1 / 29

Privacy Software

Privacy Software. Yannis Mallios February 27, 2008. Overview. Privacy Enhancing Technologies Classification of PETs Anonymous Browsing Policies Filter Tools Encryption Awareness Q&A. Privacy Enhancing Technologies (PETs). A coherent system of ICT measures that protects privacy by

reganne
Download Presentation

Privacy Software

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Software Yannis MalliosFebruary 27, 2008

  2. Overview • Privacy Enhancing Technologies • Classification of PETs • Anonymous Browsing • Policies • Filter Tools • Encryption • Awareness • Q&A Carnegie Mellon University Usable Privacy and Security - Spring 2008

  3. Privacy Enhancing Technologies (PETs) • A coherent system of ICT measures that protects privacy by • eliminating or reducing personal data or • by preventing unnecessary and/or undesired processing of personal data, all • without losing the functionality of the information system • Hes, Borking, Privacy Enhancing Technologies, The Path to Anonymity Carnegie Mellon University Usable Privacy and Security - Spring 2008

  4. PETs Classification (1) • Hundreds of Tools (?) • Various methods of Classification • Encryption Tools (e.g. SSL), Policy Tools (e.g. P3P, TRUSTe), Filtering Tools (e.g. Cookie Management, Spyware), Anonymous Tools (e.g. Anonymizer, iPrivacy), Identity Management • Firewall, Cookie Remover, Web Bug Remover, Anonymous Web Browsing, Encrypted Email, Advertising Filters, Anti-Spam Tools, Anti-Spyware Tools • Snoop Proof Email, Anonymous Remailers, Surf Anonymously, HTML Filters, Cookie Busters, Voice Privacy, Email & File Privacy, Secure Instant Messaging, Web Encryption, Telnet Encryption, Disk Encryption, Disk/File Erasing Programs, Privacy Policy Generators, Password Security, Firewalls Carnegie Mellon University Usable Privacy and Security - Spring 2008

  5. PETs Classification (2) • We could generalize to the following • Anonymous Tools • Anonymous Mail • Anonymous Web Browsing • Encryption • Communication Encryption (mail, voice, telnet, etc) • File Encryption • Policy Tools (Generators, User Agents, etc) • Identity Management • Firewalls • Filter Tools (Cookies, Web Bugs, etc) Carnegie Mellon University Usable Privacy and Security - Spring 2008

  6. Privacy Framework • Framework by Benjamin Brunk • Awareness • Tools that convey information without requiring explicit action from the user • Detection • Tools that actively scan for potential problems • Prevention • Tools used as precaution • Response • Taking action after the detection of an issue • Recovery • Tools that help users get back to normal • Discussion • Do we have PETs for every stage of the framework? • PETs for the subset of the stages? Carnegie Mellon University Usable Privacy and Security - Spring 2008

  7. Fair information practice codes • Notice/Awareness • Choice/Consent • Access/Participation • Integrity/Security • Enforcement/Redress Discussion Do we have PETs for ensuring all principles? Can we rely solely on technology and Privacy Software? Carnegie Mellon University Usable Privacy and Security - Spring 2008

  8. PETs Already Discussed • Anonymous Web Browsing • TOR • Anonymous Email • MixMinion • Communication Encryption • PGP • Firewalls • ZoneAlarm • Policy Tools • Seal Programs • P3P • Privacy Bird/ Privacy Finder • Filter Tools • Bugnosis Carnegie Mellon University Usable Privacy and Security - Spring 2008

  9. Anonymous Browsing - Anonymizer • Traffic is routed through dedicated hardware, housed in secure facilities with complete access control • Tor does not use secure hardware or private proxies. • Ensures High availability • Anonymizer maintains tens of thousands of privately owned "clean" IP addresses and rotates them frequently • Onion router type of network use proxies owned by individual operators • Centralized or Distributed? • Anon.penet.fi again? • Laws and Regulations? Carnegie Mellon University Usable Privacy and Security - Spring 2008

  10. Policies – P3PEdit • Web-based wizard that creates P3P policies for websites • Basic questions about website’s data collection • P3PEdit generates an XML document that web browsers can read • Internet Explorer 6 blocks cookies from third-party websites. • If trying to set cookies from a webserver on another site, the cookies will be blocked. • In a website with multiple domains, only the primary domain may set cookies without a P3P policy. • P3PEdit creates P3P policies that are necessary to set cookies Carnegie Mellon University Usable Privacy and Security - Spring 2008

  11. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  12. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  13. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  14. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  15. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  16. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  17. Policies – P3PEdit Carnegie Mellon University Usable Privacy and Security - Spring 2008

  18. Filter Tools - Adblock Plus • Mozilla Firefox Add-On • Block Ads and Banners on the internet that often take longer to download Carnegie Mellon University Usable Privacy and Security - Spring 2008

  19. Filter Tools – Adblock Plus • Subscription to Filter Lists Carnegie Mellon University Usable Privacy and Security - Spring 2008

  20. Filter Tools – Popup Ad Smasher • Provides Multiple Functionalities Including: • Removes cookies. • Stops Animated Flash ads. • Stops Floating pop-up ads • Cancels Timer ads. • Remove Web Bugs. • Stops Blinking/Shaking Picture ads. • Cancel 3rd Party Activity. • Auto Cleans Temp folder.  Carnegie Mellon University Usable Privacy and Security - Spring 2008

  21. Filter Tools – Popup Ad Smasher Carnegie Mellon University Usable Privacy and Security - Spring 2008

  22. Filter Tools – Popup Ad Smasher Carnegie Mellon University Usable Privacy and Security - Spring 2008

  23. Encryption - TrueCrypt • Free open-source disk encryption software • Creates a virtual encrypted disk within a file and mounts it as a real disk. • Encrypts an entire partition or storage device such as USB flash drive or hard drive. • Encrypts a partition or drive where Windows is installed (pre-boot authentication). • Encryption is automatic, real-time (on-the-fly) and transparent. Carnegie Mellon University Usable Privacy and Security - Spring 2008

  24. Encryption - TrueCrypt Carnegie Mellon University Usable Privacy and Security - Spring 2008

  25. Privacy in Wireless Networks • Wireless Networks = Broadcast Networks • Anyone can intercept traffic • Especially unencrypted such as: • Instant Messaging • Emails • Web Visits Carnegie Mellon University Usable Privacy and Security - Spring 2008

  26. Peripheral Privacy Notifications for Wireless Networks • Notify users of information leaks through peripheral display • Similar to Wall of Sheep Carnegie Mellon University Usable Privacy and Security - Spring 2008

  27. Peripheral Privacy Notifications-Study • Implementation • Display specific key words • Use a consistent font/text per person • Study • In a non-CS or engineering graduate lab (semi-public) • Displayed privacy notifications for a week • Conclusions • Network usage did not decrease significantly • Participants became more self-conscious Carnegie Mellon University Usable Privacy and Security - Spring 2008

  28. Peripheral Privacy Notifications-Study • Users seemed to have attributed the threat to the display’s presence • Discussion • How could the user study be improved? • How could the proposal/Technology be improved? Carnegie Mellon University Usable Privacy and Security - Spring 2008

  29. Questions and Discussion Privacy Software Yannis MalliosFebruary 27, 2008 Carnegie Mellon University Usable Privacy and Security - Spring 2008

More Related