Online Privacy Technologies

1
Online Privacy Technologies
NTIA Online Privacy Technologies Workshop

• Dr. Lorrie Faith Cranor
• ATT Labs-Researchhttp//www.research.att.com/l
  orrie/

2
Why is Cathy concerned?
Cathy
March 1, 2000
3
How did Irving find this out?

• He snooped her email
• He looked at the files on her computer
• He observed the chatter sent by her browser
• He set cookies through banner ads and web bugs
  that allowed him to track her activities across
  web sites

4
What do browsers chatter about?

• Browsers chatter about
• IP address, domain name, organization,
• Referring page
• Platform O/S, browser
• What information is requested
• URLs and search terms
• Cookies

• To anyone who might be listening
• End servers
• System administrators
• Internet Service Providers
• Other third parties
• Advertising networks
• Anyone who might subpoena log files later

5
A typical HTTP request

• GET /retail/searchresults.asp?qubeer HTTP/1.0
• Referer http//www.us.buy.com/default.asp
• User-Agent Mozilla/4.75 en (X11 U NetBSD
  1.5_ALPHA i386)
• Host www.us.buy.com
• Accept image/gif, image/jpeg, image/pjpeg, /
• Accept-Language en
• Cookie buycountryus dcLocNameBasket
  dcCatID6773 dcLocID6773 dcAdbuybasket loc
  parentLocNameBasket parentLoc6773
  ShopperManager2FShopperManager2F66FUQULL0QBT8M
  MTVSC5MMNKBJFWDVH7 Store107 Category0

6
What about cookies?

• Cookies can be useful
• used like a staple to attach multiple parts of a
  form together
• used to identify you when you return to a web
  site so you dont have to remember a password
• used to help web sites understand how people use
  them
• Cookies can be harmful
• used to profile users and track their activities
  without their knowledge, especially across web
  sites

7
YOU
With cooperationfrom book store, ad company can
get your name and address frombook order
andlink them to your search
8
Web bugs

• Invisible images embedded in web pages that
  cause cookies to be transferred
• Work just like banner ads from ad networks, but
  you cant see them unless you look at the code
  behind a web page
• Also embedded in HTML formatted email messages
• Can also use JavaScript to perform same function
  without cookies
• For more info on web bugs see http//www.privacyf
  oundation.org/education/

9
Referer log problems

• GET methods result in values in URL
• These URLs are sent in the REFERER header to next
  host
• Example
• http//www.merchant.com/cgi_bin/order?nameTomJon
  esaddressheretherecreditcard234876923234PIN
  1234 - index.html

10
Low tech solutions

• Wander around cyber cafes
• Use free e-mail service instead of ISP
• Set up a pre-paid cash account with ISP
• give all phony information
• Obtain unusual domain name and get people you
  trust as name servers
• Forge e-mail, spoof IP, etc.
• . . . And dont give out any personally-identifiab
  le data!

11
Types of software tools

• Anonymity and pseudonymity tools
• Anonymizing proxies
• Mix Networks and similar web anonymity tools
• Onion routing
• Crowds
• Freedom
• Anonymous email
• Encryption tools
• File encryption
• Email encryption
• Encrypted network connections

• Filters
• Cookie cutters
• Child protection software
• Information and transparency tools
• Identity management tools
• P3P
• Other tools
• Privacy-friendly search engines
• Computer cleaners
• Tools to facilitate access

12
(No Transcript)
13
Anonymizing proxy

• Acts as a proxy for users
• Hides information from end servers
• Sees all web traffic
• Free and subscription services available
• Some free services add advertisements to web pages

14
http//www.anonymizer.com
15
Pseudonymity tools
Automatically generate user names,
passwords, email addresses, etc. unique to each
web site you visit
quote.com
mfjh
Proxy
username
asef
nytimes.com
dsfdf
expedia.com
16
iPrivacy private shipping labels
17
(No Transcript)
18
Incogno SafeZone
Upon checkout, the buyer enters personal
information into The Incogno SafeZone a
separate server.
The merchant offers Incogno SafeZone from its site
19
Incogno SafeZone
The anonymous purchase is complete with no added
software installation or setup for the buyer.
Incogno reinforces that the purchase is anonymous.
20
Privada
Patent-pending privacy management infrastructure

• Multi-server design to shield real-world info
• Info is compartmentalized encrypted, then
  processed by servers on a need-to-know basis
• Online identities and activity are kept distinct
  from real-world identities

21
(No Transcript)
22
Mixes Chaum81
Sender
Destination
Mix C
Mix A
Mix B
Sender routes message randomly through network
of Mixes, using layered public-key encryption.
23
Freedom by Zero-Knowledge
24
Freedom nyms
Create multiple psuedonyms
Surf without a nym
Select a nym and surf
25
Crowds

• Experimental system developed at ATT Research
• Users join a Crowd of other users
• Web requests from the crowd cannot be linked to
  any individual
• Protection from
• end servers
• other crowd members
• system administrators
• eavesdroppers
• First system to hide data shadow on the web
  without trusting a central authority
• http//www.research.att.com/projects/crowds/

26
Crowds illustrated
Crowd members
Web servers
3
1
6
5
5
1
2
6
3
2
4
4
27
Anonymous email

• Anonymous remailers allow people to send email
  anonymously
• Similar to anonymous web proxies
• Some can be chained and work like mixes
• http//anon.efga.org/rlist

28
Encryption tools

• File encryption
• Email encryption
• Many email programs include encryption features
  built in or available as plug-ins
• Web-based encrypted email
• Email that self-destructs Disappearing, Inc.
• Encrypted network connections
• Secure socket layer (SSL)
• Secure shell (SSH)
• Virtual private networks

29
Disappearing, Inc.
30
Filters

• Cookie Cutters
• Block cookies, allow for more fine-grained cookie
  control, etc.
• Some also filter ads, referer header, and browser
  chatter
• http//www.junkbusters.com/ht/en/links.htmlmeasur
  es
• Child Protection Software
• Block the transmission of certain information via
  email, chat rooms, or web forms when child is
  using computer
• Limit who a child can email or chat with
• http//www.getnetwise.org/

31
Identity management tools

• Services and tools that help people manage their
  online identities
• Offer convenience of not having to retype data
  and/or remember passwords
• Some let consumers opt-in to targeted advertising
  (permission marketing), sharing data with sites,
  etc.
• Some pay consumers for providing data

• Some check for privacy policies before releasing
  data or require minimum privacy standards for
  participating sites
• Examples
• AllAdvantage.com
• DigitalMe
• Enonymous
• Lumeria
• Persona
• PrivacyBank.com

32
Persona
Consumer fills out Persona with personal
information
Consumer can decide how each field is shared with
online businesses and 3rd parties
33
PersonaValet

• A free toolbar
• Four views provide features that include Cookie
  Management, P3P reader, automatic log-in,
  form-fill, quick access to top sites, search
  engines comparison capabilities

P3P Viewer alerts user to site with valid P3P
policy allows comparison to users privacy
settings
Allows user to accept or reject cookies while
surfing
Pop-up Menu
Cookie Watcher tells users when cookies are being
dropped
34
PrivacyBank.Com
35
PrivacyBankbookmark
Infomediary example PrivacyBank
36
Platform for Privacy Preferences (P3P)

• Offers an easy way for web sites to communicate
  about their privacy policies in a standard
  machine-readable format
• Can be deployed using existing web servers
• This will enable the development of tools (built
  into browsers or separate applications) that
• Provide snapshots of sites policies
• Compare policies with user preferences
• Alert and advise the user
• For more info see http//www.w3.org/P3P/

37
Using P3P on your Web site

• Formulate privacy policy
• Translate privacy policy into P3P format
• Use a policy generator tool
• Place P3P policy on web site
• One policy for entire site or multiple policies
  for different parts of the site
• Associate policy with web resources
• Place P3P policy reference file (which identifies
  location of relevant policy file) at well-known
  location on server
• Configure server to insert P3P header with link
  to P3P policy reference file or
• Insert link to P3P policy reference file in HTML
  content

38
The P3P vocabulary

• Who is collecting data?
• What data is collected?
• For what purpose will data be used?
• Is there an ability to opt-in or opt-out of some
  data uses?
• Who are the data recipients (anyone beyond the
  data collector)?

• To what information does the data collector
  provide access?
• What is the data retention policy?
• How will disputes about the policy be resolved?
• Where is the human-readable privacy policy?

39
Transparency

• P3P clients can check a privacy policy each time
  it changes
• P3P clients can check privacy policies on all
  objects in a web page, including ads and
  invisible images

http//www.att.com/accessatt/
http//adforce.imgis.com/?adlink2685231146ADF
ORCE
40
Microsoft/ATT P3P browser helper object

• A prototype tool designed to work with Microsoft
  Internet Explorer Browser
• Not yet fully tested, still missing some features

41
Preference settings
42
(No Transcript)
43
When preferences are changed to Disallow
profiling, the privacy checkwarns us that this
site profiles visitors
44
IDcide Privacy Companion

• A browser plug-in that adds functionality to
  Netscape or Internet Explorer browsers
• Includes icons to let users know that sites use
  first- and/or third-party cookies
• Enables users to select a privacy level that
  controls the cookie types allowed (1st or 3rd
  party)
• Prevents data spills to 3rd parties through
  referer
• Lets users view tracking history
• Prototype P3P-enabled Privacy Companion allows
  for more fine-grained automatic decision making
  based on P3P policies
• http//www.idcide.com

45
IDcide P3P Icons
Searching for a P3P policy
No P3P policy found
P3P policy isNOT acceptable
P3P policy isacceptable
46
Double clicking on the P3P icon indicates
where the sites policy differs from the users
preferences
47
YOUpowered Orby Privacy Plus

• A tool bar that sits at the top of a users
  desktop and allows a user to
• Accept or deny cookies while surfing
• Decide how, when and where to share personal
  information
• Store website passwords
• Enjoy the convenience of "one-click" form-fill
• P3P features in prototype automatically rate web
  sites based on their P3P policies

48
(No Transcript)
49
Orby cookie prompt
50
Orby preference setting menu
51
IBM P3P Policy Editor

• Allows web sites to create privacy policies in
  P3P and human-readable format
• Drag and drop interface
• Available from IBM AlphaWorks site
  http//www.alphaworks.ibm.com/tech/p3peditor

52
Sites can list the typesof data theycollect
And view the correspondingP3P policy
53
Templates allow sites to start witha
pre-defined policyand customize it tomeet their
needs
54
PrivacyBot.com
Allows webmasters to fill out an online
questionnaire to automatically create a
human-readable privacy policy and a P3P policy
55
YOUpowered Consumer Trust Policy Manager Wizard
56
Other tools

• Privacy-friendly search engines
• TopClick
• Computer cleaners
• Window Washer removes all traces of what web
  sites you visited, what files you viewed, and
  what files you deleted
• Tools to facilitate access
• PrivacyRight

57
(No Transcript)
58
(No Transcript)
59
(No Transcript)
60
Tools work together

• P3P tools
• help users understand privacy policies
• Seal programs and regulations
• help ensure that sites comply with their policies
• Anonymity tools and filtering tools
• reduce the amount of information revealed while
  browsing
• Encryption tools
• secure data in transit and storage
• Laws and codes of practice
• provide a base line level for acceptable policies

61
Download these slides
http//www.research.att.com/lorrie/privacy/NTIA-
0900.ppt