Privacy-Enhancing Queries in Personalized Search with Untrusted Service Providers

Abstract

For personalized search, a user must provide her personal information. However, this sometimes includes the user's sensitive information about individuals such as health condition and private lifestyle. It is not sufficient just to protect the communication channel between user and service provider. Unfortunately, the collected personal data can potentially be misused for the service providers' commercial advantage (e.g. for advertising methods to target potential consumers). Our aim here is to protect user privacy by filtering out the sensitive information exposed from a user's query input at the system level. We propose a framework by introducing the concept of query generalizer. Query generalizer is a middleware that takes a query for personalized search, modifies the query to hide user's sensitive personal information adaptively depending on the user's privacy policy, and then forwards the modified query to the service provider. Our experimental results show that the best-performing query generalization method is capable of achieving a low traffic overhead within a reasonable range of user privacy. The increased traffic overhead varied from 1.0 to 3.3 times compared to the original query.