Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data

Individuals share increasing amounts of personal data online. This data often involves-or at least has privacy implications for-data subjects other than the individual who shares it (e.g., photos, genomic data) and the data is shared without their consent. A popular example, with dramatic consequences, is revenge pornography. In this paper, we propose ConsenShare, a system for sharing, in a consensual (wrt the data subjects) and privacy-preserving (wrt both service providers and other individuals) way, data involving subjects other than the uploader. We describe a complete design and implementation of ConsenShare for photos, which relies on image processing and cryptographic techniques, as well as on a two-tier architecture (one entity for detecting the data subjects and contacting them; one entity for hosting the data and for collecting consent). We benchmark the performance (CPU and bandwidth) of ConsenShare by using a dataset of 20k photos from Flickr. We also conduct a survey targeted at Facebook users (N = 321). Our results are quite encouraging: The experimental results demonstrate the feasibility of our approach (i.e., acceptable overheads) and the survey results demonstrate potential interest from the users.