Embed Size (px)
Citation preview
AutomatedNegotiation
EU e-Privacy Directive
Visualisation
Surveillance MappingBy crawling top search results for a range of queries, we derived a graph showing first-party websites and third parties that may be engaged in user surveillance. (Gomer, Milic-Frayling, Mendes-Reodrigues & schraefel, Web Intelligence 2014)
Mapping
Consent-SupportTools
Do Not Track
TrackingMechanisms
Privacy choices & informed consentRichard Gomer [[email protected]]
Law / Policy
Computer Sci.
Psychology
Consent
Fairness &Data Ownership
Data Protection
Awareness &Education
Nudging
Models ofPrivacyTracking Mechanisms
Third-party tracking occurs in numerous scenarios. Web cookies are a common tracking mechanism, but users can also be tracked by means of data stored in their Web browser cache, HTML5 local-storage, E-Tag data, Flash locally-stored objects (LSOs), or through the long-lived unique IDs provided by many mobile devices. These techniques are stateful in that they rely on data stored on a user's device.
Still more stateless tracking mechanisms exist, which do not rely on state held on the user's device but instead “fingerprint” a device based on, for instance, clock skew, installed fonts or IP address.
These techniques allow surveillance companies to collect partial (and often remarkably complete) web histories for users and to make inferences about the user based on the collected history.
e-Privacy DirectiveThe 2009 EU e-Privacy directive requires that websites do not store information on user's devices with consent - this covers the use of stateful tracking mechanisms such as cookies.
In the UK, the ICO requires that websites inform users about cookies, but we observe that most implementations do not offer genuine choice, many rely on habituation effects or "annoy" users into dismissing the message and others contain misleading statements about efficiency, ease of use or simplicity.
Many foreign-run websites, such as Facebook, do nothing.
VisualisationVisualisation is, potentially, one way to make user surveillance less transparent and therefore draw users' attention to the level of tracking on a particular website. The Cookie Visualiser (below) is a prototype implemented for the Firefox web browser.
In a user study, the visualisation was shown to be ineffective at improving user awareness of tracking. Challenges include users' task focus and lack of understanding about the privacy risks associated with web tracking.
InferenceThe ability to draw inferences, often remarkably accurate, about an individual basedon what appears at first glance to be unrelated or innocuous data complicates consent and regulation.
We're investigating the practicality of inferring an indivudual's social network based on the data available to surveillance companies such as DoubleClick using a network of "co-visitation".
Web Surveillance anda Consent DeficitThe Web has evolved into a rich ecosystem of e-commerce, publishing, and social media that relies upon advertising as a prevailing business model. Consumer targeting and personalization have become essential for business innovation and have given rise to a range of surveillance practices.
Many approaches, like Third-Party Tracking (TPT) through cookies, exploit the ubiquitous use of Web browsers and the protocols the browsers use to connect our personal devices to online services. Advertising networks, for instance, can track individual users across websites that display their advertisements and use this information to build profiles about user demographics and interests. As a result, the digital footprints of our activities are collected, analysed, stored, and shared among entities that are unknown to us.
Although European data and privacy protection legislation relies, in many situations, on "informed consent", truly informed consent is hard to come by on the web. Instead, companies rely on weak consent that is meaningless in all but the most cynical legal sense. This consent deficit has implications in a number of areas, but privacy, and in paticular user surveillance, is of particular concern since it is pervasive and not widely understood.
IdentifiabilityDetermining whether user surveillance data, for instance a partial web history, constitutes personally identifiable information (PII) is non-trivial. Web history could 'fingerprint' a particular user and is therefore potentially identifying in a similar sense to CCTV images. Based on a browsing fingerprint, individuals could be linked to other collected history.
In some cases, such as services that collect other PII (eg Facebook) then the additional information collected via surveillance could constitute sensitive PII.
ConsentStandards
Presentationof Self
Inference
Social Graph
Inferred Social Graph
URL1 URL2 URL3 Co-Visitation
