” project, Fraunhofer ISE together with its partners...
At TU Wien, an alternative for resource intensive formwork for the construction of concrete domes was developed. It is now used in a test dome for the Austrian Federal Railways Infrastructure (ÖBB Infrastruktur).
Concrete shells are efficient structures, but not very resource efficient. The formwork for the construction of concrete domes alone requires a high amount of...
Many pathogens use certain sugar compounds from their host to help conceal themselves against the immune system. Scientists at the University of Bonn have now, in cooperation with researchers at the University of York in the United Kingdom, analyzed the dynamics of a bacterial molecule that is involved in this process. They demonstrate that the protein grabs onto the sugar molecule with a Pac Man-like chewing motion and holds it until it can be used. Their results could help design therapeutics that could make the protein poorer at grabbing and holding and hence compromise the pathogen in the host. The study has now been published in “Biophysical Journal”.
The cells of the mouth, nose and intestinal mucosa produce large quantities of a chemical called sialic acid. Many bacteria possess a special transport system...
UMD, NOAA collaboration demonstrates suitability of in-orbit datasets for weather satellite calibration
"Traffic and weather, together on the hour!" blasts your local radio station, while your smartphone knows the weather halfway across the world. A network of...
Fiber-reinforced plastics (FRP) are frequently used in the aeronautic and automobile industry. However, the repair of workpieces made of these composite materials is often less profitable than exchanging the part. In order to increase the lifetime of FRP parts and to make them more eco-efficient, the Laser Zentrum Hannover e.V. (LZH) and the Apodius GmbH want to combine a new measuring device for fiber layer orientation with an innovative laser-based repair process.
Defects in FRP pieces may be production or operation-related. Whether or not repair is cost-effective depends on the geometry of the defective area, the tools...
10.01.2017 | Event News
09.01.2017 | Event News
05.01.2017 | Event News
16.01.2017 | Power and Electrical Engineering
16.01.2017 | Information Technology
16.01.2017 | Power and Electrical Engineering