2020/5/6

Privacy-Aware Network Client Pattern

學生：林泰邑 老師：張顧耀老師 日期： 95.05.23

學號： R9406014 1

Source & Author

 Source ： 2005 年 Pattern Languages of Programs (PLoP) conference  Author ： M. Sadicoff, M. M. Larrondo-Petrie, E. B. Fernandez 2020/5/6 2

Outline

 Introduction  Example  Problems  Solutions  Implementation & Known uses  Consequence 2020/5/6 3

Introduction

 It introduces the concept of a Privacy Proxy to enhance the user’s comprehension of any privacy-related concerns.  Even though the current uses of this pattern are constrained to brows web, it can have a more general use.

2020/5/6 4

Example

 The users connect to websites for a variety of purposes, including product search , component purchasing , and looking for general information .

 Every interaction may require the user to provide some information and users may unwittingly provide too much information.  This extra information could be used later to steal their identities or to send spam to them. 2020/5/6 5

Example

 We would like users to be aware of what information the sites really need to collect and to learn to avoid sites that require unnecessary information .

2020/5/6 6

Questions

 A network server can use a standard such as P3P to conveniently publish privacy policies , which describe how each connecting user’s private data is gathered and utilized.  However, how can we ensure that a user connecting through a network client will be made aware of these policies prior to divulging this data?

2020/5/6 7

P3P (Platform for Privacy Preferences)

 P3P (Platform for Privacy Preferences Project) ， 是由 W3C(The World Wide Web Consortium ) 更大的控制權。 他人。 P3P 所 制定的技術，目的在提供網友對於個人資訊使用 可讓網友自行決定要提供什 麼資訊給到訪網站，以及想分享什麼樣資訊給其  P3P 將網站的隱私政策公布讓網友看得懂、找得 到，最重要讓網友具有自己隱私的主動權，可保 護網友或消費者的個人權利。 2020/5/6 8

Possible Solution

 Privacy policies must be displayed to the user in a form that can be clearly understood.

 The user must be able to select what information can be gathered and used through a simple, easy-to-use interface.

 Privacy policies may change and the user must be able to see the latest ones; otherwise it might follow obsolete policies that may compromise its privacy.

2020/5/6 9

Solution

 Define a privacy proxy that will be able to understand the machine readable policies made available by the server and translate them to easy-to-use human-readable form for the user.

2020/5/6 10

2020/5/6

Figure 1: The Privacy-aware Network Client pattern

11

Figure 2: Sequence diagram

2020/5/6 12

Implementation

 Design and implement a proxy able to parse and interpret privacy policies written in some standard language. Successful use of the pattern requires that the proxy can understand the server’s privacy language.

 Design and implement a secure communication channel between network clients and their proxies. This is necessary to avoid interception of the user choices by malicious users.

2020/5/6 13

Known uses JRC P3P Proxy Version 2.0



The JRC P3P Proxy Version 2.0 is a P3P user agent, which acts as an intermediary agent (the middleman) that controls access to remote web servers dependent upon the privacy preferences a User specifies.

2020/5/6 14

JRC P3P Proxy Version 2.0

 JRC P3P Proxy 為介於使用者隱私基準和 網站隱私政策的中介者（中間人），依據 使用者所細訂的準則，加強對遠端網站主 機的存取控制。  此軟體工具可免費下載： http://p3p.jrc.it/downloadP3P.php 2020/5/6 15

Known uses - AT&T Privacy Bird

1.

2.

AT&T’s Privacy Bird implements a complete Proxy for web browsing which displays warnings when a website gathers private information. Note that the user’s response may have been previously determined and saved in a local software profile.

The AT&T Privacy Bird lets you see what's really going on at Web sites. The bird icon alerts you about Web site privacy policies with a visual symbol and optional sounds .

2020/5/6 16

AT&T Privacy Bird

 AT&T Privacy Bird 幫助網路使用者了解網 站如何使用它們的個人資料。此工具自動 搜尋每個上訪的網站的隱私策略，根據使 用者在軟體上設定的個人隱私準則，如果 網站的隱私策略不符合你的個人隱私保護 基準，工具會自動提醒使用者。  此為免費軟體，可上此網頁下載： http://privacybird.com/ 2020/5/6 17

1.

2.

Internet Explorer 6 for Windows XP (cookie privacy)

It protects only cookies and its policy display capabilities are minimal , only supporting reading of P3P policies.

It allows the user control over cookie privacy.. a) b) c) If you want Internet Explorer to determine whether or not to allow this Web site to save cookies on your computer by comparing the privacy policy with your privacy settings, select “

Use my privacy settings ”

. If you want Internet Explorer to always allow cookies from this Web site to be saved on your computer, select “

Always allow this site to use cookies ”

. If you want Internet Explorer to never allow cookies from this Web site to be saved on your computer, select “

Never allow this site to use cookies

.” 2020/5/6 18

Internet Explorer 6 for Windows XP (cookie privacy)

 系統會自動地執行將使用者個人制定的隱 私準則來對應上訪網站的隱私政策，用容 易使用的視窗介面，告知使用者可接受與 否，同時也增加使用者對 cookies 的掌控。 可於此下載免費的使用者版本： http://www.microsoft.com/windows/ie/down loads/ie6/download.asp 2020/5/6 19



Known uses Mozilla P3P Privacy Policy Viewer

Version 7 of the Mozilla web browser has an extension called Privacy Policy Viewer , which implements a P3P reader and displays privacy policies for each site in human-readable format. 2020/5/6 20

Figure 3: Privacy-aware Network Client (Mozilla) example

2020/5/6 21

Consequence

 Advantage:    The User can always be conveniently aware of the privacy policies for a specific interaction, allowing a better informed decision prior to releasing private information.

Though it has been used only for web-related activities, it is an appropriate pattern for general use, such as database access that could potentially deal with private information.

Changes in privacy policies of the server will automatically be detected through the Proxy.

2020/5/6 22

Consequence (Cont.)

 Liabilities:  Extra overhead in network connectivity, since every access to a privacy-sensitive area needs a separate secure connection for the Proxy. This can potentially be reduced through the use of a cache.

 The pattern’s concern is with the connection to the Server and the network connectivity issues only. The privacy-related constraints need to be stored locally in the Client’s operating environment. Any knowledgeable attack to that machine could potentially compromise privacy.

2020/5/6 23

Consequence (Cont.)

 If the Server administrators can show (based on the user interactions) that a Privacy-Aware client has been used for a specific access, then any claims of privacy breaches can be directly blamed on the client.

 It requires that all sites use one or a small set of privacy languages.

2020/5/6 24