On User Privacy In Personalized Mobile Services
In this thesis, we address privacy concerns in personalized mobile services. While there has been much progress in privacy-preserving data publishing, existing techniques are ill-fitted as they assume static user data. In contrast, in the mobile setting both user contexts and the user population change over time. • We present online frameworks for context-based personalization. Privacy is defined with respect to a set of sensitive contexts specified by the user. Guaranteeing privacy means to limit what an adversary can learn about the user being in a sensitive context. The adversary can have knowledge about the framework and about frequent contexts or patterns of users. - For targeting advertisements, our framework generalizes contexts to protect against adversaries knowing the framework. The generalized context is sent to an ad server that selects and returns a set of ads. The most relevant one is displayed to the user. The optimization of selecting the most relevant ad for a user is done jointly by the user and the server under constraints on privacy and communication complexity. We show that the optimization problem is NP-hard and present an efficient approximation algorithm. - Our second framework creates a filtered stream of contexts made available to services for personalization. We explain which contexts to suppress in order to protect privacy against powerful adversaries knowing the framework and temporal correlations in the stream. • We also present offline algorithms that aggregate user contexts and activities. For example, we can count how many users in a specific context clicked on some ad. This implicit user feedback can be used to update how the personalization is done in the online framework. Our algorithms guarantee probabilistic differential privacy  which protects privacy of a user against strong adversaries who know the data of all other users. - Our first algorithm is run by a trusted server and - unlike previous work - provides accurate count statistics even for large domains such as Web search queries. - Our second algorithm does not require a trusted server. It is the first distributed protocol that efficiently handles dynamic and malicious users.
Privacy; Mobile Applications; Streaming data
Gehrke, Johannes E.
Kleinberg, Robert David; Sine, Wesley; Koch, Christoph E.
Ph. D., Computer Science
Doctor of Philosophy
dissertation or thesis