Visualizing Privacy I March 7, 2006
Outline Visualizing privacy Three examples of visualizing privacy (from readings) Privacy policy and privacy preference Privacy Notice in Spyware applications Third party tracking cookies Your turn
Motivating Quote “privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1967) This definition assumes a certain level of individual awareness of the consequences of disclsoing and not disclosing personal information, and the ability to effectively control.
Motivation Privacy is abstract and hard to articulate unless one sees it The potential harms to privacy are uncertain and faraway Some privacy invasive technologies are hidden Informed Consent model, if not informed, there is not meaningful consent
Motivation Example 2 Benjamine Brunk, Understanding Privacy Space In addition to user interface characteristics such as screen size, we were also interested in what role graphics played in the design of these solutions. During the features analysis, each feature had a description written about it as well as a notation about whether or not it made significant use of graphics. Clearly, graphics were not common (Figure 10). That is not to say that the GUIs were not graphical. We were looking for anything beyond the standard interface widgets that convey information through the use of information visualization techniques, such as a progress bar or progress meter. (available at http://www.firstmonday.dk/ISSUES/issue7_10/brunk/index.html#b4) Benjamine Brunk, Understanding Privacy Space
What is visualizing privacy? Visualize is “to make visible: as to see or form a mental image of” (Merriam-Webster's collegiate dictionary) Visualizing privacy is to make privacy visible, to make users form a mental image of privacy. Question: I have coined a working definition, what do you think of this definition.
Privacy Space Framework Awareness Detection Prevention Response Recovery The question here is what framework should we think about when we talk about visualizing the privacy? Brunk, Figure 20-2 p. 414
Chapter 22 Privacy Policies and Privacy Preferences Lorrie Faith Cranor
Privacy Policies and preferences Privacy Policies is a mechanism for communicating about information collection and use Few people read privacy policies Time consuming to read and difficult to understand Format not standardized Can change unexpectedly
P3P and P3P user agents What: machine readable privacy policy in XML format. How does it work? website encode their privacy policies in P3P format User agents read the policy and parse it out Benefit: Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Privacy is visualized in the following ways: Summarize privacy policies Compare policies with user preferences Alert and advise users Acknowledgements, these slides are from lorrie’s previous presentation on privacy
P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears
Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled
Privacy summary report is generated automatically from full P3P policy
P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie
Privacy Bird Free download of beta from http://privacybird.com/ Origninally developed at AT&T Labs Released as open source “Browser helper object” for IE6 Reads P3P policies at all P3P-enabled sites automatically Bird icon at top of browser window indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information
Chirping bird is privacy indicator
Red bird indicates mismatch
Discussion Can you think of anything else?
Chapter 23 Privacy Analysis for the Casual User Through Bugnosis David Martin Visualizing the threat of privcy
Web bugs Invisible elements on a web page used to record the fact the face was visited, and sometimes to communicate additional information about the user or computer doing the viewing
Bugnosis A IE plug-in that watches for web bugs Alerts the user of its presence, but do not block web bugs
A demo www.about.com www.nytimes.com www.doubleclick.com http://freedownloadscenter.com/Utilities/
Stopping Spyware at the Gate Nathaniel Good, Rachna Dhamija, Jens Grossklags, et al.
User Study Goal: How the form and content of notices affect users’ decision to install Spyware
Study Design 31 participants Ask the user to go through five programs: Google toolbar, Edonkey, KaZaA, WeatherScope, WebShots). And install them if they feel appropriate
Notice Condition 1: EULA only
Notice Condition 2: Microsoft SP2 Warning + EULA
Notice Condition 3: Customized Short Notice + EULA
Study Results Participants ignore EULAs Although they know they were agreeing to a contract Limited understanding of the content and little desire to read length notice Additional Notice had only marginal effect on the total number of installations Improved Notice is not enough to inform user
Your turn
Group problems EULA – a failed way to inform, what are some of the ways we can better inform the user when they install these software?
These slides are from Lorrie’s previous class presentation on Privacy Backup Slides These slides are from Lorrie’s previous class presentation on Privacy
Platform for Privacy Preferences Project (P3P) Developed by the World Wide Web Consortium (W3C) http://www.w3.org/p3p/ Final P3P1.0 Recommendation issued 16 April 2002 Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Can be deployed using existing web servers Enables the development of tools (built into browsers or separate applications) that Summarize privacy policies Compare policies with user preferences Alert and advise users
Basic components P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required User software to read P3P policies called a “P3P user agent”
What’s in a P3P policy? Name and contact information for site The kind of access provided Mechanisms for resolving privacy disputes The kinds of data collected How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared and whether there is opt-in or opt-out Data retention policy
A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page
… with P3P 1.0 added GET /w3c/p3p.xml HTTP/1.1 Web Server Host: www.att.com Request Policy Reference File Web Server Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page
P3P increases transparency P3P clients can check a privacy policy each time it changes P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://www.att.com/accessatt/ Privacy policies often change, and most of the time users have know way of knowing about changes unless they check the privacy policy every time they visit a site. A P3P user agent can do this check automatically to make sure a policy continues to match a user’s preferences. P3P user agents can also identify objects embedded in web pages that may have different privacy policies. http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears
Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled
Privacy summary report is generated automatically from full P3P policy
P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie
Privacy Bird Free download of beta from http://privacybird.com/ Origninally developed at AT&T Labs Released as open source “Browser helper object” for IE6 Reads P3P policies at all P3P-enabled sites automatically Bird icon at top of browser window indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information
Chirping bird is privacy indicator
Red bird indicates mismatch
Check embedded content too
Privacy settings
Capturing Privacy Preference Most people have little experience articulating their privacy preference Privacy preferences are often complex and nuanced Most people are unfamiliar with much of the terminology used by privacy experts Most people do not understand the privacy related consequences of their behavior
Difficulties in capturing preference User want interface to be simple and yet do not want to be reduced to preconfigured preferences
Research question How do we build tools to make people aware of potential privacy issues?
What to visualize? Websites’ privacy practices Cookies Spyware Can you think of others?
Difficulties in visualizing privacy Privacy is a hard and abstract concept People sometimes do not know their preferences