privacy enhancing technologies(pet) bobby vellanki computer science dept. yale university
TRANSCRIPT
![Page 1: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/1.jpg)
Privacy Enhancing Privacy Enhancing Technologies(PET)Technologies(PET)
Bobby Vellanki
Computer Science Dept.
Yale University
![Page 2: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/2.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 3: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/3.jpg)
PETPET
PET – Technology that enhances user control and removes personal identifiers
Users want free PrivacyHundreds of new technologies developedwww.Epic.org
![Page 4: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/4.jpg)
PETPET
Classified into 4 Categories:
Encryption Tools (SSL) Policy Tools (P3P, TRUSTe) Filtering Tools (Cookie Cutters, Spyware) Anonymous Tools (Anonymizer, iPrivacy)
![Page 5: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/5.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 6: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/6.jpg)
Encryption ToolsEncryption Tools
Examples: SSL, PGP, Encryptionizer
Thought of as a security tool to prevent unauthorized access to communications, files, and computers.
Users don’t see the need Necessary for privacy protection but not
sufficient by themselves.
![Page 7: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/7.jpg)
Encryption ToolsEncryption Tools
Pros: Inexpensive (free) Easily Accessible
Cons: Encryption Software isn’t used unless it is built-
in to the software. Both parties need to use the same software
![Page 8: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/8.jpg)
Encryption ToolsEncryption Tools
Conclusions:
Easy access All parties need to use the same tool Good start but not sufficient enough
![Page 9: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/9.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 10: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/10.jpg)
Policy ToolsPolicy Tools
P3P (Platform for Privacy Preferences) Developed by World Wide Web Consortium
TRUSTe non-profit organization which ensures websites are
following their privacy policy Promotes fair information practices
BBBonline
![Page 11: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/11.jpg)
Policy Tools(Cont.)Policy Tools(Cont.)
P3PUsers declare their privacy policy on their
browsersWebsites register their policy with Security
agencies.The website policy is compared with user
policy and the browser makes automated decisions.
![Page 12: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/12.jpg)
Policy Tools(Cont.)Policy Tools(Cont.)
P3P Cont.Might help uncover privacy gaps for
websitesCan block cookies or prevent access to
some sites.Consumer awarenessBuilt into IE 6.0 and Netscape 7 as of July
2002
![Page 13: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/13.jpg)
Policy Tools(Cont.)Policy Tools(Cont.)
Conclusions:Users are unaware of Privacy PoliciesNot all websites have Policy toolsNeed automated checks to see if websites
are following their privacy policy
![Page 14: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/14.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 15: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/15.jpg)
Filtering ToolsFiltering Tools
Some Types
SPAM filtering
Cookie Cutters
Spyware killers
![Page 16: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/16.jpg)
Filtering Tools (Cont.)Filtering Tools (Cont.)
SPAM Filters:
Problems: Spammers use new technologies to defeat filters Legitimate E-mailers send SPAM resembling
![Page 17: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/17.jpg)
Filtering Tools(Cont.)Filtering Tools(Cont.)
SPAM Filters (cont.)Possible Solution:
E-Mail postage scheme
Infeasible solution Tough to impose worldwide Need homogenous technology for all parties Policy responsibility is unclear (Who will police
it?)
![Page 18: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/18.jpg)
Cookie CuttersCookie Cutters
Programs that prevent browsers from exchanging cookies
Can block: Cookies Pop-ups http headers that reveal sensitive info Banner ads Animated graphics
![Page 19: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/19.jpg)
Cookie Cutters(cont.)Cookie Cutters(cont.)
Spyware killers: Programs that gather info and send it to websites Downloaded without user knowledge
![Page 20: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/20.jpg)
Filtering Tools (cont.)Filtering Tools (cont.)
Conclusions: New technologies are created everyday Tough to distinguish SPAM Need for a universal organization People are ignorant about the use of cookies
![Page 21: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/21.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 22: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/22.jpg)
Anonymous ToolsAnonymous Tools
Enable users to communicate anonymously Masks the IP address and personal info
Some use 3rd party proxy servers Strips off user info and sends it to websites
Not helpful for online transactionsExpensive
![Page 23: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/23.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
Types of Anonymizer Technologies:
Autonomy Enhancing (Anonymizer)Seclusion Enhancing (iPrivacy)Property Managing (.NET Passport)
![Page 24: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/24.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
Autonomy Enhancing Technology:Examples:
Anonymizer, Freedom by Zero Knowledge
No user Information is storedUser has complete control
![Page 25: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/25.jpg)
Anonymous Tools(cont.)Anonymous Tools(cont.)
![Page 26: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/26.jpg)
Anonymous Tools (Cont.)Anonymous Tools (Cont.)
Anonymizer:Originally a student project from CMUOne of the first PETsNot concerned with transaction securityProvides anonymity by:
Routing through a proxy server Software to manage security at the PC level
(cookies, spyware, …)
![Page 27: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/27.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
Anonymizer (Cont.)Can be purchased for $30-$70Can’t lose passwordServices:
Customize privacy for each site Erases cookies and log files, pop-up blocker,
Spyware killer, unlisted IP Reports ISP service
![Page 28: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/28.jpg)
Anonymous Tools (Cont.)Anonymous Tools (Cont.)
Seclusion Enhancing Technologies: Examples:
iPrivacy, Incogno SafeZone
Target Transaction processing companies Trusted third party who promises not to contact
the customer Consumer remains the decision maker
![Page 29: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/29.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
![Page 30: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/30.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
Seclusion Enhancing Technologies:Keeps limited data (dispute resolution)Transaction by transaction basisCustomers can choose to not give any data
to merchants
![Page 31: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/31.jpg)
Anonymous Tools (Cont.)Anonymous Tools (Cont.)
iPrivacyIntermediary for users and companiesDoesn’t have the ability to look at all user
dataCannot map transactions to user info.Each transaction needs to have personal
info filled out.
![Page 32: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/32.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
iPrivacy(cont.)Customer Downloads software (client-side
software for shipping and Credit Card companies)
Licensed to Credit Card and Shipping Companies
![Page 33: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/33.jpg)
Anonymous Tools(Cont.)Anonymous Tools(Cont.)
iPrivacy (cont.)Avoids replay attacks for CC companies Allows users to end associations with
merchants
![Page 34: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/34.jpg)
Anonymous Tools (Cont.)Anonymous Tools (Cont.)
iPrivacy (cont.)
Privacy Policy: Never sees the consumer’s name or address Ensures only CC and shipping companies see data iPrivacy works as a one-way mirror PII filter satisfies HIPAA requirements
![Page 35: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/35.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
Property Managing TechnologyExample:
– .NET Passport
All user data is kept by the providerConsumer doesn’t directly communicate
with the merchant
![Page 36: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/36.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
![Page 37: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/37.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
Property Managing Technology (cont.)Consumer’s control rights are surrendered
for servicePotential for misuse of dataUser gives agency rights to the provider(no
direct contact with merchant)
![Page 38: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/38.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
.NET PassportSingle login service Customer’s personal info is contained in the
Passport profile.– Name, E-mail, state, country, zip, gender, b-day,
occupation, telephone #
Controls and logs all transactions
![Page 39: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/39.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
.NET PassportParticipating sites can provide personalized
servicesMerchants only get a Unique ID.
Participants:– Ebay, MSN, Expedia, NASDAQ, Ubid.com
![Page 40: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/40.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
.NET Passport
Privacy Policy: member of TRUSTe privacy program Will not sell or rent data Some sites may require additional info Doesn’t monitor the privacy policies of .NET
participants Data is stored in controlled facilities
![Page 41: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/41.jpg)
Anonymous Tools(cont.)Anonymous Tools(cont.)
.NET Passport Uses “industry-standard” security technologies to
encrypt data Uses cookies (Can’t use .NET if you decline) Microsoft has the right to store or process your data in
the US or in another country. Abides by the Safe Harbor framework (collection of
data from the EU)
![Page 42: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/42.jpg)
Anonymous Tools (cont.)Anonymous Tools (cont.)
Conclusions:identity is secured through proxy serversGive up privacy for convenience (.NET)Fairly cheap (some free)
![Page 43: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/43.jpg)
PETsPETs
IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion
![Page 44: Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649cef5503460f949be291/html5/thumbnails/44.jpg)
ConclusionConclusion
Trade-off: Privacy vs. ConveniencePeople want free privacyNone of these tools are good enough by
themselvesTechnology that ensures the website is
following its policyNeed for an universal organization