[logseq-plugin-git:commit] 2026-01-16T13:45:52.304Z
This commit is contained in:
@@ -7,16 +7,18 @@ full-title:: Privacy in the Cashless Society: A Dual Case Study Evaluation of l
|
||||
date-start:: [[16-01-2026]] - 11:08
|
||||
date-submitted::
|
||||
external-links::
|
||||
status:: [[DOING]]
|
||||
status:: [[DONE]]
|
||||
deadline-submission::
|
||||
file::
|
||||
parent::
|
||||
todoist:: https://app.todoist.com/app/task/jssoftware-d-25-01678-6fGCW438gGXcpFRg
|
||||
|
||||
- ### [[Comments]]
|
||||
- Summary: The paper evaluates the LINDDUN privacy threat modeling framework through two distinct case studies: a mobile digital wallet service and an NFC-based festival payment system. To establish a baseline, the authors conducted a transdisciplinary literature review that identified five core privacy concerns prevalent in a cashless society. Subsequently, the LINDDUN methodology was employed to elicit technical privacy threats for both cases, followed by a compatibility assessment to compare these technical findings with the broader concerns found in literature. The study found that while LINDDUN is highly effective at identifying technical architectural "hotspots", its system-centric nature makes it less suited for anticipating consequential societal harms, such as long-term surveillance, or the future repurposing of financial data (function creep).
|
||||
- Summary: The paper evaluates the LINDDUN privacy threat modeling framework through two distinct case studies, i.e., a mobile digital wallet service and an NFC-based festival payment system. To establish a baseline, the authors conducted a transdisciplinary literature review that identified five core privacy concerns prevalent in a cashless society. Subsequently, the LINDDUN methodology was employed to elicit technical privacy threats for both cases, followed by a compatibility assessment to compare these technical findings with the broader concerns found in literature. The study found that while LINDDUN is highly effective at identifying technical architectural "hotspots", its system-centric nature makes it less suited for anticipating consequential societal harms, such as long-term surveillance, or the future repurposing of financial data.
|
||||
- Comments: The paper is about an interesting topic even though it is affected by presentation issues that compromise the quality of the overall work as discussed below:
|
||||
- The authors acknowledge that their threat models are based exclusively on publicly available technical documentation. This reliance introduces a significant threat to construct validity, as proprietary implementation details and internal data-handling practices are often omitted from public manuals. Consequently, the resulting threat models may be incomplete or fail to capture "peculiar" privacy vulnerabilities that only emerge at the implementation level, potentially leading to a superficial assessment of the systems' actual privacy posture.
|
||||
- The authors acknowledge that their threat models are based exclusively on publicly available technical documentation. This reliance introduces a significant threat to construct validity, as proprietary implementation details and internal data-handling practices are often omitted from public manuals. Consequently, the resulting threat models may be incomplete or fail to capture "peculiar" privacy vulnerabilities that only emerge at the implementation level, potentially leading to a superficial assessment of the systems' actual privacy setting.
|
||||
- Although the paper evaluates two distinct technologies, it lacks a rigorous discussion regarding the representativeness of these cases within the broader landscape of digital payments. To strengthen the work, the authors should explicitly map these "paragon examples" against the wider ecosystem of cashless means, such as decentralized cryptocurrencies, or traditional bank-led digital transfers. Without this context, it is difficult to determine if the identified gaps in LINDDUN are universal or specific to the selected technologies.
|
||||
- The paper is not entirely self-contained, which may hinder its accessibility for readers outside the specialized privacy engineering community. From a software engineering perspective, it remains unclear how these findings can be operationalized in practice. The authors should clarify how a development team can employ these results to improve system design in a real-world context. Furthermore, the generalizability of the analysis is questionable; the authors should discuss whether the simplifications made during the DFD modeling phase significantly skewed the assessment results or if the findings remain robust across higher-fidelity system architectures
|
||||
- The paper is not entirely self-contained, which may hinder its accessibility for readers outside the specialized privacy engineering community. From a software engineering perspective, it remains unclear how these findings can be operationalized in practice. The authors should clarify how a development team can employ these results to improve system design in a real-world context.
|
||||
- The generalizability of the analysis is questionable; the authors should discuss whether the simplifications made during the DFD modeling phase significantly skewed the assessment results or if the findings remain robust across different system architectures
|
||||
- Please give a frank account of the strengths and weaknesses of the article: This paper provides a critical, transdisciplinary evaluation of a leading privacy framework (LINDDUN) applied to a high-impact societal shift. However, as a practical guide for software engineers, its utility is limited by its abstraction from implementation details and its heavy reliance on external framework knowledge.
|
||||
-
|
||||
@@ -204,11 +204,11 @@ progress:: {{renderer :todomaster}}
|
||||
- TODO [[Deliverable D3.2]]
|
||||
todoist-desc:: [MOSAICO D3.2 - Online LaTeX Editor Overleaf](https://www.overleaf.com/project/693c083f94f20a5d73e1824c)
|
||||
todoist-id:: [9822333606](https://app.todoist.com/app/task/9822333606)
|
||||
SCHEDULED: <2026-01-16 Fri>
|
||||
SCHEDULED: <2026-01-19 Mon>
|
||||
- TODO [#B] [[TOOL DEMO TRACK - MODELS 2026 Organizing Committee]]
|
||||
todoist-desc:: From: lolaburgueno@uma.es
|
||||
todoist-id:: [9789940282](https://app.todoist.com/app/task/9789940282)
|
||||
SCHEDULED: <2026-01-16 Fri>
|
||||
SCHEDULED: <2026-01-17 Sat>
|
||||
- DONE [#B] [[PAPERS/J-2026-JSS-RAGGuard]]
|
||||
todoist-desc:: *Paper rifiutato a SANER 2026 (I commenti sono* [Document shared with you: ‘SANER2026-RAGGuard-Reviews’ - davide.diruscio@gmail.com - Gmail](https://mail.google.com/mail/u/0/#all/FMfcgzQdzmXLPrtWwckTPvVSQhrHDXGf))
|
||||
todoist-id:: [9892059786](https://app.todoist.com/app/task/9892059786)
|
||||
|
||||
Reference in New Issue
Block a user