Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

26.11.2012 Views
Contents Abbreviations vii Listings viii List of Figures ix List of Tables x I. Theory 1 1. Introduction 2 1.1. Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Research question . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Thesis structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Privacy Threats 6 2.1. Individual privacy attitudes . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2. General privacy on the Internet . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.1. Financial privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2.2. Medical privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.2.3. Political privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 2.3. Privacy sensitive applications . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.1. Personalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.3.2. E-Commerce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 2.3.3. Search engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.3.4. Social networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 2.4. Privacy sensitive technologies . . . . . . . . . . . . . . . . . . . . . . . . 13 2.4.1. Cookies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2.4.2. ISP: tracking of data traffic . . . . . . . . . . . . . . . . . . . . . 15 2.4.3. Online profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3. Privacy Standards 18 3.1. The Platform for Privacy Preference Project (P3P) . . . . . . . . . . . . 18 3.1.1. P3P - an introduction . . . . . . . . . . . . . . . . . . . . . . . . 18 3.1.2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 3.1.3. P3P policy reference files . . . . . . . . . . . . . . . . . . . . . . . 22 iv

3.1.4. P3P policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.1.5. A P3P Preference Exchange Language (APPEL) . . . . . . . . . . 31 3.1.6. Existing P3P user agents and software tools . . . . . . . . . . . . 31 3.1.7. Future of P3P . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3.2. The Enterprise Privacy Authorization Language (EPAL) . . . . . . . . . 32 3.2.1. EPAL - an introduction . . . . . . . . . . . . . . . . . . . . . . . 33 3.2.2. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.2.3. EPAL policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 3.2.4. EPAL vocabularies . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.3. The eXtensible Access Control Markup Language (XACML) . . . . . . . 35 3.3.1. XACML - an introduction . . . . . . . . . . . . . . . . . . . . . . 36 3.3.2. Requirements and structure of XACML . . . . . . . . . . . . . . . 36 3.3.3. Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 4. Requirements for Privacy Tools 39 4.1. Generic software quality requirements . . . . . . . . . . . . . . . . . . . . 39 4.1.1. Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.1.2. Reliability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.1.3. Usability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.1.4. Efficiency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.1.5. Maintainability . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 4.1.6. Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1.7. Quality in use . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.2. Privacy specific requirements . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.2.1. Support of privacy standards . . . . . . . . . . . . . . . . . . . . 41 4.2.2. Prevention of threats . . . . . . . . . . . . . . . . . . . . . . . . . 41 5. Evaluation of Existing Privacy Tools 43 5.1. Browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 5.1.1. Microsoft Internet Explorer . . . . . . . . . . . . . . . . . . . . . 43 5.1.2. Firefox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.1.3. Safari . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.1.4. Opera . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 5.2. Plug-ins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.2.1. Adblock Plus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.2.2. NoScript . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 5.2.3. Flashblock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.2.4. BugMeNot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 5.2.5. TrackMeNot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 5.2.6. Private Web Search (PWS) . . . . . . . . . . . . . . . . . . . . . 49 5.3. Proxies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.3.1. Anonymizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 5.3.2. The Onion Router (TOR) . . . . . . . . . . . . . . . . . . . . . . 50 5.3.3. Switchproxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 v

Page 1: Wirtschaftsuniversität Wien Magist

Page 6 and 7: II. Applied part 53 6. Development

Page 8 and 9: Listings viii 3.1. HTTP response he

Page 10 and 11: List of Tables x 3.1. PURPOSE sub-e

Page 12 and 13: 1. Introduction This thesis address

Page 14 and 15: In addition, the applied part of th

Page 16 and 17: 2. Privacy Threats Privacy is the

Page 18 and 19: term friendly fraud relates to legi

Page 20 and 21: over iGoogle, search Wikipedia via

Page 22 and 23: collect a lot of personal data abou

Page 24 and 25: 2.4. Privacy sensitive technologies

Page 26 and 27: • Data necessary to identify the

Page 28 and 29: 3. Privacy Standards The following

Page 30 and 31: The well-known location method (whi

Page 32 and 33: • User Preferences: User-agents m

Page 34 and 35: Another important issue for policy

Page 36 and 37: 1 M i c r o s o f t Way< /DATA> Red

Page 38 and 39: 28 PURPOSE Plain Language Translati

Page 40 and 41: Finally, an example should be provi

Page 42 and 43: • There is a commercial P3P polic

Page 44 and 45: Element Value ruling allow user cat

Page 46 and 47: 3.3.1. XACML - an introduction Simi

Page 48 and 49: 3.3.3. Summary The introduced priva

Page 50 and 51: specified conditions” [ISO01a]. T

Page 52 and 53: applied to this characteristic too,

Page 54 and 55: Figure 5.1.: Microsoft Internet Exp

Page 56 and 57: 5.1.2. Firefox The Mozilla Foundati

Page 58 and 59: shortcuts and context-menu, users s

Page 60 and 61: 5.3. Proxies In this section, proxi

Page 62 and 63: 52 Figure 5.10.: The settings dialo

Page 64 and 65: 6. Development of a Privacy Plug-In

Page 66 and 67: • components directory: this dire

Page 68 and 69: Speaking of information it has to b

Page 70 and 71: Figure 6.2.: Displaying the P3P pol

Page 72 and 73: matches the users preferences befor

Page 74 and 75: Figure 6.4.: The privacy policy of

Page 76 and 77: is different from the one available

Page 78 and 79: access elements in a policy which i

Page 80 and 81: implementation available although t

Page 82 and 83: [Dro06] Dennis Drotar, Rachel Green

Page 84 and 85: [Kob07] Alfred Kobsa. Privacy-enhan

Page 86 and 87: [Oli04] Nadia Olivero and Peter Lun

Page 88 and 89: [Woo06] Jisuk Woo. The right not to

Page 90 and 91: M i c r o s o f t i s a premier spo

Page 92 and 93: 82

Page 94 and 95: B. E-Mail correspondence Subject :

Page 96: the Thank you , Renukesh M i c r o

privacy

that

this

which

data

policy

users

with

such

information

wien

magisterarbeit

semanticlab

semanticlab.net

Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab ... View more Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

Delete template?

Save as template ?

Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab