Posts by Collection

portfolio

publications

Potential mass surveillance and privacy violations in proximity-based social applications.

Published in TRUSTCOM 15 Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA, 2015

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts.

Recommended citation: S. Puglisi, D. Rebollo-Monedero, J. Forné (2010). "Potential mass surveillance and privacy violations in proximity-based social applications." TRUSTCOM 15 Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA. 1 (1045-1052). /files/Potential-mass-surveillance.pdf

You never surf alone. Ubiquitous tracking of users’ browsing habits.

Published in Proceeding Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance, 2015

In the early age of the internet users enjoyed a large level of anonymity. At the time web pages were just hypertext documents; almost no personalisation of the user experience was offered.

Recommended citation: S. Puglisi, D. Rebollo-Monedero, J. Forné. (2015). "You never surf alone. Ubiquitous tracking of users’ browsing habits." Proceeding Revised Selected Papers of the 10th International Workshop on Data Privacy Management, and Security Assurance. 9481 (273-280). /files/typeinst.pdf

RESTful Rails Development: Building Open Applications and Services.

Published in OReilly Media, 2015

The Web is slowly but surely changing from a model in which a human reader browses content on web pages to a model in which services and clients (not necessarily humans) exchange information. And because of this, author Silvia Puglisi explains, it makes more sense to build platforms instead of just products or applications. Platforms are like ecosystems interconnecting different applications, services, users, developers, and partners, and offer many benefits.

Recommended citation: S. Puglisi. (2017). "RESTful Rails Development: Building Open Applications and Services." OReilly Media. https://www.amazon.com/RESTful-Rails-Development-Silvia-Puglisi/dp/1491910852

On Web user tracking: How third-party http requests track users’ browsing patterns for personalised advertising.

Published in Ad Hoc Networking Workshop (Med-Hoc-Net), 2016 Mediterranean, 2016

Websites use personalisation services to profile their visitors, collect their in page reading activities and eventually use this data to provide tailored suggestions.

Recommended citation: S. Puglisi, D. Rebollo-Monedero, J. Forne. (2016). "On Web user tracking: How third-party http requests track users browsing patterns for personalised advertising." Ad Hoc Networking Workshop (Med-Hoc-Net), 2016 Mediterranean. https://www.researchgate.net/publication/303488658_On_Web_User_Tracking_How_Third-Party_Http_Requests_Track_Users%27_Browsing_Patterns_for_Personalised_Advertising

MobilitApp: Analysing Mobility Data of Citizens in the Metropolitan Area of Barcelona.

Published in Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series, 2016

MobilitApp is a platform designed to provide smart mobility services in urban areas.

Recommended citation: Silvia Puglisi, Ángel Torres Moreira, Gerard Marrugat Torregrosa, Mónica Aguilar Igartua and Jordi Forné. (2016). "MobilitApp: Analysing Mobility Data of Citizens in the Metropolitan Area of Barcelona." Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series. Vol. 169. /files/mobilitapp.pdf

On web user tracking of browsing patterns for personalised advertising.

Published in International Journal of Parallel, Emergent and Distributed Systems, 2017

On today’s Web, users trade access to their private data for content and services.

Recommended citation: S. Puglisi, D. Rebollo-Monedero, J. Forne. (2017). "On web user tracking of browsing patterns for personalised advertising." International Journal of Parallel, Emergent and Distributed Systems. 32 (502-521) http://dx.doi.org/10.1080/17445760.2017.1282480

Analysis, Modelling and Protection of Online Private Data.

Published in Ph.D. dissertation, Universitat Politècnica de Catalunya, Jun. 2017, 2017

Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and Online communications generate a consistent amount of data flowing among users, services and applications. This information results from the interactions between different parties, and once collected, it is used for a variety of purposes, from marketing profiling to product recommendations, from news filtering to relationship suggestions.

Recommended citation: S. Puglisi. (2017). "Analysis, Modelling and Protection of Online Private Data." Ph.D. dissertation, Universitat Politècnica de Catalunya, Jun. 2017. /files/Silvia_Puglisi_Thesis_PhD.pdf

talks

Personal tracking devices.

Published:

In the post-NSA world it is important to understand the magnitude of our online activities in order to take informative decisions on our ubiquitous shared lives. Personal Tracking Devices is the result of a two years long study on tracking technologies and the inherent nature of the web and telecommunication networks in general. The study, conducted as part of Ph.D. research in privacy and security at UPC Barcelona Tech, collected a large amount of metadata to raise awareness on the footprints left by users on the web and through mobile apps.

Potential mass surveillance and privacy violations in proximity-based social applications.

Published:

Proximity-based social applications let users interact with people that are currently close to them, by revealing some information about their preferences and whereabouts. This information is acquired through passive geo-localisation and used to build a sense of serendipitous discovery of people, places and interests. Unfortunately, while this class of applications opens different interactions possibilities for people in urban settings, obtaining access to certain identity information could lead a possible privacy attacker to identify and follow a user in their movements in a specific period of time. The same information shared through the platform could also help an attacker to link the victim’s online profiles to physical identities. We analyse a set of popular dating application that shares users relative distances within a certain radius and show how, by using the information shared on these platforms, it is possible to formalise a multilateration attack, able to identify the user actual position. The same attack can also be used to follow a user in all their movements within a certain period of time, therefore identifying their habits and Points of Interest across the city. Furthermore we introduce a social attack which uses common Facebook likes to profile a person and finally identify their real identity.

You never surf alone. Ubiquitous tracking of users’ browsing habits.

Published:

In the early age of the internet users enjoyed a large level of anonymity. At the time web pages were just hypertext documents; almost no personalisation of the user experience was offered. The Web today has evolved as a world wide distributed system following specific architectural paradigms. On the web now, an enormous quantity of user generated data is shared and consumed by a network of applications and services, reasoning upon users expressed preferences and their social and physical connections. Advertising networks follow users’ browsing habits while they surf the web, continuously collecting their traces and surfing patterns. We analyse how users tracking happens on the web by measuring their online footprint and estimating how quickly advertising networks are able to profile users by their browsing habits.

Peeling onions: understanding and using the Tor network.

Published:

Tor is an important tool providing privacy and anonymity online. The property of anonymity itself is more than just providing an encrypted connection between the source and the destination of a given conversation. There is in fact a lot of information that can be still learned by just observing encrypted communications. Anonymity is a broad concept, and it can mean different things to different groups. The main advertised property of the Tor network is that it provides strong anonymity given a variety of people using the network. The Tor network itself is only a part of what Tor is. Tor also provides privacy at the application level through the Tor Browser. This talk is going to present what Tor is and how it works. We are also going to present new features we have been developing lately. Finally we are going to explain how you can build applications that use Tor.

Onions in Containers: How Docker Containers Can Be Used to Spawn Onion Services, Securely and Anonymously, from Your Computer.

Published:

Tor is an important tool providing privacy and anonymity online. The property of anonymity itself is more than just providing an encrypted connection between the source and the destination of a given conversation. Encryption only prevents the content of the communication between Alice and Bob from becoming known. Onion Services offer bidirectional anonymity through Tor “rendezvous points,” other Tor users can connect to these onion services each without knowing the other’s network identity, just by sharing the onion service address. This talk is going to explain how we built a desktop app to allow users to start onion services with a click and share a website or a web app from their computer.

Onion adventures: how to use onion services and the Tor network in your web endeavors

Published:

Tor is an important tool providing privacy and anonymity online. The Tor network itself is only a part of what Tor is. Tor also provides privacy at the application level through the Tor Browser. The Tor Browser was designed to provide privacy while surfing the web and defend users against both network and local forensic adversaries. The same properties can be adopted by applications and services wishing to integrate the tor network in their architecture. Furthermore, onion services provide better authentication and assurance of who you are talking to. With onion services Tor can provide bi-directional anonymity by making it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. This talk is going to explain how it is possible to integrate tor and build onion applications.

Privacy Web Docs

Published:

Tor is an important tool providing privacy and anonymity online. The property of anonymity itself is more than just providing an encrypted connection between the source and the destination of a given conversation. There is in fact a lot of information that can be still learned by just observing encrypted communications. The Tor Browser was designed to provide privacy while surfing the web and defend users against both network and local forensic adversaries, There are two main categories of requirements for the Tor Browser: Security Requirements, and Privacy Requirements. Security Requirements are the minimum properties in order for a browser to be able to support Tor and similar privacy proxies safely. Privacy requirements are primarily concerned with reducing linkability: the ability for a user’s activity on one site to be linked with their activity on another site without their knowledge or explicit consent. The Tor Browser is based on Mozilla’s Extended Support Release (ESR) Firefox branch. We have a series of patches against this browser to enhance privacy and security. Browser behavior is additionally augmented through the Torbutton extension, and we also change a number of Firefox preferences from their defaults. This session is going to explore what tool and resources are missing for website and web applications to embrace more privacy friendly practices, and work seamlessly on Tor browser. We well answer some fundamental questions, like: - Why tor browser is slightly different from Firefox (or another browser) - Why does my app work differently in tor browser? What can I do to make it work smoothly? - How can I make my app compatible for people that do not use JS? - How can I configure an onion service? - What should I consider in order not to expose sensitive information about myself or visitors to my website? Code examples for css, js and backend configurations will be shared.

Ephemereal Onions

Published:

Tor is an important tool for providing privacy and anonymity online. We provide privacy at the application level through the Tor Browser, and with .onion services, Tor allows users to hide their locations while offering various kinds of services. Because .onion services live on the Tor network, you do not need hosting or a public IP address to offer some app via an .onion address. The .onion is hosted on your computer for the time you desire, allowing the people visiting your site to remain anonymous, and you too. This talk is about creating and running ephemeral .onion services to share websites or simple web applications. We will present different use cases for onion services and a wrapper app that allows you to start an .onion and start sharing a static website or a web application.

Tech Demo - Privacy across ages and spaces

Published:

This demo is about creating and running ephemeral .onion services to share websites or simple web applications. We present different use cases for onion services and a wrapper app that allows you to start a .onion and start sharing a static website or a web application. Because .onion services live on the Tor network, you do not need hosting or a public ip address to offer some service via .onion address. The .onion is hosted on your computer for the time you desire, allowing the people visiting your site to remain anonymous, and also you. We believe anonymity to be very important since it can free people, allowing them to decide how to expose themselves or to make themselves visible on their own terms.

teaching

Teaching experience 1

Undergraduate course, University 1, Department, 2014

This is a description of a teaching experience. You can use markdown like any other post.

Teaching experience 2

Workshop, University 1, Department, 2015

This is a description of a teaching experience. You can use markdown like any other post.