Endpoint

1/4/2019
09:55 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft's 'Project Bali' Wants to Let You Control Your Data

Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.

Microsoft Research reportedly has a new offering in the works intended to improve users' privacy by giving them greater control over the information it collects about them.

The tool, codenamed Project Bali, currently appears to be in private beta testing. It was mentioned in a tweet on Jan. 2 by Twitter user Longhorn, who called it "a project that can delete your connection and account information (inverseprivacyproject)." ZDNet's Mary Jo Foley found a link to Bali's project page, which lets users sign in or request codes to gain access.

While no longer available at the time of this writing, the page for Project Bali describes it as a "new personal data bank which puts users in control of all data collected about them… The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data," ZDNet reports.

'Inverse Privacy'

As indicated in Longhorn's tweet, Bali is founded on the idea of "Inverse Privacy," the subject of a 2014 paper developed by former Microsoft Research employees Yuri Gurevich, Efim Hudis, and Jeannette Wing. All were part of the research team at the time their paper was written.

According to the concept of inverse privacy, information is inversely private if another party has access to it but you do not. Meanwhile, directly private data is accessible to you and nobody else; and partially private data is accessible to you and a limited number of parties, the researchers explain.

The different organizations you interact with – your employer, township, doctor, grocery store – have legitimate reasons for collecting inversely private information (receipts, prescriptions, etc.). Over time, technology has allowed them to record and store that information better than you would. As a result, more of your data has become inversely private, yet difficult to access.

"Your inversely private information, whether collected or derived, allows institutions to serve you better," researchers argue. "But access to that information – especially if it were presented to you in a convenient form – would do you much good."

This type of data access would allow its owners to correct possible errors and gain a better idea of various health and lifestyle metrics so they can make improvements where they see fit, they continue. Researchers note that in some cases, the inaccessibility of inversely private data can be justified to protect the privacy of other people and protect the interests of organizations.

However, they add, these cases are relatively few. In most situations, people would be better off with access to the information companies have on them. Further, they say it's in businesses' interests to share data: people want to work with companies that value transparency.

"We argue that there are numerous scenarios where the chances to hurt other parties by providing you access to your data are negligible," they write. The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
gasbagred
50%
50%
gasbagred,
User Rank: Apprentice
1/8/2019 | 6:48:26 AM
The new idea
The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.
emanuel.petty
50%
50%
emanuel.petty,
User Rank: Apprentice
1/6/2019 | 2:14:07 PM
Re: How about just a printable calendar PRIVACY
The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2019 | 2:27:13 PM
How about just PRIVACY
Why should Micro$oft collect data about me?  I consider most of my stuff to be MY STUFF (apologies to the late, great George Carlin).  It belongs to me and for them to TAKE IT ----- and gee, ain't this nifty.  Let me control what they take.  Wow. I am impressed NOT.  
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9923
PUBLISHED: 2019-03-22
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
CVE-2019-9924
PUBLISHED: 2019-03-22
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.
CVE-2019-9925
PUBLISHED: 2019-03-22
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
CVE-2019-9927
PUBLISHED: 2019-03-22
Caret before 2019-02-22 allows Remote Code Execution.
CVE-2019-9936
PUBLISHED: 2019-03-22
In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.