Preserving user privacy and preventing surveillance on behalf of users of a virtual reality world. One or more plans are available when a privacy or surveillance risk to a user is detected. In one plan, configurable scripts execute on behalf of the user to create a confusing array of clone avatars that obfuscate the real user avatar behavior. A malevolent avatar, attempting to surveil the user, may have difficulty distinguishing the clones from the user and may miss out on private insights he might otherwise have learned from the user's behavior. In another exemplary privacy plan, a copy of part of the virtual world is spawned, occupied exclusively by the user's avatar, and then merged into the main world. Privacy plans may be selected manually or automatically in response to perceived privacy threats to strike a balance between privacy and enjoyment within the virtual world.

Disclosed is a method for defending against a malicious data traffic, the method includes: monitoring, by a defender device, data traffic flowing through a network device; generating a first control signal, by the defender device, in response to a detection that the data traffic includes a predefined amount of malicious data traffic, to cause a delivery of the data traffic to the defender device; terminating the malicious data traffic in the defender device. Also disclosed is an apparatus implementing the method, a computer program product and a system.

A security management system including a first TEE and a common TEE is provided. The first TEE is a secured environment for data associated with a first entity. The common TEE is a seemed environment for data associated with any one of a plurality of entities. First anonymization parameters are shared between the first TEE and the common TEE The first anonymization parameters arc based at least in part on at least one privacy requirement of the first entity and at least one utility requirement of the security management system. The security management system includes processing circuitry configured to: anonymize first data associated with the first entity based at least in part on the first anonymization parameters, analyze at least the anonymized first data for performing data investigation, and generate analysis results based at least in part on the analysis of at least the anonymized first data.

An electronic device may: when a first piece of content is acquired, acquire a first score for the relationship between the first piece of content and the privacy of a user of the electronic device, on the basis of information about a person included in the first piece of content and information about an event included in the first piece of content; acquire a second score for the security of each of at least one application which can access the first piece of content; and, when a request for accessing the first piece of content via a first application from among the at least one application is received, determine whether or not to block access to the first piece of content via the first application, on the basis of the first score corresponding to the first piece of content and the second score corresponding to the first application.

Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

A user equipment is configured for concealment of a mission-critical push-to-talk (MCPTT) group identity in multimedia broadcast multicast services (MBMS). The UE is configured in particular to receive an indication of an MCPTT group pseudonym (7) which is a pseudonym for an MCPTT group identity (11) that identifies an MCPTT group of which the UE is a member. The UE may for example receive this indication from a group management server (GMS) or an MCPTT server. The UE in some embodiments may determine whether received control signalling (e.g., an MBMS subchannel control message) is for the MCPTT group of which the UE is a member, by determining whether the control signaling includes the MCPTT group pseudonym (7).

A user of a client device accesses a service provided by a server computer. The server computer gathers data about the user. The data gathered may be kept private by the server computer, shared only with other computers and users owned by the same entity, shared with selected third parties, or made public. The server computer provides a privacy policy document that describes how the data gathered is used. A privacy server analyzes the privacy policy document and, based on the analysis, generates a privacy score. The privacy score or an informational message selected based on the privacy score are provided to the client device. In response, the client device presents the privacy score or the informational message to the user. In this way, the user is informed of privacy risks that result from accessing the server computer.

Systems, methods, and devices for managing privacy policies are disclosed. In one embodiment, a method for management of a user's privacy preferences may include: identifying a computer application installed on a user electronic device, or a website accessed using a browser executed by the user electronic device; retrieving a privacy policy document analysis for a privacy policy document associated with the computer application or the website, the privacy policy document analysis comprising a valuation of a plurality of privacy policy segments within the privacy policy document; receiving a privacy preference analysis for the user, the privacy preference analysis comprising a valuation of a plurality of privacy preferences for the user; identifying a recommended action in response to the valuation of one of the privacy policy segments being outside the scope of the valuation of one of the plurality of privacy preferences; and executing the recommended action.

The present disclosure provides systems and methods for content quasi-personalization or anonymized content retrieval via aggregated browsing history of a large plurality of devices, such as millions or billions of devices. A sparse matrix may be constructed from the aggregated browsing history, and dimensionally reduced, reducing entropy and providing anonymity for individual devices. Relevant content may be selected via quasi-personalized clusters representing similar browsing histories, without exposing individual device details to content providers.

Provided is a system, comprising: a computing device, comprising: computational storage or computational memory, the computational storage or computational memory having a processor; a downstream data processor that is different from the processor of the computational storage or computational memory; and a bus connecting the processor to the computational storage or computational memory, wherein the computing device comprises a tangible, non-transitory, machine readable medium storing instructions that, when executed, effectuate operations comprising: receiving an input from a remote device conveyed to the computing device; determining, based on the input, how to configure a transformation of data stored in the computational storage or computational memory; and applying, with the processor, the configured transformation to the data stored in the computational storage or computational memory; and outputting the transformed data to the downstream data processor.