platform for privacy platform for privacy preferences p3p
play

Platform for Privacy Platform for Privacy Preferences (P3P) Project - PDF document

Dec 25, 2023 •378 likes •770 views

Platform for Privacy Platform for Privacy Preferences (P3P) Project Preferences (P3P) Project Week 5/6 - February 10, 12, 17 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor

  1. Platform for Privacy Platform for Privacy Preferences (P3P) Project Preferences (P3P) Project Week 5/6 - February 10, 12, 17 1 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Original Idea behind P3P Original Idea behind P3P � A framework for automated privacy discussions � Web sites disclose their privacy practices in standard machine-readable formats � Web browsers automatically retrieve P3P privacy policies and compare them to users’ privacy preferences � Sites and browsers can then negotiate about privacy terms 2 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 1

  2. P3P: Introduction P3P history P3P history � Idea discussed at November 1995 FTC meeting � Ad Hoc “Internet Privacy Working Group” convened to discuss the idea in Fall 1996 � W3C began working on P3P in Summer 1997 � Several working groups chartered with dozens of participants from industry, non-profits, academia, government � Numerous public working drafts issued, and feedback resulted in many changes � Early ideas about negotiation and agreement ultimately removed � Automatic data transfer added and then removed � Patent issue stalled progress, but ultimately became non-issue � P3P issued as official W3C Recommendation on April 16, 2002 � http://www.w3.org/TR/P3P/ 3 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction P3P1.0 – – A first step A first step P3P1.0 � Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format � Can be deployed using existing web servers � This will enable the development of tools that: � Provide snapshots of sites’ policies � Compare policies with user preferences � Alert and advise the user 4 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 2

  3. P3P: Introduction P3P is part of the solution P3P is part of the solution P3P1.0 helps users understand privacy policies but is not a complete solution � Seal programs and regulations � help ensure that sites comply with their policies � Anonymity tools � reduce the amount of information revealed while browsing � Encryption tools � secure data in transit and storage � Laws and codes of practice � provide a base line level for acceptable policies 5 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction The basics The basics � P3P provides a standard XML format that web sites use to encode their privacy policies � Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site � Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set � No special server software required � User software to read P3P policies called a “P3P user agent” 6 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 3

  4. P3P: Introduction P3P1.0 Spec Defines P3P1.0 Spec Defines � A standard vocabulary for describing set of uses, recipients, data categories, and other privacy disclosures � A standard schema for data a Web site may wish to collect (base data schema) � An XML format for expressing a privacy policy in a machine readable way � A means of associating privacy policies with Web pages or sites � A protocol for transporting P3P policies over HTTP 7 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction A simple HTTP transaction A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 8 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 4

  5. P3P: Introduction … with P3P 1.0 added with P3P 1.0 added … GET /w3c/p3p.xml HTTP/1.1 Web Host: www.att.com Server Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 9 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Transparency Transparency � P3P clients can check a privacy policy each http://www.att.com/accessatt/ time it changes � P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE 10 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 5

  6. P3P: Introduction P3P in IE6 P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears 11 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled 12 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 6

  7. P3P: Introduction Privacy summary report is generated automatically from full P3P policy 13 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction P3P in Netscape 7 P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie 14 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 7

  8. P3P: Introduction Users can view English translation of (part of) compact policy in Cookie Manager 15 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction A policy summary can be generated automatically from full P3P policy 16 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 8

  9. P3P: Introduction AT&T Privacy Bird AT&T Privacy Bird � Free download of beta from http://www.privacybird.com/ � “Browser helper object” for IE 5.01/5.5/6.0 � Reads P3P policies at all P3P-enabled sites automatically � Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences � Clicking on bird icon gives more information � Current version is information only – no cookie blocking 17 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Chirping bird is privacy indicator Chirping bird is privacy indicator 18 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 9

  10. P3P: Introduction Click on the bird for more info Click on the bird for more info 19 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Privacy policy summary - mismatch Privacy policy summary - mismatch 20 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 10

  11. P3P: Introduction Users select warning conditions Users select warning conditions 21 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Bird checks policies for embedded content Bird checks policies for embedded content 22 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich P3P Preference Group Chair Outline P3P February 2000 Update Platform for Privacy Preferences Policy Background

761 views • 37 slides
The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach

The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach

The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich APPEL Subgroup Chair P3P Working Group Outline P3P December 2000 Update Platform for Privacy Preferences ! What

914 views • 55 slides
How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

Dynamic Privacy Choices (Shota Ichihashi, Bank of Canada) In each period Activity produces Consumer data on persistent type uses platform Platform monetizes info Privacy cost (e.g., data leakage) How much will the

412 views • 4 slides
CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International Data Tracking 2 http://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found Two Main Attack

986 views • 63 slides
Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the data disclosure decisions and for visualization IFIP Summer School on Identity Management Karlstad, Sweden August, 6 th -10 th 2007

338 views • 15 slides
New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended

New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended

New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended Functionalities API in BML - September 2, 2010 Shuhei Habu Allied Resources Communications, Inc. Tokyo, Japan Background Users way of watching

1.54k views • 39 slides
Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Introduction Syntax Semantics Example Outlook Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection Schleswig-Holstein 26th of July 2010 www.ietf.org/id/draft-koenig-privicons-00.txt Ulrich

225 views • 10 slides
Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy

Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy

Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy Technology Development Cybernetica dan@cyber.ee The Sharemind Privacy-preserving Computing Platform Components for Privacy Encrypted Privacy

714 views • 28 slides
Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lcuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu Machine Learning (ML) introduces a dangerous double standard for data

603 views • 45 slides
Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula,

Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula,

Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula, Martin Degeling, Hana Habib, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh PERSONALIZED PRIVACY ASSISTANT PROJECT 1 PERSONALIZED PRIVACY ASSISTANT

582 views • 22 slides
Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

CSE 484 / CSE M 584: Computer Security and Privacy Web Privacy [finish] Mobile Platform Security [start] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

535 views • 29 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
Using Social Media for Health Studies Ingmar Weber Social Computing, Qatar Computing Research

Using Social Media for Health Studies Ingmar Weber Social Computing, Qatar Computing Research

Using Social Media for Health Studies Ingmar Weber Social Computing, Qatar Computing Research Institute @ingmarweber My Journey My Journey My Journey My Journey My Journey My Journey My Journey My Journey My Journey Treat all

1.38k views • 84 slides
Smart contracts Definition, applications, and impact November 14 th Brussels, Finance Watch

Smart contracts Definition, applications, and impact November 14 th Brussels, Finance Watch

CONFIDENTIAL Smart contracts Definition, applications, and impact November 14 th Brussels, Finance Watch Workshop 2017 CONFIDENTIAL Distributed Systems: challenges Network of U S E R actors following instructions connections for

942 views • 25 slides
The Science in Computer Science Some ideas for a non-systematic investigation Viola Schiaffonati

The Science in Computer Science Some ideas for a non-systematic investigation Viola Schiaffonati

The Science in Computer Science Some ideas for a non-systematic investigation Viola Schiaffonati Dipartimento di Elettronica, Informazione e Bioingegneria 2 Out of the parlor and into the lab Scientific philosopher Practicing philosophy

485 views • 29 slides
Competing Ontologies and Verbal Disputes Jakub Mcha Department of Philosophy Masaryk

Competing Ontologies and Verbal Disputes Jakub Mcha Department of Philosophy Masaryk

Competing Ontologies and Verbal Disputes Jakub Mcha Department of Philosophy Masaryk University, Brno, Czech Republic LogOnto - Workshop on Logic and Ontologies for Natural Language, 22 nd September 2014 Overview of the talk The background

556 views • 16 slides
Name Spaces OS-level Address spaces Naming and Addressing File tree and file pathname

Name Spaces OS-level Address spaces Naming and Addressing File tree and file pathname

Name Spaces OS-level Address spaces Naming and Addressing File tree and file pathname File descriptors Networks Ethernet/LAN MAC addresses (48-bit) Jeff Chase IP addresses (32-bit or 64-bit in IPv6) Duke

612 views • 7 slides
Registry Tools Advanced ccTLD Workshop September 2008 Amsterdam, Netherlands

Registry Tools Advanced ccTLD Workshop September 2008 Amsterdam, Netherlands

Registry Tools Advanced ccTLD Workshop September 2008 Amsterdam, Netherlands nsrc@ccTLD-advanced Amsterdam Tools There are quite a few tools available, but many of them require work to use. Several allow you to build from them as a base

305 views • 19 slides
CUBANIC ccTLD DNS Workshop Amsterdam, Holanda October 15 -19, 2008 History in short CubaNIC

CUBANIC ccTLD DNS Workshop Amsterdam, Holanda October 15 -19, 2008 History in short CubaNIC

CUBANIC ccTLD DNS Workshop Amsterdam, Holanda October 15 -19, 2008 History in short CubaNIC was first registered in 1992. Initially all the technical operation and the primary server were located in Canada. During four years there was

756 views • 20 slides
Domain Name System http://xkcd.com/302/ CSCI 466: Networks Keith Vertanen Fall 2011

Domain Name System http://xkcd.com/302/ CSCI 466: Networks Keith Vertanen Fall 2011

Domain Name System http://xkcd.com/302/ CSCI 466: Networks Keith Vertanen Fall 2011 Overview Final project + presentation Some TCP and UDP experiments Domain Name System (DNS) Hierarchical name space Maps friendly

1.02k views • 40 slides

More recommend