Abstract
Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P user agents can fetch P3P privacy policies automatically, compare them with a user's privacy preferences, and alert and advise the user. Developing user interfaces for P3P user agents is challenging for several reasons: privacy policies are complex, user privacy preferences are often complex and nuanced, users tend to have little experience articulating their privacy preferences, users are generally unfamiliar with much of the terminology used by privacy experts, users often do not understand the privacy-related consequences of their behavior, and users have differing expectations about the type and extent of privacy policy information they would like to see. We developed a P3P user agent called Privacy Bird. Our design was informed by privacy surveys and our previous experience with prototype P3P user agents. We describe our design approach, compare it with the approach used in other P3P use agents, evaluate our design, and make recommendations to designers of other privacy agents.
- Ackerman, M. S., Cranor, L. F., and Reagle, J. 1999. Privacy in e-commerce: Examining user scenarios and privacy preferences. In Proceedings of the 1st ACM Conference on Electronic Commerce (EC '99). Denver, Colorado (Nov.), ACM Press, New York, NY, 1--8. DOI= http://doi.acm.org/10.1145/336992.336995. Google Scholar
- Ackerman, M. S. and Cranor, L. 1999. Privacy critics: UI components to safeguard users' privacy. In CHI '99 Extended Abstracts on Human Factors in Computing Systems (CHI '99). Pittsburgh, PA (May). ACM Press, New York, NY, 258--259. DOI= http://doi.acm.org/10.1145/632716.632875. Google Scholar
- Adams, A. and Sasse, M. A. 2001. Privacy in multimedia communications: Protecting users, not just data. In People and Computers XV--Interaction Without Frontiers. Joint Proceedings of HCI2001 and ICM2001, A. Blandford, J. Vanderdonkt, and P. Gray, Eds. Springer-Verlag. 49--64.Google Scholar
- Agre, P. 1997. Introduction. In Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg, Eds. MIT Press, Cambridge, MA, 1--28. Google Scholar
- Alsaid, A. and Martin, D. 2002. Detecting Web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2002 Workshop on Privacy Enhancing Technologies (PET '02). http://www.cs.uml.edu/~dm/pubs/bugnosis-pet2002.ps. Google Scholar
- Bellotti, V. 1997. Design for privacy in multimedia computing and communications environments. In Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg, Eds. MIT Press, Cambridge, MA, 63--98. Google Scholar
- Berners-Lee, T., Hendler, J., and Lassila, O. May 2001. The Semantic Web. Scientific American.Google Scholar
- Burkert, H. 1997. Privacy-enhancing technologies: Typology, critique, vision. In Technology and Privacy: The New Landscape, P. Agre and M. Rotenberg, Eds. MIT Press, Cambridge, MA. Google Scholar
- Byers, S., Cranor, L. F., and Kormann, D. 2003. Automated analysis of P3P-abled Web sites. In Proceedings of the 5th International Conference on Electronic Commerce (ICEC '03). Pittsburgh, PA (Sept.-Oct.). ACM Press, New York, NY, 326--338. DOI= http://doi.acm.org/10.1145/948005.948048. Google Scholar
- Byers S, Cranor, L., Kormann, D., and McDaniel P. 2004. Searching for privacy: Design and implementation of a P3P-enabled search engine. In Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET '04). Toronto, Canada, (May). Google Scholar
- Catlett, J. 2000. Open letter to P3P developers & replies. In Proceedings of the 10th Conference on Computers, Freedom and Privacy: Challenging the Assumptions (CFP '00). Toronto, Canada (April). ACM Press, New York, NY, 157--164. DOI= http://doi.acm.org/10.1145/332186.332276. Google Scholar
- Cranor, L. F. 1999. Internet privacy. Comm. ACM 42, 2, (Feb.), 28--38. DOI= http://doi.acm.org/10.1145/293411.293440. Google Scholar
- Cranor, L. Web Privacy with P3P. O'Reilly & Associates, Sebastopol CA. Google Scholar
- Cranor, L. F., Arjula, M., and Guduru, P. 2002a. Use of a P3P user agent by early adopters. In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society (WPES '02). Washington, DC (Nov.). ACM Press, New York, NY, 1--10. DOI= http://doi.acm.org/10.1145/644527.644528. Google Scholar
- Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. 2002b. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. World Wide Web Consortium Recommendation (April). http://www.w3.org/TR/P3P/.Google Scholar
- Cranor, L., Langheinrich, M., and Marchiori, M. 2002c. A P3P Preference Exchange Language 1.0 (APPEL1.0). World Wide Web Consortium Working Draft (April). http://www.w3.org/TR/WD-P3P-Preferences.Google Scholar
- Cranor, L. and Reagle, J. 1998. Designing a social protocol: Lessons learned from the platform for privacy preferences project. In Telephony, the Internet, and the Media, J. K. MacKie-Mason and D. Waterman, Eds. Lawrence Erlbaum Associates, Mahwah, NJ. http://www.w3.org/People/Reagle/articles/tprc97/tprc-f2m3.html.Google Scholar
- Cranor, L. and Reidenberg, J. 2002. Can user agents accurately represent privacy notices? TPRC 2002. http://articles.ssrn.com/sol3/articles.cfm?abstractid=328860.Google Scholar
- Cranor, L. and Wenning, R. 2002. Why P3P is a good tool for consumers and companies. GigaLaw.com. http://www.gigalaw.com/articles/2002/cranor-2002-04.html.Google Scholar
- Cranor, L. F. and Wright, R. N. 2000. Influencing software usage. In Proceedings of the 10th Conference on Computers, Freedom and Privacy: Challenging the Assumptions (CFP '00) Toronto, Canada (April). ACM Press, New York, NY, 45--55. DOI= http://doi.acm.org/10.1145/332186.332210. Google Scholar
- Dourish, P. 2004. Security as experience and practice: Supporting everyday security. The Workshop on Usable Privacy and Security Software, Rutgers, NJ. (July). http://www.ics.uci.edu/~jpd/talks/wupss-security.pdf.Google Scholar
- Esposito, D. 1999. Helper objects: The browser the way you want it. MSDN Library (Jan.). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebgen/html/bho.asp.Google Scholar
- Friedman, B., Kahn, P., and Borning, A. 2002. Value sensitive design: Theory and methods, UW CSE Tech. rep. 02-12-01, http://www.ischool.washington.edu/vsd/vsd-theory-methods-tr.pdf.Google Scholar
- Gandon, F. L. and Sadeh, N. M. 2003. A semantic e-wallet to reconcile privacy and context-awareness. In Proceedings of the 2nd International Semantic Web Conference (ISWC03).Google Scholar
- Georgia Tech Graphics. 1998. Visualization and usability center. GVU's 10th WWW User Survey. Available at http://www.gvu.gatech.edu/user_surveys.Google Scholar
- Goldberg, I. 2002. Privacy-enhancing technologies for the Internet II: Five years later. In PET 2002 Workshop on Privacy-Enhancing Technologies. Lecture Notes in Computer Science. Springer-Verlag, Berlin, Germany. Google Scholar
- Goldfeder, A. and Leibfried, L. 2001. Privacy in Internet Explorer 6. MSDN Library. (Oct.). http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp.Google Scholar
- Harris, L. and Associates and Westin, A. F. 1991. Harris-Equifax Consumer Privacy Survey 1991. Equifax Inc., Atlanta GA.Google Scholar
- Harris, L. and Associates and Westin, A. F. 1998. E-commerce and Privacy: What Net Users Want. Privacy and American Business, Hackensack NJ.Google Scholar
- Hochhauser, M. 2003. Why Patients Won't Understand Their HIPAA Notices. Privacy Rights Clearinghouse. http;//www.privacyrights.org/ar/HIPAA-Readability.htm.Google Scholar
- Hochhauser, H. 2002. The platform for privacy preference as a social protocol: An examination within the U.S. policy context. ACM Trans. Inter. Tech. 2, 4 (Nov.), 276--306. DOI= http://doi.acm.org/10.1145/604596.604598. Google Scholar
- Hull, R., Kumar, B., Lieuwen, D., Patel-Schneider, P., Sahuguet, A., Varadarajan, S., and Vyas, A. 2003. Enabling context-aware and privacy-conscious user data sharing. In Proceedings of the 2004 IEEE International Conference on Mobile Data Management, 187--198.Google Scholar
- Jensen, C. and Potts, C. 2004. Privacy policies as decision-making tools: An evaluation of online privacy notices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '04) Vienna, Austria (April). ACM Press, New York, NY, 471--478. DOI= http://doi.acm.org/10.1145/985692.985752. Google Scholar
- Khong, P. W. and Song, J. P. 2003. Exploring users' emotional relationships with IT products: A structural equation model. In Proceedings of the 2003 International Conference on Designing Pleasurable Products and Interfaces. (DPPI '03). Pittsburgh, PA, (June). ACM Press, New York, NY, 45--50. DOI= http://doi.acm.org/10.1145/782896.782908. Google Scholar
- Lederer, S., Hong, J. I., Dey, A., and Landay, J. A. 2004. Personal privacy through understanding and action: Five pitfalls for designers. Person. Ubiquit. Comput. 8, 6, 440--454. Google Scholar
- Lederer, S., Mankoff, J., and Dey, A. K. 2003. Who wants to know what when? Privacy preference determinants in ubiquitous computing. In CHI '03 Extended Abstracts on Human Factors in Computing Systems. Ft. Lauderdale, FL (April). ACM Press, New York, NY, 724--725. DOI= http://doi.acm.org/10.1145/765891.765952. Google Scholar
- Mackay, W. E. 1991. Triggers and barriers to customizing software. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: Reaching Through Technology (CHI '91). New Orleans, LA (April-May). S. P. Robertson, G. M. Olson, and J. S. Olson, Eds. ACM Press, New York, NY, 153--160. DOI= http://doi.acm.org/10.1145/108844.108867. Google Scholar
- Malin, B. 2005. Betrayed by my shadow: Learning data identity via trail matching. J. Privacy Tech. 20050609001.Google Scholar
- McCarthy, J. D., Sasse, A. M., and Riegelsberger, J. 2003. Could I have the menu please? An eyetracking study of design conventions. In Proceedings of HCI '03. Bath, UK (Sept.).Google Scholar
- McGrenere, J., Baecker, R. M., and Booth, K. S. 2002. An evaluation of a multiple interface design solution for bloated software. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: Changing Our World, Changing Ourselves (CHI '02). Minneapolis, MN (April). ACM Press, New York, NY, 164--170. DOI= http://doi.acm.org/10.1145/503376.503406. Google Scholar
- Millett, L. I., Friedman, B., and Felten, E. 2001. Cookies and Web browser design: Toward realizing informed consent online. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '01). Seattle, WA. ACM Press, New York, NY, 46--52. DOI= http://doi.acm.org/10.1145/365024.365034. Google Scholar
- MSDN Library. 2002. How to create a customized privacy import file. http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/privacyimportxml.asp.Google Scholar
- Mulligan, D., Cavoukian, A., Schwartz, A., and Gurski, M. 2000. P3P and privacy: An update for the privacy community. http://www.cdt.org/privacy/pet/p3pprivacy.shtml.Google Scholar
- Organization for Economic Co-operation and Development. 1980. Recommendation of the council concerning guide-lines governing the protection of privacy and transborder flows of personal data. Adopted by the Council Sept. 1980.Google Scholar
- Palen, L. and Dourish, P. 2003. Unpacking privacy for a networked world. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '03). Ft. Lauderdale, FL (April). ACM Press, New York, NY, 129--136. DOI= http://doi.acm.org/10.1145/642611.642635. Google Scholar
- Pfitzmann, B. and Waidner, M. 2002. Privacy in browser-based attribute exchange. In Proceedings of the 2002 ACM Workshop on Privacy in the Electronic Society (WPES '02). Washington, DC (Nov.). ACM Press, New York, NY, 52--62. DOI= http://doi.acm.org/10.1145/644527.644533. Google Scholar
- Harris Interactive. 2001. Privacy Leadership Initiative. Privacy Notices Research Final Results. Conducted by Harris Intereactive (Dec.). http://www.ftc.gov/bcp/workshops/glb/supporting/harris%20results.pdf.Google Scholar
- Rodger, W. 2003. Privacy isn't public knowledge: Online policies spread confusion with legal jargon, USA Today (May 1, 2003, 3D). Available at http://www.usatoday.com/life/cyber/tech/cth818.htm.Google Scholar
- Sheehan, K. B. 2002. Toward a typology of internet users and online privacy concerns. Inform. Society, 18, 21--32.Google Scholar
- Spiekermann, S., Grossklags, J., and Berendt, B. E-privacy in 2nd generation e-commerce: Privacy preferences versus actual behavior. In Proceedings of EC'01, Tampa FL. (Oct.), ACM Press, 38--47. Google Scholar
- Sweeney, L. 2001. Information explosion. In Confidentiality, Disclosure, and Data Access: Theory and Practical Applications for Statistical Agencies, L. Zayatz, P. Doyle, J. Theeuwes, and J. Lane, Eds, Urban Institute, Washington, DC. http://privacy.cs.cmu.edu/people/sweeney/explosion.html.Google Scholar
- Wenning, R., ed. 2006. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C Working Draft 5 Feb. http://www.w3.org/TR/2006/WD-P3P11-20060210/.Google Scholar
- Whitten, A. and Tygar, J. D. 1999. Why Johnny can't encrypt. In Proceedings of the 8th USENIX Secrutiy Symposium.Google Scholar
- World Wide Web Consortium. 1997. FTC Comment: Script of W3C P3 Prototype (June). http://www.w3.org/Talks/970612-ftc/ftc-sub.html.Google Scholar
Index Terms
- User interfaces for privacy agents
Recommendations
Use of a P3P user agent by early adopters
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic SocietyThe Platform for Privacy Preferences (P3P), developed by the World Wide Web Consortium (W3C), provides a standard computer-readable format for privacy policies and a protocol that enables web browsers to read and process privacy policies automatically. ...
Determining user privacy preferences by asking the right questions: an automated approach
WPES '05: Proceedings of the 2005 ACM workshop on Privacy in the electronic societyOne fundamental aspect of user privacy is to respect the privacy preferences that users have. A clear prerequisite to doing this is accurately gauging what user's privacy preferences are. Current approaches either offer limited privacy options or have ...
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications SecurityAbstractPrivacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...
Comments