Privacy Software

1
Privacy Software

• Yannis MalliosFebruary 27, 2008

2
Overview

• Privacy Enhancing Technologies
• Classification of PETs
• Anonymous Browsing
• Policies
• Filter Tools
• Encryption
• Awareness
• QA

3
Privacy Enhancing Technologies (PETs)

• A coherent system of ICT measures that protects
  privacy by
• eliminating or reducing personal data or
• by preventing unnecessary and/or undesired
  processing of personal data, all
• without losing the functionality of the
  information system
• Hes, Borking, Privacy Enhancing Technologies, The
  Path to Anonymity

4
PETs Classification (1)

• Hundreds of Tools (?)
• Various methods of Classification
• Encryption Tools (e.g. SSL), Policy Tools (e.g.
  P3P, TRUSTe), Filtering Tools (e.g. Cookie
  Management, Spyware), Anonymous Tools (e.g.
  Anonymizer, iPrivacy), Identity Management
• Firewall, Cookie Remover, Web Bug Remover,
  Anonymous Web Browsing, Encrypted Email,
  Advertising Filters, Anti-Spam Tools,
  Anti-Spyware Tools
• Snoop Proof Email, Anonymous Remailers, Surf
  Anonymously, HTML Filters, Cookie Busters, Voice
  Privacy, Email File Privacy, Secure Instant
  Messaging, Web Encryption, Telnet Encryption,
  Disk Encryption, Disk/File Erasing Programs,
  Privacy Policy Generators, Password Security,
  Firewalls

5
PETs Classification (2)

• We could generalize to the following
• Anonymous Tools
• Anonymous Mail
• Anonymous Web Browsing
• Encryption
• Communication Encryption (mail, voice, telnet,
  etc)
• File Encryption
• Policy Tools (Generators, User Agents, etc)
• Identity Management
• Firewalls
• Filter Tools (Cookies, Web Bugs, etc)

6
Privacy Framework

• Framework by Benjamin Brunk
• Awareness
• Tools that convey information without requiring
  explicit action from the user
• Detection
• Tools that actively scan for potential problems
• Prevention
• Tools used as precaution
• Response
• Taking action after the detection of an issue
• Recovery
• Tools that help users get back to normal
• Discussion
• Do we have PETs for every stage of the framework?
  
• PETs for the subset of the stages?

7
Fair information practice codes

• Notice/Awareness
• Choice/Consent
• Access/Participation
• Integrity/Security
• Enforcement/Redress
• Discussion
• Do we have PETs for ensuring all principles?
• Can we rely solely on technology and Privacy
  Software?

8
PETs Already Discussed

• Anonymous Web Browsing
• TOR
• Anonymous Email
• MixMinion
• Communication Encryption
• PGP
• Firewalls
• ZoneAlarm
• Policy Tools
• Seal Programs
• P3P
• Privacy Bird/ Privacy Finder
• Filter Tools
• Bugnosis

9
Anonymous Browsing - Anonymizer

• Traffic is routed through dedicated hardware,
  housed in secure facilities with complete access
  control
• Tor does not use secure hardware or private
  proxies.
• Ensures High availability
• Anonymizer maintains tens of thousands of
  privately owned "clean" IP addresses and rotates
  them frequently
• Onion router type of network use proxies owned by
  individual operators
• Centralized or Distributed?
• Anon.penet.fi again?
• Laws and Regulations?

10
Policies P3PEdit

• Web-based wizard that creates P3P policies for
  websites
• Basic questions about websites data collection
• P3PEdit generates an XML document that web
  browsers can read
• Internet Explorer 6 blocks cookies from
  third-party websites.
• If trying to set cookies from a webserver on
  another site, the cookies will be blocked.
• In a website with multiple domains, only the
  primary domain may set cookies without a P3P
  policy.
• P3PEdit creates P3P policies that are necessary
  to set cookies

11
Policies P3PEdit
12
Policies P3PEdit
13
Policies P3PEdit
14
Policies P3PEdit
15
Policies P3PEdit
16
Policies P3PEdit
17
Policies P3PEdit
18
Filter Tools - Adblock Plus

• Mozilla Firefox Add-On
• Block Ads and Banners on the internet that often
  take longer to download

19
Filter Tools Adblock Plus

• Subscription to Filter Lists

20
Filter Tools Popup Ad Smasher

• Provides Multiple Functionalities Including
• Removes cookies.
• Stops Animated Flash ads.
• Stops Floating pop-up ads
• Cancels Timer ads.
• Remove Web Bugs.
• Stops Blinking/Shaking Picture ads.
• Cancel 3rd Party Activity.
• Auto Cleans Temp folder. 

21
Filter Tools Popup Ad Smasher
22
Filter Tools Popup Ad Smasher
23
Encryption - TrueCrypt

• Free open-source disk encryption software
• Creates a virtual encrypted disk within a file
  and mounts it as a real disk.
• Encrypts an entire partition or storage device
  such as USB flash drive or hard drive.
• Encrypts a partition or drive where Windows is
  installed (pre-boot authentication).
• Encryption is automatic, real-time (on-the-fly)
  and transparent.

24
Encryption - TrueCrypt
25
Privacy in Wireless Networks

• Wireless Networks Broadcast Networks
• Anyone can intercept traffic
• Especially unencrypted such as
• Instant Messaging
• Emails
• Web Visits

26
Peripheral Privacy Notifications for Wireless
Networks

• Notify users of information leaks through
  peripheral display
• Similar to
• Wall of Sheep

27
Peripheral Privacy Notifications-Study

• Implementation
• Display specific key words
• Use a consistent font/text per person
• Study
• In a non-CS or engineering graduate lab
  (semi-public)
• Displayed privacy notifications for a week
• Conclusions
• Network usage did not decrease significantly
• Participants became more self-conscious

28
Peripheral Privacy Notifications-Study

• Users seemed to have attributed the threat to the
  displays presence
• Discussion
• How could the user study be improved?
• How could the proposal/Technology be improved?

29
Questions and Discussion

• Privacy Software
• Yannis Mallios February 27, 2008