Privacy Risks Research Articles

Privacy and personal data risk governance for generative artificial intelligence: A Chinese perspective

The rapid development of generative artificial intelligence (AI) has attracted global attention and posed challenges to existing data governance frameworks. The increased technical complexity and expanded scale of data usage not only make it more difficult to regulate AI but also present challenges for the current legal system. This article, which takes ChatGPT's training data and working principles as a starting point, examines specific privacy risks, data leakage risks, and personal data risks posed by generative AI. It also analyzes the latest practices in privacy and personal data protection in China. This article finds that while China's governance on privacy and personal data protection takes a macro-micro integration approach and a private-and-public law integration approach, there are shortcomings in the legal system. Given that the current personal data protection system centered on individual control is unsuitable for the modes of data processing by generative AI, and that private law is insufficient in safeguarding data privacy, urgent institutional innovation is needed to achieve the objective of “trustworthy AI.”

A starting framework for urban AI applications

There has been a growing concern about the ethical implications of Artificial Intelligence (AI) in urban environments. Scholars have highlighted the dual nature of AI, which can both enhance urban sustainability and pose significant privacy risks. The literature acknowledges that AI introduces specific challenges in urban contexts. However, there remains a gap in comprehensive sector-specific ethical frameworks tailored to the unique challenges posed by AI applications in cities. This study aims to fill this gap by proposing a starting framework for the ethics of Urban AI applications, providing principles to guide responsible AI development and deployment in urban settings. The study employed a two-phase methodology: a content analysis of 100 AI ethics documents to develop a preliminary framework, followed by a survey of experts and stakeholders to validate and expand this framework by identifying urban-specific risks and ethical considerations. The developed ethical framework for Urban AI applications provides a starting point to pave the way for ethical and sustainable urban AI systems that enhance the quality of life for all city residents.

Hybrid Prompt Learning for Generating Justifications of Security Risks in Automation Rules

Trigger-action platforms (TAPs) enable users without programming experience to personalize the behavior of Internet of Things applications and services through IF-THEN rules. Unfortunately, the arbitrary connection of smart devices and online services, even with simple rules, such as “IF the entrance Netatmo Wheather Station detects a temperature above 30 \({}^{\circ}C\) ( \(86^{\circ}F\) ) THEN open the shutters in the living room,” might expose users to potential security and privacy risks (e.g., the execution of the previous rule might provide an easy entry point for thieves, especially during the summer vacation period). The goal of our research is to make the users capable of understanding and mitigating the threats and risks associated with the execution of IF-THEN rules. To this end, we define a new challenging task, namely generating post hoc justifications of privacy and security risks associated with automation rules, and propose a novel natural language generation strategy based on hybrid prompt learning producing justifications in the form of real-life threat scenarios. The proposed strategy allows for prompt customization with task-specific information, providing contextual details enabling to grasp the nuances and subtleties of the domain language, resulting in more coherent justifications. The experiments conducted on the if-this-then-that (IFTTT) platform show that our method produces effective justifications, improving the explainability of discrete and hybrid prompting methods up to 27% in BLEURT score. The code of the software is publicly available on GitHub 1 .

Graduate Education in China Meets AI: Key Factors for Adopting AI-Generated Content Tools

Abstract Factors influencing Chinese graduate students’ adoption of AI-generated content (AIGC) tools are examined through partial least squares structural equation modeling (PLS-SEM) and fuzzy-set qualitative comparative analysis (fsQCA). The developed AIGCT-SI model incorporates key elements such as information accuracy, trust, and privacy concerns. PLS-SEM results indicate that performance expectancy, effort expectancy, facilitating conditions, and habit significantly impact students’ intentions, with trust acting as a key mediator, particularly for privacy concerns and social influence. FsQCA reveals seven configurations, demonstrating how combinations of performance expectancy, effort expectancy, and facilitating conditions drive adoption. A bidirectional relationship between privacy concerns and trust is observed, with trust mitigating privacy risks in several configurations. This integrative approach highlights the complex dynamics of AIGC tool adoption and provides strategic insights for their effective use in Chinese graduate education. As the findings are based on the Chinese context, further exploration in other educational settings is encouraged to validate their broader applicability.

Vulnerabilities, Privacy Risks, and Ethical Implications of Residential Proxy Services

Vulnerabilities, Privacy Risks, and Ethical Implications of Residential Proxy Services

Cybersecurity and defense in intelligent transportation systems

Intelligent Transportation Systems (ITS) have become increasingly crucial for enhancing transportation networks' efficiency, safety, and security. ITS includes advanced technologies such as electronic sensors, data transmission, and intelligent control technologies, providing better driver and rider services. However, these technologies pose significant security and privacy risks, in which attackers can easily disrupt transportation systems. This paper presents a survey of the challenges with ITS, the engineering requirements, attack challenges, and related work of securing ITS. This survey also discussed the elements of ITS, including advanced traffic management systems, connected and automated vehicles, intelligent infrastructure, and integrated data analytics, as well as the role of government policies, public-private partnerships, and stakeholder engagement. The aim is to look at present security challenges associated with ITS and provide better ways to the system. which is critical for creating smart cities and increasing the importance of individual and public transportation systems.

User preferences for an mHealth app to support HIV testing and pre-exposure prophylaxis uptake among men who have sex with men in Malaysia.

Recent estimates report a high incidence and prevalence of HIV among men who have sex with men (MSM) in Malaysia. Mobile apps are a promising and cost-effective intervention modality to reach stigmatized and hard-to-reach populations to link them to HIV prevention services (e.g., HIV testing, pre-exposure prophylaxis, PrEP). This study assessed attitudes and preferences toward the format, content, and features of a mobile app designed to increase HIV testing and PrEP uptake among Malaysian MSM. We conducted six online focus groups between August and September 2021 with 20 MSM and 16 stakeholders (e.g., doctors, nurses, pharmacists, and NGO staff) to query. Transcripts were analyzed in Dedoose software to identify thematic content. Key themes in terms of app functions related to stylistic preferences (e.g., design, user interface), engagement strategies (e.g., reward systems, reminders), recommendations for new functions (e.g., enhanced communication options via chat, discussion forum), cost of services (e.g., PrEP), and legal considerations concerning certain features (e.g., telehealth, patient identification), minimizing privacy and confidentiality risks. Our data suggest that a tailored HIV prevention app would be acceptable among MSM in Malaysia. The findings further provide detailed recommendations for successfully developing a mobile app to improve access to HIV prevention services (e.g., HIV testing, PrEP) for optimal use among MSM in Malaysia.

Federated Learning's Dynamic Defense Against Byzantine Attacks: Integrating SIFT-Wavelet and Differential Privacy for Byzantine Grade Levels Detection

Federated learning, which enables decentralized training across multiple devices while maintaining data privacy, is susceptible to Byzantine poisoning attacks. This paradigm reduces the need for centralized data storage and transmission, thereby mitigating privacy risks associated with traditional data aggregation methods. However, FL introduces new challenges, notably susceptibility to Byzantine poisoning attacks, where rogue participants can tamper with model updates, threatening the consistency and security of the aggregated model. Our approach addresses this vulnerability by implementing robust aggregation methods, sophisticated pre-processing techniques, and a novel Byzantine grade-level detection mechanism. We introduce a federated aggregation operator designed to mitigate the impact of malicious clients. Our pre-processing includes data loading and transformation, data augmentation, and feature extraction using SIFT and wavelet transforms. Additionally, we employ differential privacy and model compression to improve the robustness and performance of the federated learning framework. Our approach is assessed using a tailored neural network model applied to the MNIST dataset, achieving 97% accuracy in detecting Byzantine attacks. Our results demonstrate that robust aggregation significantly improves the resilience and performance. This comprehensive approach ensures the integrity of the federated learning process, effectively filtering out adversarial influences and sustaining high accuracy even when faced with adversarial Byzantine clients.

Does telemedicine hold the key for reproductive health care? A quantitative examination of women's intentions toward use and accurate information disclosure.

To investigate women's perceptions of telemedicine for reproductive health care services, focusing on how perceived benefits and privacy risks influence their intentions to adopt telemedicine and their willingness to disclose personal health information. A cross-sectional survey was conducted. The study applied the privacy calculus theory to the context of telemedicine for reproductive health, using adapted, validated variables to develop the survey. Outcome variables included intentions to adopt telemedicine and willingness to disclose accurate personal health information. Data were collected in May and June 2023 using Qualtrics online panel services, targeting women across the United States who had not used telemedicine for reproductive health. The sample comprised 847 women aged 18 and older. Structural equation modeling was employed using AMOS v28.0 to test the hypothesized relationships between perceived benefits, perceived risks, and adoption intentions. The analysis controlled for age, household income, political affiliation, religious views, and prior births. Perceived benefits were positively related to intention to adopt telemedicine for reproductive care (β: 0.600, p < 0.001), and willingness to disclose accurate personal health information (β: 0.453, p < 0.001). Unexpectedly, perceived privacy risks were positively related to adoption intentions (β: 0.128, p < 0.001), but negatively related to willingness to disclose (β: -0.282, p < 0.001). Intentions to adopt were positively associated with willingness to disclose (β: 0.089, p < 0.05). Lastly, older women and women located in states with abortion restrictions expressed lower intentions to adopt. The model explained 40.2% of variance in intention to adopt and 38.3% of variance in willingness to disclose. The study demonstrates the importance of perceived benefits and privacy risks in driving telemedicine adoption and disclosure intentions among women in the reproductive health context. These findings suggest the need for targeted strategies to address privacy concerns and support telemedicine adoption, particularly in restrictive regulatory environments.

Decentralized Machine Learning Framework for the Internet of Things: Enhancing Security, Privacy, and Efficiency in Cloud-Integrated Environments

The Internet of things (IoT) presents unique challenges for the deployment of machine learning (ML) models, particularly due to constraints on computational resources, the necessity for decentralized processing, and concerns regarding security and privacy in interconnected environments such as the Internet of cloud. In this paper, a novel decentralized ML framework is proposed for IoT environments characterized by wireless communication, dynamic data streams, and integration with cloud services. The framework integrates incremental learning algorithms with a robust decentralized model exchange protocol, ensuring that data privacy is preserved, while enabling IoT devices to participate in collaborative learning from distributed data across cloud networks. By incorporating a gossip-based communication protocol, the framework ensures energy-efficient, scalable, and secure model exchange, fostering effective knowledge sharing among devices, while addressing the potential security threats inherent in cloud-based IoT ecosystems. The framework’s performance was evaluated through simulations, demonstrating its ability to handle the complexities of real-time data processing in resource-constrained IoT environments, while also mitigating security and privacy risks within the Internet of cloud.

Light sensor based covert channels on mobile devices

The widespread adoption of light sensors in mobile devices has enabled functionalities that range from automatic brightness control to environmental monitoring. However, these sensors also present significant security and privacy risks within the Android ecosystem due to unrestricted access permissions. This paper explores how light sensor data can be used for covert communication through a novel, light-based out-of-band channel. We develop two approaches–Baseline and ResetBased–that use luminance values to encode and decode data. These methods tackle challenges that arise from data variability and the unpredictability of sensor event timings. To enhance data transmission accuracy, our methods employ a novel strategy for selecting luminance reference sequences and leverage mean-squared-error-based distance for decoding. Experimental results validate the effectiveness of our approaches and their potential for real-world applications.

Leveraging AI Tools for Discourse Analysis in Early Childhood Bilingual Education: Enhancing Language Development

The implementation of AI tools in education has become increasingly popular and brought transformative potential, particularly in the field of language education because of its powerful functions on designing immersive and personalized activities and offering real-time feedback. This study explores the role of AI tools in discourse analysis and the impact on enhancing bilingual skills among early childhood students. It investigates two key questions: (1) How do AI tools impact young childrens bilingual skills in early childhood classrooms? (2) How can discourse analysis of AI tools assist educators with bilingual teaching? A qualitative case study, including an in-depth interview with a bilingual educator, reveals insights into the effectiveness of AI tools in promoting bilingual language acquisition and engaging young learners in meaningful and enjoyable learning environment. Furthermore, the discourse analysis of AI tools offers immediate, actionable insights on each students academic performance, helping educators better understand the language learning process and the specific challenges students face. However, considerations and challenges of AI in education, such as privacy risks and misuse, still need to be considered. The findings of this study bridge the gap and highlight the potential for discourse analysis of AI tools in early childhood bilingual education. Further study can focus on exploring other AI tools in bilingual education and conducting long-term research with a large example size.

Backdoor Attacks in Peer-to-Peer Federated Learning

Most machine learning applications rely on centralized learning processes, opening up the risk of exposure of their training datasets. While federated learning (FL) mitigates to some extent these privacy risks, it relies on a trusted aggregation server for training a shared global model. Recently, new distributed learning architectures based on Peer-to-Peer Federated Learning (P2PFL) offer advantages in terms of both privacy and reliability. Still, their resilience to poisoning attacks during training has not been investigated. In this paper, we propose new backdoor attacks for P2PFL that leverage structural graph properties to select the malicious nodes, and achieve high attack success, while remaining stealthy. We evaluate our attacks under various realistic conditions, including multiple graph topologies, limited adversarial visibility of the network, and clients with non-IID data. Finally, we show the limitations of existing defenses adapted from FL and design a new defense that successfully mitigates the backdoor attacks, without an impact on model accuracy.

Conversational Agents and Personal Privacy Harms Case Study

This fictional case study examines the question of whether a personal conversational agent/advisor called iSoph, encoding extensive personal information and having a fluent natural language interface, may raise privacy harms that are normally thought to attend to personal relationships, as opposed to harms associated with institutional databases and big data analytics. The case stipulates that (i) iSoph collects extensive personal data about its users from multiple, multimodal sources, (ii) can make inferences from this data in combination with its models, but (ii) cannot share information with its developer or any third party. It is shown that despite condition (iii), iSoph raises privacy risks. These privacy risks are of the type associated with personal relationships and direct observation. iSoph raises these risks because, as an advanced conversational agent, it is able to evoke anthropomorphizing responses from its users in ways that they are not fully conscious of or able to control.

A multicenter bladder cancer MRI dataset and baseline evaluation of federated learning in clinical application

Bladder cancer (BCa), as the most common malignant tumor of the urinary system, has received significant attention in research on the clinical application of artificial intelligence algorithms. Nevertheless, it has been observed that certain investigations use data from various medical facilities to train models for BCa, which may pose a privacy risk. Given this concern, protecting patient privacy during machine learning algorithm training is a crucial aspect that requires substantial attention. One emerging machine learning paradigm that addresses this concern is federated learning (FL). FL enables multiple entities to collaboratively build machine learning models while preserving data privacy and security. In this study, we present a multicenter BCa magnetic resonance imaging (MRI) dataset. The dataset comprises 275 three-dimensional bladder T2-weighted MRI scans collected from four medical centers, and each scan includes diagnostic pathological labels for muscle invasion and pixel-level annotations of tumor contours. Four FL methods are used to assess the baseline of the dataset for both the task of diagnosing muscle-invasive bladder cancer and automatic bladder tumor lesion segmentation.

Feeling Safer Than Peers: Influence of Privacy-related Perceptions and Parental Mediation on Teen Tiktok Users’ Comparative Optimism about Privacy Risks

ABSTRACT This study investigates how privacy-related perceptions and parental mediation relate to teens’ comparative optimism about the privacy risks of TikTok, and the role of such optimism in teens’ privacy management on the platform. Our online survey of teen TikTok users residing in the U.S. revealed that those who were more concerned about privacy displayed less comparative optimism. Active parental mediation further enhanced this negative association between privacy concerns and comparative optimism. We also found that comparative optimism is negatively related to privacy-protecting behavior among teen users. Study findings guide youth-serving stakeholders in honing teens’ critical orientation toward social media privacy.

Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps

Understanding Privacy Risks of Intelligent Connected Vehicles Through Their Companion Mobile Apps

Intention to Use Leucorrheea Self-Test Innovation Kit and Collection Data through Mobile Application in Bangkok

Leukorrhea, or abnormal vaginal discharge (fungi, bacteria, and protozoa), can be indicated bacterial vaginosis or STIs. If not treated, these infections may lead to complications impacted fertility such as pelvic inflammatory disease (PID). Therefore, the goal is to develop a self-test kit for vaginal discharge detecting all three pathogens in one device. This study examines the acceptance of innovative technologies and factors affecting the intention to self-administered leucorrhoea test kits (SALTK) with results presentation and data transmission via mobile phones. Factors influencing such intention included technology acceptance (Technology Acceptance Model: TAM), facilitating conditions, social influence, and perceived privacy risk. The data were collected using an online Google Form questionnaire. A total of 450 valid questionnaires were used for analysis. The descriptive statistics employed in this study included percentage, means, and standard deviation, and the hypothesis was tested using multiple regression analysis. It was found that the factors impacting the intention to use SALTK with a statistical significance level of .05 were facilitating condition, social influence, perceived privacy risk, and three key technology acceptance components, namely perceived usefulness, perceived ease of use, and attitude toward using, respectively. SALTK modulates the beneficial for public health policies in Thailand and government agencies, the Food and Drug Administration and the Department of Disease Control, establishing prevention to reach the international standards.

Toward Context-Aware Privacy Enhancing Technologies for Online Self-Disclosure

Voluntary sharing of personal information is at the heart of user engagement on social media and central to platforms' business models. From the users' perspective, so-called self-disclosure is closely connected with both privacy risks and social rewards. Prior work has studied contextual influences on self-disclosure, from platform affordances and interface design to user demographics and perceived social capital. Our work takes a mixed-methods approach to understand the contextual information which might be integrated in the development of privacy-enhancing technologies. Through observational study of several Reddit communities, we explore the ways in which topic of discussion, group norms, peer effects, and audience size are correlated with personal information sharing. We then build and test a prototype privacy-enhancing tool that exposes these contextual factors. Our work culminates in a browser extension that automatically detects instances of self-disclosure in Reddit posts at the time of posting and provides additional context to users before they post to support enhanced privacy decision-making. We share this prototype with social media users, solicit their feedback, and outline a path forward for privacy-enhancing technologies in this space.

Protecting Infinite Data Streams from Wearable Devices with Local Differential Privacy Techniques

The real-time data collected by wearable devices enables personalized health management and supports public health monitoring. However, sharing these data with third-party organizations introduces significant privacy risks. As a result, protecting and securely sharing wearable device data has become a critical concern. This paper proposes a local differential privacy-preserving algorithm designed for continuous data streams generated by wearable devices. Initially, the data stream is sampled at key points to avoid prematurely exhausting the privacy budget. Then, an adaptive allocation of the privacy budget at these points enhances privacy protection for sensitive data. Additionally, the optimized square wave (SW) mechanism introduces perturbations to the sampled points. Afterward, the Kalman filter algorithm is applied to maintain data flow patterns and reduce prediction errors. Experimental validation using two real datasets demonstrates that, under comparable conditions, this approach provides higher data availability than existing privacy protection methods for continuous data streams.