Transcript Document

Privacy-Aware
Network Client Pattern
學生：林泰邑
老師：張顧耀老師
日期：95.05.23
學號：R9406014
2015/7/21
1
Source & Author
 Source：2005年Pattern
Languages of
Programs (PLoP) conference
 Author：M.
Sadicoff,
M. M. Larrondo-Petrie,
E. B. Fernandez
2015/7/21
2
Outline
 Introduction
 Example
 Problems
 Solutions
 Implementation
& Known uses
 Consequence
2015/7/21
3
Introduction
 It
introduces the concept of a Privacy
Proxy to enhance the user’s
comprehension of any privacy-related
concerns.
 Even though the current uses of this
pattern are constrained to brows web, it
can have a more general use.
2015/7/21
4
Example

The users connect to websites for a variety
of purposes, including product search,
component purchasing, and looking for
general information.
 Every interaction may require the user to
provide some information and users may
unwittingly provide too much information.
 This extra information could be used later to
steal their identities or to send spam to them.
2015/7/21
5
Example
 We
would like users to be aware of
what information the sites really need to
collect and to learn to avoid sites that
require unnecessary information .
2015/7/21
6
Questions

A network server can use a standard such as
P3P to conveniently publish privacy policies ,
which describe how each connecting user’s
private data is gathered and utilized.

However, how can we ensure that a user
connecting through a network client will be
made aware of these policies prior to divulging
this data?
2015/7/21
7
P3P
(Platform for Privacy Preferences)

P3P (Platform for Privacy Preferences Project)，
是由W3C(The World Wide Web Consortium )所
制定的技術，目的在提供網友對於個人資訊使用
更大的控制權。 P3P可讓網友自行決定要提供什
麼資訊給到訪網站，以及想分享什麼樣資訊給其
他人。

P3P將網站的隱私政策公布讓網友看得懂、找得
到，最重要讓網友具有自己隱私的主動權，可保
護網友或消費者的個人權利。
2015/7/21
8
Possible Solution

Privacy policies must be displayed to the
user in a form that can be clearly understood.
 The user must be able to select what information
can be gathered and used through a simple,
easy-to-use interface.
 Privacy policies may change and the user must
be able to see the latest ones; otherwise it
might follow obsolete policies that may
compromise its privacy.
2015/7/21
9
Solution
 Define
a privacy proxy that will be
able to understand the machinereadable policies made available by the
server and translate them to easy-to-use
human-readable form for the user.
2015/7/21
10
Figure 1: The Privacy-aware
Network Client pattern
2015/7/21
11
Figure 2: Sequence diagram
2015/7/21
12
Implementation

Design and implement a proxy able to parse and
interpret privacy policies written in some
standard language. Successful use of the
pattern requires that the proxy can understand
the server’s privacy language.
 Design and implement a secure communication
channel between network clients and their
proxies. This is necessary to avoid interception
of the user choices by malicious users.
2015/7/21
13
Known uses JRC P3P Proxy Version 2.0
 The
JRC P3P Proxy Version 2.0 is a P3P
user agent, which acts as an intermediary
agent (the middleman) that controls
access to remote web servers dependent
upon the privacy preferences a User
specifies.
2015/7/21
14
JRC P3P Proxy Version 2.0
P3P Proxy 為介於使用者隱私基準和
網站隱私政策的中介者（中間人），依據
使用者所細訂的準則，加強對遠端網站主
機的存取控制。
 此軟體工具可免費下載：
http://p3p.jrc.it/downloadP3P.php
 JRC
2015/7/21
15
Known uses - AT&T Privacy Bird
AT&T’s Privacy Bird implements a complete
Proxy for web browsing which displays
warnings when a website gathers private
information. Note that the user’s response may
have been previously determined and saved in
a local software profile.
2. The AT&T Privacy Bird lets you see what's
really going on at Web sites. The bird icon
alerts you about Web site privacy policies with
a visual symbol and optional sounds.
1.
2015/7/21
16
AT&T Privacy Bird
 AT&T
Privacy Bird幫助網路使用者了解網
站如何使用它們的個人資料。此工具自動
搜尋每個上訪的網站的隱私策略，根據使
用者在軟體上設定的個人隱私準則，如果
網站的隱私策略不符合你的個人隱私保護
基準，工具會自動提醒使用者。
 此為免費軟體，可上此網頁下載：
http://privacybird.com/
2015/7/21
17
Internet Explorer 6 for Windows XP
(cookie privacy)
It protects only cookies and its policy display
capabilities are minimal, only supporting
reading of P3P policies.
2. It allows the user control over cookie privacy..
1.
a) If you want Internet Explorer to determine whether or not to
allow this Web site to save cookies on your computer by
comparing the privacy policy with your privacy settings,
select “Use my privacy settings”.
b) If you want Internet Explorer to always allow cookies from
this Web site to be saved on your computer, select “Always
allow this site to use cookies”.
c) If you want Internet Explorer to never allow cookies from this
Web site to be saved on your computer, select “Never allow
this site to use cookies.”
2015/7/21
18
Internet Explorer 6 for Windows XP
(cookie privacy)
 系統會自動地執行將使用者個人制定的隱
私準則來對應上訪網站的隱私政策，用容
易使用的視窗介面，告知使用者可接受與
否，同時也增加使用者對cookies 的掌控。
可於此下載免費的使用者版本：
http://www.microsoft.com/windows/ie/down
loads/ie6/download.asp
2015/7/21
19
Known uses Mozilla P3P Privacy Policy Viewer

Version 7 of the Mozilla web browser has
an extension called Privacy Policy
Viewer , which implements a P3P reader
and displays privacy policies for each
site in human-readable format.
2015/7/21
20
Figure 3: Privacy-aware Network
Client (Mozilla) example
2015/7/21
21
Consequence

Advantage:



The User can always be conveniently aware of the
privacy policies for a specific interaction, allowing a
better informed decision prior to releasing private
information.
Though it has been used only for web-related
activities, it is an appropriate pattern for general use,
such as database access that could potentially deal
with private information.
Changes in privacy policies of the server will
automatically be detected through the Proxy.
2015/7/21
22
Consequence (Cont.)

Liabilities:


Extra overhead in network connectivity, since every
access to a privacy-sensitive area needs a separate
secure connection for the Proxy. This can
potentially be reduced through the use of a cache.
The pattern’s concern is with the connection to the
Server and the network connectivity issues only. The
privacy-related constraints need to be stored locally in
the Client’s operating environment. Any
knowledgeable attack to that machine could
potentially compromise privacy.
2015/7/21
23
Consequence (Cont.)


If the Server administrators can show (based
on the user interactions) that a Privacy-Aware
client has been used for a specific access,
then any claims of privacy breaches can be
directly blamed on the client.
It requires that all sites use one or a small set
of privacy languages.
2015/7/21
24