Network Privacy and User Protection in the Internet of Things

Abstract

Consumer Internet of things (IoT) devices have become increasingly prevalent in recent years, raising serious questions about the privacy impacts of these products on users: How are users’ privacy concerns affecting household dynamics? How can researchers efficiently study users’ privacy opinions at scale? What unique privacy risks do IoT devices pose as a result of technical vulnerabilities and side channel threats?

This talk will present my research answering these questions. I take an interdisciplinary approach to privacy research, employing interviews, surveys, regulatory analysis, compliance testing, and Internet measurement to connect user experiences to technical foundations. I will demonstrate a novel survey method that allows automated measurement of privacy norms, showing that users have nuanced privacy opinions relevant to device design and in-progress policymaking. I will also demonstrate how network eavesdroppers can infer sensitive in-home activities from IoT network traffic metadata and how zero-latency traffic shaping can protect user privacy. These results illustrate the complex nature of IoT privacy risks and the need for continued interdisciplinary work in this area.