Presentation is loading. Please wait.

Presentation is loading. Please wait.

Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.

Published byMarybeth Cummings Modified over 9 years ago

Similar presentations

Presentation on theme: "Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002."— Presentation transcript:

1

2 Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002

3 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 2 Platform for Privacy Preferences Project (P3P) Developed by the World Wide Web Consortium (W3C) http://www.w3.org/p3p/  Final P3P1.0 Recommendation issued 16 April 2002 Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format  Can be deployed using existing web servers Enables the development of tools (built into browsers or separate applications) that  Summarize privacy policies  Compare policies with user preferences  Alert and advise users

4 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 3 Basic components P3P provides a standard XML format that web sites use to encode their privacy policies Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set No special server software required User software to read P3P policies called a “P3P user agent”

5 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 4 What’s in a P3P policy? Name and contact information for site The kind of access provided Mechanisms for resolving privacy disputes The kinds of data collected How collected data is used, and whether individuals can opt-in or opt-out of any of these uses Whether/when data may be shared and whether there is opt-in or opt-out Data retention policy

6 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 5 P3P/XML encoding <POLICY discuri="http://p3pbook.com/privacy.html" name="policy"> <DATA ref="#business.contact-info.online.email">privacy@p3pbook.com <DATA ref="#business.contact-info.online.uri">http://p3pbook.com/ Web Privacy With P3P We keep standard web server logs. P3P version Location of human-readable privacy policy P3P policy name Site’s name and contact info Access disclosure Statement Human-readable explanation How data may be used Data recipients Data retention policy Types of data collected

7 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 6 AT&T Privacy Bird Free download of beta from http://privacybird.com/ “Browser helper object” for IE 5.01/5.5/6.0 Reads P3P policies at all P3P-enabled sites automatically Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences Clicking on bird icon gives more information Current version is information only – no cookie blocking

8 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 7 Chirping bird is privacy indicator

9 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 8 Click on the bird for more info

10 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 9 Privacy policy summary - mismatch Link to opt-out page

11 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 10 Bird checks policies for embedded content

12 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 11 Privacy Bird icons

13 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 12 Preference configuration

14 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 13 User study About 20,000 downloads in first six months of public beta trial Users asked whether they were willing to participate in survey when they downloaded software We randomly selected 2000 email addresses from those willing to participate in surveys and sent invitation to fill out online 35- question questionnaire 17% response rate

15 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 14 Demographics and Internet use Compared to random sample surveys of Internet users, our sample was older, more predominantly male, better educated, and had more Internet experience Most of our respondents from English speaking countries – 70% from US, 14% from Australia, 6% from Canada US respondents had more Internet experience than other respondents and were more likely to have made purchases from web sites Are our skewed survey respondent demographics representative of Privacy Bird users? Are our demographics similar to demographics of users of other privacy software?

16 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 15 Attitudes about privacy 34% never heard of P3P (you don’t have to know about P3P to use Privacy Bird!) 21% identified as “P3P experts” Most never or occasionally read privacy policies before installing Privacy Bird (similar to what other surveys found) Level of privacy concern similar to other studies Our respondents appear more knowledgeable and concerned about cookies than typical Internet users Our respondents are not very knowledgeable about third-party cookies – 18% never heard of them, 41% heard of them but don’t really know what they are P3P experts more knowledgeable about third-party cookies and less concerned about cookies

17 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 16 General evaluation of Privacy Bird Beta had some installation and stability problems that showed up on only some systems Frequent criticism: too many yellow birds!  In August 2002, E& Y reported 24% of to 100 domains visited by US Internet users were P3P enabled Average usefulness on 5 point scale (5=very useful)  Today: 2.9  If most web sites P3P-enabled: 4.0  If Privacy Bird could block cookies at sites with red bird: 4.1 Women and non-US respondents found Privacy Bird most useful and more likely to recommend to a friend Average ease-of-use on 5 point scale (5=very easy)  Installation: 4.6  Changing privacy settings: 3.9  Understanding policy summary: 3.3

18 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 17 Policy summary Amount of information in policy summary  Right amount: 64%  Too much: 15%  Not enough: 20% No specific suggestions about what additional information to include How often did you look at policy summary?  Never: 15%  Once or twice: 34%  Several times: 36%  Ten or more times: 15% Focus of future work should be on wording of policy summary to make it easier to understand

19 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 18 Privacy settings How often did you change your privacy settings?  Never: 25%  Once or twice: 52%  Several times: 21%  Ten or more times: 2% P3P experts changed their settings more frequently A few comments that people did not fully understand what all the choices mean

20 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 19 Icon and sounds What sound setting did you use?  Play sounds at all web sites: 19%  Play sounds with certain birds: 37%  No sounds: 45% “Oh, how we love the squawking red crow” “I was driven almost to a state of collapse, I used to jump when I heard the same bird call in my yard” Some complaints about location of bird in title bar

21 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 20 Impact on online behavior 88% of respondents indicated some change in online behavior as a result of using Privacy Bird  Fill out fewer online forms: 37%  Take advantage of opt-outs: 37%  Stopped visiting some web sites: 29%  Comparing privacy policies at similar sites and frequenting sites with better policies: 18% “Basically, I use Privacy Bird like a warning light. Whenever it’s red I treat the website as hostile and am extra careful about the information I provide and activities I perform there” “I told one mutual fund web site about Privacy Bird’s findings, and they improed their pages because of it!”

22 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 21 Respondents who read privacy policies NeverOccasionallyAt most sites where I see a red bird At most sites where I see a red bird AND I was considering providing personal information At most sites where I was considering providing personal information At most or all web sites I visited

23 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 22 Impact on online purchasing If you could find out before making an online purchase which of the websites that had the item you wanted had the best privacy policy, would you be likely to purchase the item form the site with the best privacy policy?  Almost always purchase from site with best privacy policy: 33%  Probably purchase from site with best privacy policy as long as price and services similar to other sites: 54%  Always purchase from site with best price: 6%  Do not plan to make online purchases: 7%

24 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 23 Discussion More work needed to study how people use privacy software and determine how to make privacy concepts accessible to end users Women and people outside the US like Privacy Bird best, but they represent minority of our users Policy summary is aspect of UI most in need of improvement – providing short and long views may help Privacy software has potential as educational tool Usefulness of P3P software limited until more sites adopt P3P Search engines and comparison shopping services that use privacy policy as a criteria would be useful

25 Lorrie Faith Cranor http://lorrie.cranor.org/ Use of P3P User Agent by Early Adopters 24 Resources For further information on P3P see:  http://www.w3.org/P3P/  http://p3ptoolbox.org/  http://p3pbook.com/ For more info on Privacy Bird or to download:  http://privacybird.com/

Download ppt "Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002."

Similar presentations

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
August 2014 Liver quest User Demo: Liver Quality Enhancement Service Tool (QuEST)

August 2014 Liver quest User Demo: Liver Quality Enhancement Service Tool (QuEST)
P3P 20031030 Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.

P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.

1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.
E-mail Defense System (a.k.a. Junk mail & Virus Filtering at the Server level)

Defense System (a.k.a. Junk mail & Virus Filtering at the Server level)
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.

Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
C MU U sable P rivacy and S ecurity Laboratory Making privacy visible Lorrie Faith Cranor October 19, 2007.

C MU U sable P rivacy and S ecurity Laboratory Making privacy visible Lorrie Faith Cranor October 19, 2007.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.

Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.
Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.

Introduction to eValid Presentation Outline What is eValid? About eValid, Inc. eValid Features System Architecture eValid Functional Design Script Log.
An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.

An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.
Your Website Chat & Live Customer Support Solution Instant Customer GratificationSM Brought to you by: Affordable Business Productivity and Communications.

Your Website Chat & Live Customer Support Solution "Instant Customer GratificationSM" Brought to you by: Affordable Business Productivity and Communications.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Filling Your Exchange Online Recruiting with FFI Jillian Walters FFI Communications Coordinator August 2013.

Filling Your Exchange Online Recruiting with FFI Jillian Walters FFI Communications Coordinator August 2013.
Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Lesson 46: Using Information From the Web copy and paste information from a Web site print a Web page download information from a Web site customize Web.

Similar presentations

Ads by Google