SlideShare una empresa de Scribd logo

Online Privacy

IWMW
IWMW

Slides for a talk on "Online Privacy" given by Dave Raggett at UKOLN’s IWMW 2011 event held at the University of Reading on 25-26 July 2011. See http://iwmw.ukoln.ac.uk/iwmw2011/talks/raggett/

EducaciónTecnologíaNoticias y política
1 de 42
Descargar para leer sin conexión
Online Privacy Dave Raggett, W3C and UWE Reading, 27 July 2011 Institutional Web Managers Workshop 2011 1
What is Privacy? ● We can all recognize effects of its absence ● Injury or harm – Due to prejudice or malicious intentions – Financial harm, Physical harm, inability to work or travel ● Loss of face – Parents, friends or colleagues learning something that embarrasses you ● Loss of control – Inability to keep things private – Profiling by Search engines and advertisers 2
Evolution of Privacy on the Web ● HTTP logs ● IP address, time, URL ● Cookies ● Originally proposed to reduce burden on server ● Now have many uses, e.g. – Session management – User preferences – Saving where you left off viewing a video (app state) – Setting a unique id for a visitor over repeat visits – Recording profile data for targeted advertising 3
And worse . . . ● Proliferation of means to store data in browser ● HTML5 local storage, flash ● Fingerprinting ● “80% of browsers have unique fingerprint”, Electronic Frontier Foundation, 2010 – Try it yourself at http://panopticlick.eff.org/ – Based upon installed fonts and plugins, etc. ● History stealing ● Via CSS and JavaScript ● Web Bugs ● Unique tracking ids {hidden images, scripts, iframes, etc.} 4
Third Parties ● Websites commonly make use of third parties ● Content distribution – e.g. akamai ● Understanding website traffic – e.g. Google analytics and Quantcast ● Who are your visitors, where do they come from, and what pages do they like? ● Advertising – e.g. DoubleClick (Google) and RightMedia (Yahoo!) 5
Advertising ● Enabling websites to offer free services ● Initial focus on context-based advertising ● Ad networks matching ads to web page content ● Now based on profiling users through detailed tracking right across the web ● Via 3rd party cookies on many websites ● YOU are the product websites sell to profilers! 6
Facebook like button ● Added by website developers to allow facebook users to recommend a link to their friends ● Implemented as iframe or script element ● Enables facebook to track its users across all sites with the Like button ● You don't even need to click the button to be tracked! ● Browser sends identification cookie to facebook when loading the script or iframe ● Facebook tells you whether your friends like this page or invites you to be the first of your friends – 1,602 people like this page, be the first of your friends. 7
Surveillance on the cheap ● “Governments have changed to using data brokers for much of their surveillance, and buying profile data from advertisers” * ● Chris Hoofnagle, Berkeley Center for Law & Technology * Workshop on Internet Tracking, Advertising, and Privacy, Stanford University July 2011 8
Privacy doesn't matter ● “nobody cares about online privacy because they're worried about terrorism and the economy” * ● Russell Glass, Bizo – “Bizo is how marketers reach and engage business professionals, wherever they travel online. Bizo's unique ability to precisely target more than 80% of the US business population gives marketers cost-effective access and insight into business professionals – the most valuable online audience segment.” * Workshop on Internet Tracking, Advertising, and Privacy, Stanford University July 2011 9
Privacy doesn't matter What do you think? What do your customers think? 10
Ethnographic Perspective ● Privacy is not dead, but it is deeply misunderstood ● Danah Boyd, Microsoft researcher – Privacy, publicity and visibility ● “Public by default, private through effort” – http://www.danah.org/papers/talks/2010/TechFest2010.html – Living life in public: why american teens choose publicity over privacy ● “Using in-jokes and encoding information to limit visibility” – http://www.danah.org/papers/talks/2010/AOIR2010.html 11
Emergence of browser extensions for privacy ● Firefox addons relating to privacy that help with blocking ads and inhibiting cookies ● Adblock Plus ● BetterPrivacy ● NoScript ● Silent Block ● Privacy Dashboard 12
Privacy Dashboard ● Developed by EU PrimeLife project ● http://primelife.eu/ ● http://code.w3.org/privacy-dashboard/ ● See how websites are tracking you, and set per rd site preferences, e.g. to block 3 party content or cookies ● Share your findings with others ● Privacy Dashbot ● Automated survey of top 1000 websites 13
Information on current site 14
Query data on each site 15
Query data on each site 16
Privacy Dashbot ● Adaptation of Dashboard to scan top 1000 sites ● Based upon list provided by Google ● Determine associated 3rd party sites and form into clusters ● Rank hosts by the number of hosts citing them as direct 3rd parties 17
The Web as a galaxy of sites 18
The Web as a galaxy of sites 19
Frequency of citations rd counts as 3 parties 20
Is self regulation enough? ● Network Advertising Initiative opt out cookies ● NAI is a ooperative of online marketing and analytics companies ● Visit NAI opt-out page to set cookies as signal to 3rd parties to avoid targeted ads ● You are still tracked and the data may be sold on ● Switch browsers or devices and start all over again! ● Need for better regulation and better tools 21
Do Not Track (DNT) ● HTTP header or DOM property ● Set by browser to signal to 3rd parties to avoid tracking the user ● Persistent user preference setting in browser ● Relies on websites honouring user's request ● What does “do not track” mean exactly? ● Vested interests seeking to define it to their advantage ● Supported by US FTC ● Not set by default – i.e. users have to opt out of behavioural tracking 22
Tracking Protection Lists ● Microsoft feature for IE9 and later ● Lists of rules for which 3rd party sites should be blocked or enabled ● Users decide which lists to apply ● Lists supplied by Internet privacy organizations ● Not enabled by default – i.e. users have to opt out of behavioural tracking ● Relationship to P3P (machine readable privacy policies) 23
European Perspective ● Neelie Kroes, European Commission VP for Digital Agenda ● Principles for privacy in the digital age – Transparency, fairness and user control – http://europa.eu/rapid/pressReleasesAction.do? reference=SPEECH/11/461 ● E-Privacy directive 2002/58 on Privacy and Electronic Communications – Only UK, Estonia, Finland, Sweden and the Netherlands have implemented the directive in their domestic laws as of June 2011 24
Transparency, fairness & user control ● Users must be given clear and comprehensive information on the purposes and retention policy ● This must be fair – sites must not present a one sided agreement to the detriment of the user ● The user must be given a means to opt in or out of behavioural tracking ● The EU legislator's desire to leave the implementation of the directive open to future technological innovations ● No guidance on what constitutes an opt-out – “Self-regulatory efforts are clearly part of the equation on the implementation side. But we need to go further and look beyond cookies and specific sectors. DNT can help us do this.”, Neelie Kroes 25
E-Privacy Directive ● Security obligations ● Duty to inform subscribers of risks from viruses or malware ● Prohibition on listening, tapping, storage or other kinds of interception or surveillance of communication and “related traffic”, unless the users have given their consent – some exceptions under Article 15(1) ● Data retention ● Obligation to erase or anonymize traffic data ● Right to non-itemised billing 26
E-Privacy Directive ● Spam ● Prohibition of use of email and SMS for marketing except with prior agreement of the recipient ● Cookies ● May only be set if the user is provided with clear and comprehensive information about the purpose, and the user is offered a means to opt-out ● Does this apply to other means of implementing behavioural tracking or is it limited to cookies? ● Is a browser based cookie blocker sufficient? 27
Privacy Policies ● Many websites have a privacy policy ● It is often hard to find, and hard for ordinary people to understand ● Cookies have lots of useful purposes ● Policy should state what broad classes of information are being collected, for what purposes, who it may be shared with and for how long it will be retained ● “Operational purposes” is no longer acceptable! 28
Fairness ● If the user has opted out of behavioural tracking the user shouldn't be penalized in an unfair manner ● If a site is ad-supported, is it reasonable to ask users who opt out of effectively targeted ads to pay in some manner? ● Can we look forward to online equivalent of the nectar card and other loyalty schemes that act across a group of non-competing businesses? 29
Privacy friendly strong authentication ● Increasing use of email addresses as user ids ● Facilitates linkability of personal information across sites ● Sites need strong assurances as to attributes of identified party, but not a globally linkable id ● User defined personae can help ● Browser based account management ● New cryptographic techniques for proving user has trusted credential with given attributes BUT without disclosing user's identity ● Age, address, nationality, membership of named group, etc. ● We need better credentials with robust processes 30
W3C's Role ● Initial work on P3P ● Platform for Privacy Preferences ● Involvement in EU PrimeLife project ● Many workshops related to privacy ● Policy Languages Interest Group ● Privacy by design for Web APIs, e.g. gelocation ● New Privacy Interest Group ● New WG's expected on DNT and Protection Lists ● Implementation work on new technologies ● Funded through W3C involvement in EU webinos project 31
Platform for Privacy Preferences ● P3P 1.0 Recommendation issued April 2001 ● Machine readable privacy policies ● But initial specification too flexible! ● Makes it hard to generate report of mismatch between user preferences and site policy ● Complicates UI for setting user preferences ● Compact policies as a (bad) compromise ● Implemented in Internet Explorer and other browsers – 3rd party cookies blocked is there is no (compact) P3P policy ● Only covers cookies 32
Fresh take on P3P ● Developed as part of EU PrimeLife project ● Improves on compact policies to cover a much bigger subset of P3P ● Expressed in JSON ● Chosen to make it easy to create UI for user preferences and to generate reports of mismatch with site policy ● Includes link to full human readable policy ● For details see http://www.w3.org/2011/D1.2.3/ 33
Machine generated view of P3P privacy policy 34
Machine generated view of P3P privacy policy 35
UI for user preferences 36
Dealing with the click-thru effect ● Tendency for most users to click through security and privacy dialogues ● Seen as an annoying interruption ● Most users aren't in good position to make informed decision ● Solution is to delegate decision to a trusted third party ● White lists for sites which are known to be trustworthy – no warning UI presented ● Black lists for sites which are deemed bad ● Otherwise show user the security/privacy dialogue 37
Demo of Anonymous Credentials ● Student union issues credentials to new students ● Only current students can access the student union's social website ● No university staff, no would be employers, no ex students ● Website exposes machine readable policy covering authentication and privacy ● User authenticates to browser, then browser to website ● Website has strong proof that user is current student, but doesn't learn which student! ● Zero knowledge proof with IBM's idemix library ● No need to contact credential issuer to create proof 38
39
Authenticating the User 40
41
Questions? Dave Raggett <dsr@w3.org> 42

Recomendados

Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Internet privacy presentation
Internet privacy presentationInternet privacy presentation
Internet privacy presentationMatthew Momney
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet PrivacyKristin Briney
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Digital Footprints Presentation
Digital Footprints PresentationDigital Footprints Presentation
Digital Footprints PresentationProjectsByJen.com
 

Recomendados

Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Internet privacy presentation
Internet privacy presentationInternet privacy presentation
Internet privacy presentationMatthew Momney
 
Social media privacy issues
Social media privacy issuesSocial media privacy issues
Social media privacy issuesNousheen Arshad
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet PrivacyKristin Briney
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Digital privacy
Digital privacyDigital privacy
Digital privacyAnna Adel
 
Digital Footprints Presentation
Digital Footprints PresentationDigital Footprints Presentation
Digital Footprints PresentationProjectsByJen.com
 
Advantages of Digital Identity
Advantages of Digital IdentityAdvantages of Digital Identity
Advantages of Digital IdentityDigital-identity
 
Internet Ethics
Internet EthicsInternet Ethics
Internet EthicsJoanna Dimitrova
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyYash Jain
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFiQuick Heal Technologies Ltd.
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Internet Cookies
Internet CookiesInternet Cookies
Internet Cookiesanita gouda
 
Web 3.0
Web 3.0Web 3.0
Web 3.0Jo Bhakdi for Pioneerradio
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and FraudsQuick Heal Technologies Ltd.
 
Les usages du Dark Web
Les usages du Dark WebLes usages du Dark Web
Les usages du Dark Weblaurence allard
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Internet
InternetInternet
InternetNaman Goel
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH editionJorge Sebastiao
 
Phishing ppt
Phishing pptPhishing ppt
Phishing pptshindept123
 
Cyber Safety For Educators
Cyber Safety For EducatorsCyber Safety For Educators
Cyber Safety For EducatorsMaria Petropulos
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101Progressive Integrations
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the InternetPhil Bradley
 

Más contenido relacionado

La actualidad más candente

Advantages of Digital Identity
Advantages of Digital IdentityAdvantages of Digital Identity
Advantages of Digital IdentityDigital-identity
 
Cyber safety
Cyber safetyCyber safety
Cyber safetyYash Jain
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark WebMiteshWani
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risksParakum Pathirana
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark WebCase IQ
 
Internet Cookies
Internet CookiesInternet Cookies
Internet Cookiesanita gouda
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threatsourav newatia
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH editionJorge Sebastiao
 
Cyber Safety For Educators
Cyber Safety For EducatorsCyber Safety For Educators
Cyber Safety For EducatorsMaria Petropulos
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for studentsAkhil Nadh PC
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networkingBryan Tran
 

La actualidad más candente (20)

Advantages of Digital Identity
Advantages of Digital IdentityAdvantages of Digital Identity
Advantages of Digital Identity
 
Internet Ethics
Internet EthicsInternet Ethics
Internet Ethics
 
Cyber safety
Cyber safetyCyber safety
Cyber safety
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Journey To The Dark Web
Journey To The Dark WebJourney To The Dark Web
Journey To The Dark Web
 
6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi6 Security Tips for Using Public WiFi
6 Security Tips for Using Public WiFi
 
Social media and Security risks
Social media and Security risksSocial media and Security risks
Social media and Security risks
 
Investigating Using the Dark Web
Investigating Using the Dark WebInvestigating Using the Dark Web
Investigating Using the Dark Web
 
Internet Cookies
Internet CookiesInternet Cookies
Internet Cookies
 
Web 3.0
Web 3.0Web 3.0
Web 3.0
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
Les usages du Dark Web
Les usages du Dark WebLes usages du Dark Web
Les usages du Dark Web
 
Phishing Attack : A big Threat
Phishing Attack : A big ThreatPhishing Attack : A big Threat
Phishing Attack : A big Threat
 
Internet
InternetInternet
Internet
 
Cyber Warfare 4TH edition
Cyber Warfare 4TH editionCyber Warfare 4TH edition
Cyber Warfare 4TH edition
 
Phishing ppt
Phishing pptPhishing ppt
Phishing ppt
 
Cyber Safety For Educators
Cyber Safety For EducatorsCyber Safety For Educators
Cyber Safety For Educators
 
Computer Security 101
Computer Security 101Computer Security 101
Computer Security 101
 
Cyber security awareness for students
Cyber security awareness for students Cyber security awareness for students
Cyber security awareness for students
 
Privacy issues in social networking
Privacy issues in social networkingPrivacy issues in social networking
Privacy issues in social networking
 

Destacado

“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the InternetPhil Bradley
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Internet privacy ethics and online security
Internet privacy ethics and online securityInternet privacy ethics and online security
Internet privacy ethics and online securityPaul Berryman
 
Internet privacy
Internet privacyInternet privacy
Internet privacyhafsan
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and SecurityAlex Hyer
 
Internet of things_by_economides_keynote_speech_at_ccit2014_final
Internet of things_by_economides_keynote_speech_at_ccit2014_finalInternet of things_by_economides_keynote_speech_at_ccit2014_final
Internet of things_by_economides_keynote_speech_at_ccit2014_finalAnastasios Economides
 
Kashoyas Paper (Comp)
Kashoyas Paper (Comp)Kashoyas Paper (Comp)
Kashoyas Paper (Comp)kaat1
 
Pro privacy
Pro privacyPro privacy
Pro privacyhybr1s
 
Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Bonnie Brzozowski
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodcharvill
 

Destacado (16)

“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Privacy on the Internet
Privacy on the InternetPrivacy on the Internet
Privacy on the Internet
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Internet privacy ethics and online security
Internet privacy ethics and online securityInternet privacy ethics and online security
Internet privacy ethics and online security
 
Internet privacy
Internet privacyInternet privacy
Internet privacy
 
Illegal downloading
Illegal downloadingIllegal downloading
Illegal downloading
 
Online Privacy and Security
Online Privacy and SecurityOnline Privacy and Security
Online Privacy and Security
 
Internet of things_by_economides_keynote_speech_at_ccit2014_final
Internet of things_by_economides_keynote_speech_at_ccit2014_finalInternet of things_by_economides_keynote_speech_at_ccit2014_final
Internet of things_by_economides_keynote_speech_at_ccit2014_final
 
Audio&Video
Audio&VideoAudio&Video
Audio&Video
 
Ethics online
Ethics onlineEthics online
Ethics online
 
Kashoyas Paper (Comp)
Kashoyas Paper (Comp)Kashoyas Paper (Comp)
Kashoyas Paper (Comp)
 
Online ethics
Online ethicsOnline ethics
Online ethics
 
Pro privacy
Pro privacyPro privacy
Pro privacy
 
Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)Internet Privacy Presentation (In Service)
Internet Privacy Presentation (In Service)
 
Ethics and privacy ppt 3rd period
Ethics and privacy ppt 3rd periodEthics and privacy ppt 3rd period
Ethics and privacy ppt 3rd period
 

Similar a Online Privacy

Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectRichard King
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
 
Blockade.io : One Click Browser Defense
Blockade.io : One Click Browser DefenseBlockade.io : One Click Browser Defense
Blockade.io : One Click Browser DefenseRiskIQ, Inc.
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureThe Media Kitchen
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in societyAnjan Mahanta
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019Priyanka Aash
 
Understanding and responding to content blocking
Understanding and responding to content blockingUnderstanding and responding to content blocking
Understanding and responding to content blockingPierre Far
 
European Search Conference, Liverpool, 2018
European Search Conference, Liverpool, 2018European Search Conference, Liverpool, 2018
European Search Conference, Liverpool, 2018Pierre Far
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCastlebridge Associates
 
Online Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsOnline Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsAlfonso Sintjago
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...NextVision Media
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of ThingsPECB
 
Analytics, privacy, and all that
Analytics, privacy, and all thatAnalytics, privacy, and all that
Analytics, privacy, and all thatPierre Far
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanMediacurrent
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicSecunoid Systems Inc
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in MindGosia Fraser
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersWSO2
 

Similar a Online Privacy (20)

IP and ICT - Intro
IP and ICT - IntroIP and ICT - Intro
IP and ICT - Intro
 
Introduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring projectIntroduction to the open rights group censorship monitoring project
Introduction to the open rights group censorship monitoring project
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
 
Blockade.io : One Click Browser Defense
Blockade.io : One Click Browser DefenseBlockade.io : One Click Browser Defense
Blockade.io : One Click Browser Defense
 
Media Kitchen - The Cookieless Future
Media Kitchen - The Cookieless FutureMedia Kitchen - The Cookieless Future
Media Kitchen - The Cookieless Future
 
The role and impact of IT in society
The role and impact of IT in societyThe role and impact of IT in society
The role and impact of IT in society
 
Osint presentation nov 2019
Osint presentation nov 2019Osint presentation nov 2019
Osint presentation nov 2019
 
Understanding and responding to content blocking
Understanding and responding to content blockingUnderstanding and responding to content blocking
Understanding and responding to content blocking
 
European Search Conference, Liverpool, 2018
European Search Conference, Liverpool, 2018European Search Conference, Liverpool, 2018
European Search Conference, Liverpool, 2018
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspective
 
Online Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security ConsiderationsOnline Focus Groups Privacy and Security Considerations
Online Focus Groups Privacy and Security Considerations
 
Data Mining - GCPCUG May 2011
Data Mining - GCPCUG May 2011Data Mining - GCPCUG May 2011
Data Mining - GCPCUG May 2011
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
Mobile Web and Apps World New Orleans Session 10 Patricia Poss Federal Trade ...
 
Creating Trust for the Internet of Things
Creating Trust for the Internet of ThingsCreating Trust for the Internet of Things
Creating Trust for the Internet of Things
 
Analytics, privacy, and all that
Analytics, privacy, and all thatAnalytics, privacy, and all that
Analytics, privacy, and all that
 
Creating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout PlanCreating a GDPR Action Plan; Not a Freakout Plan
Creating a GDPR Action Plan; Not a Freakout Plan
 
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-publicCyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public
 
Internet of Things With Privacy in Mind
Internet of Things With Privacy in MindInternet of Things With Privacy in Mind
Internet of Things With Privacy in Mind
 
How Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-UsersHow Privacy in the Cloud Affects End-Users
How Privacy in the Cloud Affects End-Users
 

Más de IWMW

Look who's talking now
Look who's talking nowLook who's talking now
Look who's talking nowIWMW
 
Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)IWMW
 
Web Tools report
Web Tools reportWeb Tools report
Web Tools reportIWMW
 
Personal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The PanicPersonal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The PanicIWMW
 
Whose site is it anyway?
Whose site is it anyway?Whose site is it anyway?
Whose site is it anyway?IWMW
 
Open Source - the case against
Open Source - the case againstOpen Source - the case against
Open Source - the case againstIWMW
 
IWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS viewIWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS viewIWMW
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?IWMW
 
Library 2.0
Library 2.0Library 2.0
Library 2.0IWMW
 
Social participation in student recruitment
Social participation in student recruitmentSocial participation in student recruitment
Social participation in student recruitmentIWMW
 
Supporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: ManifestoSupporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: ManifestoIWMW
 
IWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlightsIWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlightsIWMW
 
How to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web ServicesHow to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web ServicesIWMW
 
Static Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource ConditionStatic Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource ConditionIWMW
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the FutureIWMW
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the FutureIWMW
 
Developing Communities of Practice
Developing Communities of PracticeDeveloping Communities of Practice
Developing Communities of PracticeIWMW
 
How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down... How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down... IWMW
 
Grassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX RevolutionGrassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX RevolutionIWMW
 
Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...IWMW
 

Más de IWMW (20)

Look who's talking now
Look who's talking nowLook who's talking now
Look who's talking now
 
Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)Introduction to IWMW 2000 (Liz Lyon)
Introduction to IWMW 2000 (Liz Lyon)
 
Web Tools report
Web Tools reportWeb Tools report
Web Tools report
 
Personal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The PanicPersonal Contingency Plan - Beat The Panic
Personal Contingency Plan - Beat The Panic
 
Whose site is it anyway?
Whose site is it anyway?Whose site is it anyway?
Whose site is it anyway?
 
Open Source - the case against
Open Source - the case againstOpen Source - the case against
Open Source - the case against
 
IWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS viewIWMW 2002: Avoiding Portal Wars - an MIS view
IWMW 2002: Avoiding Portal Wars - an MIS view
 
What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?What does open source mean for the institutional web manager?
What does open source mean for the institutional web manager?
 
Library 2.0
Library 2.0Library 2.0
Library 2.0
 
Social participation in student recruitment
Social participation in student recruitmentSocial participation in student recruitment
Social participation in student recruitment
 
Supporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: ManifestoSupporting Institutions in Changing Times: Manifesto
Supporting Institutions in Changing Times: Manifesto
 
IWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlightsIWMW 2019 photo scavenger hunt highlights
IWMW 2019 photo scavenger hunt highlights
 
How to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web ServicesHow to Turn a Web Strategy into Web Services
How to Turn a Web Strategy into Web Services
 
Static Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource ConditionStatic Site Generators - Developing Websites in Low-resource Condition
Static Site Generators - Developing Websites in Low-resource Condition
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the Future
 
Looking to the Future
Looking to the FutureLooking to the Future
Looking to the Future
 
Developing Communities of Practice
Developing Communities of PracticeDeveloping Communities of Practice
Developing Communities of Practice
 
How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down... How to train your content- so it doesn't slow you down...
How to train your content- so it doesn't slow you down...
 
Grassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX RevolutionGrassroots & Guerrillas: The Beginnings of a UX Revolution
Grassroots & Guerrillas: The Beginnings of a UX Revolution
 
Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...Connecting Your Content: How to Save Time and Improve Content Quality through...
Connecting Your Content: How to Save Time and Improve Content Quality through...
 

Último

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Último (20)

social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 

Online Privacy

  • 1. Online Privacy Dave Raggett, W3C and UWE Reading, 27 July 2011 Institutional Web Managers Workshop 2011 1
  • 2. What is Privacy? ● We can all recognize effects of its absence ● Injury or harm – Due to prejudice or malicious intentions – Financial harm, Physical harm, inability to work or travel ● Loss of face – Parents, friends or colleagues learning something that embarrasses you ● Loss of control – Inability to keep things private – Profiling by Search engines and advertisers 2
  • 3. Evolution of Privacy on the Web ● HTTP logs ● IP address, time, URL ● Cookies ● Originally proposed to reduce burden on server ● Now have many uses, e.g. – Session management – User preferences – Saving where you left off viewing a video (app state) – Setting a unique id for a visitor over repeat visits – Recording profile data for targeted advertising 3
  • 4. And worse . . . ● Proliferation of means to store data in browser ● HTML5 local storage, flash ● Fingerprinting ● “80% of browsers have unique fingerprint”, Electronic Frontier Foundation, 2010 – Try it yourself at http://panopticlick.eff.org/ – Based upon installed fonts and plugins, etc. ● History stealing ● Via CSS and JavaScript ● Web Bugs ● Unique tracking ids {hidden images, scripts, iframes, etc.} 4
  • 5. Third Parties ● Websites commonly make use of third parties ● Content distribution – e.g. akamai ● Understanding website traffic – e.g. Google analytics and Quantcast ● Who are your visitors, where do they come from, and what pages do they like? ● Advertising – e.g. DoubleClick (Google) and RightMedia (Yahoo!) 5
  • 6. Advertising ● Enabling websites to offer free services ● Initial focus on context-based advertising ● Ad networks matching ads to web page content ● Now based on profiling users through detailed tracking right across the web ● Via 3rd party cookies on many websites ● YOU are the product websites sell to profilers! 6
  • 7. Facebook like button ● Added by website developers to allow facebook users to recommend a link to their friends ● Implemented as iframe or script element ● Enables facebook to track its users across all sites with the Like button ● You don't even need to click the button to be tracked! ● Browser sends identification cookie to facebook when loading the script or iframe ● Facebook tells you whether your friends like this page or invites you to be the first of your friends – 1,602 people like this page, be the first of your friends. 7
  • 8. Surveillance on the cheap ● “Governments have changed to using data brokers for much of their surveillance, and buying profile data from advertisers” * ● Chris Hoofnagle, Berkeley Center for Law & Technology * Workshop on Internet Tracking, Advertising, and Privacy, Stanford University July 2011 8
  • 9. Privacy doesn't matter ● “nobody cares about online privacy because they're worried about terrorism and the economy” * ● Russell Glass, Bizo – “Bizo is how marketers reach and engage business professionals, wherever they travel online. Bizo's unique ability to precisely target more than 80% of the US business population gives marketers cost-effective access and insight into business professionals – the most valuable online audience segment.” * Workshop on Internet Tracking, Advertising, and Privacy, Stanford University July 2011 9
  • 10. Privacy doesn't matter What do you think? What do your customers think? 10
  • 11. Ethnographic Perspective ● Privacy is not dead, but it is deeply misunderstood ● Danah Boyd, Microsoft researcher – Privacy, publicity and visibility ● “Public by default, private through effort” – http://www.danah.org/papers/talks/2010/TechFest2010.html – Living life in public: why american teens choose publicity over privacy ● “Using in-jokes and encoding information to limit visibility” – http://www.danah.org/papers/talks/2010/AOIR2010.html 11
  • 12. Emergence of browser extensions for privacy ● Firefox addons relating to privacy that help with blocking ads and inhibiting cookies ● Adblock Plus ● BetterPrivacy ● NoScript ● Silent Block ● Privacy Dashboard 12
  • 13. Privacy Dashboard ● Developed by EU PrimeLife project ● http://primelife.eu/ ● http://code.w3.org/privacy-dashboard/ ● See how websites are tracking you, and set per rd site preferences, e.g. to block 3 party content or cookies ● Share your findings with others ● Privacy Dashbot ● Automated survey of top 1000 websites 13
  • 15. Query data on each site 15
  • 16. Query data on each site 16
  • 17. Privacy Dashbot ● Adaptation of Dashboard to scan top 1000 sites ● Based upon list provided by Google ● Determine associated 3rd party sites and form into clusters ● Rank hosts by the number of hosts citing them as direct 3rd parties 17
  • 18. The Web as a galaxy of sites 18
  • 19. The Web as a galaxy of sites 19
  • 20. Frequency of citations rd counts as 3 parties 20
  • 21. Is self regulation enough? ● Network Advertising Initiative opt out cookies ● NAI is a ooperative of online marketing and analytics companies ● Visit NAI opt-out page to set cookies as signal to 3rd parties to avoid targeted ads ● You are still tracked and the data may be sold on ● Switch browsers or devices and start all over again! ● Need for better regulation and better tools 21
  • 22. Do Not Track (DNT) ● HTTP header or DOM property ● Set by browser to signal to 3rd parties to avoid tracking the user ● Persistent user preference setting in browser ● Relies on websites honouring user's request ● What does “do not track” mean exactly? ● Vested interests seeking to define it to their advantage ● Supported by US FTC ● Not set by default – i.e. users have to opt out of behavioural tracking 22
  • 23. Tracking Protection Lists ● Microsoft feature for IE9 and later ● Lists of rules for which 3rd party sites should be blocked or enabled ● Users decide which lists to apply ● Lists supplied by Internet privacy organizations ● Not enabled by default – i.e. users have to opt out of behavioural tracking ● Relationship to P3P (machine readable privacy policies) 23
  • 24. European Perspective ● Neelie Kroes, European Commission VP for Digital Agenda ● Principles for privacy in the digital age – Transparency, fairness and user control – http://europa.eu/rapid/pressReleasesAction.do? reference=SPEECH/11/461 ● E-Privacy directive 2002/58 on Privacy and Electronic Communications – Only UK, Estonia, Finland, Sweden and the Netherlands have implemented the directive in their domestic laws as of June 2011 24
  • 25. Transparency, fairness & user control ● Users must be given clear and comprehensive information on the purposes and retention policy ● This must be fair – sites must not present a one sided agreement to the detriment of the user ● The user must be given a means to opt in or out of behavioural tracking ● The EU legislator's desire to leave the implementation of the directive open to future technological innovations ● No guidance on what constitutes an opt-out – “Self-regulatory efforts are clearly part of the equation on the implementation side. But we need to go further and look beyond cookies and specific sectors. DNT can help us do this.”, Neelie Kroes 25
  • 26. E-Privacy Directive ● Security obligations ● Duty to inform subscribers of risks from viruses or malware ● Prohibition on listening, tapping, storage or other kinds of interception or surveillance of communication and “related traffic”, unless the users have given their consent – some exceptions under Article 15(1) ● Data retention ● Obligation to erase or anonymize traffic data ● Right to non-itemised billing 26
  • 27. E-Privacy Directive ● Spam ● Prohibition of use of email and SMS for marketing except with prior agreement of the recipient ● Cookies ● May only be set if the user is provided with clear and comprehensive information about the purpose, and the user is offered a means to opt-out ● Does this apply to other means of implementing behavioural tracking or is it limited to cookies? ● Is a browser based cookie blocker sufficient? 27
  • 28. Privacy Policies ● Many websites have a privacy policy ● It is often hard to find, and hard for ordinary people to understand ● Cookies have lots of useful purposes ● Policy should state what broad classes of information are being collected, for what purposes, who it may be shared with and for how long it will be retained ● “Operational purposes” is no longer acceptable! 28
  • 29. Fairness ● If the user has opted out of behavioural tracking the user shouldn't be penalized in an unfair manner ● If a site is ad-supported, is it reasonable to ask users who opt out of effectively targeted ads to pay in some manner? ● Can we look forward to online equivalent of the nectar card and other loyalty schemes that act across a group of non-competing businesses? 29
  • 30. Privacy friendly strong authentication ● Increasing use of email addresses as user ids ● Facilitates linkability of personal information across sites ● Sites need strong assurances as to attributes of identified party, but not a globally linkable id ● User defined personae can help ● Browser based account management ● New cryptographic techniques for proving user has trusted credential with given attributes BUT without disclosing user's identity ● Age, address, nationality, membership of named group, etc. ● We need better credentials with robust processes 30
  • 31. W3C's Role ● Initial work on P3P ● Platform for Privacy Preferences ● Involvement in EU PrimeLife project ● Many workshops related to privacy ● Policy Languages Interest Group ● Privacy by design for Web APIs, e.g. gelocation ● New Privacy Interest Group ● New WG's expected on DNT and Protection Lists ● Implementation work on new technologies ● Funded through W3C involvement in EU webinos project 31
  • 32. Platform for Privacy Preferences ● P3P 1.0 Recommendation issued April 2001 ● Machine readable privacy policies ● But initial specification too flexible! ● Makes it hard to generate report of mismatch between user preferences and site policy ● Complicates UI for setting user preferences ● Compact policies as a (bad) compromise ● Implemented in Internet Explorer and other browsers – 3rd party cookies blocked is there is no (compact) P3P policy ● Only covers cookies 32
  • 33. Fresh take on P3P ● Developed as part of EU PrimeLife project ● Improves on compact policies to cover a much bigger subset of P3P ● Expressed in JSON ● Chosen to make it easy to create UI for user preferences and to generate reports of mismatch with site policy ● Includes link to full human readable policy ● For details see http://www.w3.org/2011/D1.2.3/ 33
  • 34. Machine generated view of P3P privacy policy 34
  • 35. Machine generated view of P3P privacy policy 35
  • 36. UI for user preferences 36
  • 37. Dealing with the click-thru effect ● Tendency for most users to click through security and privacy dialogues ● Seen as an annoying interruption ● Most users aren't in good position to make informed decision ● Solution is to delegate decision to a trusted third party ● White lists for sites which are known to be trustworthy – no warning UI presented ● Black lists for sites which are deemed bad ● Otherwise show user the security/privacy dialogue 37
  • 38. Demo of Anonymous Credentials ● Student union issues credentials to new students ● Only current students can access the student union's social website ● No university staff, no would be employers, no ex students ● Website exposes machine readable policy covering authentication and privacy ● User authenticates to browser, then browser to website ● Website has strong proof that user is current student, but doesn't learn which student! ● Zero knowledge proof with IBM's idemix library ● No need to contact credential issuer to create proof 38
  • 39. 39
  • 41. 41