620 likes | 739 Views
Online Privacy Technologies. NTIA Online Privacy Technologies Workshop. Dr. Lorrie Faith Cranor AT&T Labs-Research http://www.research.att.com/~lorrie/. Why is Cathy concerned?. Cathy. March 1, 2000. How did Irving find this out?. He snooped her email
E N D
Online Privacy Technologies NTIA Online Privacy Technologies Workshop Dr. Lorrie Faith Cranor AT&T Labs-Researchhttp://www.research.att.com/~lorrie/
Why is Cathy concerned? Cathy March 1, 2000
How did Irving find this out? • He snooped her email • He looked at the files on her computer • He observed the “chatter” sent by her browser • He set cookies through banner ads and “web bugs” that allowed him to track her activities across web sites
Browsers chatter about IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties Advertising networks Anyone who might subpoena log files later What do browsers chatter about?
A typical HTTP request GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: http://www.us.buy.com/default.asp User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: www.us.buy.com Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language:en Cookie:buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0
What about cookies? • Cookies can be useful • used like a staple to attach multiple parts of a form together • used to identify you when you return to a web site so you don’t have to remember a password • used to help web sites understand how people use them • Cookies can be harmful • used to profile users and track their activities without their knowledge, especially across web sites
Search formedicalinformation Buy book Setcookie Readcookie Searchengine Book Store Ad Ad YOU With cooperationfrom book store, ad company can get your name and address frombook order andlink them to your search
Web bugs • Invisible “images” embedded in web pages that cause cookies to be transferred • Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page • Also embedded in HTML formatted email messages • Can also use JavaScript to perform same function without cookies For more info on web bugs see: http://www.privacyfoundation.org/education/
Referer log problems • GET methods result in values in URL • These URLs are sent in the REFERER header to next host • Example: http://www.merchant.com/cgi_bin/order?name=Tom+Jones&address=here+there&credit+card=234876923234&PIN=1234& -> index.html
Low tech solutions • Wander around cyber cafes • Use free e-mail service instead of ISP • Set up a pre-paid cash account with ISP • give all phony information • Obtain unusual domain name and get people you trust as name servers • Forge e-mail, spoof IP, etc. • . . . And don’t give out any personally-identifiable data!
Anonymity and pseudonymity tools Anonymizing proxies Mix Networks and similar web anonymity tools Onion routing Crowds Freedom Anonymous email Encryption tools File encryption Email encryption Encrypted network connections Filters Cookie cutters Child protection software Information and transparency tools Identity management tools P3P Other tools Privacy-friendly search engines Computer “cleaners” Tools to facilitate access Types of software tools
The Internet Anonymizing agent Regulatoryandself-regulatoryframework Cookie cutter Secure channel User Service Regulatoryandself-regulatoryframework P3P user agent
Proxy End Server Browser Request Request Reply Reply Anonymizing proxy • Acts as a proxy for users • Hides information from end servers • Sees all web traffic • Free and subscription services available • Some free services add advertisements to web pages
Pseudonymity tools Automatically generate user names, passwords, email addresses, etc. unique to each web site you visit quote.com mfjh Proxy username asef nytimes.com dsfdf expedia.com
Shipping Subsystem Input Private Identity Decode Address PRINT LABEL WEB e- Tailer Order Entry System WEB FORM Submit Credit Card CUSTOMER PC If Authorized Ship Product Name ABCDEF : iPrivacy Public Identity Private Identity 1 dQg85xP26 Address: : John Doe iPrivacy ABCDEF iPrivacy ABCDEF City : Kansas City 1 dQg85xP26 1 MAIN ST State : KS Kansas City, KS Kansas City, KS 1 MAIN ST Zip : 11122 11122 11122 @iPrivacy.com 11122 Email Kansas City, KS : Doe@ isp .com ABCDEF@iPrivacy.com ABCDEF iPrivacy private shipping labels
Incogno SafeZone Upon checkout, the buyer enters personal information into The Incogno SafeZone – a separate server. The merchant offers Incogno SafeZone from its site
Incogno SafeZone The anonymous purchase is complete with no added software installation or setup for the buyer. Incogno reinforces that the purchase is anonymous.
Privada Patent-pending privacy management infrastructure • Multi-server design to shield real-world info • Info is compartmentalized & encrypted, then processed by servers on a need-to-know basis • Online identities and activity are kept distinct from real-world identities
msg dest,msg B, C kC kB kA kC dest,msg C kC kB dest,msg kX = encrypted with public key of Mix X Mixes [Chaum81] Sender Destination Mix C Mix A Mix B Sender routes message randomly through network of “Mixes”, using layered public-key encryption.
Freedom nyms Create multiple psuedonyms Surf without a nym Select a nym and surf
Crowds • Experimental system developed at AT&T Research • Users join a Crowdof other users • Web requests from the crowd cannot be linked to any individual • Protection from • end servers • other crowd members • system administrators • eavesdroppers • First system to hide data shadow on the web without trusting a central authority http://www.research.att.com/projects/crowds/
Crowds illustrated Crowd members Web servers 3 1 6 5 5 1 2 6 3 2 4 4
Anonymous email • Anonymous remailers allow people to send email anonymously • Similar to anonymous web proxies • Some can be chained and work like mixes http://anon.efga.org/~rlist
Encryption tools • File encryption • Email encryption • Many email programs include encryption features built in or available as plug-ins • Web-based encrypted email • Email that self-destructs – Disappearing, Inc. • Encrypted network connections • Secure socket layer (SSL) • Secure shell (SSH) • Virtual private networks
Filters • Cookie Cutters • Block cookies, allow for more fine-grained cookie control, etc. • Some also filter ads, referer header, and browser chatter http://www.junkbusters.com/ht/en/links.html#measures • Child Protection Software • Block the transmission of certain information via email, chat rooms, or web forms when child is using computer • Limit who a child can email or chat with http://www.getnetwise.org/
Services and tools that help people manage their online identities Offer convenience of not having to retype data and/or remember passwords Some let consumers opt-in to targeted advertising (permission marketing), sharing data with sites, etc. Some pay consumers for providing data Some check for privacy policies before releasing data or require minimum privacy standards for participating sites Examples AllAdvantage.com DigitalMe Enonymous Lumeria Persona PrivacyBank.com Identity management tools
Persona Consumer fills out Persona with personal information Consumer can decide how each field is shared with online businesses and 3rd parties
PersonaValet • A free toolbar • Four views provide features that include Cookie Management, P3P reader, automatic log-in, form-fill, quick access to top sites, search engines & comparison capabilities P3P Viewer alerts user to site with valid P3P policy; allows comparison to user’s privacy settings Allows user to accept or reject cookies while surfing Pop-up Menu Cookie Watcher tells users when cookies are being dropped
PrivacyBankbookmark PrivacyBank.Com
PrivacyBankbookmark Infomediary example: PrivacyBank
Platform for Privacy Preferences (P3P) • Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format • Can be deployed using existing web servers • This will enable the development of tools (built into browsers or separate applications) that: • Provide snapshots of sites’ policies • Compare policies with user preferences • Alert and advise the user • For more info see http://www.w3.org/P3P/
Using P3P on your Web site • Formulate privacy policy • Translate privacy policy into P3P format • Use a policy generator tool • Place P3P policy on web site • One policy for entire site or multiple policies for different parts of the site • Associate policy with web resources: • Place P3P policy reference file (which identifies location of relevant policy file) at well-known location on server; • Configure server to insert P3P header with link to P3P policy reference file; or • Insert link to P3P policy reference file in HTML content
Who is collecting data? What data is collected? For what purpose will data be used? Is there an ability to opt-in or opt-out of some data uses? Who are the data recipients (anyone beyond the data collector)? To what information does the data collector provide access? What is the data retention policy? How will disputes about the policy be resolved? Where is the human-readable privacy policy? The P3P vocabulary
Transparency • P3P clients can check a privacy policy each time it changes • P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://www.att.com/accessatt/ http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
Microsoft/AT&T P3P browser helper object • A prototype tool designed to work with Microsoft Internet Explorer Browser • Not yet fully tested, still missing some features
When preferences are changed to Disallow profiling, the privacy checkwarns us that this site profiles visitors
IDcide Privacy Companion • A browser plug-in that adds functionality to Netscape or Internet Explorer browsers • Includes icons to let users know that sites use first- and/or third-party cookies • Enables users to select a privacy level that controls the cookie types allowed (1st or 3rd party) • Prevents data spills to 3rd parties through “referer” • Lets users view tracking history • Prototype P3P-enabled Privacy Companion allows for more fine-grained automatic decision making based on P3P policies • http://www.idcide.com
IDcide P3P Icons Searching for a P3P policy No P3P policy found P3P policy isNOT acceptable P3P policy isacceptable
Double clicking on the P3P icon indicates where the site’s policy differs from the user’s preferences
YOUpowered Orby Privacy Plus • A tool bar that sits at the top of a user’s desktop and allows a user to • Accept or deny cookies while surfing • Decide how, when and where to share personal information • Store website passwords • Enjoy the convenience of "one-click" form-fill • P3P features in prototype automatically rate web sites based on their P3P policies
Trust Meter