Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bridging the Disconnect Between Web Privacy and User Perception Mike Perry W3C Identity May 24, 2011.

Published byNelson Hart Modified over 8 years ago

Similar presentations

Presentation on theme: "Bridging the Disconnect Between Web Privacy and User Perception Mike Perry W3C Identity May 24, 2011."— Presentation transcript:

1 Bridging the Disconnect Between Web Privacy and User Perception Mike Perry W3C Identity May 24, 2011

2 Enabling Privacy by Design Users lack ability to understand tracking: ● 'Activity linkability' is invisible – Activity is linkable in surprising ways – Not just identifiers ● Omniscient entities are enabled by linkability – Ad networks, CDNs, Facebook ● Linkability culprits: – Flawed identifier transmission model – Poor visual cues about user identity – Fingerprinting

3 Improving the Origin Model ● “Double-key” all new and existing identifiers – Use top level domain + 3 rd party domain – This includes the cache, too (See: SafeCache) – Fits users' mental model of website relationships ● Can use to satisfy RFC 2965 sec 3.3.6 (finally!) ● OpenID and OAuth logins still possible – Allows concept of “Logging into CNN via Facebook” ● May need whitelist request for (some) cookies – Xauth is primary example of a protocol w/ issues ● Alternatives available (Eg: User-launched Popups)

4 Top-Level Origin Privacy UI New model allows simpler UI for the same site data: Vs

5 Representing Identity Users should be given cues about who the web thinks they are ● Browser-level pseudonym, avatar icon, or Firefox Persona ● Password protected browser state storage – Users should be able to log in and out of identities – Mozilla Weave ● Private Browsing Mode is a special case with no storage and low linkability to saved identities – Should have user-selectable persona/cue, too

6 Fingerprinting ● Ad networks are already moving beyond cookies – Banks too ● Unique browser attributes identify users – Installed plugins, fonts, user agent, resolution, time.. ● Can be measured by Panopticlick Entropy Metric ● Solutions can be origin-based or identity-based – Origin solutions/restrictions may be more effective ● New web features need evaluation – This can get tricky.. – May need to rely on simulations or intuition

7 Summary 1. Improve identifier origin model Greatly simplifies privacy UI All site data managed together (including history) 2. Provide (better) identity cues to users 3. Address Fingerprinting Linkability Fingerprinting Linkability between origins Fingerprinting Linkability between identities

Download ppt "Bridging the Disconnect Between Web Privacy and User Perception Mike Perry W3C Identity May 24, 2011."

Similar presentations

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.

SOCIAL WEB MEDIA privacy and data mining part 2 4/12/2010.
Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.

Protecting Browser State from Web Privacy Attacks Collin Jackson, Andrew Bortz, Dan Boneh, John Mitchell Stanford University.
This work was supported by the TRUST Center (NSF award number CCF-0424422) 1 Introduction Within the last few years, online advertisement companies have.

This work was supported by the TRUST Center (NSF award number CCF ) 1 Introduction Within the last few years, online advertisement companies have.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.

Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)

Georgios Kontaxis, Michalis Polychronakis Angelos D. Keromytis, Evangelos P. Markatos Siddhant Ujjain (2009cs10219) Deepak Sharma (2009cs10185)
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Lesson 4: Web Browsing.

Lesson 4: Web Browsing.
PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.

PGN5: KAING, RISHER AND SCHULTE PERSISTENT COOKIES WITH BROWSER FINGERPRINTING.
By: Ansuya Chauhan.

By: Ansuya Chauhan.
10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.
The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.

The Design and Implementation of an OpenID-Enabled PKI Kevin Bauer University of Colorado Supervisor: Dhiva Muruganantham.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.
Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.

Invasive Browser Sniffing and Countermeasures Markus Jakobsson & Sid Stamm.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.
Networks QUME 185 Introduction to Computer Applications.

Networks QUME 185 Introduction to Computer Applications.
Browser Fingerprinting: Online Tracking Without Cookies Device Fingerprinting –The process of obtaining device characteristics for purposes such as device.

Browser Fingerprinting: Online Tracking Without Cookies Device Fingerprinting –The process of obtaining device characteristics for purposes such as device.
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

Similar presentations

Ads by Google