Privacy enhancing technologies pet
1 / 44

Privacy Enhancing TechnologiesPET - PowerPoint PPT Presentation

  • Updated On :

Privacy Enhancing Technologies(PET). Bobby Vellanki Computer Science Dept. Yale University. PETs. Intro Encryption Tools Policy Tools Filtering Tools Anonymous Tools Conclusion. PET. PET – Technology that enhances user control and removes personal identifiers Users want free Privacy

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Privacy Enhancing TechnologiesPET' - ataret

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Privacy enhancing technologies pet

Privacy Enhancing Technologies(PET)

Bobby Vellanki

Computer Science Dept.

Yale University


  • Intro

  • Encryption Tools

  • Policy Tools

  • Filtering Tools

  • Anonymous Tools

  • Conclusion


  • PET – Technology that enhances user control and removes personal identifiers

  • Users want free Privacy

  • Hundreds of new technologies developed



  • Classified into 4 Categories:

    • Encryption Tools (SSL)

    • Policy Tools (P3P, TRUSTe)

    • Filtering Tools (Cookie Cutters, Spyware)

    • Anonymous Tools (Anonymizer, iPrivacy)


  • Intro

  • Encryption Tools

  • Policy Tools

  • Filtering Tools

  • Anonymous Tools

  • Conclusion

Encryption tools
Encryption Tools

  • Examples:

    • SSL, PGP, Encryptionizer

  • Thought of as a security tool to prevent unauthorized access to communications, files, and computers.

  • Users don’t see the need

  • Necessary for privacy protection but not sufficient by themselves.

  • Encryption tools1
    Encryption Tools

    • Pros:

      • Inexpensive (free)

      • Easily Accessible

  • Cons:

    • Encryption Software isn’t used unless it is built-in to the software.

    • Both parties need to use the same software

  • Encryption tools2
    Encryption Tools


    • Easy access

    • All parties need to use the same tool

    • Good start but not sufficient enough


    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion

    Policy tools
    Policy Tools

    • P3P (Platform for Privacy Preferences)

      • Developed by World Wide Web Consortium

  • TRUSTe

    • non-profit organization which ensures websites are following their privacy policy

    • Promotes fair information practices

  • BBBonline

  • Policy tools cont
    Policy Tools(Cont.)


    • Users declare their privacy policy on their browsers

    • Websites register their policy with Security agencies.

    • The website policy is compared with user policy and the browser makes automated decisions.

    Policy tools cont1
    Policy Tools(Cont.)

    P3P Cont.

    • Might help uncover privacy gaps for websites

    • Can block cookies or prevent access to some sites.

    • Consumer awareness

    • Built into IE 6.0 and Netscape 7 as of July 2002

    Policy tools cont2
    Policy Tools(Cont.)


    • Users are unaware of Privacy Policies

    • Not all websites have Policy tools

    • Need automated checks to see if websites are following their privacy policy


    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion

    Filtering tools
    Filtering Tools

    • Some Types

      • SPAM filtering

      • Cookie Cutters

      • Spyware killers

    Filtering tools cont
    Filtering Tools (Cont.)

    SPAM Filters:

    • Problems:

      • Spammers use new technologies to defeat filters

      • Legitimate E-mailers send SPAM resembling E-mail

    Filtering tools cont1
    Filtering Tools(Cont.)

    SPAM Filters (cont.)

    • Possible Solution:

      • E-Mail postage scheme

  • Infeasible solution

    • Tough to impose worldwide

    • Need homogenous technology for all parties

    • Policy responsibility is unclear (Who will police it?)

  • Cookie cutters
    Cookie Cutters

    • Programs that prevent browsers from exchanging cookies

    • Can block:

      • Cookies

      • Pop-ups

      • http headers that reveal sensitive info

      • Banner ads

      • Animated graphics

    Cookie cutters cont
    Cookie Cutters(cont.)

    • Spyware killers:

      • Programs that gather info and send it to websites

      • Downloaded without user knowledge

    Filtering tools cont2
    Filtering Tools (cont.)


    • New technologies are created everyday

    • Tough to distinguish SPAM

    • Need for a universal organization

    • People are ignorant about the use of cookies


    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion

    Anonymous tools
    Anonymous Tools

    • Enable users to communicate anonymously

      • Masks the IP address and personal info

  • Some use 3rd party proxy servers

    • Strips off user info and sends it to websites

  • Not helpful for online transactions

  • Expensive

  • Anonymous tools cont
    Anonymous Tools(Cont.)

    Types of Anonymizer Technologies:

    • Autonomy Enhancing (Anonymizer)

    • Seclusion Enhancing (iPrivacy)

    • Property Managing (.NET Passport)

    Anonymous tools cont1
    Anonymous Tools(Cont.)

    Autonomy Enhancing Technology:

    • Examples:

      • Anonymizer, Freedom by Zero Knowledge

  • No user Information is stored

  • User has complete control

  • Anonymous tools cont3
    Anonymous Tools (Cont.)


    • Originally a student project from CMU

    • One of the first PETs

    • Not concerned with transaction security

    • Provides anonymity by:

      • Routing through a proxy server

      • Software to manage security at the PC level (cookies, spyware, …)

    Anonymous tools cont4
    Anonymous Tools(Cont.)

    Anonymizer (Cont.)

    • Can be purchased for $30-$70

    • Can’t lose password

    • Services:

      • Customize privacy for each site

      • Erases cookies and log files, pop-up blocker, Spyware killer, unlisted IP

      • Reports

      • ISP service

    Anonymous tools cont5
    Anonymous Tools (Cont.)

    Seclusion Enhancing Technologies:

    • Examples:

      • iPrivacy, Incogno SafeZone

  • Target Transaction processing companies

  • Trusted third party who promises not to contact the customer

  • Consumer remains the decision maker

  • Anonymous tools cont7
    Anonymous Tools(Cont.)

    Seclusion Enhancing Technologies:

    • Keeps limited data (dispute resolution)

    • Transaction by transaction basis

    • Customers can choose to not give any data to merchants

    Anonymous tools cont8
    Anonymous Tools (Cont.)


    • Intermediary for users and companies

    • Doesn’t have the ability to look at all user data

    • Cannot map transactions to user info.

    • Each transaction needs to have personal info filled out.

    Anonymous tools cont9
    Anonymous Tools(Cont.)


    • Customer Downloads software (client-side software for shipping and Credit Card companies)

    • Licensed to Credit Card and Shipping Companies

    Anonymous tools cont10
    Anonymous Tools(Cont.)

    iPrivacy (cont.)

    • Avoids replay attacks for CC companies

    • Allows users to end associations with merchants

    Anonymous tools cont11
    Anonymous Tools (Cont.)

    iPrivacy (cont.)

    Privacy Policy:

    • Never sees the consumer’s name or address

    • Ensures only CC and shipping companies see data

    • iPrivacy works as a one-way mirror

    • PII filter satisfies HIPAA requirements

    Anonymous tools cont12
    Anonymous Tools (cont.)

    Property Managing Technology

    • Example:

      • .NET Passport

    • All user data is kept by the provider

    • Consumer doesn’t directly communicate with the merchant

    Anonymous tools cont14
    Anonymous Tools (cont.)

    Property Managing Technology (cont.)

    • Consumer’s control rights are surrendered for service

    • Potential for misuse of data

    • User gives agency rights to the provider(no direct contact with merchant)

    Anonymous tools cont15
    Anonymous Tools (cont.)

    .NET Passport

    • Single login service

    • Customer’s personal info is contained in the Passport profile.

      • Name, E-mail, state, country, zip, gender, b-day, occupation, telephone #

    • Controls and logs all transactions

    Anonymous tools cont16
    Anonymous Tools (cont.)

    .NET Passport

    • Participating sites can provide personalized services

    • Merchants only get a Unique ID.


      • Ebay, MSN, Expedia, NASDAQ,

    Anonymous tools cont17
    Anonymous Tools (cont.)

    .NET Passport

    Privacy Policy:

    • member of TRUSTe privacy program

    • Will not sell or rent data

    • Some sites may require additional info

    • Doesn’t monitor the privacy policies of .NET participants

    • Data is stored in controlled facilities

    Anonymous tools cont18
    Anonymous Tools(cont.)

    .NET Passport

    • Uses “industry-standard” security technologies to encrypt data

    • Uses cookies (Can’t use .NET if you decline)

    • Microsoft has the right to store or process your data in the US or in another country.

    • Abides by the Safe Harbor framework (collection of data from the EU)

    Anonymous tools cont19
    Anonymous Tools (cont.)


    • identity is secured through proxy servers

    • Give up privacy for convenience (.NET)

    • Fairly cheap (some free)


    • Intro

    • Encryption Tools

    • Policy Tools

    • Filtering Tools

    • Anonymous Tools

    • Conclusion


    • Trade-off: Privacy vs. Convenience

    • People want free privacy

    • None of these tools are good enough by themselves

    • Technology that ensures the website is following its policy

    • Need for an universal organization