Saudi Cultural Missions Theses & Dissertations

Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10

Browse

Subject: search.filters.subject.Privacy

Search Results

Now showing 1 - 10 of 23
  • No Thumbnail Available
    ItemRestricted
    Between a Chat and a Hard Place: Technical Compliance Measures and Intermediary Liability in End-to-End Encrypted Messaging Platforms under the Online Safety Act
    (Saudi Digital Library, 2025) AlEid, Haneen; Lachlan, Urqhart
    This study investigates the complex interplay between content moderation, platform liability, and end-to-end encryption (E2EE) within the legal context of the United Kingdom’s Online Safety Act 2023. It critically assesses how the Act approaches intermediary liability for E2EE-enabled platforms such as WhatsApp, Signal, and Telegram, with particular attention to the feasibility, effectiveness, and proportionality of proposed technical measures for moderating encrypted communications. The research further explores the evolving regulatory mandate of Ofcom and identifies pathways to reconcile public safety objectives with the safeguarding of user privacy. By integrating legal analysis with a technical understanding of encryption and platform architecture, the study seeks to advance a rights-respecting and technically grounded model of platform accountability. It argues that aligning regulatory frameworks with realistic technological capabilities is not only essential for effective governance but also vital for maintaining public trust in digital communication systems.
    8 0
  • No Thumbnail Available
    ItemRestricted
    Investigating and Mitigating Privacy Risks of Eye Tracking on Handheld Mobile Devices
    (Saudi Digital Library, 2025) Alsakar, Noora Sami; Khamis, Mohamed
    Eye-tracking technology offers significant benefits for mobile device users by enabling handsfree interaction and providing valuable insights into user behavior. However, it also raises serious privacy concerns, as gaze data can reveal sensitive information about individuals, such as gender, age, and geographical origin. Under two threat models, this thesis investigates and addresses the privacy risks of eye tracking on handheld mobile devices, a context that presents distinct challenges and remains underexplored compared to other eye-tracking platforms. While extensive research has examined eye-tracking privacy risks in controlled settings, such as desktop or virtual reality (VR), handheld mobile devices have not been investigated. Yet, handheld mobile devices, such as smartphones, are widely used in everyday life scenarios, making the privacy implications of eye tracking on these platforms critical. Furthermore, the literature lacks evaluations of how effective existing privacy mitigation methods are when applied to gaze data collected via the front-facing cameras. In the dataset attack threat model scenario, an attacker gains unauthorized access to the gaze data, whether raw or aggregated, and then attempts to infer sensitive data about individuals, such as the user’s age, gender, and nationality, from the retrieved gaze data using a pre-trained privacy attack AI model given some basic assumptions. In the model attack threat model scenario, the adversary gains unauthorized access to the utility AI model, which refers to the useful task the model was developed to perform, such as predicting user IQ performance from their eye-tracking data, and then performs inference attacks by probing the model, potentially reconstructing the original training data and leaking private information. Leveraging machine learning techniques, this thesis explores a) the privacy leakage via handheld mobile eye tracking and b) examines differential privacy (DP) mechanisms to mitigate these risks, which is a rigorous mathematical and formal approach to protecting private data by adding noise. The overarching goal is to protect user privacy in mobile eye tracking through rigorous empirical investigation, progressing through three main phases: understanding user privacy perception and subjective acceptance of eye tracking on handheld mobile devices, measuring privacy leakage, and developing privacy-preserving solutions tailored to mobile eye tracking. The thesis begins by exploring user perceptions of privacy in the context of eye tracking on handheld mobile devices. The study reveals a key finding: most users are unaware of the privacy risks associated with these technologies. This underscores the urgent need to integrate privacy-preserving techniques. Additionally, the study identifies critical factors influencing users’ subjective acceptance of mobile eye tracking, such as algorithmic transparency and the credibility of developers. Building on these findings, the second study confirms that sensitive attributes, such as gender, age, nationality, and educational background, can be inferred from the processed gaze data collected via handheld mobile devices. This is demonstrated through the introduction of a novel contribution: the SmartEyePhone dataset, collected using the front-facing camera of an iPhone 14 Pro. This dataset is the first to associate mobile gaze data with sensitive demographic information. To address the associated privacy risks of the processed gaze data in line with the two threat models, the third study evaluates two differential privacy (DP) approaches: dataset perturbation, where noise is injected into the data before training to prevent attackers from inferring private information resulting from unauthorized access to the data, and model perturbation, where noise is added to the model’s gradients during the training phase, which prevents attackers from rebuilding the original gaze data the models trained on, resulting from unauthorized access to the model that can be used to leak sensitive information about individuals. Both methods are shown to effectively reduce privacy risks, though with an impact on utility, such as decreased classification accuracy in tasks like IQ task prediction. Additionally, another study introduces a novel privacy-utility tradeoff metric that quantifies the privacy protection through the reduction in the privacy leakage after applying DP mechanisms and the utility performance loss, guiding the selection of optimal DP parameters in mobile scenarios. A subsequent study focuses on raw gaze data, particularly x,y coordinate streams, to examine their privacy implications. Unlike processed gaze data, which are aggregated into higher-level features such as fixations or saccades, raw gaze data represent the most granular form of the eyetracking input and are directly collected and transmitted by mobile eye tracking applications. Investigating the privacy risks of raw gaze data is essential to mitigate the privacy risks at the earliest stage of the gaze data collection pipeline, where sensitive information may be exposed. The findings of this chapter confirm that even raw gaze data can reveal sensitive information. However, applying appropriate DP mechanisms can mitigate these risks. In the final phase of the thesis, a SelectiveGazeDP approach is proposed, inspired by insights from earlier studies. Chapters 4 and 5 showed that while applying DP mechanisms can effectively reduce privacy risks in handheld mobile settings, it often leads to a considerable drop in utility performance. Based on this insight, this method employs feature selection techniques to identify the most privacy-revealing processed gaze features and selectively applies DP noise to those features. The findings from this targeted application were shown to enhance the utility in mobile settings but compromise privacy. Overall, this thesis provides a novel and comprehensive investigation of privacy leakage risks in gaze data, both raw and processed, when collected via handheld mobile eye trackers. One of the key contributions is the introduction of the SmartEyePhone dataset, which demonstrates that mobile eye tracking can indeed expose sensitive personal information. Building on these findings, the thesis explores effective privacy-preserving techniques tailored to mobile settings, emphasizing the importance of selecting appropriate differential privacy parameters. Finally, it introduces a novel privacy-utility tradeoff metric that quantifies the tradeoff between privacy protection and utility task performance, offering practical guidance for designing privacy-aware gaze-based applications.
    19 0
  • No Thumbnail Available
    ItemRestricted
    Exploring the experiences and concerns about privacy and security in online teaching by students and teachers in the United Kingdom and Kingdom of Saudi Arabia
    (Saudi Digital Library, 2025) Almekhled, Basmah Fahad; Petrie, Helen
    This research programme investigated experiences of online teaching and related privacy and security concerns before and since the pandemic among HEI students and teachers in the United Kingdom (UK) and the Kingdom of Saudi Arabia (KSA). As there is little cross-cultural research on these issues, five studies were conducted to explore them. Studies 1 and 2 were online surveys with students. UK students reported difficulties due to the pandemic with practical, interaction, and social isolation. In contrast, KSA students reported difficulties with focus, engagement, and technical issues. UK students used webcams selectively, whereas KSA students reported little use. Privacy and security concerns were low among UK students but moderate among KSA students. Studies 3 and 4 were online surveys with teachers. UK teachers struggled with students not using their webcams during online teaching, whereas KSA teachers faced communication and assessment issues. Both groups reported difficulties with student engagement. KSA teachers reported low webcam use, whereas UK teachers reported high use. Privacy and security concerns were low among UK teachers but moderate among KSA teachers. Study 5, a field study in a KSA HEI, found neither students nor teachers used webcams in teaching. Students cited flexibility, distractions, and privacy concerns, whereas teachers cited distractions and security concerns. Students reported high levels of privacy concerns about their institutions but only moderate concern about teachers and classmates. Complex relationships were found between students’ online privacy, security concerns and trust. Studies 6 and 7 were online surveys which explored KSA and UK HEI teachers experiences and attitudes in more detail. Both groups valued webcam use for engagement, but UK teachers felt self-conscious and struggled with students' webcams presence, while KSA teachers had privacy, security and cultural concerns. Both groups were uncertain about institutional webcam policies and expressed limited satisfaction with privacy and security guidelines. These findings highlight the need to address webcam use and privacy and security concerns in online teaching in relation to cultural and educational contexts.
    16 0
  • No Thumbnail Available
    ItemRestricted
    IMPROVING SMART HOME ACCESS CONTROL MECHANISMS TO ACCOUNT FOR COMMUNITY-BASED SHARING BEYOND THE HOME
    (Saudi Digital Library, 2025) Alghamdi, Leena; Hughes, Charles; Wisniewski, Pamela
    The rapid proliferation of smart home devices has reshaped daily living, offering convenience and enhanced security. However, extending access to these devices beyond household boundaries introduces significant challenges, including balancing privacy, security, and usability. Through three studies, this dissertation investigates these challenges and proposes solutions to improve access control mechanisms for sharing smart home devices with external individuals. First, we conducted 26 co-design interviews with 50 smart home device owners to understand their perspectives on co-monitoring in emergencies with trusted external contacts. Participants emphasized benefits such as enhanced safety, reduced material loss, and peace of mind through swift responses and threat verification. However, privacy concerns, burdening others, and unauthorized access highlighted the complexity of implementing such systems. These insights informed the development of design considerations, emphasizing flexibility, granular controls, and fail-safe mechanisms to mitigate these concerns and address user needs effectively. Building on these insights, we systematically analyzed 11 existing smart home management systems and two open-source platforms to evaluate how they support external sharing. The analysis uncovered significant limitations, such as reliance on rigid "all-or-nothing" access models, limited granularity in permissions, and insufficient transparency. These findings highlighted the need for more adaptable and user-centered mechanisms that empower users to manage access securely and intuitively while addressing privacy and usability concerns. To address these gaps, we developed and evaluated a novel mobile application, "MiSu," to enable flexible and secure smart home device sharing. MiSu introduced features like time-based permissions, device specific access, and real-time activity logs to accommodate diverse sharing scenarios. Then, we conducted a user study involving 15 smart home users and their trusted external contacts (N=30), revealing that participants valued the app’s precision and transparency but encountered usability challenges and privacy concerns, such as potential misuse of permissions and overexposure of personal spaces. These findings highlight the need for intuitive, user-centered designs that balance advanced functionality with privacy protection.
    23 0
  • No Thumbnail Available
    ItemRestricted
    The Impact of Privacy Awareness on Sharenting and Privacy Management Practices Among Saudi Parents
    (Kent State University, 2025) alnemre, Afnan; Hollenbaugh, Erin; Egbert, Nichole
    In the digital age, parents frequently engage in the practice of sharenting—sharing their children's photos and information on social media—raising concerns about privacy and its implications for identity theft and other risks. This phenomenon has significant impacts on the violation of children’s privacy and their psychological and social well-being. Guided by communication privacy management (CPM) theory, this study aimed to identify the role of privacy awareness and religiosity in sharenting and privacy management practices among Saudi parents, using a quantitative approach and relying on a survey as a data collection method, N =139 were collected from Saudi parents. The findings revealed that extrinsic religiosity demonstrated positive relationship with all sharenting dimensions self-control, social behaviors and implications also with boundary linkages and boundary permeability in CPM. Also, intrinsic religiosity has a negative correlation with boundary permeability, while the study does not find a relationship between intrinsic religiosity and all sharenting dimensions. Additionally, there was a significant negative correlation between privacy awareness and boundary ownership in CPM. Moreover, the study has shown gender differences in sharenting behavior, showing that mothers post more pictures of children. This research aspires to inform initiatives promoting privacy-conscious digital practices among parents and aims to support the development of child protection policies in Saudi Arabia to safeguard children's online privacy.
    60 0
  • No Thumbnail Available
    ItemRestricted
    Privacy-aware Secure Authentication and Handover Protocols for 5G-enabled Mobile Communication
    (University of Sheffield, 2025) Alnashwan, Rabiah; Prosanta, Gope; Benjamin, Dowling
    The evolution of mobile communication has facilitated technological advancements that enable seamless global connectivity. With the advent of 5G technology, wireless communication has taken a significant leap forward, promising unparalleled speed, capacity, and connectivity. As we enter this era of advanced communication, we also need to consider its implications for security and privacy. The integration of 5G technology brings new opportunities and challenges, making it essential to thoroughly examine the security and privacy frameworks that support this advanced network. Compared to the previous mobile communication generations, 5G offers a more robust security infrastructure by strengthening two key protocols: Authentication and Key Agreement (AKA) and Handover (HO). Although 5G-AKA significantly improves security measures, it is worth noting that the current protocols lack support for several essential security and privacy properties, such as forward secrecy, forward privacy, and unlinkability. Thus, a critical need remains to address these gaps to ensure comprehensive protection in 5G networks. In response to the issues in respect of security and privacy, this thesis proposes three novel AKA and HO schemes. The three proposed schemes have different security and privacy goals that support improved security and privacy features compared to the conventional 5G-AKA and HO protocols currently utilized and other existing solutions. In particular, we examine challenges associated with integrating ultra-dense small cell networks (SCNs) into the 5G infrastructure. This exploration led us to investigate the concept of region-based handovers and to propose, to the best of our knowledge, the first scheme that provides privacy-preserving, secure inter-region-based AKA and HO scheme. This scheme provides secure authentication for roaming users with an efficient and seamless handover process. To enhance security and privacy measures further, we undertake an additional investigation into fortifying resilience against key compromise impersonation attacks. This involves proposing a novel, secure, privacy-preserving Universal Handover scheme (UniHand) tailored for SCNs within the 5G mobile communication framework. Finally, in pursuit of seamless compatibility with 5G networks, we introduce an improved iteration of the 5G-AKA and HO protocols. Referred to as Pretty Good User Privacy (PGUP), this novel symmetry-based scheme aims to mitigate security and privacy vulnerabilities inherent in the existing 5G-AKA and HO protocols while maintaining high compatibility with the 5G infrastructure.
    30 0
  • No Thumbnail Available
    ItemRestricted
    A Comparative Analysis Between GDPR and CCPA: How Regulatory Frameworks Address Privacy and Data Protection
    (King's college london, 2025) Mashat, Fatmah; Tim, Stevens
    This study undertook a comparative qualitative analysis between the European Union’s General Data Protection Regulation (GDPR) and the United States’ California Consumer Privacy Act (CCPA), two pivotal legal frameworks shaping modern data protection and privacy standards. Despite their shared objective of enhancing data privacy, these frameworks face different regulatory challenges. Thus, this study sought to answer the research question: How do these regulatory frameworks address privacy and data protection? The study’s main argument was that while both frameworks aim to protect individual data, their legal approaches and cultural foundations differ. The GDPR offers a more comprehensive and stringent consent model compared to the CCPA, which is more flexible and consumer-centred. To explore this, the study delved into how each regulation addresses enforcement penalties, legal specificity, consent, transparency, accountability, and stakeholder participation. The findings highlight the strengths and weaknesses of each regulation and provide recommendations for stakeholders to improve data protection.
    29 0
  • No Thumbnail Available
    ItemRestricted
    Privacy Regulation of Cellular Network Data: A Comparative Study with Recommendations for the Kingdom of Saudi Arabia
    (University of Waikato, 2023) Aldubayyan, Ahmed; Rumbles, Associate Wayne; Liao, Leo Z
    One of the primary economic objectives of multinational technology corporations is to amass a significant amount of personal data, potentially leading to significant infringements of individuals' privacy rights. The advent of the technology revolution has resulted in a swift evolution of privacy laws in numerous jurisdictions. This can be attributed to the enhanced capacity of governmental and commercial entities to monitor and accumulate extensive data, as well as the economic objectives of global technology corporations to amass copious amounts of personal information. The Kingdom of Saudi Arabia has yet to implement legal provisions that ensure the privacy rights of its citizens and has also not introduced any legislation that safeguards the confidentiality rights of its citizens. The Kingdom of Saudi Arabia is currently contemplating the possibility of implementing a privacy legislation that considers not only its own distinct national culture, but also the role of privacy within the cultures of the surrounding region, as well as on a global scale. Annually, a vast number of international tourists travel to the Kingdom of Saudi Arabia, which has established a comprehensive plan and outlook aimed at luring multinational corporations across diverse sectors. Due to the aforementioned circumstances, it is imperative for the Kingdom of Saudi Arabia to establish a robust legislative framework that can effectively protect personal data. It is noteworthy that the Kingdom of Saudi Arabia operates under the governance of Sharia Law and Islamic Jurisprudence, which serve to safeguard the entitlement to confidentiality and privacy of personal data. The preservation of privacy and confidentiality of personal information is a significant concern for the inhabitants of the Kingdom of Saudi Arabia, and they handle these issues with great sensitivity. In contemporary times, characterised by technological advancements and rapid global and economic development, it is imperative to institute legislation that protects the data and information infrastructure of the Kingdom of Saudi Arabia, in addition to the personal privacy of its populace. The thesis delves into the significance of privacy and examines the measures taken by various jurisdictions to safeguard the personal information of their residents. Additionally, it explores the potential lessons that the Kingdom of Saudi Arabia can draw from these examples.
    22 0
  • No Thumbnail Available
    ItemRestricted
    MEASURING AWARENESS AND ABILITY OF STUDENTS IN SECURING PERSONAL SENSITIVE DATA ON MOBILE PHONES
    (University of North Texas, 2024-12) Bukhari, Ahmed Abdulhakim; Allen, Jeff
    This study investigates the awareness and ability of students at the University of North Texas (UNT) in securing their personal and sensitive information on mobile phones. In an era marked by increasing digitization, mobile phones play a pivotal role in our daily lives, making it essential to understand the practices and knowledge of individuals when it comes to safeguarding their personal information. To achieve this, the study adopts a multidimensional approach through the integration of three prominent theoretical frameworks, which are the technology acceptance model (TAM), the theory of planned behavior (TPB), and protection motivation theory (PMT). This integrated framework enables a comprehensive understanding of student perceptions, intentions, and motivations concerning mobile phone security. To gather data, a quantitative research method was employed, using a structured survey in the form of a questionnaire. Respondents were asked to rate their agreement with various statements using a 5point Likert scale, ranging from 1 = strongly disagree to 5 = strongly agree. The survey included questions designed to assess student awareness, knowledge, attitudes, and behaviors related to securing personal information on their mobile phones. The findings of this study shed light on the existing gaps in the knowledge and practices of students related to mobile phone security. The outcomes can inform educational institutions and policymakers on the necessity of implementing awareness programs and security measures to protect personal information in the digital age. This research contributes to a deeper understanding of mobile phone security practices and paves the way for potential interventions to empower UNT students and users of mobile technology to protect their sensitive data effectively.
    60 0
  • No Thumbnail Available
    ItemRestricted
    AI-Driven Approaches for Privacy Compliance: Enhancing Adherence to Privacy Regulations
    (Univeristy of Warwick, 2024-02) Alamri, Hamad; Maple, Carsten
    This thesis investigates and explores some inherent limitations within the current privacy policy landscape, provides recommendations, and proposes potential solutions to address these issues. The first contribution of this thesis is a comprehensive study that addresses a significant gap in the literature. This study provides a detailed overview of the current landscape of privacy policies, covering both their limitations and proposed solutions, with the aim of identifying the most practical and applicable approaches for researchers in the field. Second, the thesis tackles the challenge of privacy policy accessibility in app stores by introducing the App Privacy Policy Extractor (APPE) system. The APPE pipeline consists of various components, each developed to perform a specific task and provide insightful information about the apps' privacy policies. By analysing over two million apps in the iOS App Store, APPE offers unprecedented and comprehensive store-wide insights into policy distribution and can act as a mechanism for enforcing privacy policy requirements in app stores automatically. Third, the thesis investigates the issue of privacy policy complexity. By establishing generalisability across app categories and drawing attention to associated matters of time and cost, the study demonstrates that the current situation requires immediate and effective solutions. It suggests several recommendations and potential solutions. Finally, to enhance user engagement with privacy policies, a novel framework utilising a cost-effective unsupervised approach, based on the latest AI innovations, has been developed. The comparison of the findings of this study with state-of-the-art methods suggests that this approach can produce outcomes that are on par with those of human experts, or even surpass them, yet in a more efficient and automated manner.
    43 0

Copyright owned by the Saudi Digital Library (SDL) © 2026