Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University

Privacy Enhancing Privacy Enhancing Technologies(PET)Technologies(PET)

Bobby Vellanki

Computer Science Dept.

Yale University

PETsPETs

IntroEncryption ToolsPolicy ToolsFiltering ToolsAnonymous ToolsConclusion

PETPET

PET – Technology that enhances user control and removes personal identifiers

Users want free PrivacyHundreds of new technologies developedwww.Epic.org

PETPET

Classified into 4 Categories:

Encryption Tools (SSL) Policy Tools (P3P, TRUSTe) Filtering Tools (Cookie Cutters, Spyware) Anonymous Tools (Anonymizer, iPrivacy)

PETsPETs

Encryption ToolsEncryption Tools

Examples: SSL, PGP, Encryptionizer

Thought of as a security tool to prevent unauthorized access to communications, files, and computers.

Users don’t see the need Necessary for privacy protection but not

sufficient by themselves.

Pros: Inexpensive (free) Easily Accessible

Cons: Encryption Software isn’t used unless it is built-

in to the software. Both parties need to use the same software

Conclusions:

Easy access All parties need to use the same tool Good start but not sufficient enough

PETsPETs

Policy ToolsPolicy Tools

P3P (Platform for Privacy Preferences) Developed by World Wide Web Consortium

TRUSTe non-profit organization which ensures websites are

following their privacy policy Promotes fair information practices

BBBonline

Policy Tools(Cont.)Policy Tools(Cont.)

P3PUsers declare their privacy policy on their

browsersWebsites register their policy with Security

agencies.The website policy is compared with user

policy and the browser makes automated decisions.

P3P Cont.Might help uncover privacy gaps for

websitesCan block cookies or prevent access to

some sites.Consumer awarenessBuilt into IE 6.0 and Netscape 7 as of July

Conclusions:Users are unaware of Privacy PoliciesNot all websites have Policy toolsNeed automated checks to see if websites

are following their privacy policy

PETsPETs

Filtering ToolsFiltering Tools

Some Types

SPAM filtering

Cookie Cutters

Spyware killers

Filtering Tools (Cont.)Filtering Tools (Cont.)

SPAM Filters:

Problems: Spammers use new technologies to defeat filters Legitimate E-mailers send SPAM resembling

E-mail

Filtering Tools(Cont.)Filtering Tools(Cont.)

SPAM Filters (cont.)Possible Solution:

E-Mail postage scheme

Infeasible solution Tough to impose worldwide Need homogenous technology for all parties Policy responsibility is unclear (Who will police

Cookie CuttersCookie Cutters

Programs that prevent browsers from exchanging cookies

Can block: Cookies Pop-ups http headers that reveal sensitive info Banner ads Animated graphics

Cookie Cutters(cont.)Cookie Cutters(cont.)

Spyware killers: Programs that gather info and send it to websites Downloaded without user knowledge

Filtering Tools (cont.)Filtering Tools (cont.)

Conclusions: New technologies are created everyday Tough to distinguish SPAM Need for a universal organization People are ignorant about the use of cookies

PETsPETs

Anonymous ToolsAnonymous Tools

Enable users to communicate anonymously Masks the IP address and personal info

Some use 3rd party proxy servers Strips off user info and sends it to websites

Not helpful for online transactionsExpensive

Anonymous Tools(Cont.)Anonymous Tools(Cont.)

Types of Anonymizer Technologies:

Autonomy Enhancing (Anonymizer)Seclusion Enhancing (iPrivacy)Property Managing (.NET Passport)

Autonomy Enhancing Technology:Examples:

Anonymizer, Freedom by Zero Knowledge

No user Information is storedUser has complete control

Anonymous Tools(cont.)Anonymous Tools(cont.)

Anonymous Tools (Cont.)Anonymous Tools (Cont.)

Anonymizer:Originally a student project from CMUOne of the first PETsNot concerned with transaction securityProvides anonymity by:

Routing through a proxy server Software to manage security at the PC level

(cookies, spyware, …)

Anonymizer (Cont.)Can be purchased for $30-$70Can’t lose passwordServices:

Customize privacy for each site Erases cookies and log files, pop-up blocker,

Spyware killer, unlisted IP Reports ISP service

Seclusion Enhancing Technologies: Examples:

iPrivacy, Incogno SafeZone

Target Transaction processing companies Trusted third party who promises not to contact

the customer Consumer remains the decision maker

Anonymous Tools (cont.)Anonymous Tools (cont.)

Seclusion Enhancing Technologies:Keeps limited data (dispute resolution)Transaction by transaction basisCustomers can choose to not give any data

to merchants

iPrivacyIntermediary for users and companiesDoesn’t have the ability to look at all user

dataCannot map transactions to user info.Each transaction needs to have personal

info filled out.

iPrivacy(cont.)Customer Downloads software (client-side

software for shipping and Credit Card companies)

Licensed to Credit Card and Shipping Companies

iPrivacy (cont.)Avoids replay attacks for CC companies Allows users to end associations with

merchants

iPrivacy (cont.)

Privacy Policy: Never sees the consumer’s name or address Ensures only CC and shipping companies see data iPrivacy works as a one-way mirror PII filter satisfies HIPAA requirements

Property Managing TechnologyExample:

– .NET Passport

All user data is kept by the providerConsumer doesn’t directly communicate

with the merchant

Property Managing Technology (cont.)Consumer’s control rights are surrendered

for servicePotential for misuse of dataUser gives agency rights to the provider(no

direct contact with merchant)

.NET PassportSingle login service Customer’s personal info is contained in the

Passport profile.– Name, E-mail, state, country, zip, gender, b-day,

occupation, telephone #

Controls and logs all transactions

.NET PassportParticipating sites can provide personalized

servicesMerchants only get a Unique ID.

Participants:– Ebay, MSN, Expedia, NASDAQ, Ubid.com

.NET Passport

Privacy Policy: member of TRUSTe privacy program Will not sell or rent data Some sites may require additional info Doesn’t monitor the privacy policies of .NET

participants Data is stored in controlled facilities

Anonymous Tools(cont.)Anonymous Tools(cont.)

.NET Passport Uses “industry-standard” security technologies to

encrypt data Uses cookies (Can’t use .NET if you decline) Microsoft has the right to store or process your data in

the US or in another country. Abides by the Safe Harbor framework (collection of

data from the EU)

Conclusions:identity is secured through proxy serversGive up privacy for convenience (.NET)Fairly cheap (some free)

PETsPETs

ConclusionConclusion

Trade-off: Privacy vs. ConveniencePeople want free privacyNone of these tools are good enough by

themselvesTechnology that ensures the website is

following its policyNeed for an universal organization

Privacy Enhancing Technologies(PET) Bobby Vellanki Computer Science Dept. Yale University

Documents

BOBBY SAMPLE

Bobby Fischer Enseña Ajedrez - Bobby Fischer

[Ajedrez][chess]fischer, bobby bobby fischer enseña ajedrez

Bobby Camus

Bobby Sands

Bobby Vinton

Little bobby

Recipes from Bobby Flay's Throwdown by Bobby Flay

Bobby Eater

Bobby Dazzlers

Bobby Jones

Bobby Lloyd

Yale Smart Residential Range - Yale Padlocks | Yale

Bobby chiu

Bobby Fischer Enseña Ajedrez - Bobby Fischer.pdf

inthisissue CancerCreatesaStrongerBondforNewlyweds ... · Last year, Luke, Gracie, Nathan, and Bobby rode in the ... support cancer survivorship initiatives at Yale. The fourth annual

Bobby Fischer Enseña Ajedrez - Bobby Fischer_2

CS 257 Chapter – 15.9 Summary of Query Execution Database Systems: The Complete Book Krishna Vellanki 124

Bobby twilleyvisualresume

Bobby Fischer - Bobby Fischer Ensena Ajedrez (Spanish)