Talks on Technology Science (ToTS) and Topics in Privacy (TIP)

Schedule Fall 2015

Date  Discussant  Topic
11/9  Panel of authors  How Mobile Apps Share Your Personal Data
11/16  Kade Crawford and Carl Williams, ACLU of Massachusetts; Ethan Scherer, Center for Education Policy Research at Harvard University  Exercising Your Right to Record the Police and Anonymizing Data on Students
11/23    Thanksgiving Break

This semester the Monday afternoon TIP weekly discussions and brainstorming sessions are devoted to Talks on Technology Science (ToTS). Earlier this year, about 50 researchers and educators from around the world joined together to launch a new publication forum, Technology Science devoted to the study of how technology impacts humans. Some studies may expose unforeseen consequences. Others may offer surprising benefits. Some may involve privacy, but there are many others aspects too. Join us each week as discuss new findings and explore new directions in this exciting new area.

Details are usually not posted earlier than the week before.

Abstracts of Talks and Discussions

  1. How Mobile Apps Share Your Personal Data

    Last week Technology Science published a bundle of papers that received more than 100K views in less than a week. This session is survey of those papers by the authors.

    Venmo'ed: Sharing Your Payment Data With the World by Aran Khanna. I created an extension for Venmo that visualizes the publicly shared financial life and social network of a user. I analyzed the transactions of 350,000 Venmo users and found that 74% had at least 5 public transactions, with 21% averaging a public transaction more than once a week. My extension can identify relationships between users, including how much time they spend together. It can also identify members of private social organizations, attendees of private events, and even users' food purchases. Published:

    Who Knows What About Me? A Survey of Behind the Scenes Personal Data Sharing to Third Parties by Mobile Apps by Jinyan Zang, Krysta Dummit, James Graves, Paul Lisker, and Latanya Sweeney. We tested 110 popular, free Android and iOS apps to look for apps that shared personal, behavioral, and location data with third parties. 73% of Android apps shared personal information such as email address with third parties, and 47% of iOS apps shared geo-coordinates and other location data with third parties. 93% of Android apps tested connected to a mysterious domain,, likely due to a background process of the Android phone. We show that a significant proportion of apps share data from user inputs such as personal information or search terms with third parties without Android or iOS requiring a notification to the user. Published:

    An Exploratory Study of Mobile Application Privacy Policies by James Graves. I examined privacy policies for 110 popular Android and iOS apps. App stores provided working links to privacy policies for 67% of iOS apps and 75% of Android apps. 61% of privacy policies specifically stated that data would be encrypted. 31% had general language that could be read to imply that encryption would be used. Another 5% of privacy policies said nothing about security. One policy stated that it did not use encryption. Published:

    Meddle: Enabling Transparency and Control for Mobile Internet Traffic by Ashwin Rao, Arash Molavi Kakhki, Abbas Razaghpanah, Anke Li, David Choffnes, Arnaud Legout, Alan Mislove, and Phillipa Gill. We built Meddle, which redirects a mobile device's internet traffic to a VPN proxy that we use monitor privacy leaks from apps and traffic differentiation by ISPs. Testing 309 popular apps, we found that 21% of Android apps leaked Device IDs, and 6% of iOS apps leaked email addresses in unencrypted plaintext. We found 6 popular iOS apps and 1 Android app leaking passwords in plaintext vulnerable to capture by attackers. We found 3 US mobile ISPs (BlackWireless, H2O, and SimpleMobile) in early 2015 reduced data-transfer speeds to devices on their networks by up to 65% for connections to YouTube, and sometimes for Netflix and Spotify as well. We found one ISP in China injecting ads into the Internet traffic of the devices on their network. Published:

    Sharing Sensitive Data with Confidence: The Datatags System by Latanya Sweeney, Merce Crosas, and Michael Bar-Sinai. We introduce datatags as a means of specifying security and access requirements for sensitive data. The datatags approach reduces the complexity of thousands of data-sharing regulations to a small number of tags. We show implementation details for medical and educational data and for research and corporate repositories. Published:

  2. Exercising Your Right to Record the Police and Anonymizing Data on Students

    1. Exercising Your Right to Record the Police: Mobile Justice app from the ACLU

      Most people don't know you have the right to record the police while they conduct their affairs in public. The American Civil Liberties Union has an app (ACLU Mobile Justice) to help protestors and others exercise this right. It records video and immediately uploads the recording to an ACLU server. Even if the phone becomes damaged, there is an archived copy of the video. Most individuals are unaware of this right.  How can we make more people aware? One idea is to survey the video that has been recorded.  What should be surveyed in the recorded video? Would a survey of recordings help people know about the right?  Come and brainstorm on the best ways to curate and review these data.

      Guest Speaker: Kade Crawford and Carl Williams, ACLU of Massachusetts

    2. Anonymizing Data on Students: What are best practices?

      How should researchers anonymize data to protect students’ privacy and comply with FERPA?

      The Graduate School of Education is collecting a large dataset from multiple school districts and charter schools from 2011 to 2017. They are currently removing all personally identifiable data such as name and date of birth from data. But is that enough? What about potentially re-identifying students based on combinations of other student attributes in the data such as district, school, grade, race, gender, etc? Should characteristics be randomly assigned to students to prevent re-identification? What are best practices in anonymizing student data?

      Guest Speaker: Ethan Scherer, Center for Education Policy Research at Harvard University

Prior Sessions

Spring 2014 | Fall 2013 | Spring 2013 | Fall 2012 | Spring 2012 | Fall 2011

Copyright © 2012-2015. President and Fellows Harvard University.   |   IQSS   |    Data Privacy Lab