300 likes | 488 Views
Privacy Software. Yannis Mallios February 27, 2008. Overview. Privacy Enhancing Technologies Classification of PETs Anonymous Browsing Policies Filter Tools Encryption Awareness Q&A. Privacy Enhancing Technologies (PETs). A coherent system of ICT measures that protects privacy by
E N D
Privacy Software Yannis MalliosFebruary 27, 2008
Overview • Privacy Enhancing Technologies • Classification of PETs • Anonymous Browsing • Policies • Filter Tools • Encryption • Awareness • Q&A Carnegie Mellon University Usable Privacy and Security - Spring 2008
Privacy Enhancing Technologies (PETs) • A coherent system of ICT measures that protects privacy by • eliminating or reducing personal data or • by preventing unnecessary and/or undesired processing of personal data, all • without losing the functionality of the information system • Hes, Borking, Privacy Enhancing Technologies, The Path to Anonymity Carnegie Mellon University Usable Privacy and Security - Spring 2008
PETs Classification (1) • Hundreds of Tools (?) • Various methods of Classification • Encryption Tools (e.g. SSL), Policy Tools (e.g. P3P, TRUSTe), Filtering Tools (e.g. Cookie Management, Spyware), Anonymous Tools (e.g. Anonymizer, iPrivacy), Identity Management • Firewall, Cookie Remover, Web Bug Remover, Anonymous Web Browsing, Encrypted Email, Advertising Filters, Anti-Spam Tools, Anti-Spyware Tools • Snoop Proof Email, Anonymous Remailers, Surf Anonymously, HTML Filters, Cookie Busters, Voice Privacy, Email & File Privacy, Secure Instant Messaging, Web Encryption, Telnet Encryption, Disk Encryption, Disk/File Erasing Programs, Privacy Policy Generators, Password Security, Firewalls Carnegie Mellon University Usable Privacy and Security - Spring 2008
PETs Classification (2) • We could generalize to the following • Anonymous Tools • Anonymous Mail • Anonymous Web Browsing • Encryption • Communication Encryption (mail, voice, telnet, etc) • File Encryption • Policy Tools (Generators, User Agents, etc) • Identity Management • Firewalls • Filter Tools (Cookies, Web Bugs, etc) Carnegie Mellon University Usable Privacy and Security - Spring 2008
Privacy Framework • Framework by Benjamin Brunk • Awareness • Tools that convey information without requiring explicit action from the user • Detection • Tools that actively scan for potential problems • Prevention • Tools used as precaution • Response • Taking action after the detection of an issue • Recovery • Tools that help users get back to normal • Discussion • Do we have PETs for every stage of the framework? • PETs for the subset of the stages? Carnegie Mellon University Usable Privacy and Security - Spring 2008
Fair information practice codes • Notice/Awareness • Choice/Consent • Access/Participation • Integrity/Security • Enforcement/Redress Discussion Do we have PETs for ensuring all principles? Can we rely solely on technology and Privacy Software? Carnegie Mellon University Usable Privacy and Security - Spring 2008
PETs Already Discussed • Anonymous Web Browsing • TOR • Anonymous Email • MixMinion • Communication Encryption • PGP • Firewalls • ZoneAlarm • Policy Tools • Seal Programs • P3P • Privacy Bird/ Privacy Finder • Filter Tools • Bugnosis Carnegie Mellon University Usable Privacy and Security - Spring 2008
Anonymous Browsing - Anonymizer • Traffic is routed through dedicated hardware, housed in secure facilities with complete access control • Tor does not use secure hardware or private proxies. • Ensures High availability • Anonymizer maintains tens of thousands of privately owned "clean" IP addresses and rotates them frequently • Onion router type of network use proxies owned by individual operators • Centralized or Distributed? • Anon.penet.fi again? • Laws and Regulations? Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit • Web-based wizard that creates P3P policies for websites • Basic questions about website’s data collection • P3PEdit generates an XML document that web browsers can read • Internet Explorer 6 blocks cookies from third-party websites. • If trying to set cookies from a webserver on another site, the cookies will be blocked. • In a website with multiple domains, only the primary domain may set cookies without a P3P policy. • P3PEdit creates P3P policies that are necessary to set cookies Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008
Filter Tools - Adblock Plus • Mozilla Firefox Add-On • Block Ads and Banners on the internet that often take longer to download Carnegie Mellon University Usable Privacy and Security - Spring 2008
Filter Tools – Adblock Plus • Subscription to Filter Lists Carnegie Mellon University Usable Privacy and Security - Spring 2008
Filter Tools – Popup Ad Smasher • Provides Multiple Functionalities Including: • Removes cookies. • Stops Animated Flash ads. • Stops Floating pop-up ads • Cancels Timer ads. • Remove Web Bugs. • Stops Blinking/Shaking Picture ads. • Cancel 3rd Party Activity. • Auto Cleans Temp folder. Carnegie Mellon University Usable Privacy and Security - Spring 2008
Filter Tools – Popup Ad Smasher Carnegie Mellon University Usable Privacy and Security - Spring 2008
Filter Tools – Popup Ad Smasher Carnegie Mellon University Usable Privacy and Security - Spring 2008
Encryption - TrueCrypt • Free open-source disk encryption software • Creates a virtual encrypted disk within a file and mounts it as a real disk. • Encrypts an entire partition or storage device such as USB flash drive or hard drive. • Encrypts a partition or drive where Windows is installed (pre-boot authentication). • Encryption is automatic, real-time (on-the-fly) and transparent. Carnegie Mellon University Usable Privacy and Security - Spring 2008
Encryption - TrueCrypt Carnegie Mellon University Usable Privacy and Security - Spring 2008
Privacy in Wireless Networks • Wireless Networks = Broadcast Networks • Anyone can intercept traffic • Especially unencrypted such as: • Instant Messaging • Emails • Web Visits Carnegie Mellon University Usable Privacy and Security - Spring 2008
Peripheral Privacy Notifications for Wireless Networks • Notify users of information leaks through peripheral display • Similar to Wall of Sheep Carnegie Mellon University Usable Privacy and Security - Spring 2008
Peripheral Privacy Notifications-Study • Implementation • Display specific key words • Use a consistent font/text per person • Study • In a non-CS or engineering graduate lab (semi-public) • Displayed privacy notifications for a week • Conclusions • Network usage did not decrease significantly • Participants became more self-conscious Carnegie Mellon University Usable Privacy and Security - Spring 2008
Peripheral Privacy Notifications-Study • Users seemed to have attributed the threat to the display’s presence • Discussion • How could the user study be improved? • How could the proposal/Technology be improved? Carnegie Mellon University Usable Privacy and Security - Spring 2008
Questions and Discussion Privacy Software Yannis MalliosFebruary 27, 2008 Carnegie Mellon University Usable Privacy and Security - Spring 2008