Profile is a CominLabs project.
Analyzing and mitigating the risks of online profiling: building a global perspective at the intersection of law, computer science and sociology
Which legal and technical instruments can be offered to individuals to protect their fundamental rights at controlling the extent to which they are profiled online?
From a legal standpoint, the European Union is working to reform the system for personal data protection by replacing Directive 95/46/EC3 by a Regulation, whose first draft resulted in the proposal of 25 January 2012, amended by the European Parliament in 2014, and which aims to strengthen the rights of individuals with respect to their personal data. The final version is expected by the end of 2015. PROFILE aims at complementing these regulatory efforts by analyzing the practice of consent on data usage and the general terms and conditions proposed by service providers. The ultimate goal will consist in a legal framework that enables users to understand how their data is being used thereby improving the transparency of provided service.
From a technical standpoint, PROFILE aims at investigating how to reconstruct the inner process of algorithms that exploit the information contained in user profiles. Our main objective is to make algorithms more accountable by increasing their transparency and opening them to the scrutiny of the public. In particular, we envision setting up a crowdsourcing platform in which users would directly contribute with their data without giving away their right to privacy. We also aim at providing effective tools to mitigate profiling. In this context, we focus on adapting the software diversification principles to protect against browser fingerprinting. Browser fingerprinting is a concrete and immediately relevant technology, which is currently not regulated at all. It has recently emerged as a powerful alternative to cookies for profiling and delivering targeted advertising. The study of browser fingerprinting is highly relevant for PROFILE because (1) it is extremely versatile and (2) currently there exists no effective protection against it. Its versatility comes from its simplicity: it consists in remotely collecting and storing information about a user’s browser. The complexity of modern browsers means that they directly provide unregulated access to hundreds of browser properties, ranging from the browser type to the status of the battery. While many existing browsers typically share individual properties, their combination acts a quasi-identifier and results in a statistically unique fingerprint that can be used for profiling. Unfortunately, the information contained in fingerprints is also needed for genuine and honest purposes, such as portability and usability (which originally motivated their introduction). Being able to disentangle genuine use from fingerprinting by analyzing the means of collection (usually in the form of obfuscated scripts in web pages) is therefore essential to characterize the risks for privacy. The versatile nature of fingerprinting also poses the major scientific challenge of devising effective mitigation techniques.
A new web site, with updated information, is available here