Hi Everyone, The Security Group is holding two great talks on new research in privacy. The first is Tuesday, 5/28 at 4pm and the second is Wednesday, 5/29 at 2pm. Both are in Sherrerd Hall 306 (the CITP conference room). Please see the notices below. Thanks, Josh -------------------- Matthew Wright of the University of Texas at Arlington will be speaking at 4pm on May 28th (tomorrow!) in Sherrerd 306. His title and abstract are below. Leveraging Social Networks for Improved Anonymity and P2P Systems Social networks are great for connecting with other people, but they can also be leveraged for enhanced security properties. In this talk, I will describe two systems -- Pisces and Persea -- that we have designed to take advantage of the information that is inherent in the social network structure. Pisces is a system for enhancing anonymity in peer-to-peer (P2P) anonymity system designs. An anonymity system, such as the popular Tor network, helps protect your privacy on the Internet and enables people in countries like Syria to get around Internet censorship. In Pisces, we route our anonymity paths through users' social connections using verifiable random paths. We show that this technique provides much better privacy than prior designs in the face of strong attackers. Persea addresses the reliability of looking up information and resources in a P2P system, such as Skype or Bittorrent. Existing systems are vulnerable to an attacker adding many malicious peer nodes, e.g. by using a botnet, and having them undermine the reliability of lookups. We propose a P2P system, Persea, based on a bootstrap tree -- essentially a social network that shows how each person entered the P2P system via a series of invitations. We embed the bootstrap tree into the identities that nodes use to locate themselves and perform lookups. We argue that this approach is more suitable to P2P systems than prior approaches and show that it provides lookup success rates at least as good as in prior work. -------------------- Udi Weinsberg of Technicolor will be speaking at 2:00pm on May 29, in Sherrerd 306. His title and abstract are below. Building a Practical Privacy-Preserving Recommender System Many online services, such as recommender systems, email, and social networks collect user data, which is then used for both personalization and monetization. Although the latter enables services to be free, users are realizing that these services come at a hidden cost of potentially exposing their private data. In this talk I will show that even the common 5-star item-rating recommender system leaks private demographic information. Then, I will discuss methods for helping users preserve their privacy while getting accurate recommendations. Finally, a building block of many recommender systems, and an important machine-learning algorithm on its own, is linear regression. I will present a system that learns a linear model without learning anything about the private input data other than the output model.