Embed Size (px)
Citation preview
Online Online Privacy Privacy
TechnologiesTechnologiesDr. Lorrie Faith Cranor
AT&T Labs-Research
http://www.research.att.com/~lorrie/
NTIA Online Privacy Technologies WorkshopNTIA Online Privacy Technologies Workshop
2
Why is Cathy concerned?Why is Cathy concerned?
Cathy March 1, 2000
3
How did Irving find this out? How did Irving find this out?
He snooped her email
He looked at the files on her computer
He observed the “chatter” sent by her browser
He set cookies through banner ads and “web bugs” that allowed him to track her activities across web sites
4
What do browsers chatter What do browsers chatter about?about?
Browsers chatter aboutIP address, domain
name, organization, Referring pagePlatform: O/S, browser What information is
requestedURLs and search terms
Cookies
To anyone who might be listeningEnd serversSystem administratorsInternet Service
ProvidersOther third parties
Advertising networks
Anyone who might subpoena log files later
5
A typical HTTP requestA typical HTTP requestGET /retail/searchresults.asp?qu=beer HTTP/1.0Referer: http://www.us.buy.com/default.aspUser-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA
i386)Host: www.us.buy.comAccept: image/gif, image/jpeg, image/pjpeg, */*Accept-Language: enCookie: buycountry=us; dcLocName=Basket;
dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0
6
What about cookies?What about cookies? Cookies can be useful
used like a staple to attach multiple parts of a form together
used to identify you when you return to a web site so you don’t have to remember a password
used to help web sites understand how people use them
Cookies can be harmfulused to profile users and track their activities without
their knowledge, especially across web sites
7
YOU
Searchengine
Ad
Search formedical
information
BookStore
Ad
Buy book
With cooperationfrom book store, ad
company can get your name and address from
book order andlink them to your search
Readcookie
Setcookie
8
Web bugsWeb bugs Invisible “images” embedded in web pages
that cause cookies to be transferred
Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page
Also embedded in HTML formatted email messages
Can also use JavaScript to perform same function without cookies
For more info on web bugs see: http://www.privacyfoundation.org/education/
9
Referer log problemsReferer log problems
GET methods result in values in URL
These URLs are sent in the REFERER header to next host
Example: http://www.merchant.com/cgi_bin/order?name=Tom+Jones&address=here+there&credit+card=234876923234&PIN=1234& -> index.html
10
Low tech solutionsLow tech solutions Wander around cyber cafes
Use free e-mail service instead of ISP
Set up a pre-paid cash account with ISPgive all phony information
Obtain unusual domain name and get people you trust as name servers
Forge e-mail, spoof IP, etc.
. . . And don’t give out any personally-identifiable data!
11
Types of software toolsTypes of software tools Anonymity and
pseudonymity tools Anonymizing proxies Mix Networks and similar
web anonymity toolsOnion routingCrowdsFreedom
Anonymous email
Encryption tools File encryption Email encryption Encrypted network
connections
Filters Cookie cutters Child protection software
Information and transparency tools Identity management tools P3P
Other tools Privacy-friendly search
engines Computer “cleaners” Tools to facilitate access
12
Regulatoryand
self-regulatoryframework
Regulatoryand
self-regulatoryframework
ServiceUser
The Internet
Secure channel
P3P user agent
Cookie cutter
Anonymizing agent
13
Anonymizing proxyAnonymizing proxy Acts as a proxy for users
Hides information from end servers
Sees all web traffic
Free and subscription services available
Some free services add advertisements to web pages
ProxyBrowserEnd
Server
Request Request
ReplyReply
14
http://www.anonymizer.com
15
Pseudonymity toolsPseudonymity tools
quote.com
nytimes.com
expedia.com
mfjh
asef
dsfdf
Proxy
Automatically generate user names, passwords,email addresses, etc. unique to each web site you visit
username
16
CUSTOMER PC
Public Identity Private IdentityJohn Doe iPrivacy ABCDEF1 MAIN ST 1 dQg85xP26Kansas City, KS Kansas City, KS11122 11122Doe@ isp .com [email protected]
iPrivacy private shipping iPrivacy private shipping labelslabels
WEB FORM
Name : iPrivacy ABCDEF
Address:: 1 dQg85xP26
City : Kansas CityState : KSZip : 11122Email : ABCDEF @iPrivacy.com
WEB e- Tailer
Order Entry System Submit Credit Card
If Authorized Ship Product
Shipping SubsystemInput Private Identity
Decode AddressPRINT LABEL
iPrivacy ABCDEF
1 MAIN STKansas City, KS 11122
17
18
Incogno SafeZoneIncogno SafeZoneThe merchant offers Incogno SafeZone from its site
Upon checkout, the buyer enters personal information into The Incogno SafeZone – a separate server.
19
Incogno SafeZoneIncogno SafeZoneIncogno reinforces that the purchase is anonymous.
The anonymous purchase is complete with no added software installation or setup for the buyer.
20
PrivadaPrivada
Multi-server design to shield real-world info
Info is compartmentalized & encrypted, then processed by servers on a need-to-know basis
Online identities and activity are kept distinct from real-world identities
Patent-pending privacy management infrastructure
21
22
B, kAC kB
Mixes [Chaum81]Mixes [Chaum81]
Sender routes message randomly through network of “Mixes”, using layered public-key encryption.
Mix A
dest,msg kC
C kBdest,msg kC
dest,msg kC
Sender Destination
msgMix C
kX = encrypted with public key of Mix X
Mix B
23
Freedom by Zero-Freedom by Zero-KnowledgeKnowledge
24
Freedom nymsFreedom nyms
Create multiple psuedonyms
Surf without a nym
Select a nym and surf
25
CrowdsCrowds Experimental system developed at AT&T Research
Users join a Crowd of other users
Web requests from the crowd cannot be linked to any individual
Protection fromend serversother crowd memberssystem administratorseavesdroppers
First system to hide data shadow on the web without trusting a central authority
http://www.research.att.com/projects/crowds/
26
Crowds illustratedCrowds illustrated
1
2
6
3
5
4
3
5
1
6
24
Crowd members Web servers
27
Anonymous emailAnonymous email
Anonymous remailers allow people to send email anonymously
Similar to anonymous web proxies
Some can be chained and work like mixes
http://anon.efga.org/~rlist
28
Encryption toolsEncryption tools File encryption
Email encryptionMany email programs include encryption features built
in or available as plug-insWeb-based encrypted email
Email that self-destructs – Disappearing, Inc.
Encrypted network connectionsSecure socket layer (SSL)Secure shell (SSH)Virtual private networks
29
Disappearing, Inc.Disappearing, Inc.
30
FiltersFilters Cookie Cutters
Block cookies, allow for more fine-grained cookie control, etc.
Some also filter ads, referer header, and browser chatter
http://www.junkbusters.com/ht/en/links.html#measures
Child Protection SoftwareBlock the transmission of certain information via email,
chat rooms, or web forms when child is using computer
Limit who a child can email or chat withhttp://www.getnetwise.org/
31
Identity management toolsIdentity management tools Services and tools that
help people manage their online identities Offer convenience of not
having to retype data and/or remember passwords
Some let consumers opt-in to targeted advertising (permission marketing), sharing data with sites, etc.
Some pay consumers for providing data
Some check for privacy policies before releasing data or require minimum privacy standards for participating sites
Examples AllAdvantage.com DigitalMe Enonymous Lumeria Persona PrivacyBank.com
32
Consumer fills out Persona with personal information
Consumer can decide how each field is shared with online businesses and 3rd parties
PersonaPersona
33
Allows user to accept or reject
cookies while surfing
Cookie Watcher tells users when cookies are being dropped
P3P Viewer alerts user to
site with valid P3P
policy; allows comparison
to user’s privacy settings
Pop-up Menu
PersonaValetPersonaValet A free toolbar
Four views provide features that include Cookie Management, P3P reader, automatic log-in, form-fill, quick access to top sites,
search engines & comparison capabilities
34
PrivacyBank.ComPrivacyBank.Com PrivacyBankbookmark
35
Infomediary example: PrivacyBank
PrivacyBankbookmark
36
Platform for Privacy Preferences Platform for Privacy Preferences (P3P)(P3P)
Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable formatCan be deployed using existing web servers
This will enable the development of tools (built into browsers or separate applications) that:Provide snapshots of sites’ policiesCompare policies with user preferencesAlert and advise the user
For more info see http://www.w3.org/P3P/
37
Using P3P on your Web siteUsing P3P on your Web site1. Formulate privacy policy
2. Translate privacy policy into P3P format Use a policy generator tool
3. Place P3P policy on web site One policy for entire site or multiple policies for different parts of
the site
4. Associate policy with web resources: Place P3P policy reference file (which identifies location of
relevant policy file) at well-known location on server; Configure server to insert P3P header with link to P3P policy
reference file; or Insert link to P3P policy reference file in HTML content
38
The P3P vocabularyThe P3P vocabulary Who is collecting data?
What data is collected?
For what purpose will data be used?
Is there an ability to opt-in or opt-out of some data uses?
Who are the data recipients (anyone beyond the data collector)?
To what information does the data collector provide access?
What is the data retention policy?
How will disputes about the policy be resolved?
Where is the human-readable privacy policy?
39
TransparencyTransparency P3P clients can
check a privacy policy each time it changes
P3P clients can check privacy policies on all objects in a web page, including ads and invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
http://www.att.com/accessatt/
40
Microsoft/AT&T P3P browser helper Microsoft/AT&T P3P browser helper objectobject
A prototype tool designed to work with Microsoft Internet Explorer Browser
Not yet fully tested, still missing some features
41
Preference settings
42
43
When preferences are changed toDisallow profiling, the privacy checkwarns us that this site profiles visitors
44
IDcide Privacy CompanionIDcide Privacy Companion A browser plug-in that adds functionality to Netscape
or Internet Explorer browsers
Includes icons to let users know that sites use first- and/or third-party cookies
Enables users to select a privacy level that controls the cookie types allowed (1st or 3rd party)
Prevents data spills to 3rd parties through “referer”
Lets users view tracking history
Prototype P3P-enabled Privacy Companion allows for more fine-grained automatic decision making based on P3P policies
http://www.idcide.com
45
Searching for a P3P policy
No P3P policy found
P3P policy isNOT acceptable
P3P policy isacceptable
IDcide P3P Icons
46
Double clicking on the P3P icon indicates wherethe site’s policy differs from the user’s preferences
47
YOUpowered Orby Privacy YOUpowered Orby Privacy PlusPlus
A tool bar that sits at the top of a user’s desktop and allows a user toAccept or deny cookies while surfing Decide how, when and where to share
personal information Store website passwords Enjoy the convenience of "one-click" form-fill
P3P features in prototype automatically rate web sites based on their P3P policies
48
TrustMeter
49
Orby cookie prompt
50
Orby preference setting menu
51
IBM P3P Policy EditorIBM P3P Policy Editor
Allows web sites to create privacy policies in P3P and human-readable format
Drag and drop interface
Available from IBM AlphaWorks site: http://www.alphaworks.ibm.com/tech/p3peditor
52
Sites can list the typesof data theycollect
And view the correspondingP3P policy
53
Templates allow sites to start witha pre-defined policyand customize it tomeet their needs
54
PrivacyBot.comPrivacyBot.com
Allows webmasters to fill out an online questionnaire to automatically create a human-readable privacy policy and a P3P policy
55
YOUpowered Consumer Trust Policy Manager WizardYOUpowered Consumer Trust Policy Manager Wizard
56
Other toolsOther tools
Privacy-friendly search enginesTopClick
Computer “cleaners”Window Washer – removes all traces of what
web sites you visited, what files you viewed, and what files you deleted
Tools to facilitate accessPrivacyRight
57
58
59
60
Tools work togetherTools work together P3P tools
help users understand privacy policies
Seal programs and regulations help ensure that sites comply with their policies
Anonymity tools and filtering toolsreduce the amount of information revealed while
browsing
Encryption tools secure data in transit and storage
Laws and codes of practice provide a base line level for acceptable policies
61
Download these slidesDownload these slides
http://www.research.att.com/~lorrie/privacy/NTIA-0900.ppt
