CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

Slides:



Advertisements
Similar presentations
Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.
Advertisements

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
P3P Ro Young-jin. What Is P3P? Platform for Privacy Preference Project Developed by W3C Provides a standard way for Web sites to communicate.
Methodology Conducted from March 16 – 22, 2006
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
The Importance of Being Earnest [in Security Warnings] Serge Egelman (UC Berkeley) Stuart Schechter (Microsoft Research)
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 User Studies Motivation January.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Introduction.
Personalization vs. Privacy Invasion © 2001 Ann Schlosser, University of Washington Business School.
Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
C MU U sable P rivacy and S ecurity Laboratory Making privacy visible Lorrie Faith Cranor October 19, 2007.
Chapter 14: Personalization and TrustCopyright © 2004 by Prentice Hall User-Centered Website Development: A Human- Computer Interaction Approach.
An Analysis of P3P Deployment Hyun Jin Kim Sensitive Information in a Wired World November 11, 2003.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
Certificate Authority Security Council (CASC) 2015 Consumer Trust Survey.
ONLINE CLAIMS TRACKING
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 P3P Legal, Policy, and.
CMU Usable Privacy and Security Laboratory Hey, That’s Personal! Lorrie Faith Cranor 28 July 2005
P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
The Future of P3P Ari Schwartz Center for Democracy and Technology Lorrie Faith Cranor AT&T Labs-Research November 2002.
7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.
User Interfaces for Privacy Design and Evaluation of the AT&T Privacy Bird P3P User Agent Lorrie Faith Cranor AT&T Labs-Research
P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner World Wide Web Consortium 23 April 2001 National Association of Attorneys General.
Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.
CSC-682 Advanced Computer Security Analyzing Websites for User-Visible Security Design Flaws Pompi Rotaru Based on an article by : Laura Falk, Atul Prakash,
1 Personalization and Trust Personalization Mass Customization One-to-One Marketing Structure content & navigation to meet the needs of individual users.
© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.
Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.
Registration Solutions for your Event Management.
AT&T Privacy Bird Screen Shots For more information see
ARMS Advanced Risk Management System User Documentation.
Internet Network of networks Mother of all networks
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Introduction to P3P October 2, 2008.
Morton Instructional Technology Team Edline Student Activation.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Usable Privacy and Security.
CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
2014 Visualizing Privacy Morgan Eisler UX Researcher 10/09/14 #GHC
AREA MEETING 2016 What is the CLIMATE of your CLUB?
What is Microsoft Internet Explorer?
Visualizing Privacy I March 7, 2006.
SSL Certificates for Secure Websites
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February
A Brief Introduction to the Internet
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Internet.
The Platform for Privacy Preferences Project
Presentation transcript:

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Good! Users claim to value privacy Users claim to value privacy More and more are concerned More and more are concerned Top concerns Top concerns Insecure transactions Data sharing Theft of data Lost revenue Lost revenue By 2006, $24.5B lost (Juniper Research, 2002) More online shopping with privacy guarantees More online shopping with privacy guarantees

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Policies Users like notices Users like notices In theory… Rapid adoption Rapid adoption Problems Problems Comprehension Hard to find Lengthy Subject to changing without notice There must be a better way! There must be a better way!

CMU Usable Privacy and Security Laboratory Serge Egelman Platform for Privacy Preferences Project (P3P) Developed by the World Wide Web Consortium (W3C) Developed by the World Wide Web Consortium (W3C) Final P3P1.0 Recommendation issued 16 April 2002 Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format Can be deployed using existing web servers Enables the development of tools (built into browsers or separate applications) that Enables the development of tools (built into browsers or separate applications) that Summarize privacy policies Compare policies with user preferences Alert and advise users P3P support built into IE6 and Netscape 7 P3P support built into IE6 and Netscape 7

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Bird Free download of beta from Free download of beta from Originally developed at AT&T Labs Released as open source “Browser helper object” for IE6 “Browser helper object” for IE6 Reads P3P policies at all P3P-enabled sites automatically Reads P3P policies at all P3P-enabled sites automatically Bird icon at top of browser window indicates whether site matches user’s privacy preferences Bird icon at top of browser window indicates whether site matches user’s privacy preferences Clicking on bird icon gives more information Clicking on bird icon gives more information

CMU Usable Privacy and Security Laboratory Serge Egelman Chirping bird is privacy indicator

CMU Usable Privacy and Security Laboratory Serge Egelman Red bird indicates mismatch

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy settings

CMU Usable Privacy and Security Laboratory Serge Egelman Why can’t somebody else do it?

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Finder Prototype developed at AT&T Labs, improved and deployed by CUPS Prototype developed at AT&T Labs, improved and deployed by CUPS Multiple search APIs Multiple search APIs Locates P3P policies Locates P3P policies Compares with user’s preferences Compares with user’s preferences Reorders annotated search results Reorders annotated search results Users can retrieve “Privacy Report” similar to Privacy Bird policy summary Users can retrieve “Privacy Report” similar to Privacy Bird policy summary

CMU Usable Privacy and Security Laboratory Serge Egelman But Is It Useful? Do users care about web site privacy? Do users care about web site privacy? Have enough web sites adopted P3P that typical search results contain sites with P3P policies? Have enough web sites adopted P3P that typical search results contain sites with P3P policies? Do users have meaningful choices among privacy policies? Do users understand information provided by Privacy Finder? Do users understand information provided by Privacy Finder? Does Privacy Finder influence online purchasing decisions? Does Privacy Finder influence online purchasing decisions?

CMU Usable Privacy and Security Laboratory Serge Egelman Let’s Find Out! Observe purchase decisions Observe purchase decisions Surveys Surveys 5 Point Likert Between groups Between groups 24 Participants “Shopping Finder” Static pages Multiple products Multiple products No price incentive No price incentive Shipping option Shipping option

CMU Usable Privacy and Security Laboratory Serge Egelman

Privacy Preferences Data sharing  Financial (100% opposed)  Medical (92% opposed)  Non-personal information (33% opposed) Opt-out (96% opposed) Access (96% favor) Marketing  Telephone (92% opposed)  /Postal (88% opposed)

CMU Usable Privacy and Security Laboratory Serge Egelman Medium Preference Level Warn when… Warn when… Site collects health or medical information for analysis or marketing. Site shares health or medical information with others. Site shares financial information with others. Site does not allow me to opt-out from marketing lists. Sites shares personally identifiable information with others. Sites does not allow me to see the information collected on me. But do their actions follow? But do their actions follow?

CMU Usable Privacy and Security Laboratory Serge Egelman Results …not really …not really

CMU Usable Privacy and Security Laboratory Serge Egelman Results Acting on privacy concerns Acting on privacy concerns Privacy Finder helps Green bird purchases Green bird purchases Condoms  Experimental: 8/12  Control: 2/12 Power strips  Experimental: 4/12  Control: 1/12 Red bird purchases Red bird purchases Condoms  Experimental: 1/12  Control: 7/12 Power strips  Experimental: 2/12  Control: 2/12

CMU Usable Privacy and Security Laboratory Serge Egelman Results Product privacy concerns Product privacy concerns Condoms (p < 0.025) Power strips (not significant) Price *may* matter Price *may* matter Lower prices in control group Condoms: $13.96 vs. $12.63 Power strips: $17.04 vs. $16.47

CMU Usable Privacy and Security Laboratory Serge Egelman Exit Survey More concerns with condoms (p < 0.008) More concerns with condoms (p < 0.008) Discreet packaging Credit statement Order history Group differences Group differences Data security (experimental: 50%, control: 0) Misunderstood symbols  50% thought green bird means encryption Experimental concerns addressed by P3P 90% said bird influenced decision

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Information Privacy Reports Privacy Reports Four read them Four could not find them Three were not interested Privacy Policies Privacy Policies One third read them Two read Privacy Report but not policy  Trusted Privacy Finder Birds Birds Five avoided red birds False trust

CMU Usable Privacy and Security Laboratory Serge Egelman Limitations & Future Work More control needed More control needed Evenly distributed birds Trust icons for both groups Click logs Click logs Price information Price information Incentives Result order Trust icon Trust icon Boxes vs. birds

CMU Usable Privacy and Security Laboratory Serge Egelman Privacy Finder

CMU Usable Privacy and Security Laboratory

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.