making privacy a fundamental component of
play

Making Privacy a Fundamental Component of Web Resources Paper - PowerPoint PPT Presentation

Sep 28, 2023 •205 likes •350 views

Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dbendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team

  1. Making Privacy a Fundamental Component of Web Resources Paper presentation at W3C Workshop on Privacy for Advanced Web APIs July 12/13, 2010, London Dr. Thomas Dübendorfer thomas.duebendorfer@google.com Tech Lead, Privacy Engineering Team Zurich Google Switzerland GmbH joint work with Christoph Renner (Google Switzerland GmbH/ETH Zurich), Tyrone Grandison (IBM), Michael Maximilien (IBM), Mark Weitzel (IBM) 1

  2. Picture sharing in social networks You better know who you share your pictures with! image source: http://thebsreport.files.wordpress.com/2009/12/crazy-drunk-man-1.jpg 2

  3. How to improve privacy? • Better transparency on how personal data is shared on the Web • More control over how personal data is shared on the Web • Put the right security building blocks in place to build privacy features on top of them 3

  4. Photo albums privacy levels in social networks (as of Nov 2009) Conclusion: Sharing granularities in social networks differ a lot! Everybody = any Internet user, also outside the social network All Users = any user of the social network 4

  5. APIs to access photo album privacy settings in social networks Controlling who has access to my images • Facebook : Proprietary API for privacy settings • MySpace : Proprietary API extensions for albums • OpenSocial API (36 social networks, e.g. Orkut, MySpace, LinkedIn, hi5, XING): No API to access privacy settings up to current version 1.0 (March 2010); „default“ sharing for uploads  Clear need for a standardized way to access privacy settings across social networks! 5

  6. How to give the user control over his personal data on the web? • Define generic access control lists for shared Web resources • Make them available in APIs • Add privacy controls to user interfaces of apps uploading personal data to the Web • Feb 28th, 2010: Proposal for privacy API (generic access control lists) submitted for inclusion in OpenSocial 1.1. 6

  7. Generic Access Control Lists – some challenges and features • Entities – Finding the balance between too few and too many while keeping it extensible (CUSTOM) and simple • OpenSocial: – USER, GROUP, EXTERNAL CONTACT – Group-ID = Object-Id / "@self" (for owner) / "@friends” (networkDistance for friends of friends) / "@all" / "@everybody" / "@family” – External Contact AccessorId = "MAILTO" / "PHONE" / Custom-Accessor-Type Custom-Accessor-Type = LOALPHA TEXT 7

  8. Generic Access Control Lists – some challenges and features • Rights – How to define appropriate rights that can be enforced • OpenSocial RESTful API: [“GET”, “POST”, “PUT”, “DELETE”] • Sharing model – Additive (whitelist) vs. Subtractive (all but blacklist) or a combination – Issues with hidden memberships in large groups – Issues with hidden data item groupings (user profile) 8

  9. Generic Access Control Lists – some challenges and features • Sharing with open membership groups – You share with 10 known group members today, but 1000 members tomorrow (including your boss?) – Social networks might not want to share member lists • Privacy indicator – Number of people with read access • Inheritance of rights – Photo album ACL can be overriden by single image ACLs 9

  10. Proof of Concept • Generic access control lists implemented in Google’s social network “Orkut” • Photo Sharing application “Photocial” for Android – Upload your picture to multiple social networks – User can control the privacy level per social network when uploading images 10

  11. Beyond Social Networks • The Web becomes more and more social – why not attach ACLs to any personal Web resource? • Issues: – ACLs require an accessing entity to be identified; could build on federation of social network identities – ACLs work only if trusted systems enforce them (server and/or client side) – Digital data without copy protection can be redistributed without ACLs (violation “scanner” for enforcement?) 11

  12. Next Steps • Implementation of proposed OpenSocial ACLs in Apache Shindig • Work towards inclusion of generic ACLs in OpenSocial 1.1Next (Q1 2011) 12

  13. Thanks for your attention Presenter: Thomas Dübendorfer, Google Switzerland GmbH References: • Proposal for OpenSocial Privacy API (ACLs): http://tinyurl.com/OSACL (includes also references to our proposals for an OpenSocial Album and MediaItem Privacy API and an OpenSocial Activity Privacy API) • Paper: http://www.w3.org/2010/api-privacy-ws/ papers/privacy-ws-26.pdf 13

Recommend

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the 2020 Census of Population and Housing Simson L. Garfinkel Senior Scientist, Confidentiality and Data Access U.S. Census Bureau July 31, 2019 JSM

458 views • 35 slides
Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a

Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a

Digital Privacy: Fundamental Concepts for Libraries Workshop 1 1 About Us This is a collaboration with: Brooklyn Public Library Metropolitan New York Library Council (METRO) New America and London School of Economics Data

559 views • 22 slides
Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of

Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of

Computational Location Privacy: Two Fundamental Problems Reza Shokri ETH Zurich Department of Computer Science They Profile You! They Track You! Loc ocation on-base sed S d Services es NSA L NSA Locati tion T Tracking Programs

399 views • 12 slides
Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy

Consumers privacy decision -making Sren Preibusch 12 th July 2010 W3C Workshop on Privacy for Advanced Web APIs Sren Preibusch 1 Intended reaction towards excessive data collection (first and second choices) Sren Preibusch 2

140 views • 12 slides
Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to

Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to

Information Visualization Jing Yang Spring 2007 1 Time Series Data Visualization 2 1 Time Series Data Fundamental chronological component to the data set Random sample of 4000 graphics from 15 of worlds newspapers and magazines

315 views • 31 slides
Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD

Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD

Conference 2018 Conference 2018 Welcome! Ethical Decision Making in Research Privacy A little about me Holly Longstaff, PhD Research Privacy Advisor, PHSA Ethicist, BC Cancer REB Conflicts of interest None Ethical decision making in

674 views • 45 slides
Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of

Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of

Visa Package Proposal Common Visa Policy A Common Visa Policy is a fundamental component of the creation of a common area without internal borders The Visa Code The Visa Code sets out harmonised procedures and conditions for issuing

316 views • 18 slides
The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas

The Phenomenology of User Privacy and Security Decision-Making: Practice What You Preach Thomas Reynolds University at Albany a Lightning Talk Symposium On Usable Privacy & Security Carnegie Mellon University, July 2011 Usable

371 views • 5 slides
#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids

#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids

#PCORI2018 A multi-component implementation of shared decision making for uterine fibroids treatment Glyn Elwyn BA MD MSc PhD FRCGP Professor @glynelwyn #PCORI2018 #PCORI2018 Background About 50% of women of reproductive age We will

329 views • 12 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis :

PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis :

PHOTOSYNTHESIS Fundamental biological processes for making and using energy Photosynthesis : process by which plants convert radiant energy to chemical energy Respiration : process by which glucose molecules are broken down and stored energy

870 views • 38 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Decision Making Privacy-Motivated . . . under Uncertainty: Uncertainty Leads to . . .

Decision Making Privacy-Motivated . . . under Uncertainty: Uncertainty Leads to . . .

Quantitative . . . The Notion of Utility Traditional Approach: . . . Need for Distributed . . . Decision Making Privacy-Motivated . . . under Uncertainty: Uncertainty Leads to . . . Uncertainty in . . . Algorithmic Approach Uncertainty in

668 views • 62 slides
Privacy Decision Making in IoT Scenarios Pardis Emami-Naeini , Martin Degeling * , Lujo Bauer,

Privacy Decision Making in IoT Scenarios Pardis Emami-Naeini , Martin Degeling * , Lujo Bauer,

The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios Pardis Emami-Naeini , Martin Degeling * , Lujo Bauer, Lorrie Cranor, Mohammad Reza Haghighat , Richard Chow , Heather Patterson * Alice in

365 views • 33 slides
For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28

For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28

Qualification Component and Record of Learner Achievement Garden Design: Presentation Techniques L3(Y/504/1124) For use in AIM Awards centres Component Level: Level Three Component Guided Learning Hours: 28 Ofqual Component Reference No:

344 views • 6 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy in Online Transactions 515030910619 Introduction Online shopping is an

Privacy in Online Transactions 515030910619 Introduction Online shopping is an

Blockchain Application for User Privacy in Online Transactions 515030910619 Introduction Online shopping is an essential component in our life. User privacy in online shopping isn t protected well. Online shopping platform,

500 views • 13 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides

More recommend