SoylentNews is people
SoylentNews
Most website visits these days entail a database query—to look up airline flights, for example, or to find the fastest driving route between two addresses.
But online database queries can reveal a surprising amount of information about the people making them. And some travel sites have been known to jack up the prices on flights whose routes are drawing an unusually high volume of queries.
At the USENIX Symposium on Networked Systems Design and Implementation next week, researchers from MIT's Computer Science and Artificial Intelligence Laboratory and Stanford University will present a new encryption system that disguises users' database queries so that they reveal no private information.
The system is called Splinter because it splits a query up and distributes it across copies of the same database on multiple servers. The servers return results that make sense only when recombined according to a procedure that the user alone knows. As long as at least one of the servers can be trusted, it's impossible for anyone other than the user to determine what query the servers executed.
"The canonical example behind this line of work was public patent databases," says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the conference paper. "When people were searching for certain kinds of patents, they gave away the research they were working on. Stock prices is another example: A lot of the time, when you search for stock quotes, it gives away information about what stocks you're going to buy. Another example is maps: When you're searching for where you are and where you're going to go, it reveals a wealth of information about you."
Source: https://phys.org/news/2017-03-web-users-privacy.html
(Score: 1, Interesting) by Anonymous Coward on Saturday March 25 2017, @09:46PM (2 children)
Seems like the people who would need to implement this have every reason not to implement it since they would be giving up information that could be monetized. Maybe that means they will expect to get paid up front. But how then do the paying users even know the database operators have implemented the splinter functionality? Its just a matter of trusting them. And if we could trust them, then we wouldn't need splinter in the first place, they could just promise to discard the identifying information anyway...
(Score: 0) by Anonymous Coward on Sunday March 26 2017, @11:15AM
Yes, the end user hasn't got much room to implement such queries. Except for google search, but even there you should spread it over a couple more IPs, and possibly it gets even more dangerous like when some innocent phrases get split into dangerous terms. Tokenize "where to download CP/M", for example.
(Score: 0) by Anonymous Coward on Sunday March 26 2017, @12:30PM
Easy, just advertise such that not doing so is fraud; then users must merely trust that you aren't defrauding them.