making privacy a fundamental component of
play

Making Privacy a Fundamental Component of Web Resources Paper - PowerPoint PPT Presentation

Sep 28, 2023 •205 likes •350 views

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dbendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team

  1. Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dübendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team Zurich Google Switzerland GmbH joint work with Christoph Renner (Google Switzerland GmbH/ETH Zurich), Tyrone Grandison (IBM), Michael Maximilien (IBM), Mark Weitzel (IBM) 1

  2. Picture sharing in social networks You better know who you share your pictures with! image source: http://thebsreport.files.wordpress.com/2009/12/crazy-drunk-man-1.jpg 2

  3. How to improve privacy? • Better transparency on how personal data is shared on the Web • More control over how personal data is shared on the Web • Put the right security building blocks in place to build privacy features on top of them 3

  4. Photo albums privacy levels in social networks (as of Nov 2009) Conclusion: Sharing granularities in social networks differ a lot! Everybody = any Internet user, also outside the social network All Users = any user of the social network 4

  5. APIs to access photo album privacy settings in social networks Controlling who has access to my images • Facebook : Proprietary API for privacy settings • MySpace : Proprietary API extensions for albums • OpenSocial API (36 social networks, e.g. Orkut, MySpace, LinkedIn, hi5, XING): No API to access privacy settings up to current version 1.0 (March 2010); „default“ sharing for uploads  Clear need for a standardized way to access privacy settings across social networks! 5

  6. How to give the user control over his personal data on the web? • Define generic access control lists for shared Web resources • Make them available in APIs • Add privacy controls to user interfaces of apps uploading personal data to the Web • Feb 28th, 2010: Proposal for privacy API (generic access control lists) submitted for inclusion in OpenSocial 1.1. 6

  7. Generic Access Control Lists – some challenges and features • Entities – Finding the balance between too few and too many while keeping it extensible (CUSTOM) and simple • OpenSocial: – USER, GROUP, EXTERNAL CONTACT – Group-ID = Object-Id / "@self" (for owner) / "@friends” (networkDistance for friends of friends) / "@all" / "@everybody" / "@family” – External Contact AccessorId = "MAILTO" / "PHONE" / Custom-Accessor-Type Custom-Accessor-Type = LOALPHA TEXT 7

  8. Generic Access Control Lists – some challenges and features • Rights – How to define appropriate rights that can be enforced • OpenSocial RESTful API: [“GET”, “POST”, “PUT”, “DELETE”] • Sharing model – Additive (whitelist) vs. Subtractive (all but blacklist) or a combination – Issues with hidden memberships in large groups – Issues with hidden data item groupings (user profile) 8

  9. Generic Access Control Lists – some challenges and features • Sharing with open membership groups – You share with 10 known group members today, but 1000 members tomorrow (including your boss?) – Social networks might not want to share member lists • Privacy indicator – Number of people with read access • Inheritance of rights – Photo album ACL can be overriden by single image ACLs 9

  10. Proof of Concept • Generic access control lists implemented in Google’s social network “Orkut” • Photo Sharing application “Photocial” for Android – Upload your picture to multiple social networks – User can control the privacy level per social network when uploading images 10

  11. Beyond Social Networks • The Web becomes more and more social – why not attach ACLs to any personal Web resource? • Issues: – ACLs require an accessing entity to be identified; could build on federation of social network identities – ACLs work only if trusted systems enforce them (server and/or client side) – Digital data without copy protection can be redistributed without ACLs (violation “scanner” for enforcement?) 11

  12. Next Steps • Implementation of proposed OpenSocial ACLs in Apache Shindig • Work towards inclusion of generic ACLs in OpenSocial 1.1Next (Q1 2011) 12

  13. Thanks for your attention Presenter: Thomas Dübendorfer, Google Switzerland GmbH References: • Proposal for OpenSocial Privacy API (ACLs): http://tinyurl.com/OSACL (includes also references to our proposals for an OpenSocial Album and MediaItem Privacy API and an OpenSocial Activity Privacy API) • Paper: http://www.w3.org/2010/api-privacy-ws/ papers/privacy-ws-26.pdf 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the 2020 Census of Population and Housing Simson L. Garfinkel Senior Scientist, Confidentiality and Data Access U.S. Census Bureau July 31, 2019 JSM

458 views • 35 slides
Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a

Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a

Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a collaboration with: Brooklyn Public Library Metropolitan New York Library Council (METRO) New America and London School of Economics Data

559 views • 22 slides
Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of

Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of

Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of Computer Science They Profile You! They Track You! Loc ocation on-base sed S d Services es NSA L NSA Locati tion T Tracking Programs

399 views • 12 slides
Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy for Advanced Web APIs Sren Preibusch 1 Intended reaction towards excessive data collection (first and second choices) Sren Preibusch 2

140 views • 12 slides
Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to

Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to

Information Visualization Jing Yang Spring 2007 1 Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to the data set Random sample of 4000 graphics from 15 of worlds newspapers and magazines

315 views • 31 slides
Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD

Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD

Conference 2018 Conference 2018 Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD Research Privacy Advisor, PHSA Ethicist, BC Cancer REB Conflicts of interest None Ethical decision making in

674 views • 45 slides
Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of

Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of

Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of the creation of a common area without internal borders The Visa Code The Visa Code sets out harmonised procedures and conditions for issuing

316 views • 18 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy & Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids

#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids

#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids treatment Glyn Elwyn BA MD MSc PhD FRCGP Professor @glynelwyn #PCORI2018 #PCORI2018 Background About 50% of women of reproductive age We will

329 views • 12 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis :

PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis :

PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis : process by which plants convert radiant energy to chemical energy Respiration : process by which glucose molecules are broken down and stored energy

870 views • 38 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Rise of Crowdsourcing Crowdsourcing = Harvesting societys wisdom, skill, creativity, and scale

Rise of Crowdsourcing Crowdsourcing = Harvesting societys wisdom, skill, creativity, and scale

Rise of Crowdsourcing Crowdsourcing = Harvesting societys wisdom, skill, creativity, and scale to solve a task Crowdsourcing: Opportunities and Challenges Deepak Ganesan Associate Professor UMass Amherst ... Computer Science@UMASS Amherst

249 views • 11 slides
Final Project M5 Monday, April 17, 2017 Agenda Announcements Reading Quiz

Final Project M5 Monday, April 17, 2017 Agenda Announcements Reading Quiz

Final Project M5 Monday, April 17, 2017 Agenda Announcements Reading Quiz Review M5 Requirements M5 Support Session Announcements Next week: M6 - Technical report Week after next: M7 - Presentation

316 views • 9 slides
The Future Of Linux Suspend Stefan Seyfried <seife@suse.de> SuSE Linux Products GmbH -

The Future Of Linux Suspend Stefan Seyfried <seife@suse.de> SuSE Linux Products GmbH -

Outlines The Future Of Linux Suspend Stefan Seyfried <seife@suse.de> SuSE Linux Products GmbH - R&D Mobile Devices 2008-02-24 Stefan Seyfried <seife@suse.de> SuSE Linux Products GmbH - R&D Mobile Devices The Future Of Linux

491 views • 20 slides
IETF 79 Beijing, China IPv6 DNS Whitelisting: Overview and Implications N A TIONAL E NGINEERING

IETF 79 Beijing, China IPv6 DNS Whitelisting: Overview and Implications N A TIONAL E NGINEERING

IETF 79 Beijing, China IPv6 DNS Whitelisting: Overview and Implications N A TIONAL E NGINEERING & T ECHNICAL O PERA TIONS DNS Whitelis8ng I-D: dra$-livingood-dns-whitelis1ng-implica1ons

365 views • 12 slides
E E -CoAT -CoAT E uropean Cooperation of Abuse fighting Teams Remarks on E -CoAT

E E -CoAT -CoAT E uropean Cooperation of Abuse fighting Teams Remarks on E -CoAT

E E -CoAT -CoAT E uropean Cooperation of Abuse fighting Teams Remarks on E -CoAT TF-CSIRT/ FIRST joint event Amsterdam, January 2006 Don Stikvoort (e-coat workshop chair) S ORBS blacklist entries FI 5036 BR 173885 US 330142 CH

569 views • 10 slides
2018 Review and Whats coming in 2019 Clint Higley| clint.higley@mscrm-addons.com Michael

2018 Review and Whats coming in 2019 Clint Higley| clint.higley@mscrm-addons.com Michael

2018 Review and Whats coming in 2019 Clint Higley| clint.higley@mscrm-addons.com Michael Dohr | michael.dohr@mscrm-adddons.com Empowering Dynamics 365 Users DocumentsCorePack Release Highlights Multipart Docume ments User-Promp mpts

258 views • 8 slides
AGL security where Smack, Cynara, and AppFW leave off Vehicle systems provide a challenging use

AGL security where Smack, Cynara, and AppFW leave off Vehicle systems provide a challenging use

AGL security where Smack, Cynara, and AppFW leave off Vehicle systems provide a challenging use case for security, where physical and virtual access is essentially unlimited, and reverse engineers have easy access to replacement parts,

453 views • 6 slides
Agenda What is U UDDI and Why UDDI? UDDI Data Types and their structural relationship

Agenda What is U UDDI and Why UDDI? UDDI Data Types and their structural relationship

Universal Description, Discovery and Integration (UDDI) 3/10/2007 Universal Description, Discovery and Integration (UDDI) Asst. Prof. Dr. Kanda Runapongsa (krunapon@kku.ac.th) Department of Computer Engineering Khon Kaen University 1 Agenda

656 views • 23 slides

More recommend