platform for privacy platform for privacy preferences p3p
play

Platform for Privacy Platform for Privacy Preferences (P3P) Project - PDF document

Dec 25, 2023 •378 likes •770 views

Platform for Privacy Platform for Privacy Preferences (P3P) Project Preferences (P3P) Project Week 5/6 - February 10, 12, 17 1 Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor

  1. Platform for Privacy Platform for Privacy Preferences (P3P) Project Preferences (P3P) Project Week 5/6 - February 10, 12, 17 1 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Original Idea behind P3P Original Idea behind P3P � A framework for automated privacy discussions � Web sites disclose their privacy practices in standard machine-readable formats � Web browsers automatically retrieve P3P privacy policies and compare them to users’ privacy preferences � Sites and browsers can then negotiate about privacy terms 2 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 1

  2. P3P: Introduction P3P history P3P history � Idea discussed at November 1995 FTC meeting � Ad Hoc “Internet Privacy Working Group” convened to discuss the idea in Fall 1996 � W3C began working on P3P in Summer 1997 � Several working groups chartered with dozens of participants from industry, non-profits, academia, government � Numerous public working drafts issued, and feedback resulted in many changes � Early ideas about negotiation and agreement ultimately removed � Automatic data transfer added and then removed � Patent issue stalled progress, but ultimately became non-issue � P3P issued as official W3C Recommendation on April 16, 2002 � http://www.w3.org/TR/P3P/ 3 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction P3P1.0 – – A first step A first step P3P1.0 � Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format � Can be deployed using existing web servers � This will enable the development of tools that: � Provide snapshots of sites’ policies � Compare policies with user preferences � Alert and advise the user 4 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 2

  3. P3P: Introduction P3P is part of the solution P3P is part of the solution P3P1.0 helps users understand privacy policies but is not a complete solution � Seal programs and regulations � help ensure that sites comply with their policies � Anonymity tools � reduce the amount of information revealed while browsing � Encryption tools � secure data in transit and storage � Laws and codes of practice � provide a base line level for acceptable policies 5 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction The basics The basics � P3P provides a standard XML format that web sites use to encode their privacy policies � Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site � Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set � No special server software required � User software to read P3P policies called a “P3P user agent” 6 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 3

  4. P3P: Introduction P3P1.0 Spec Defines P3P1.0 Spec Defines � A standard vocabulary for describing set of uses, recipients, data categories, and other privacy disclosures � A standard schema for data a Web site may wish to collect (base data schema) � An XML format for expressing a privacy policy in a machine readable way � A means of associating privacy policies with Web pages or sites � A protocol for transporting P3P policies over HTTP 7 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction A simple HTTP transaction A simple HTTP transaction Web Server GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 8 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 4

  5. P3P: Introduction … with P3P 1.0 added with P3P 1.0 added … GET /w3c/p3p.xml HTTP/1.1 Web Host: www.att.com Server Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www.att.com . . . Request web page HTTP/1.1 200 OK Content-Type: text/html . . . Send web page 9 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Transparency Transparency � P3P clients can check a privacy policy each http://www.att.com/accessatt/ time it changes � P3P clients can check privacy policies on all objects in a web page, including ads and invisible images http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE 10 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 5

  6. P3P: Introduction P3P in IE6 P3P in IE6 Automatic processing of compact policies only; third-party cookies without compact policies blocked by default Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears 11 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Users can click on privacy icon for list of cookies; privacy summaries are available at sites that are P3P-enabled 12 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 6

  7. P3P: Introduction Privacy summary report is generated automatically from full P3P policy 13 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction P3P in Netscape 7 P3P in Netscape 7 Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default Indicates flagged cookie 14 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 7

  8. P3P: Introduction Users can view English translation of (part of) compact policy in Cookie Manager 15 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction A policy summary can be generated automatically from full P3P policy 16 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 8

  9. P3P: Introduction AT&T Privacy Bird AT&T Privacy Bird � Free download of beta from http://www.privacybird.com/ � “Browser helper object” for IE 5.01/5.5/6.0 � Reads P3P policies at all P3P-enabled sites automatically � Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences � Clicking on bird icon gives more information � Current version is information only – no cookie blocking 17 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Chirping bird is privacy indicator Chirping bird is privacy indicator 18 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 9

  10. P3P: Introduction Click on the bird for more info Click on the bird for more info 19 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Privacy policy summary - mismatch Privacy policy summary - mismatch 20 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 10

  11. P3P: Introduction Users select warning conditions Users select warning conditions 21 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ P3P: Introduction Bird checks policies for embedded content Bird checks policies for embedded content 22 Privacy Policy, Law and Technology • Carnegie Mellon University • Spring 2004 • Lorrie Cranor • http://lorrie.cranor.org/courses/sp04/ 11

Recommend

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich P3P Preference Group Chair Outline P3P February 2000 Update Platform for Privacy Preferences Policy Background

761 views • 37 slides
The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach

The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach

The Platform for Privacy Preferences ( P3 P) December 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich APPEL Subgroup Chair P3P Working Group Outline P3P December 2000 Update Platform for Privacy Preferences ! What

914 views • 55 slides
How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

How much will the platform learn about consumers in the end? \begin{theorem} In the long run,

Dynamic Privacy Choices (Shota Ichihashi, Bank of Canada) In each period Activity produces Consumer data on persistent type uses platform Platform monetizes info Privacy cost (e.g., data leakage) How much will the

412 views • 4 slides
CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International

CO 445H MOBILE PLATFORM SECURITY AND MOBILE PRIVACY Dr. Benjamin Livshits Privacy International Data Tracking 2 http://privacyinternational.org/feature/2433/i-asked-online-tracking-company-all-my-data-and-heres-what-i-found Two Main Attack

986 views • 63 slides
Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the

Automatic Privacy Policy Clustering ... applicable privacy preferences settings to formalise the data disclosure decisions and for visualization IFIP Summer School on Identity Management Karlstad, Sweden August, 6 th -10 th 2007

338 views • 15 slides
New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended

New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended

New Generation TV platform API and Privacy Protection - Study from Broadcasting Extended Functionalities API in BML - September 2, 2010 Shuhei Habu Allied Resources Communications, Inc. Tokyo, Japan Background Users way of watching

1.54k views • 39 slides
Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection

Introduction Syntax Semantics Example Outlook Privacy Preferences for E-Mail Messages Ulrich Knig Independent Centre for Privacy Protection Schleswig-Holstein 26th of July 2010 www.ietf.org/id/draft-koenig-privicons-00.txt Ulrich

225 views • 10 slides
Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy

Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy

Deploying Secure Computing for Real-world Applications Dan Bogdanov, PhD Head of Privacy Technology Development Cybernetica dan@cyber.ee The Sharemind Privacy-preserving Computing Platform Components for Privacy Encrypted Privacy

714 views • 28 slides
Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias

Privacy Accounting and Quality Control in the Sage Di ff erentially Private ML Platform Mathias Lcuyer With: Riley Spahn, Kiran Vodrahalli, Roxana Geambasu, and Daniel Hsu Machine Learning (ML) introduces a dangerous double standard for data

603 views • 45 slides
Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula,

Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula,

Privacy Expectations and Preferences in an IoT World Pardis Emami-Naeini, Sruti Bhagavatula, Martin Degeling, Hana Habib, Lujo Bauer, Lorrie Faith Cranor, Norman Sadeh PERSONALIZED PRIVACY ASSISTANT PROJECT 1 PERSONALIZED PRIVACY ASSISTANT

582 views • 22 slides
Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

Admin Today: finish web privacy, start mobile security Friday: Lab #2 due (8pm)

CSE 484 / CSE M 584: Computer Security and Privacy Web Privacy [finish] Mobile Platform Security [start] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner,

535 views • 29 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE

Data Privacy for IEEE Volunteer Data Managers 2 Overview Changes in Data Privacy IEEE Privacy Policy Terms & Conditions and Subscriptions Consent Structure and Preferences Meetings, Conferences, and Events

926 views • 36 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy.

Anonymity & Privacy Alice Privacy EU directives (e.g. 95/46/EC) to protect privacy. College Bescherming Persoonsgegevens (CBP) What is privacy? Users must be able to determine for themselves when, how, to what extent and

798 views • 45 slides
Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics

ECE598NB Privacy Enhancing Technologies Spring 2006 Outline Privacy Overview Course Topics Course Structure Privacy Define privacy Privacy History Privacy has always existed Cities / large populations have made

173 views • 14 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides

More recommend