Privacy Preferences
description
Transcript of Privacy Preferences
![Page 1: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/1.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Privacy Preferences
Edgardo Vega
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 2: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/2.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Privacy Preferences Introduction to P3P (2002) User Interfaces for Privacy Agents (2006)
Lorrie Faith Cranor
Praveen Guduru
Manjula Arjula
![Page 3: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/3.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
INTRODUCTION TO P3P
![Page 4: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/4.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
P3P Platform for Privacy Preferences
Goals Enable the end user to understand what data will be
gathered by the site, how the data will be used, and allow the user to have control over that data
Enable the websites to show their privacy policies in a standard, computer-readable format
Specification Standard, computer-readable format for privacy policies Protocol to read and process privacy policies
automatically
![Page 5: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/5.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
How P3P Works
![Page 6: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/6.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Major components of a P3P policy
![Page 7: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/7.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Policy File
![Page 8: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/8.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Policy File
![Page 9: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/9.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
User Agents Generic term to describe any P3P
implementation Web browsers
Mozilla IE6 Netscape 7
Electronic Wallet ISP software Standalone application Search Engines
![Page 10: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/10.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Implementations Compact Policies
Cookie filtering decisions only P3P Preference Exchange Language (APPEL)
Use by an organization to created custom P3P files to distribute to end user
Privacy Bird and Fox
![Page 11: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/11.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
FFIE
![Page 12: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/12.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
PRIVACY BIRD
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 13: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/13.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Issues Interface for informing users about website
privacy policies Interface for configuring a user agent to take
actions based off the user’s privacy preferences
![Page 14: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/14.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Role Privacy Enhancing Technologies (PETs) is
part of Fair Information Practices (FIPs)
Collection Limitation Principle
Data Quality Principle
Purpose Specification
Principle
Use Limitation Principle
![Page 15: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/15.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Challenges Privacy policies are difficult User preferences are also complex and have
nuances Users are unfamiliar with the terms Users are inexperienced in expressing their
preferences Users have contradictory expectations
![Page 16: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/16.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Design
![Page 17: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/17.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Privacy Bird A P3P user agent Add on for IE 5.01, 5.5, and 6.0
![Page 18: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/18.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
User Interface
![Page 19: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/19.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
![Page 20: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/20.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Design DecisionsVocabulary Subset
Bundling Similar Vocabulary Elements
Removing Jargon
Using Vocabulary Elements in Combination
Layered Interfaces
Default Settings
Icons and Earcons
![Page 21: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/21.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Evaluation Usefulness and usability of P3P user agents
from the perspective of their users Controlled laboratory setting as well as how it
is used in practice Bellotti’s privacy-sensitive design criteria
![Page 22: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/22.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
User Survey Yellow bird appeared at most websites Strong feelings about the optional
sound effects
Change in online behavior at 88%
![Page 23: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/23.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Laboratory Study 12 experienced Microsoft Internet Explorer
users who had never used Privacy Bird or the P3P features in IE6
Given a brief tutorial on Privacy Bird beta 1.2 and the IE6 P3P features
Answer four questions about a website’s privacy policy.
Control was to ask user to read an privacy policy at a different website
![Page 24: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/24.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Questions1. Whether or not the site might send a visitor
unsolicited email2. Whether or not the site might share a
visitor’s email address with another company that might send the visitor unsolicited email
3. Whether or not the site uses cookies4. Determining what steps a visitor could take
to exercise opt-out or unsubscribe options.
![Page 25: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/25.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Results (Compare User Agents)
![Page 26: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/26.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Results (Usefulness)
![Page 27: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/27.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Results (Other) Information Presented by P3P User Agents Icons Language used in Preference Configuration
Interface and Policy Summary Privacy Agents as Educational Tools.
![Page 28: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/28.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Evaluation CriteriaTrustwort
hinessAppropriate timing
Perceptibility
Unobtrusiveness
Minimal intrusiveness
Fail safety
Flexibility Low effort Meaningfulness
Learnability Low cost
![Page 29: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/29.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Summary Privacy Bird to be both useful and usable.
Good•Summary format•Persistent privacy icon•Able to determine why warned
Improve•Policy summary•Wording•Icons•Obvious expand/collapse
![Page 30: Privacy Preferences](https://reader036.fdocuments.net/reader036/viewer/2022062501/5681692b550346895de06cec/html5/thumbnails/30.jpg)
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Discussion Does simplification run the risk of misleading
or confusing users What do users want out of privacy policies Are privacy preferences independent of the
capabilities of a P3P user agent Do tools really provide the best way to
educated end users Why hasn’t P3P adoption taken off