We propose a sampling infrastructure for gathering information about software from the set of runs experienced by its user community. We show how to gather random samples with very low overhead for users, and we also show how to make use of the information we gather. We present two example applications: sharing the overhead of assertions, and using statistical analysis of a large number of sampled runs to help isolate the location of a bug. 1.

Users of mobile devices increasingly expect Internet connectivity wherever they travel. Despite the roll-out of wide-area wireless broadband, many devices, such as iPods and portable game stations still rely on local area WiFi networks to obtain connectivity. Even smart phones may prefer WiFi over 3G and WiMAX to improve the performance of high throughput applications or to avoid data charges. Fortunately, there is often a large selection of WiFi service providers to choose from. For example JiWire, 1 a hotspot directory, reports 400 to 1000 commercial WiFi networks in each of the top ten U.S. metropolitan areas. Nevertheless, in a study of commercial hotspots in Seattle, we found significant diversity in performance and functionality due to differing back-haul capacity, port blocking, and poorly functioning WiFi access

Abstract. Consumer studies demonstrate that online users value personalized content. At the same time, providing personalization on websites seems quite profitable for web vendors. This win-win situation is however marred by privacy concerns since personalizing people's interaction entails gathering considerable amounts of data about them. As numerous recent surveys have consistently demonstrated, computer users are very concerned about their privacy on the Internet. Moreover, the collection of personal data is also subject to legal regulations in many countries and states. Both user concerns and privacy regulations impact frequently used personalization methods. This article analyzes the tension between personalization and privacy, and presents approaches to reconcile the both. It has been tacitly acknowledged for many years that personalized interaction and user modeling have significant privacy implications, due to the fact that large amounts of personal information about users needs to be collected to perform personalization. For

Abstract. Current implementations of the Collaborative Filtering (CF) algorithm are mostly centralized and the information about users (their profiles) is stored in a single server. Centralized storage poses a severe privacy hazard, since user profiles are fully under the control of the recommendation service providers. These profiles are available to other users upon request and are transferred over the network. Recent works proposed to improve the scalability of CF by distributing the stored profiles between several repositories. In this work we investigate how a decentralized approach to users ’ profiles storage could mitigate some of the privacy concerns of CF. The privacy hazards are resolved by storing the users ’ profiles only on the client-side so they are used for computation similarity only on the client-side. Only a value indicating the similarity is transferred over the network, without revealing the profile itself. To further avoid the disclosure of the user’s profile through a series of attacks, we propose that the users hide or obfuscate parts of their profile. Experimental results show that relatively large parts of the user’s profile could be obfuscated without hampering the accuracy of the CF. 1

Singular Value Decomposition (SVD), together with the Expectation-Maximization (EM) procedure, can be used to find a low-dimension model that maximizes the loglikelihood of observed ratings in recommendation systems. However, the computational cost of this approach is a major concern, since each iteration of the EM algorithm requires a new SVD computation. We present a novel algorithm that incorporates SVD approximation into the EM procedure to reduce the overall computational cost while maintaining accurate predictions. Furthermore, we propose a new framework for collaborating filtering in distributed recommendation systems that allows users to maintain their own rating profiles for privacy. A server periodically collects aggregate information from those users that are online to provide predictions for all users. Both theoretical analysis and experimental results show that this framework is effective and achieves almost the same prediction performance as that of centralized systems.

Abstract. We present protocols for distributed computation of relational intersections and equi-joins such that each site gains no information about the tuples at the other site that do not intersect or join with its own tuples. Such protocols form the building blocks of distributed information systems that manage sensitive information, such as patient records and financial transactions, that must be shared in only a limited manner. We discuss applications of our protocols, outlining the ramifications of assumptions such as semi-honesty. In addition to improving on the efficiency of earlier protocols, our protocols are asymmetric, making them especially applicable to applications in which a low-powered client interacts with a server in a privacy-preserving manner. We present a brief experimental study of our protocols. 1

Link analysis algorithms have been used successfully on hyperlinked data to identify authoritative documents and retrieve other information. However, existing link analysis algorithms such as HITS suffer two major limitations: (1) they only work in environments with explicit hyperlinked structure such as www, and (2) they fail to capture the rich information that is encoded by patterns of user access or the implicit structure defined by user communication. In this paper we propose the use of weighted graph that is generated and updated via analysis of user behavior to address both issues. We present a generalized HITS algorithm that is suitable for such an approach. The algorithm uses the idea of “lazy update ” to amortize cost across a number of updates while still providing accurate ranking to users in real-time. We prove the convergence of the new online algorithm and evaluate its benefit using the Enron email dataset. Finally we devise a scheme that makes the algorithm distributed and privacy preserving using cryptographic techniques thus making it really acceptable in settings such as collaborative work and online community. 1

Abstract—Sensor networks involving human participants will require privacy protection before wide deployment is feasible. This paper proposes and evaluates a set of protocols that enable anonymous data collection in a sensor network. Sensor nodes, instead of transmitting their actual data, transmit a sample of the data complement to a basestation. The basestation then uses the negative samples to reconstruct a histogram of the original sensor readings. These protocols, collectively defined as a negative survey, are computationally simple and do not increase communication overhead. Thus, the negative survey can be implemented efficiently on existing sensor network platforms. We analyze the accuracy of the negative survey under a variety of conditions and define a range of parameter values for which it is practical. We also describe an example traffic monitoring application that uses the negative survey to classify traffic behavior. We demonstrate that for reasonable traffic scenarios, the system accurately classifies traffic behavior without revealing private information. I.

Collaborative filtering techniques are widely used by many E-commerce sites for recommendation purposes. Such techniques help customers by suggesting products to purchase using other users ’ preferences. Today’s top-recommendation schemes are based on market basket data, which shows whether a customer bought an item or not. Data collected for recommendation purposes might be split between different parties. To provide better referrals and increase mutual advantages, such parties might want to share data. Due to privacy concerns, however, they do not want to disclose data. This paper presents a scheme for binary ratings-based top-N recommendation on horizontally partitioned data, in which two parties own disjoint sets of users ’ ratings for the same items while preserving data owners ’ privacy. If data owners want to produce referrals using the combined data while preserving their privacy, we propose a scheme to provide accurate top-N recommendations without exposing data owners ’ privacy. We conducted various experiments to evaluate our scheme and analyzed how different factors affect the performance using the experiment results. 1.

Abstract not found