Research
With our research we attempt to create awareness for attacks on privacy, for instance, via fingerprinting and inferring sensitive attributes. Thus, we help citizens understand what others can learn about them. We analyze and visualize digital traces of humans as well as the network connections and the behavior of applications. These techniques can also be used to improve security, for instance, during forensic investigations of attacks.
Secondly, we construct and evaluate privacy enhancing techniques that are effective and offer good usability. In particular, we are interested into lightweight approaches that protect against specific observers (such as curious DNS servers) and are barely noticeable. We also consider the hurdles that are encountered in corporate environments where privacy is often in conflict with security, for instance when the activities of employees are to be monitored in order to detect insider attacks. Finally, we also consider the perspective of service providers by studying the effectiveness and efficiency of the business processes that enable users to exercise their legal right to access the data collected about them. In this area we collaborate with scholars from the legal field as well as data protection agencies.
Thirdly, we consider the needs of software engineers. Our long-term goal is to improve the usability for engineers in order to foster the adoption of security and privacy techniques. Easy-to-use frameworks, APIs, and practical strategies will help to achieve this goal.
Recent Projects
On the one hand, public benchmarks improve transparency for citizens; on the other hand, such benchmarks can used by data protection agencies to audit service providers. In the long run, we want to find out whether public “blaming and shaming” and/or transparent comparisons of sites within their peer group create additional incentives that increase the willingness of site operators to implement additional security and privacy measures.