Interesting People mailing list archives
Re: WORTH READING CMU Privacy-Enhanced Search Engine Study
From: David Farber <dave () farber net>
Date: Mon, 17 Dec 2007 12:19:31 -0500
Begin forwarded message: From: Rigo Wenning <rigo () w3 org> Date: December 17, 2007 10:46:44 AM EST To: sethb () panix com Cc: dave () farber net, Lorrie Cranor <lorrie () cs cmu edu>, harraton () cmu edu Subject: Re: [IP] Re: CMU Privacy-Enhanced Search Engine Study Hi all, On Friday 14 December 2007, David Farber wrote:
________________________________________ From: Seth [sethb () panix com] Sent: Thursday, December 13, 2007 9:11 PM To: David Farber Subject: Re: [IP] Re: CMU Privacy-Enhanced Search Engine Study harraton () gmail com [harraton () gmail com] On Behalf Of Janice Tsai [harraton () cmu edu] wrote:The purpose of Privacy Finder is to make privacy information more accessible. It does that by pulling P3P policies for users and displays a "privacy meter" of how well that particular site's P3P policy matches your preferences.In other words, it completely ignores whether or not the site actually follows good privacy practices, because it's easier to look at its policy. Many sites claim to have good practices, yet email addresses given only to them end up in the hands of spammers.
Dear Seth, as was told, the search engine implements P3P, like Google implements a search only within works available under a Creative Commons license. I am still responsible for P3P @ W3C. Now once the site published the P3P Policy, it is bound by it. In fact, P3P renders data usages public. Opaque data collection practices, browser chatter, cookies, beacons, all has to be declared and the use of that data has to be explained. P3P opens the former blackbox of hidden data collection. This let to many corrections already as watchdogs will look at the P3P Policy and will find the leaks and lies. The resulting public pressure and interest from regulators is more than enough as a thread or sanction. A scandal is much more expensive/damaging than the usual administrative fines in normal privacy cases. (We have examples, e.g. us-government drug addiction site using a tracking cookie despite a privacy policy claiming the contrary. The hard enforcement of adhering to the published intentions is a social issue. Again, experience was, that those making policies to make some browser implementations happy feared the public blame so much that when they were caught, they corrected either the policy or the behavior or abandoned P3P. If we want to go into technical enforcement, there was already a lot of research to enforce those policies including a full fledged system to recall information by HP Labs in Bristol (Siani Pearson) by implementing a chain of trust using the trusted computing group's technologies. There is still research going on. Please look at the PRIME project: https://www.prime-project.eu/ that has sticky policies that travel with the data record etc.. A search engine like privacy finder is an ideal complement as it renders more visible those who do the right thing. BTW, P3P tools are very good at discovering web beacons and other tracking techniques. But they won't block automatically. It is entirely on the user side tools to have their blocking behavior tied to P3P Policies. P3P tools are also very good to distinguish interoperably between good and bad cookies. As you know, a stateful web needs cookies. Blocking them all isn't really an option. With the Web 2.0 paradigm we see even more scripts and things collecting data from the user. One can see already with recurrent small scale scandals that a tool that makes data collection more visible AND comprehensible is not "has been". Best, Rigo Wenning W3C Privacy Activity Lead ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/=now RSS Feed: http://v2.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Re: WORTH READING CMU Privacy-Enhanced Search Engine Study David Farber (Dec 17)
- <Possible follow-ups>
- Re: WORTH READING CMU Privacy-Enhanced Search Engine Study David Farber (Dec 17)
- Re: WORTH READING CMU Privacy-Enhanced Search Engine Study David Farber (Dec 18)