In an example embodiment, access to a data set in a data lake can be specified using several approaches, based on the metadata and information attached. The metadata may be replicated from the original data source of the underlying data, and additional metadata may be modeled and stored to construct linkage information between data types. This linkage information may be used to automatically grant access to users to additional objects that are linked to objects that the user has explicit access to.

Various aspects involve forgoing updates to consent data for at least one consent rejection generated by an automated consent rejection tool. For instance, a consent management system can be communicatively coupled to a user device. The user device can detect invocations of a consent rejection function, such as when browser states of a browser application indicate requests for web pages or other online content. The consent management system can document a consent rejection for one or more of the invocations. The consent management system can also prevent documentation of consent being rejected for at least one invocation initiated by an automated consent rejection tool.

Systems and methods for blurring connection information in virtual private networks are provided herein. In some embodiments, a method of blurring VPN connection metadata may comprise: receiving, by a VPN service provider infrastructure, a request from a user device to establish a VPN connection with one or more VPN servers, wherein the VPN service provider infrastructure includes a logic engine configured to perform statistical blurring of VPN connection metadata; establishing a connection between the user device and one or more target sites during a VPN session; receiving, from the one or more VPN servers, VPN connection metadata associated with the user's VPN connections and a user identifier associated with the user; performing statistical blurring of VPN connection metadata by modifying the VPN connection metadata using an unknown random value to create blurred connection metadata; and storing the blurred connection metadata in association with the user identifier received.

A fully-automated, defensible and highly-scalable system for disposition decisioning and, where applicable deleting previously archived electronic communications. In this regard, the present invention is capable of determining, on an individual e-communication basis, whether an e-communication should be deleted/purged from archive or retained in archive taking into account applicable rules and policies based on the geographic location from which the e-communication was sent, received or posted, as well as, based on the status on the sender/poster and/or recipient.

An information processing apparatus includes a processor configured to determine a relationship between a first user and a second user who exchange a message, determine propriety of personal information included in the message from the first user to the second user based on the determined relationship, and perform processing related to the personal information based on the determined propriety.

Systems and methods are provided for use in implementing a common domain to provide recognition of users. One example computer-implemented method includes receiving a recognition token associated with a profile and setting, via a browser accessing a common domain, a cookie in the browser where the cookie includes a recognition token. The method also includes, in response to a request for a service, via a user, through the browser accessing an entity domain associated with an entity, accessing the common domain and accessing, via the browser accessing the common domain, the cookie and submitting the cookie to a common domain server. The method further includes receiving, from the common domain server, a federated ID token associated with the recognition token for the service and retrieving, via the browser, the profile associated with the user based on the federated ID token.

Systems and methods for securely exposing context-driven services within a web browser. An example method includes receiving manifests from hubs apps (e.g., remote services). The manifests define requested context types for the hub apps. When the web browser loads a web page, the web browser may execute context extractors to extract context from the web page. The context extractors that are executed are based on the context types requested by the hub apps. The extracted context is then sent to the corresponding hub apps without providing the hub apps direct access to the web page. For instance, the hub apps do not have access to the document object model (DOM) of the web page and the hub apps cannot inject data into the web page.

The present disclosure relates to systems for “cookieless” tracking across a wide range of websites and mobile applications. The systems do not involve the use of tracking pixels or code on individual webs pages and associated web or other servers and may be achieved through use of a single URL for tracking a user across multiple websites while a browser session is initiated. Methods of enhanced tracking of user activity without requiring cookies or tracking pixels are also described herein.

When a messaging system generates connection recommendations for a new user, who first registers with the messaging system, the signals available for generation of recommendations may be limited to the user's contact book matches. Using just this limited signal poses a concern associated with leaking information about users represented by the recommendations. The technical problem of generating connection recommendations for a user at registration time in a privacy-safe manner is addressed by a recommendation methodology that obscures the connection source and the connection distance of the recommended profiles.

A screen locking method and apparatus include establishing, by a first electronic device, a coupling to a second electronic device, sending, by the first electronic device, to-be-displayed data to the second electronic device to enable the second electronic device to display a first interface, and in this case, the first electronic device displays a second interface different from the first interface, obtaining, by the first electronic device, a first screen locking operation from a user, where the first screen locking operation instructs to lock a screen of the second electronic device, and sending, by the first electronic device, a screen locking instruction to the second electronic device in response to the first screen locking operation whereby the second electronic device enters a screen-locked state.