eprintid: 10182351 rev_number: 7 eprint_status: archive userid: 699 dir: disk0/10/18/23/51 datestamp: 2024-01-30 14:10:26 lastmod: 2024-01-30 14:10:26 status_changed: 2024-01-30 14:10:26 type: proceedings_section metadata_visibility: show sword_depositor: 699 creators_name: Gervais, Arthur creators_name: Shokri, Reza creators_name: Singla, Adish creators_name: Capkun, Srdjan creators_name: Lenders, Vincent title: Quantifying Web-Search Privacy ispublished: pub divisions: UCL divisions: B04 divisions: C05 divisions: F48 keywords: Web Search; Privacy; Obfuscation; Quantification Framework; Query Privacy; Semantic Privacy; Machine Learning note: This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. abstract: Web search queries reveal extensive information about users’ personal lives to the search engines and Internet eavesdroppers. Obfuscating search queries through adding dummy queries is a practical and user-centric protection mechanism to hide users’ search intentions and interests. Despite few such obfuscation methods and tools, there is no generic quantitative methodology for evaluating users’ web-search privacy. In this paper, we provide such a methodology. We formalize adversary’s background knowledge and attacks, the users’ privacy objectives, and the algorithms to evaluate effectiveness of query obfuscation mechanisms. We build upon machine-learning algorithms to learn the linkability between user queries. This encompasses the adversary’s knowledge about the obfuscation mechanism and the users’ web-search behavior. Then, we quantify privacy of users with respect to linkage attacks. Our generic attack can run against users for which the adversary does not have any background knowledge, as well as for the cases where some prior queries from the target users are already observed. We quantify privacy at the query level (the link between user’s queries) and the semantic level (user’s topics of interest). We design a generic tool that can be used for evaluating generic obfuscation mechanisms, and users with different web search behavior. To illustrate our approach in practice, we analyze and compare privacy of users for two example obfuscation mechanisms on a set of real web-search logs. date: 2014-11-03 date_type: published publisher: Association for Computing Machinery (ACM) official_url: https://dl.acm.org/doi/10.1145/2660267.2660367 oa_status: green full_text_type: other language: eng primo: open primo_central: open_green verified: verified_manual elements_id: 2112541 doi: 10.1145/2660267.2660367 lyricists_name: Gervais, Arthur lyricists_id: AGERV21 actors_name: Gervais, Arthur actors_id: AGERV21 actors_role: owner full_text_status: public pres_type: paper publication: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security place_of_pub: Scottsdale, AZ, USA pagerange: 966-977 event_title: CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security book_title: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security citation: Gervais, Arthur; Shokri, Reza; Singla, Adish; Capkun, Srdjan; Lenders, Vincent; (2014) Quantifying Web-Search Privacy. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. (pp. pp. 966-977). Association for Computing Machinery (ACM): Scottsdale, AZ, USA. Green open access document_url: https://discovery.ucl.ac.uk/id/eprint/10182351/1/ccs_gervais.pdf