RePriv: Re-imagining Content Personalization and In-browser Privacy

We present RePriv, a system that combines the goals of privacy and content personalization in the browser. RePriv discovers user interests and shares them with third parties, but only with an explicit permission of the user. We demonstrate how always-on user interest mining can effectively infer user interests in a real browser. We go on to discuss an extension framework that allows third-party code to extract and disseminate more detailed information, as well as language-based techniques for verifying the absence of privacy leaks in this untrusted code. To demonstrate the effectiveness of our model, we present RePriv extensions that perform personalization for Netflix, Twitter, Bing, and Get Glue. This paper evaluates important aspects of RePriv in realistic scenarios. We show that RePriv´s default in-browser mining can be done with no noticeable overhead to normal browsing, and that the results it produces converge quickly. We demonstrate that RePriv personalization yields higher quality results than those that maybe obtained about the user from public sources. We then go onto show similar results for each of our case studies: that RePrivenables high-quality personalization, as shown by cases studies in news and search result personalization we evaluated on thousands of instances, and that the performance impact each case has on the browser is minimal. We conclude that personalized content and individual privacy on the web are not mutually exclusive.