Presentation is loading. Please wait.

Presentation is loading. Please wait.

Visualizing Privacy I March 7, 2006.

Published byCaitlin Willis Modified over 6 years ago

Similar presentations

Presentation on theme: "Visualizing Privacy I March 7, 2006."— Presentation transcript:

1 Visualizing Privacy I March 7, 2006

2 Outline Visualizing privacy
Three examples of visualizing privacy (from readings) Privacy policy and privacy preference Privacy Notice in Spyware applications Third party tracking cookies Your turn

3 Motivating Quote “privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others” (Westin, 1967) This definition assumes a certain level of individual awareness of the consequences of disclsoing and not disclosing personal information, and the ability to effectively control.

4 Motivation Privacy is abstract and hard to articulate unless one sees it The potential harms to privacy are uncertain and faraway Some privacy invasive technologies are hidden Informed Consent model, if not informed, there is not meaningful consent

5 Motivation Example 2 Benjamine Brunk, Understanding Privacy Space
In addition to user interface characteristics such as screen size, we were also interested in what role graphics played in the design of these solutions. During the features analysis, each feature had a description written about it as well as a notation about whether or not it made significant use of graphics. Clearly, graphics were not common (Figure 10). That is not to say that the GUIs were not graphical. We were looking for anything beyond the standard interface widgets that convey information through the use of information visualization techniques, such as a progress bar or progress meter. (available at Benjamine Brunk, Understanding Privacy Space

6 What is visualizing privacy?
Visualize is “to make visible: as to see or form a mental image of” (Merriam-Webster's collegiate dictionary) Visualizing privacy is to make privacy visible, to make users form a mental image of privacy. Question: I have coined a working definition, what do you think of this definition.

7 Privacy Space Framework
Awareness Detection Prevention Response Recovery The question here is what framework should we think about when we talk about visualizing the privacy? Brunk, Figure 20-2 p. 414

8 Chapter 22 Privacy Policies and Privacy Preferences
Lorrie Faith Cranor

9 Privacy Policies and preferences
Privacy Policies is a mechanism for communicating about information collection and use Few people read privacy policies Time consuming to read and difficult to understand Format not standardized Can change unexpectedly

10 P3P and P3P user agents What: machine readable privacy policy in XML format. How does it work? website encode their privacy policies in P3P format User agents read the policy and parse it out Benefit: Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Privacy is visualized in the following ways: Summarize privacy policies Compare policies with user preferences Alert and advise users Acknowledgements, these slides are from lorrie’s previous presentation on privacy

11 P3P in IE6 Automatic processing of compact policies only;
third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

12 Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled

13 Privacy summary report is generated automatically from full P3P policy

14 P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie

15 Privacy Bird Free download of beta from http://privacybird.com/
Origninally developed at AT&T Labs Released as open source “Browser helper object” for IE6 Reads P3P policies at all P3P-enabled sites automatically Bird icon at top of browser window indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information

16 Chirping bird is privacy indicator

17 Red bird indicates mismatch

18

19 Discussion Can you think of anything else?

20 Chapter 23 Privacy Analysis for the Casual User Through Bugnosis
David Martin Visualizing the threat of privcy

21 Web bugs Invisible elements on a web page used to record the fact the face was visited, and sometimes to communicate additional information about the user or computer doing the viewing

22 Bugnosis A IE plug-in that watches for web bugs
Alerts the user of its presence, but do not block web bugs

23 A demo www.about.com www.nytimes.com www.doubleclick.com

24

25

26

27

28 Stopping Spyware at the Gate
Nathaniel Good, Rachna Dhamija, Jens Grossklags, et al.

29 User Study Goal: How the form and content of notices affect users’ decision to install Spyware

30 Study Design 31 participants
Ask the user to go through five programs: Google toolbar, Edonkey, KaZaA, WeatherScope, WebShots). And install them if they feel appropriate

31 Notice Condition 1: EULA only

32 Notice Condition 2: Microsoft SP2 Warning + EULA

33 Notice Condition 3: Customized Short Notice + EULA

34 Study Results Participants ignore EULAs
Although they know they were agreeing to a contract Limited understanding of the content and little desire to read length notice Additional Notice had only marginal effect on the total number of installations Improved Notice is not enough to inform user

35

36

37 Your turn

38 Group problems EULA – a failed way to inform, what are some of the ways we can better inform the user when they install these software?

39 These slides are from Lorrie’s previous class presentation on Privacy
Backup Slides These slides are from Lorrie’s previous class presentation on Privacy

40 Platform for Privacy Preferences Project (P3P)
Developed by the World Wide Web Consortium (W3C) Final P3P1.0 Recommendation issued 16 April 2002 Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Can be deployed using existing web servers Enables the development of tools (built into browsers or separate applications) that Summarize privacy policies Compare policies with user preferences Alert and advise users

41 Basic components P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required User software to read P3P policies called a “P3P user agent”

42 What’s in a P3P policy? Name and contact information for site The kind of access provided Mechanisms for resolving privacy disputes The kinds of data collected How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared and whether there is opt-in or opt-out Data retention policy

43 A simple HTTP transaction
Web Server GET /index.html HTTP/1.1 Host: . . . Request web page HTTP/ OK Content-Type: text/html . . . Send web page

44 … with P3P 1.0 added GET /w3c/p3p.xml HTTP/1.1 Web Server
Host: Request Policy Reference File Web Server Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: . . . Request web page HTTP/ OK Content-Type: text/html . . . Send web page

45 P3P increases transparency
P3P clients can check a privacy policy each time it changes P3P clients can check privacy policies on all objects in a web page, including ads and invisible images Privacy policies often change, and most of the time users have know way of knowing about changes unless they check the privacy policy every time they visit a site. A P3P user agent can do this check automatically to make sure a policy continues to match a user’s preferences. P3P user agents can also identify objects embedded in web pages that may have different privacy policies.

46 P3P in IE6 Automatic processing of compact policies only;
third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

47 Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled

48 Privacy summary report is generated automatically from full P3P policy

49 P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie

50 Privacy Bird Free download of beta from http://privacybird.com/
Origninally developed at AT&T Labs Released as open source “Browser helper object” for IE6 Reads P3P policies at all P3P-enabled sites automatically Bird icon at top of browser window indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information

51 Chirping bird is privacy indicator

52 Red bird indicates mismatch

53 Check embedded content too

54 Privacy settings

55 Capturing Privacy Preference
Most people have little experience articulating their privacy preference Privacy preferences are often complex and nuanced Most people are unfamiliar with much of the terminology used by privacy experts Most people do not understand the privacy related consequences of their behavior

56 Difficulties in capturing preference
User want interface to be simple and yet do not want to be reduced to preconfigured preferences

57

58

59

60 Research question How do we build tools to make people aware of potential privacy issues?

61 What to visualize? Websites’ privacy practices Cookies Spyware
Can you think of others?

62 Difficulties in visualizing privacy
Privacy is a hard and abstract concept People sometimes do not know their preferences

Download ppt "Visualizing Privacy I March 7, 2006."

Similar presentations

Usage Statistics in Context: related standards and tools Oliver Pesch Chief Strategist, E-Resources EBSCO Information Services Usage Statistics and Publishers:

Usage Statistics in Context: related standards and tools Oliver Pesch Chief Strategist, E-Resources EBSCO Information Services Usage Statistics and Publishers:
NEXT. Create Pages in Blogger Another top user-requested feature has just graduated from Blogger In Draft! Blogger now makes it easy to create Pages linked.

NEXT. Create Pages in Blogger Another top user-requested feature has just graduated from Blogger In Draft! Blogger now makes it easy to create Pages linked.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.

1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.

What is spyware? Supervisor dr. lo’ay tawalbeh Search By Mahmoud al-ashram Soufyan al-qblawe.
C MU U sable P rivacy and S ecurity Laboratory Making privacy visible Lorrie Faith Cranor October 19, 2007.

C MU U sable P rivacy and S ecurity Laboratory Making privacy visible Lorrie Faith Cranor October 19, 2007.
Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.

Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
With Alex Conger – President of Webmajik.com FrontPage 2002 Level I (Intro & Training) FrontPage 2002 Level I (Intro & Training)

With Alex Conger – President of Webmajik.com FrontPage 2002 Level I (Intro & Training) FrontPage 2002 Level I (Intro & Training)
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.

11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Similar presentations

Ads by Google