Paper 2024/475
CheckOut: User-Controlled Anonymization for Customer Loyalty Programs
Abstract
To resist the regimes of ubiquitous surveillance imposed upon us in every facet of modern life, we need technological tools that subvert surveillance systems. Unfortunately, while cryptographic tools frequently demonstrate how we can construct systems that safeguard user privacy, there is limited motivation for corporate entities engaged in surveillance to adopt these tools, as they often clash with profit incentives. This paper demonstrates how, in one particular aspect of everyday life -- customer loyalty programs -- users can subvert surveillance and attain anonymity, without necessitating any cooperation or modification in the behavior of their surveillors. We present the CheckOut system, which allows users to coordinate large anonymity sets of shoppers to hide the identity and purchasing habits of each particular user in the crowd. CheckOut scales up and systematizes past efforts to subvert loyalty surveillance, which have been primarily ad-hoc and manual affairs where customers physically swap loyalty cards to mask their real identities. CheckOut allows increased scale while ensuring that the necessary computing infrastructure does not itself become a new centralized point of privacy failure. Of particular importance to our scheme is a protocol for loyalty programs that offer reward points, where we demonstrate how CheckOut can assist users in paying each other back for loyalty points accrued while using each others' loyalty accounts. We present two different mechanisms to facilitate redistributing rewards points, offering trade-offs in functionality, performance, and security.
Metadata
- Available format(s)
- Category
- Applications
- Publication info
- Published elsewhere. PETS 2024
- Keywords
- applied cryptographysurveillanceobfuscation
- Contact author(s)
-
mattyg @ cs unc edu
rthomase @ cs unc edu
saba @ cs unc edu - History
- 2024-06-14: revised
- 2024-03-21: received
- See all versions
- Short URL
- https://ia.cr/2024/475
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/475, author = {Matthew Gregoire and Rachel Thomas and Saba Eskandarian}, title = {{CheckOut}: User-Controlled Anonymization for Customer Loyalty Programs}, howpublished = {Cryptology {ePrint} Archive, Paper 2024/475}, year = {2024}, url = {https://eprint.iacr.org/2024/475} }