Privacy

Goals

What are some basic conceptions of privacy?
- What are some limitations of each?
What is contextual privacy?
Compare/constrast informational vs. decisional privacy
How can we achieve limited access and control?
How have notions of privacy changed through history?

What are the two goals for privacy-preserving data disclosure?
Why is removing user identifiers insufficient to preserve privacy?
What are two forms of de-anonymization attacks?
- How did the Netflix-IMDB attack work?
  - How does the support of an attribute affect its weight?
Why do information amplification attacks work?
How effective are the Netflix attacks?
How effective is re-identification via linking?

How is k-anonymity defined?
How can a database be put into a k-anonymous form?
What are three attacks on k-anonymity and how do they work?
How does k-anonymity compose?
- Ex: If Alice is included in one database with X-anonymity and another with Y-anonymity, what is her effective Z-anonymity level?

What impossibility result did Dwork and Naor prove?
- What implications does it have for privacy-preserving data disclosure?
Give an intuitive definition of differential privacy
Give the formal definition of differential privacy
- What does the definition imply?
How does differential privacy compose?
- Ex: If Alice is included in one database with X-DiffPriv and another with Y-DiffPriv, what is her effective Z-DiffPriv level?
How can DiffPriv be used in practice?
How can DiffPriv be achieved in practice?
Define function sensitivity
- Calculate function sensitivity for some exmaple database query functions
  - What would it be for median? Max? Min?
What is the Laplace mechanism?
- What does it imply about choices of function and epsilon?