privacy assistants
play

Privacy Assistants Dave Raggett <dsr@w3.org> Helping users to - PowerPoint PPT Presentation

Mar 29, 2023 •485 likes •625 views

Privacy Assistants Dave Raggett <dsr@w3.org> Helping users to manage the information they disclose to websites Disclaimer: Ideas describing work in progress 17-18 November 2009 W3C ACAS Workshop, Luxembourg 1 Why? Websites collect

  1. Privacy Assistants Dave Raggett <dsr@w3.org> Helping users to manage the information they disclose to websites Disclaimer: Ideas describing work in progress 17-18 November 2009 W3C ACAS Workshop, Luxembourg 1

  2. Why? ● Websites collect all kinds of personal data, potentially leading to ● Inappropriate collection of personal data ● Inappropriate use of personal data ● Aggregation of personal data across sites ● This may be subject to data protection laws ● Varies by jurisdiction, but the Web is world-wide ● You need help in asserting your rights! ● How to determine what personal data a given website holds on you? ● How to correct errors in the personal data they hold? ● How to determine what their privacy policies are? 17-18 November 2009 W3C ACAS Workshop, Luxembourg 2

  3. Credential-Based Access Control ● Credential as an attestation by a trusted party as to properties of the bearer ● X says that I am over 21 and a UK resident ● Cryptographic credentials ● Can provide proof of properties without directly revealing your identity – Can even reveal selected subset of properties in a credential ● Credentials increase privacy by reducing the kinds of personal data that need to be collected ● Facilitate use of anonymous or partial identities ● Users control what credentials they release 17-18 November 2009 W3C ACAS Workshop, Luxembourg 3

  4. Privacy Assistant ● Firefox add-on that tracks what personal data you've released ● Which sites have I given my email address to? ● What personal data have I released to example.com? ● Support for PrimeLife project ideas ● Control over privacy preferences and credentials ● What credentials does this site want from me? ● What purposes will my personal data be used for, and for how long will it be retained? ● Viewing notifications from data controllers 17-18 November 2009 W3C ACAS Workshop, Luxembourg 4

  5. Privacy Policies ● Provided by website in a machine interpretable XML format ● Plus pointer to Lawyer-readable plain text equivalent ● Neither are intelligible to ordinary people ● How to present the policy to the end-user? ● Without becoming a nuisance! – Only bother user when user is expected to do something – Otherwise allow user to view privacy policy via ● Clicking on icon on browser status bar ● Or selecting a menu item on menu bar ● Automatic generation of plain language descriptions ● Plus easy to understand icons 17-18 November 2009 W3C ACAS Workshop, Luxembourg 5

  6. Independent Outlook ● Websites have a business model to protect ● They will slant things to suit their own interests ● A privacy assistant... ● Is independent of the websites you deal with ● Will use plain language for describing policies ● Use consistent wording across different websites ● Could consult 3 rd party for independent advice – Trusted authorities – Wisdom of crowds via reputation system 17-18 November 2009 W3C ACAS Workshop, Luxembourg 6

  7. Natural Language Generation ● Manually create corpus of plain language texts and the XML policies they should be generated from ● XML policy as representation of semantics – And/Or tree for what needs to be disclosed ● Which properties in a credential will be revealed to website – Details of purposes and retention periods – What kinds of notifications are available ● Use examples to “train” realizer ● This is a limited domain, which makes it easier ● Generation is a multi-stage process ● First stage is text planning – Use templates for generating candidate phrases ● Use of pronouns, connectors, conjunctions... ● Second stage is sentence generation – Instantiate words with appropriate morphology 17-18 November 2009 W3C ACAS Workshop, Luxembourg 7

  8. 3 rd Party Privacy Assistants ● Keeping your privacy tracking data in one computer is risky and restrictive ● What if you drop it, or it breaks or is stolen? ● What happens when you want to upgrade the OS? ● What if you want to use one desktop at home, another at work, an iPhone on the train, and an Internet Cafe when on vacation? ● 3 rd Party Privacy Assistant can solve all of those ● As well has helping with trust relationships – Which websites have trustworthy privacy practices? – Avoid weaknesses of OpenID/email addresses as global ids – Support 24x7 authorizations for web 'bots acting on your behalf ● Work with any browser without needing an add-on 17-18 November 2009 W3C ACAS Workshop, Luxembourg 8

  9. How to obtain Policies? ● One idea is to use HTTP Link header ● Corresponds to HTML <link> element – Describe relation between requested resource and some other resource ● Link: <http://www.example.com/Policy>; rel="PrivacyPolicy" ● Proposed in HTTP 1.1, but removed in RFC2616 – Now back as draft-nottingham-http-link-header ● Could be indexed by search engines ● Search results could indicate which links are privacy enabled 17-18 November 2009 W3C ACAS Workshop, Luxembourg 9

  10. Credentials and HTTP ● HTTP defines headers for access control ● Server sends 401 Unauthorized response ● Plus info in WWW-Authenticate header ● Client resends request with requested info ● Authorization header ● Further work needed for defining how to use these headers with credentials ● Could embed XML format … 17-18 November 2009 W3C ACAS Workshop, Luxembourg 10

  11. Avoiding wasted round trips ● Web page has many subsidiary resources ● Style sheets, scripts, images, … ● Avoiding 401 Unauthorized on each resource ● Get policy to state which resources it applies to ● Some kind of wild-card patterns ● Some resources are from offsite – Load balancing with Akamai ● Learning from P3P 17-18 November 2009 W3C ACAS Workshop, Luxembourg 11

  12. Policy Negotiation ● PrimeLife assumes server proposes policy and client accepts or declines ● Issue: how does client bind personal data to policy? ● More flexible approach allows policies to be sent in both HTTP requests and responses ● Client could send policy which broadens server's – Expanded set of purposes, or longer retention period ● Or client could send a more restrictive proposal ● If server doesn't like client's proposal it could return 412 Precondition Failed response along with server's (revised) proposal ● Not clear if this flexibility is really justified 17-18 November 2009 W3C ACAS Workshop, Luxembourg 12

  13. Reality or Illusion? ● Do websites and end users really want all this? ● End users focus on immediate benefits and downplay privacy risks ● Lack of interest in setting personal preferences ● Perhaps we should instead focus on providing a strong legal framework to discourage abuses ● Users would still need a means to track their personal data and make corrections to errors ● Privacy assistant is still valuable – Privacy preferences could be set by 3 rd party 17-18 November 2009 W3C ACAS Workshop, Luxembourg 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Digital Assistants: Alexa can handle patient information what does that mean for privacy?

Digital Assistants: Alexa can handle patient information what does that mean for privacy?

Digital Assistants: Alexa can handle patient information what does that mean for privacy? Lorene Novakowski February 7, 2020 Alexa and HIPAA Amazon Alexa devices achieved HIPAA compliance In order to qualify as a covered entity

510 views • 21 slides
Who qualifies? Students who are: Research Assistants (U0627) or Teaching Assistants

Who qualifies? Students who are: Research Assistants (U0627) or Teaching Assistants

Who qualifies? Students who are: Research Assistants (U0627) or Teaching Assistants (U0325) or Graduate Part-Time Instructors (U0324) and Classified as employed at 50% FTE or more on their ePaf How does SBS know who qualifies?

548 views • 17 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity &amp; Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
KDE Itinerary A privacy by design travel assistant FOSDEM 2020 Volker Krause vkrause@kde.org

KDE Itinerary A privacy by design travel assistant FOSDEM 2020 Volker Krause vkrause@kde.org

KDE Itinerary A privacy by design travel assistant FOSDEM 2020 Volker Krause vkrause@kde.org @VolkerKrause Digital Travel Assistants TripIt, Google, Apple, etc. Extract booking information from email Show unified itinerary

581 views • 23 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy

Bridging Privacy Definitions: Differential Privacy and Concepts from Privacy Law &amp; Policy Alexandra Wood Berkman Klein Center for Internet &amp; Society at Harvard University DIMACS/Northeast Big Data Hub Workshop on Overcoming Barriers to

964 views • 54 slides
Why is it some people net a million or more every year and others struggle from deal to deal

Why is it some people net a million or more every year and others struggle from deal to deal

Why is it some people net a million or more every year and others struggle from deal to deal and never get going? Are they smarter? Do they have more experience? Do they have more money? Are they lucky? The Answer

514 views • 39 slides
Cortana / Speech Platform 2 Cortana truly uly person sonal acros oss s all your r device

Cortana / Speech Platform 2 Cortana truly uly person sonal acros oss s all your r device

Cortana / Speech Platform 2 Cortana truly uly person sonal acros oss s all your r device ces s get t things ngs done. e. Cortana Across your Devices Cortana Usage is Growing In 9 months since Windows 10 launched Over 270 milli

640 views • 23 slides
CS 294S/294W Democratizing Virtual Assistants A Social-Good Research Project Course Monica Lam

CS 294S/294W Democratizing Virtual Assistants A Social-Good Research Project Course Monica Lam

CS 294S/294W Democratizing Virtual Assistants A Social-Good Research Project Course Monica Lam Stanford University lam@cs.stanford.edu LAM STANFORD Why a Remote Research Course? A welcomed change from Zoom lectures. Expose students to the

768 views • 23 slides
(PAIGE) Yilei Liang (Kings College London) D an OKeeffe (Royal Holloway University of London)

(PAIGE) Yilei Liang (Kings College London) D an OKeeffe (Royal Holloway University of London)

Privacy Preserving Intelligent Personal Assistant at the EdGE GE (PAIGE) Yilei Liang (Kings College London) D an OKeeffe (Royal Holloway University of London) Nishanth Sastry (Kings College London) 1 Intelligent Personal Assistant

452 views • 13 slides
Lecture 1a: Introduction Emmanuel Agu About Me A Little about me WPI Computer Science

Lecture 1a: Introduction Emmanuel Agu About Me A Little about me WPI Computer Science

CS 528 Mobile and Ubiquitous Computing Lecture 1a: Introduction Emmanuel Agu About Me A Little about me WPI Computer Science Professor Research interests: mobile computing especially mobile health, computer graphics Started

949 views • 55 slides
Project Pivots After the prototype demo we will provide a 'pivot' to each group; this will consist

Project Pivots After the prototype demo we will provide a 'pivot' to each group; this will consist

Project Pivots After the prototype demo we will provide a 'pivot' to each group; this will consist of a new or modified requirements for your app that you will have to include for the final demo (and write about in the architecture and design

172 views • 6 slides
USING GAIA ROLES MODELS Nektarios Mitakidis, Pavlos Delias, Nikolaos Spanoudakis Technical

USING GAIA ROLES MODELS Nektarios Mitakidis, Pavlos Delias, Nikolaos Spanoudakis Technical

VALIDATING REQUIREMENTS USING GAIA ROLES MODELS Nektarios Mitakidis, Pavlos Delias, Nikolaos Spanoudakis Technical University of Crete Outline 2 Motivation Underlying technology The contribution A real world case study

469 views • 32 slides
Fix Fixin ing g th the e in intern ternet et with ith a fe fede dera rate ted cl d

Fix Fixin ing g th the e in intern ternet et with ith a fe fede dera rate ted cl d

Fix Fixin ing g th the e in intern ternet et with ith a fe fede dera rate ted cl d cloud ud Frank Karlitschek Nextcloud Frank Karlitschek - Born in Reutlingen, Germany - Studied Computer Science in Tbingen - Unit Manager

534 views • 42 slides

More recommend