Paper 2024/475

CheckOut: User-Controlled Anonymization for Customer Loyalty Programs

Matthew Gregoire, University of North Carolina at Chapel Hill
Rachel Thomas, University of North Carolina at Chapel Hill
Saba Eskandarian, University of North Carolina at Chapel Hill
Abstract

To resist the regimes of ubiquitous surveillance imposed upon us in every facet of modern life, we need technological tools that subvert surveillance systems. Unfortunately, while cryptographic tools frequently demonstrate how we can construct systems that safeguard user privacy, there is limited motivation for corporate entities engaged in surveillance to adopt these tools, as they often clash with profit incentives. This paper demonstrates how, in one particular aspect of everyday life -- customer loyalty programs -- users can subvert surveillance and attain anonymity, without necessitating any cooperation or modification in the behavior of their surveillors. We present the CheckOut system, which allows users to coordinate large anonymity sets of shoppers to hide the identity and purchasing habits of each particular user in the crowd. CheckOut scales up and systematizes past efforts to subvert loyalty surveillance, which have been primarily ad-hoc and manual affairs where customers physically swap loyalty cards to mask their real identities. CheckOut allows increased scale while ensuring that the necessary computing infrastructure does not itself become a new centralized point of privacy failure. Of particular importance to our scheme is a protocol for loyalty programs that offer reward points, where we demonstrate how CheckOut can assist users in paying each other back for loyalty points accrued while using each others' loyalty accounts. We present two different mechanisms to facilitate redistributing rewards points, offering trade-offs in functionality, performance, and security.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. PETS 2024
Keywords
applied cryptographysurveillanceobfuscation
Contact author(s)
mattyg @ cs unc edu
rthomase @ cs unc edu
saba @ cs unc edu
History
2024-06-14: revised
2024-03-21: received
See all versions
Short URL
https://ia.cr/2024/475
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/475,
      author = {Matthew Gregoire and Rachel Thomas and Saba Eskandarian},
      title = {{CheckOut}: User-Controlled Anonymization for Customer Loyalty Programs},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/475},
      year = {2024},
      url = {https://eprint.iacr.org/2024/475}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.