1 / 62

Visualizing Privacy: Understanding and Protecting Your Information

Explore the concept of privacy, learn about privacy policies and preferences, and discover tools for visualizing and protecting your personal information. Gain insights from examples, research, and expert advice.

teresawillis
Download Presentation

Visualizing Privacy: Understanding and Protecting Your Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Visualizing Privacy I March 7, 2006

  2. Outline • Visualizing privacy • Three examples of visualizing privacy (from readings) • Privacy policy and privacy preference • Privacy Notice in Spyware applications • Third party tracking cookies • Your turn

  3. Motivating Quote “privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1967)

  4. Motivation • Privacy is abstract and hard to articulate unless one sees it • The potential harms to privacy are uncertain and faraway • Some privacy invasive technologies are hidden • Informed Consent model, if not informed, there is not meaningful consent

  5. Motivation Example 2 Benjamine Brunk, Understanding Privacy Space

  6. What is visualizing privacy? • Visualize is “to make visible: asto see or form a mental image of” (Merriam-Webster's collegiate dictionary) • Visualizing privacy is to make privacy visible, to make users form a mental image of privacy.

  7. Privacy Space Framework • Awareness • Detection • Prevention • Response • Recovery Brunk, Figure 20-2 p. 414

  8. Chapter 22 Privacy Policies and Privacy Preferences Lorrie Faith Cranor

  9. Privacy Policies and preferences • Privacy Policies is a mechanism for communicating about information collection and use • Few people read privacy policies • Time consuming to read and difficult to understand • Format not standardized • Can change unexpectedly

  10. P3P and P3P user agents • What: machine readable privacy policy in XML format. • How does it work? • website encode their privacy policies in P3P format • User agents read the policy and parse it out • Benefit: Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Privacy is visualized in the following ways: • Summarize privacy policies • Compare policies with user preferences • Alert and advise users

  11. P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

  12. Users can click on privacy icon forlist of cookies; privacy summariesare available atsites that are P3P-enabled

  13. Privacy summary report isgenerated automaticallyfrom full P3P policy

  14. P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie

  15. Privacy Bird • Free download of beta from http://privacybird.com/ • Origninally developed at AT&T Labs • Released as open source • “Browser helper object” for IE6 • Reads P3P policies at all P3P-enabled sites automatically • Bird icon at top of browser window indicates whether site matches user’s privacy preferences • Clicking on bird icon gives more information

  16. Chirping bird is privacy indicator

  17. Red bird indicates mismatch

  18. Discussion • Can you think of anything else?

  19. Chapter 23 Privacy Analysis for the Casual User Through Bugnosis David Martin

  20. Web bugs • Invisible elements on a web page used to record the fact the face was visited, and sometimes to communicate additional information about the user or computer doing the viewing

  21. Bugnosis • A IE plug-in that watches for web bugs • Alerts the user of its presence, but do not block web bugs

  22. A demo • www.about.com • www.nytimes.com • www.doubleclick.com • http://freedownloadscenter.com/Utilities/

  23. Stopping Spyware at the Gate Nathaniel Good, Rachna Dhamija, Jens Grossklags, et al.

  24. User Study • Goal: How the form and content of notices affect users’ decision to install Spyware

  25. Study Design • 31 participants • Ask the user to go through five programs: Google toolbar, Edonkey, KaZaA, WeatherScope, WebShots). • And install them if they feel appropriate

  26. Notice Condition 1: EULA only

  27. Notice Condition 2: Microsoft SP2 Warning + EULA

  28. Notice Condition 3: Customized Short Notice + EULA

  29. Study Results • Participants ignore EULAs • Although they know they were agreeing to a contract • Limited understanding of the content and little desire to read length notice • Additional Notice had only marginal effect on the total number of installations • Improved Notice is not enough to inform user

  30. Your turn

  31. Group problems • EULA – a failed way to inform, what are some of the ways we can better inform the user when they install these software?

  32. Backup Slides These slides are from Lorrie’s previous class presentation on Privacy

  33. Platform for Privacy Preferences Project (P3P) • Developed by the World Wide Web Consortium (W3C) http://www.w3.org/p3p/ • Final P3P1.0 Recommendation issued 16 April 2002 • Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Can be deployed using existing web servers • Enables the development of tools (built into browsers or separate applications) that • Summarize privacy policies • Compare policies with user preferences • Alert and advise users

  34. Basic components • P3P provides a standard XML format that web sites use to encode their privacy policies • Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site • Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set • No special server software required • User software to read P3P policies called a “P3P user agent”

  35. What’s in a P3P policy? • Name and contact information for site • The kind of access provided • Mechanisms for resolving privacy disputes • The kinds of data collected • How collected data is used, and whether individuals can opt-in or opt-out of any of these uses • Whether/when data may be shared and whether there is opt-in or opt-out • Data retention policy

  36. GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page A simple HTTP transaction WebServer

  37. GET /w3c/p3p.xml HTTP/1.1 Host: www.att.com Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page … with P3P 1.0 added WebServer

  38. P3P increases transparency • P3P clients can check a privacy policy each time it changes • P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://www.att.com/accessatt/ http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE

  39. P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

  40. Users can click on privacy icon forlist of cookies; privacy summariesare available atsites that are P3P-enabled

  41. Privacy summary report isgenerated automaticallyfrom full P3P policy

  42. P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie

  43. Privacy Bird • Free download of beta from http://privacybird.com/ • Origninally developed at AT&T Labs • Released as open source • “Browser helper object” for IE6 • Reads P3P policies at all P3P-enabled sites automatically • Bird icon at top of browser window indicates whether site matches user’s privacy preferences • Clicking on bird icon gives more information

More Related