Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (19)
Similaire à Online Privacy Technologies: Tools that Protect User Privacy and Anonymity
Similaire à Online Privacy Technologies: Tools that Protect User Privacy and Anonymity (20)
Dernier
Dernier (20)
Online Privacy Technologies: Tools that Protect User Privacy and Anonymity
- 1. Online Privacy Technologies Dr. Lorrie Faith Cranor AT&T Labs-Research http://www.research.att.com/~lorrie/ NTIA Online Privacy Technologies Workshop
- 2. Why is Cathy concerned? Cathy March 1, 2000
- 7. YOU With cooperation from book store, ad company can get your name and address from book order and link them to your search Search engine Ad Search for medical information Book Store Ad Buy book Read cookie Set cookie
- 12. Regulatory and self-regulatory framework Regulatory and self-regulatory framework Service User The Internet Secure channel P3P user agent Cookie cutter Anonymizing agent
- 15. Pseudonymity tools quote.com nytimes.com expedia.com mfjh asef dsfdf Proxy Automatically generate user names, passwords, email addresses, etc. unique to each web site you visit username
- 16. iPrivacy private shipping labels CUSTOMER PC Public Identity Private Identity John Doe iPrivacy ABCDEF 1 MAIN ST 1 dQg85xP26 Kansas City, KS Kansas City, KS 11122 11122 Doe@ isp .com [email_address] WEB FORM Name : iPrivacy ABCDEF Address: : 1 dQg85xP26 City : Kansas City State : KS Zip : 11122 Email : ABCDEF @iPrivacy.com WEB e- Tailer Order Entry System Submit Credit Card If Authorized Ship Product Shipping Subsystem Input Private Identity Decode Address PRINT LABEL iPrivacy ABCDEF 1 MAIN ST Kansas City, KS 11122
- 18. Incogno SafeZone The merchant offers Incogno SafeZone from its site Upon checkout, the buyer enters personal information into The Incogno SafeZone – a separate server.
- 19. Incogno SafeZone Incogno reinforces that the purchase is anonymous . The anonymous purchase is complete with no added software installation or setup for the buyer.
- 22. Mixes [Chaum81] Sender routes message randomly through network of “Mixes”, using layered public-key encryption. Mix A Sender Destination Mix C Mix B B, k A C k B dest,msg k C C k B dest,msg k C dest,msg k C msg k X = encrypted with public key of Mix X
- 24. Freedom nyms Create multiple psuedonyms Surf without a nym Select a nym and surf
- 26. Crowds illustrated 1 2 6 3 5 4 3 5 1 6 2 4 Crowd members Web servers
- 32. Persona Consumer fills out Persona with personal information Consumer can decide how each field is shared with online businesses and 3 rd parties
- 35. Infomediary example: PrivacyBank PrivacyBank bookmark
- 43. When preferences are changed to Disallow profiling, the privacy check warns us that this site profiles visitors
- 45. Searching for a P3P policy No P3P policy found P3P policy is NOT acceptable P3P policy is acceptable IDcide P3P Icons
- 46. Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences
- 48. Trust Meter
- 50. Orby preference setting menu
- 52. Sites can list the types of data they collect And view the corresponding P3P policy
- 53. Templates allow sites to start with a pre-defined policy and customize it to meet their needs
- 54. PrivacyBot.com Allows webmasters to fill out an online questionnaire to automatically create a human-readable privacy policy and a P3P policy
- 55. YOUpowered Consumer Trust Policy Manager Wizard
- 61. Download these slides http://www.research.att.com/ ~lorrie/privacy/NTIA-0900.ppt
Notes de l'éditeur
- Prepared by Lorrie Cranor <lorrie@research.att.com>
- Here is the window users use to configure their privacy preferences. Users cannot use this tool until they select a setting.
- When users visit a site that uses P3P, they can click on the privacy icon in their browser to “privacy check” the site. This brings up a window that explains any areas where a site’s policy conflicts with a user’s preferences. Users can also use this window to jump directly to a site’s privacy policy, as well as see whether the site has a privacy seal. The top window shown here is the privacy check for the Texas Tech University Health Center. It includes a warning because this site does not provide any access to the data they collect. The bottom window is for Microsoft. In this case there are no warnings because the policy does not conflict with user’s preferences. Microsoft has a seal from TRUSTe.
- After the user changes her preference settings, she sees a warning at the Microsoft site because the site may collect personally identifiable data for profiling.
- Here are the symbols a user sees when they use the P3P-enabled Idcide Privacy Companion prototype.
- Users can click on the P3P icon to find out where a site’s policy conflicts with their preferences.
- Orby includes a Trust meter that analyzes a site’s P3P policy and evaluates it on a number of factors and computes a rating. Users can click on the Trust Meter to see the various factors that went into a particular rating.
- Orby can also be configured to prompt users before accepting or receiving cookies. Users can enable and disable cookies on a site by site basis.
- The Orby includes a drop-down menu from which users can select one of four privacy levels that are used to control when cookies are sent or users are prompted about cookies.
- P3P policy generation is one of the services provided by PrivacyBot.com. PrivacyBot.com currently charges sites $30 to generate a human-readable policy and a P3P policy.