Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/4/2019
09:55 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft's 'Project Bali' Wants to Let You Control Your Data

Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.

Microsoft Research reportedly has a new offering in the works intended to improve users' privacy by giving them greater control over the information it collects about them.

The tool, codenamed Project Bali, currently appears to be in private beta testing. It was mentioned in a tweet on Jan. 2 by Twitter user Longhorn, who called it "a project that can delete your connection and account information (inverseprivacyproject)." ZDNet's Mary Jo Foley found a link to Bali's project page, which lets users sign in or request codes to gain access.

While no longer available at the time of this writing, the page for Project Bali describes it as a "new personal data bank which puts users in control of all data collected about them… The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data," ZDNet reports.

'Inverse Privacy'

As indicated in Longhorn's tweet, Bali is founded on the idea of "Inverse Privacy," the subject of a 2014 paper developed by former Microsoft Research employees Yuri Gurevich, Efim Hudis, and Jeannette Wing. All were part of the research team at the time their paper was written.

According to the concept of inverse privacy, information is inversely private if another party has access to it but you do not. Meanwhile, directly private data is accessible to you and nobody else; and partially private data is accessible to you and a limited number of parties, the researchers explain.

The different organizations you interact with – your employer, township, doctor, grocery store – have legitimate reasons for collecting inversely private information (receipts, prescriptions, etc.). Over time, technology has allowed them to record and store that information better than you would. As a result, more of your data has become inversely private, yet difficult to access.

"Your inversely private information, whether collected or derived, allows institutions to serve you better," researchers argue. "But access to that information – especially if it were presented to you in a convenient form – would do you much good."

This type of data access would allow its owners to correct possible errors and gain a better idea of various health and lifestyle metrics so they can make improvements where they see fit, they continue. Researchers note that in some cases, the inaccessibility of inversely private data can be justified to protect the privacy of other people and protect the interests of organizations.

However, they add, these cases are relatively few. In most situations, people would be better off with access to the information companies have on them. Further, they say it's in businesses' interests to share data: people want to work with companies that value transparency.

"We argue that there are numerous scenarios where the chances to hurt other parties by providing you access to your data are negligible," they write. The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2019 | 2:27:13 PM
How about just PRIVACY
Why should Micro$oft collect data about me?  I consider most of my stuff to be MY STUFF (apologies to the late, great George Carlin).  It belongs to me and for them to TAKE IT ----- and gee, ain't this nifty.  Let me control what they take.  Wow. I am impressed NOT.  
emanuel.petty
50%
50%
emanuel.petty,
User Rank: Apprentice
1/6/2019 | 2:14:07 PM
Re: How about just a printable calendar PRIVACY
The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.
gasbagred
50%
50%
gasbagred,
User Rank: Apprentice
1/8/2019 | 6:48:26 AM
The new idea
The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1874
PUBLISHED: 2019-06-20
A vulnerability in the web-based management interface of Cisco Prime Service Catalog Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protection mechanisms on the web-ba...
CVE-2019-1875
PUBLISHED: 2019-06-20
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The vulnerability is due to insufficient validation of user-supplied input by t...
CVE-2019-1876
PUBLISHED: 2019-06-20
A vulnerability in the HTTPS proxy feature of Cisco Wide Area Application Services (WAAS) Software could allow an unauthenticated, remote attacker to use the Central Manager as an HTTPS proxy. The vulnerability is due to insufficient authentication of proxy connection requests. An attacker could exp...
CVE-2019-1878
PUBLISHED: 2019-06-20
A vulnerability in the Cisco Discovery Protocol (CDP) implementation for the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, adjacent attacker to inject arbitrary shell commands that are executed by the device. The vulnerability is due to insuff...
CVE-2019-1879
PUBLISHED: 2019-06-20
A vulnerability in the CLI of Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input at the CLI. An attacker could exploi...