Endpoint

1/4/2019
09:55 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft's 'Project Bali' Wants to Let You Control Your Data

Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.

Microsoft Research reportedly has a new offering in the works intended to improve users' privacy by giving them greater control over the information it collects about them.

The tool, codenamed Project Bali, currently appears to be in private beta testing. It was mentioned in a tweet on Jan. 2 by Twitter user Longhorn, who called it "a project that can delete your connection and account information (inverseprivacyproject)." ZDNet's Mary Jo Foley found a link to Bali's project page, which lets users sign in or request codes to gain access.

While no longer available at the time of this writing, the page for Project Bali describes it as a "new personal data bank which puts users in control of all data collected about them… The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data," ZDNet reports.

'Inverse Privacy'

As indicated in Longhorn's tweet, Bali is founded on the idea of "Inverse Privacy," the subject of a 2014 paper developed by former Microsoft Research employees Yuri Gurevich, Efim Hudis, and Jeannette Wing. All were part of the research team at the time their paper was written.

According to the concept of inverse privacy, information is inversely private if another party has access to it but you do not. Meanwhile, directly private data is accessible to you and nobody else; and partially private data is accessible to you and a limited number of parties, the researchers explain.

The different organizations you interact with – your employer, township, doctor, grocery store – have legitimate reasons for collecting inversely private information (receipts, prescriptions, etc.). Over time, technology has allowed them to record and store that information better than you would. As a result, more of your data has become inversely private, yet difficult to access.

"Your inversely private information, whether collected or derived, allows institutions to serve you better," researchers argue. "But access to that information – especially if it were presented to you in a convenient form – would do you much good."

This type of data access would allow its owners to correct possible errors and gain a better idea of various health and lifestyle metrics so they can make improvements where they see fit, they continue. Researchers note that in some cases, the inaccessibility of inversely private data can be justified to protect the privacy of other people and protect the interests of organizations.

However, they add, these cases are relatively few. In most situations, people would be better off with access to the information companies have on them. Further, they say it's in businesses' interests to share data: people want to work with companies that value transparency.

"We argue that there are numerous scenarios where the chances to hurt other parties by providing you access to your data are negligible," they write. The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gasbagred
50%
50%
gasbagred,
User Rank: Apprentice
1/8/2019 | 6:48:26 AM
The new idea
The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.
emanuel.petty
50%
50%
emanuel.petty,
User Rank: Apprentice
1/6/2019 | 2:14:07 PM
Re: How about just a printable calendar PRIVACY
The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2019 | 2:27:13 PM
How about just PRIVACY
Why should Micro$oft collect data about me?  I consider most of my stuff to be MY STUFF (apologies to the late, great George Carlin).  It belongs to me and for them to TAKE IT ----- and gee, ain't this nifty.  Let me control what they take.  Wow. I am impressed NOT.  
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Now, we come here to play Paw-ke Man Go!"
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...
CVE-2019-6496
PUBLISHED: 2019-01-20
The ThreadX-based firmware on Marvell Avastar Wi-Fi devices allows remote attackers to execute arbitrary code or cause a denial of service (block pool overflow) via malformed Wi-Fi packets during identification of available Wi-Fi networks. Exploitation of the Wi-Fi device can lead to exploitation of...
CVE-2019-3773
PUBLISHED: 2019-01-18
Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.
CVE-2019-3774
PUBLISHED: 2019-01-18
Spring Batch versions 3.0.9, 4.0.1, 4.1.0, and older unsupported versions, were susceptible to XML External Entity Injection (XXE) when receiving XML data from untrusted sources.