Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

1/4/2019
09:55 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Microsoft's 'Project Bali' Wants to Let You Control Your Data

Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.

Microsoft Research reportedly has a new offering in the works intended to improve users' privacy by giving them greater control over the information it collects about them.

The tool, codenamed Project Bali, currently appears to be in private beta testing. It was mentioned in a tweet on Jan. 2 by Twitter user Longhorn, who called it "a project that can delete your connection and account information (inverseprivacyproject)." ZDNet's Mary Jo Foley found a link to Bali's project page, which lets users sign in or request codes to gain access.

While no longer available at the time of this writing, the page for Project Bali describes it as a "new personal data bank which puts users in control of all data collected about them… The bank will enable users to store all data (raw and inferred) generated by them. It will allow the user to visualize, manage, control, share and monetize the data," ZDNet reports.

'Inverse Privacy'

As indicated in Longhorn's tweet, Bali is founded on the idea of "Inverse Privacy," the subject of a 2014 paper developed by former Microsoft Research employees Yuri Gurevich, Efim Hudis, and Jeannette Wing. All were part of the research team at the time their paper was written.

According to the concept of inverse privacy, information is inversely private if another party has access to it but you do not. Meanwhile, directly private data is accessible to you and nobody else; and partially private data is accessible to you and a limited number of parties, the researchers explain.

The different organizations you interact with – your employer, township, doctor, grocery store – have legitimate reasons for collecting inversely private information (receipts, prescriptions, etc.). Over time, technology has allowed them to record and store that information better than you would. As a result, more of your data has become inversely private, yet difficult to access.

"Your inversely private information, whether collected or derived, allows institutions to serve you better," researchers argue. "But access to that information – especially if it were presented to you in a convenient form – would do you much good."

This type of data access would allow its owners to correct possible errors and gain a better idea of various health and lifestyle metrics so they can make improvements where they see fit, they continue. Researchers note that in some cases, the inaccessibility of inversely private data can be justified to protect the privacy of other people and protect the interests of organizations.

However, they add, these cases are relatively few. In most situations, people would be better off with access to the information companies have on them. Further, they say it's in businesses' interests to share data: people want to work with companies that value transparency.

"We argue that there are numerous scenarios where the chances to hurt other parties by providing you access to your data are negligible," they write. The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.

The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
1/4/2019 | 2:27:13 PM
How about just PRIVACY
Why should Micro$oft collect data about me?  I consider most of my stuff to be MY STUFF (apologies to the late, great George Carlin).  It belongs to me and for them to TAKE IT ----- and gee, ain't this nifty.  Let me control what they take.  Wow. I am impressed NOT.  
emanuel.petty
50%
50%
emanuel.petty,
User Rank: Apprentice
1/6/2019 | 2:14:07 PM
Re: How about just a printable calendar PRIVACY
The project is currently in its "initial stage," ZDNet reports, an indication that researchers are working on helping people collect and view their information from different sites. At this time, Bali is invitation-only; it remains to be seen whether Microsoft will take further steps to make the initiative more public in the future.
gasbagred
50%
50%
gasbagred,
User Rank: Apprentice
1/8/2019 | 6:48:26 AM
The new idea
The idea behind Project Bali is to decrease the amount of inversely private data and give users more control over information.
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19040
PUBLISHED: 2019-11-17
KairosDB through 1.2.2 has XSS in view.html because of showErrorMessage in js/graph.js, as demonstrated by view.html?q= with a '"sampling":{"value":"<script>' substring.
CVE-2019-19041
PUBLISHED: 2019-11-17
An issue was discovered in Xorux Lpar2RRD 6.11 and Stor2RRD 2.61, as distributed in Xorux 2.41. They do not correctly verify the integrity of an upgrade package before processing it. As a result, official upgrade packages can be modified to inject an arbitrary Bash script that will be executed by th...
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.