Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Slides:

Advertisements

Similar presentations

The Internet and the Web

Advertisements

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Lesson 4: Web Browsing.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

Project 1 Introduction to HTML.

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

A New Computing Paradigm. Overview of Web Services Over 66 percent of respondents to a 2001 InfoWorld magazine poll agreed that "Web services are likely.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.

Firefox 2 Feature Proposal: Remote User Profiles TeamOne August 3, 2007 TeamOne August 3, 2007.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.

Web 2.0: Concepts and Applications 3 Syndicating Content.

Overview of Search Engines

Web Browsers It is an application software that is used to display and interact with text, images and other information located on web pages at web sites.

Chapter 10 Publishing and Maintaining Your Web Site.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Chapter 5 Application Software.

Prof. Vishnuprasad Nagadevara Indian Institute of Management Bangalore

Project Proposal: Academic Job Market and Application Tracker Website Project designed by: Cengiz Gunay Client: Cengiz Gunay Audience: PhD candidates and.

With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.

Chapter 1 Introduction to HTML, XHTML, and CSS

Computer Concepts 2014 Chapter 7 The Web and .

Aurora: A Conceptual Model for Web-content Adaptation to Support the Universal Accessibility of Web-based Services Anita W. Huang, Neel Sundaresan Presented.

DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.

P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.

Web Mastering Module Internet Fundamentals. What is the Internet? –Global network of networks –Communicating using same set of rules (protocols/languages)

What is SharePoint? Module 1. Module Overview  Defining SharePoint  Understanding How SharePoint is Used  Interacting with SharePoint.

1 The following presentation is from the Oracle Webcast “What’s New in P6 EPPM Release 8.1.” As a partner, you may not use the Oracle Power Point template,

OASIS ebXML Registry Standard Open Forum 2003 on Metadata Registries 10:30 – 11:15 January 20, 2003 Kathryn Breininger The Boeing Company Chair, OASIS.

Nilsa Polanco CMP 230 LA01 Meta Search Engine Presentation.

I Do Not Know What You Visited Last Summer: Protecting users from stateful third-party web tracking with TrackingFree browser Xiang Pan §, Yinzhi Cao †,

Page 1 CSISS Center for Spatial Information Science and Systems Design and Implementation of CWIC Metrics Weiguo Han, Liping Di, Yuanzheng Shao, Lingjun.

Tutorial 1: Browser Basics.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

HTML, XHTML, and CSS Sixth Edition Chapter 1 Introduction to HTML, XHTML, and CSS.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Web Engineering we define Web Engineering as follows: 1) Web Engineering is the application of systematic and proven approaches (concepts, methods, techniques,

The Network Performance Advisor J. W. Ferguson NLANR/DAST & NCSA.

Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

1 Personalization and Trust Personalization Mass Customization One-to-One Marketing Structure content & navigation to meet the needs of individual users.

Chapter 9 Publishing and Maintaining Your Site. 2 Principles of Web Design Chapter 9 Objectives Understand the features of Internet Service Providers.

© Paradigm Publishing Inc. 5-1 Chapter 5 Application Software.

Individualized Knowledge Access David Karger Lynn Andrea Stein Mark Ackerman Ralph Swick.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

● A system of Internet servers that support specially formatted documents. The documents are formatted in a markup language called HTML. What is the World.

COP 3813 Intro to Internet Computing Prof. Roy Levow Lecture 1.

Chapter 29 World Wide Web & Browsing World Wide Web (WWW) is a distributed hypermedia (hypertext & graphics) on-line repository of information that users.

EMu Interface and the Web Clear identification of web fields for users and administrators Visual identifier of the web presentations in EMu, ie Collection.

Registration Solutions for your Event Management.

Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)

Blogging. Website and blog A website, also written as web site,or simply site, is a set of related web pages typically served from a single web domain.

Website Design, Development and Maintenance ONLY TAKE DOWN NOTES ON INDICATED SLIDES.

Chapter 1 Introduction to HTML, XHTML, and CSS HTML5 & CSS 7 th Edition.

Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.

Internet Searching the World Wide Web. The Internet and the World Wide Web The Internet is a worldwide collection of networks that allows people to communicate.

Search Engine and Optimization 1. Introduction to Web Search Engines 2.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.

Data mining in web applications

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February

Evolution of Internet.

What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.

Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.

Presentation transcript:

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2 University of Colorado 3 OpenLiberty.org 38th Research Conference on Communication, Information and Internet Policy

What They Know Search queries Web browsing habits Shopping habits Social relationships Offline behaviors Personal interests 1 TPRC 2010: Automated Tracking of Online Service Policies Possible medical conditions Financial status

User Tracking is Easy and Common 2 TPRC 2010: Automated Tracking of Online Service Policies When a user visits a website… Website Implicit information revealed: IP address HTTP request headers (user-agent, operating system, local time and language, referrer) This information alone can be used to construct an identifying, trackable profile [EFF’s Panopticlick, PETS ’10] Additional tracking elements: Sites often embed cookies and other tools to explicitly identify and track users dictionary.reference.com Source:

The Need for Clear Policy Articulation Given the inherent privacy risks in ordinary web browsing, most sites explicitly explain how they handle sensitive user data (PII) in a human-readable, natural language privacy policy or terms of service document TPRC 2010: Automated Tracking of Online Service Policies 3 Pros of natural language policies Near universal deployment Cons of natural language policies Users must find, read, and comprehend the policies Comprehension is poor for natural language policies [McDonald et al., PETS ’09]

Structured Policy Formats: P3P The Platform for Privacy Preferences (P3P) is a machine- readable XML schema for encoding: – What kind of user information is collected – How any collected user information is used – How long user information is stored P3P files can be automatically parsed and semantically analyzed by the web browser Users can specify their own preferences and interact only with sites with compatible policies Policy information can be transformed into “standardized” formats to improve policy comprehension TPRC 2010: Automated Tracking of Online Service Policies 4

P3P and Standardized Policy Formats TPRC 2010: Automated Tracking of Online Service Policies 5 Structured policy formats (like P3P) can be summarized and displayed to users in standardized, easy to read formats... “Privacy Finder” P3P Search Engine Result ≈

Slow Adoption for P3P A study by Cranor et al. found that the most popular web sites tend to be more likely to offer P3P, but overall deployment is very low TPRC 2010: Automated Tracking of Online Service Policies 6 Source: Cranor et al., Electronic Commerce Research and Applications : Only 10.25% offer P3P 2008: Only 13.59% offer P3P

Our Goal: Make Interacting with Natural Language Policies Easier P3P adoption is limited, but human-readable policies are prevalent This is a stop-gap measure: Until a structured policy format is widely adopted, we must interact with natural language policies TPRC 2010: Automated Tracking of Online Service Policies 7 Our contribution: Design and implement Policy Audit System - Aggregates natural language policies for a wide variety of websites - Periodically checks these policy documents for updates - Enables distribution of policies to interested users - Notifies users about specific changes in policies P3P Natural language policy tracking Natural language policy tracking … New structured policy format?

Policy Audit System: Architecture TPRC 2010: Automated Tracking of Online Service Policies 8 Key Components: - Policy Monitor: Periodically fetches known policy documents for a large set of websites; checks policies for changes - Policy Library: The collection of policy documents for each site over time - Policy Library Mirrors: Copies of the policy library hosted by third parties - Clients: Offers a way for users to obtain current or past policy information

Policy Monitor Periodically fetches a set of policy document URLs Extracts relevant policy text using standard text parsing techniques Compares the latest version to previously seen version to detect changes Records latest version (if changed) Based on the EFF’s TOSBack service ( ) TPRC 2010: Automated Tracking of Online Service Policies 9

Policy Library The Policy Monitor produces a library of policy documents, as they change over time The Policy Library is a directory structure available via the web: – A list of tracked web websites – Policy text snapshots, or previous versions – Various metadata to help find the latest document version The master library is hosted by the University of Colorado Currently tracking 76 distinct policies (more coming soon) TPRC 2010: Automated Tracking of Online Service Policies 10

Policy Library Mirrors Policy Library copies that are distributed among trusted parties The Electronic Frontier Foundation (EFF), the Center for Democracy and Technology (CDT), and the University of Colorado host Policy Library mirrors TPRC 2010: Automated Tracking of Online Service Policies 11

Clients Generically, a client offers an interface to the Policy Library, providing access to policy data A client could offer the ability to search the library, automate change notification via twitter, ATOM, RSS, or We developed a client as a Firefox plugin that displays policy information (and notification of changes) for the current site the user is visiting TPRC 2010: Automated Tracking of Online Service Policies 12

Example Client: Firefox Browser Plug-in * Accesses the Policy Library and alerts the user when they visit a website that publishes a policy that the Policy Monitor is tracking TPRC 2010: Automated Tracking of Online Service Policies 13 Alert Icons Visiting a site that’s not tracked Visiting a tracked site, but no change in policy since last visit Visiting a tracked site with an updated policy since last visit Visiting a tracked site with an unread policy * sponsored by

Plug-in: Visiting a Tracked Site TPRC 2010: Automated Tracking of Online Service Policies 14 Menu lists tracked policies

Plug-in: Visiting a Tracked Site with Policy Changes TPRC 2010: Automated Tracking of Online Service Policies 15

Plug-in: Discovering Third Party Information Disclosure TPRC 2010: Automated Tracking of Online Service Policies 16 Current policies for a visited page Notify user of third-party page elements

Summary and Conclusion Given the absence of a widely adopted structured policy format, we argue that steps should be taken to make natural language policies easier for users to understand To this end, we present the Policy Audit System to track natural language policy documents and notify users of policy updates Our hope is that this work helps individuals make sense of natural language policies while we wait for a structured policy data format to be widely adopted For more information Project overview: Development community: Firefox plug-in download: TPRC 2010: Automated Tracking of Online Service Policies 17 Thank you