Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland
Détails
Télécharger: SalehzadehNiksirat2024PoPETS.pdf (1169.65 [Ko])
Etat: Public
Version: Final published version
Licence: CC BY 4.0
Etat: Public
Version: Final published version
Licence: CC BY 4.0
ID Serval
serval:BIB_B69A6B006D03
Type
Article: article d'un périodique ou d'un magazine.
Collection
Publications
Institution
Titre
Security and Privacy with Second-Hand Storage Devices: A User-Centric Perspective from Switzerland
Périodique
Proc. of the Privacy Enhancing Technologies (PoPETs)
Statut éditorial
Publié
Date de publication
04/2024
Peer-reviewed
Oui
Volume
2024
Numéro
2
Pages
412–433
Langue
anglais
Résumé
Second-hand electronic devices are increasingly being sold online. Although more affordable and more environment-friendly than new products, second-hand devices, in particular those with storage capabilities, create security and privacy threats (e.g., malware or confidential data still stored on the device, aka remnant data). Previous work studied this issue from a technical point of view or only from the perspective of the sellers of the devices, but the perspective of the buyers has been largely overlooked. In this paper, we fill this gap and take a multi-disciplinary approach, focusing on the case of Switzerland. First, we conduct a brief legal analysis of the rights and obligations related to second-hand storage devices. Second, in order to understand the buyers’ practices related to these devices and their beliefs about their legal rights and obligations, we deploy a survey in collaboration with a major online platform for transactions of second-hand goods. We demonstrate that the risks highlighted in prior research might not materialize, as many buyers do not inspect the content of the bought devices (e.g., they format it directly). We also found that none of the buyers uses forensic techniques. We identified that the buyers’ decisions about remnant data depend on the type of data. For instance, for data with illegal content, they would keep the data to report it to the authorities, whereas for sensitive personal data they would either delete the data or contact the sellers. We identified several discrepancies between the actual legal rights/obligations and users’ beliefs
Données de la recherche
Open Access
Oui
Création de la notice
27/03/2024 14:24
Dernière modification de la notice
13/04/2024 6:04