-
A privacy-preserving approach to streaming eye-tracking data
Authors:
Brendan David-John,
Diane Hosfelt,
Kevin Butler,
Eakta Jain
Abstract:
Eye-tracking technology is being increasingly integrated into mixed reality devices. Although critical applications are being enabled, there are significant possibilities for violating user privacy expectations. We show that there is an appreciable risk of unique user identification even under natural viewing conditions in virtual reality. This identification would allow an app to connect a user's…
▽ More
Eye-tracking technology is being increasingly integrated into mixed reality devices. Although critical applications are being enabled, there are significant possibilities for violating user privacy expectations. We show that there is an appreciable risk of unique user identification even under natural viewing conditions in virtual reality. This identification would allow an app to connect a user's personal ID with their work ID without needing their consent, for example. To mitigate such risks we propose a framework that incorporates gatekee** via the design of the application programming interface and via software-implemented privacy mechanisms. Our results indicate that these mechanisms can reduce the rate of identification from as much as 85% to as low as 30%. The impact of introducing these mechanisms is less than 1.5$^\circ$ error in gaze position for gaze prediction. Gaze data streams can thus be made private while still allowing for gaze prediction, for example, during foveated rendering. Our approach is the first to support privacy-by-design in the flow of eye-tracking data within mixed reality use cases.
△ Less
Submitted 19 March, 2021; v1 submitted 2 February, 2021;
originally announced February 2021.
-
Look Before You Leap: Trusted User Interfaces for the Immersive Web
Authors:
Diane Hosfelt,
Jessica Outlaw,
Tyesha Snow,
Sara Carbonneau
Abstract:
Part of what makes the web successful is that anyone can publish content and browsers maintain certain safety guarantees. For example, it's safe to travel between links and make other trust decisions on the web because users can always identify the location they are at. If we want virtual and augmented reality to be successful, we need that same safety. On the traditional, two-dimensional (2D) web…
▽ More
Part of what makes the web successful is that anyone can publish content and browsers maintain certain safety guarantees. For example, it's safe to travel between links and make other trust decisions on the web because users can always identify the location they are at. If we want virtual and augmented reality to be successful, we need that same safety. On the traditional, two-dimensional (2D) web, this user interface (UI) is provided by the browser bars and borders (also known as the chrome). However, the immersive, three-dimensional (3D) web has no concept of a browser chrome, preventing routine user inspection of URLs. In this paper, we discuss the unique challenges that fully immersive head-worn computing devices provide to this model, evaluate three different strategies for trusted immersive UI, and make specific recommendations to increase user safety and reduce the risks of spoofing.
△ Less
Submitted 6 November, 2020;
originally announced November 2020.
-
Addressing the Privacy Implications of Mixed Reality: A Regulatory Approach
Authors:
Nicole Shadowen,
Diane Hosfelt
Abstract:
Mixed reality (MR) technologies are emerging into the mainstream with affordable devices like the Oculus Quest. These devices blend the physical and virtual in novel ways that blur the lines that exist in legal precedent, like those between speech and conduct. In this paper, we discuss the challenges of regulating immersive technologies, focusing on the potential for extensive data collection, and…
▽ More
Mixed reality (MR) technologies are emerging into the mainstream with affordable devices like the Oculus Quest. These devices blend the physical and virtual in novel ways that blur the lines that exist in legal precedent, like those between speech and conduct. In this paper, we discuss the challenges of regulating immersive technologies, focusing on the potential for extensive data collection, and examine the trade-offs of three potential approaches to protecting data privacy in the context of mixed reality environments.
△ Less
Submitted 20 July, 2020;
originally announced July 2020.
-
Privacy Implications of Eye Tracking in Mixed Reality
Authors:
Diane Hosfelt,
Nicole Shadowen
Abstract:
Mixed Reality (MR) devices require a world with always-on sensors and real-time processing applied to their outputs. We have grappled with some of the ethical concerns presented by this scenario, such as bystander privacy issues with smartphones and cameras. However, MR technologies demand that we define and defend privacy in this new paradigm. This paper focuses on the challenges presented by eye…
▽ More
Mixed Reality (MR) devices require a world with always-on sensors and real-time processing applied to their outputs. We have grappled with some of the ethical concerns presented by this scenario, such as bystander privacy issues with smartphones and cameras. However, MR technologies demand that we define and defend privacy in this new paradigm. This paper focuses on the challenges presented by eye tracking and gaze tracking, techniques that have commonly been deployed in the HCI community for years but are now being integrated into MR devices by default.
△ Less
Submitted 20 July, 2020;
originally announced July 2020.
-
Making ethical decisions for the immersive web
Authors:
Diane Hosfelt
Abstract:
Mixed reality (MR) ethics occupies a space that intersects with web ethics, emerging tech ethics, healthcare ethics and product ethics (among others). This paper focuses on how we can build an immersive web that encourages ethical development and usage. The technology is beyond emerging (footnote: generally, the ethics of emerging technologies are focused on ethical assessments of research and inn…
▽ More
Mixed reality (MR) ethics occupies a space that intersects with web ethics, emerging tech ethics, healthcare ethics and product ethics (among others). This paper focuses on how we can build an immersive web that encourages ethical development and usage. The technology is beyond emerging (footnote: generally, the ethics of emerging technologies are focused on ethical assessments of research and innovation), but not quite entrenched. We're still in a position to intervene in the development process, instead of attempting to retrofit ethical decisions into an established design. While we have a wider range of data to analyze than most emerging technologies, we're still in a much more speculative state than entrenched technologies. This space is a challenge and an opportunity.
△ Less
Submitted 14 May, 2019;
originally announced May 2019.
-
Automated detection and classification of cryptographic algorithms in binary programs through machine learning
Authors:
Diane Duros Hosfelt
Abstract:
Threats from the internet, particularly malicious software (i.e., malware) often use cryptographic algorithms to disguise their actions and even to take control of a victim's system (as in the case of ransomware). Malware and other threats proliferate too quickly for the time-consuming traditional methods of binary analysis to be effective. By automating detection and classification of cryptograph…
▽ More
Threats from the internet, particularly malicious software (i.e., malware) often use cryptographic algorithms to disguise their actions and even to take control of a victim's system (as in the case of ransomware). Malware and other threats proliferate too quickly for the time-consuming traditional methods of binary analysis to be effective. By automating detection and classification of cryptographic algorithms, we can speed program analysis and more efficiently combat malware.
This thesis will present several methods of leveraging machine learning to automatically discover and classify cryptographic algorithms in compiled binary programs.
While further work is necessary to fully evaluate these methods on real-world binary programs, the results in this paper suggest that machine learning can be used successfully to detect and identify cryptographic primitives in compiled code. Currently, these techniques successfully detect and classify cryptographic algorithms in small single-purpose programs, and further work is proposed to apply them to real-world examples.
△ Less
Submitted 3 March, 2015;
originally announced March 2015.