Users and Consent of This Website
This website of this website 4WALLS is used by invited groups of students, researchers or test subjects participating voluntarily in the research project “Coming to Terms with Ambiguous Asset Dimensions: Quantify and Qualify Beauty, Quality and Uniqueness in the Built Environment with Machine Learning” (henceforth “research project”).
Collection and Processing of Data
We collect and process only anonymised user data for the aforementioned research project. The aim of the project is to reveal preferences and willingness to pay for certain visual real estate attributes by letting participants rate pictures of real estate according to their personal taste. The obtained data will be used in an aggregated form in scientific publications.
To access this service, participants may use a range of logins, e.g. Twitter or Facebook (henceforth “identity provider”).
4WALLS collects the origin of every login (i.e.
twitter) and a salted hash of the user email or the login supplied by the identity provider to ensure user anonymity.
The transformation of the login into a hash is done using the state-of-the-art sha256 library for cryptographic hashing. The user’s email or login itself is not stored. A reversal from the hash back to the email or login is not possible, neither is a probabilistic user re-identification, since only common expressions of taste and real estate values are stored. The user login is therefore completely anonymised.
During the first login to our service, the identity provider will ask for permission for 4WALLS to access the user name/login. No other property like lists of friends or avatar pictures will be requested. The permission to supply the user name/login to 4WALLS can be revoked at any time on the respective identity provider’s website, for instance at the participant’s google profile.
“Anonymous login” is an alternative authentication method. It asks the user to provide the first letters of her/his mother’s and father’s first names, her/his day of birth and the last letter of the user’s first name. From this we construct again a sha256 hash. Again the letters and numbers used to construct the login are so unspecific, that an identification of users is impossible.
After authentication via identity providers or anonymous login, we also ask for the participants’
Gender: [female, male, third]
Decade of birth: [1950s, 1960s, 1970s, …]
Cultural background: [Far East, African, European]
Experience with home buying: [yes, no]
Last home bought: [never, during last 5 years, during last 10 years, …]
These attributes are asked and stored to run separate statistical analyses on the answers given by users. They chosen extra coarse to prevent probabilistic de-anonymisation. Although some identity providers might be capable of providing some of these data, we will not use this route, and ask users directly. See section “User’s rights” below on how to inqire or correct or revoke user data.
After registration, the users will evaluate various real estate pictures. We store the answers provided by the participants, along with the date and time, e.g.
Picture number 17, User: avgRylZw5K, answer option 1, Date+time: 5 May 2020 13:04 CET.
For any user data, technical provisions have been set up in such a way that the data are factually anonymous.
Still, users can request Thies Lindenthal, htl24 at cam.ac.uk, to find out what information is stored about them (see section “Collection and processing of data” above). Users can request which data belonging to them is saved by 4WALLS. Users may also demand the data to be corrected or deleted.
Since the data is anonymized, the requesting participant needs to login at a designated time, so that Mr. Lindenthal can associate the petitioner with her/his sha256 hash ID, and then correct or delete her/his data.
Data Disclosure to Third Parties
We will not disclosure any user data to any third parties. Data will be used strictly scientifically within the aforementioned research project.
Data Storage and IT Safety
The data will be stored by Amazon Web Services (AWS) in Frankfurt, Germany and secured physically by AWS and software-wise through https keys created and certified by Let’s Encrypt.
Access to the servers is only possible via SSH login using keys created by Amazon AWS. Only ports 80, 443 and 22 are accessible. Safety is provided by sshd and up-to-date apache 2.x web server running on an Ubuntu 18 LTS server. Only the research project team has access to the data.
There will be no third-party cookies whatsoever.
The following values will be stored in cookies.
- sessionID cookie;
this cookie is only used for the login and only for the duration of the browser session.
It has a TTL of two hours.
Next three cookies will be saved in the browser with a TTL of 72 hours.
Server-Side Session Storage
Server-side storage of the user’s session data will be at Google Cloud in London, UK.
There the data will be stored either in server RAM or in a Redis server hosted by Google Cloud.
Integration of Google Street View Pictures