PrivacyDates: A Framework for More Privacy-Preserving Timestamp Data Types

TL;DR

This paper introduces PrivacyDates, a framework for replacing conventional timestamps with privacy-preserving alternatives in web applications, demonstrating their practicality without compromising functionality.

Contribution

It designs and implements three privacy-preserving timestamp alternatives for Django and evaluates their effectiveness in a real-world project management app.

Findings

Alternatives can replace timestamps without impairing app functionality.

The proposed methods align with data minimisation principles.

Practical adoption is feasible in real-world software.

Abstract

Case studies of application software data models indicate that timestamps are excessively used in connection with user activity. This contradicts the principle of data minimisation which demands a limitation to data necessary for a given purpose. Prior work has also identified common purposes of timestamps that can be realised by more privacy-preserving alternatives like counters and dates with purpose-oriented precision. In this paper, we follow up by demonstrating the real-world applicability of those alternatives. We design and implement three timestamp alternatives for the popular web development framework Django and evaluate their practicality by replacing conventional timestamps in the project management application Taiga. We find that our alternatives could be adopted without impairing the functionality of Taiga.