ECE 18-734: Foundations of Privacy Homework 3

Part A 1 Legalease revisited

Recall in Homework 2 you formalized some parts of a policy written in a simple Allow-Deny-Except language. In this question, you will convert a policy clause into Legalease, the language from which simpler language of Homework 2 was derived. To review Legalease, its grammar, and its semantics, refer to the lecture slides 1 from September 12 and go through the example provided in Section III.C in the paper Bootstrapping Privacy Compliance in Big Data Systems 2. A credit company has the following information about its customers organized in the table named AccountInfo: Name, Address, PhoneNumber, DateOfBirth, SSN (the Social security number is a unique iden- tifier for permanent US residents). The company’s privacy policy states the following:

We will not share your SSN with any third party vendors, or use it for any form of advertising. Your phone number will not be used for any purpose other than notifying you about inconsis- tencies in your account. Your address will not be used, except by the Legal Team for audit purposes.

Exercise 1. Convert the policy into Legalease. You may use the attributes: DataType, UseForPurpose, AccessByRole. Relevant attribute-values for DataType are AccountInfo, Name, Address, PhoneNumber, DateOfBirth, and SSN. Useful attribute-values for UseForPurpose are ThirdPartySharing, Advertising, Notification and Audit. One attribute-value for AccessByRole is LegalTeam.

1https://course.ece.cmu.edu/~ece734/lectures/lecture-2018-09-12-bootstrapping-privacy-big-data-systems.pdf 2http://www.andrew.cmu.edu/user/danupam/sen-guha-datta-oakland14.pdf

1 2 Online Tracking

For this question 3, we will learn how to enhance user privacy on the web and make observations on online trackers with some freely available tools.

Exercise 2. Technology vendors have taken a variety of approaches to counteracting consumer tracking. Summarize each of the given approaches/tools below. Your summary should answer the following questions:

1. How does the tool work? 2. Which tracking methods is it effective against? What is it not effective against? 3. Are there any negative side-effects? What about positive ones?

(a) Adblock Plus (https://adblockplus.org) Functionality:

Effectiveness:

Side-effects:

(b) NoScript (https://noscript.net) Functionality:

Effectiveness: 3Thanks to Jonathan Mayer for the questions.

2 Side-effects:

(c) Tor Browser Bundle (https://www.torproject.org) Functionality:

Effectiveness:

Side-effects:

3 (d) Private browsing mode in Chrome, Firefox, Opera, and Safari. Functionality:

Effectiveness:

Side-effects:

(e) How do they differ in their implementations?

4 (f) Third-party cookie blocking in the four major web browsers. Functionality:

Effectiveness:

Side-effects:

(g) How do default settings vary among the four browsers?

5 (h) Do Not Track (http://randomwalker.info/donottrack-archive) Functionality:

Effectiveness:

Side-effects:

Exercise 3. Safari users are often surprised to find third-party tracking cookies have been placed in their browsers despite settings indicating third-party tracking is disabled.

(a) Explain one way this might happen.

(b) Suggest a modification to Safari cookie blocking that would solve the problem. Please do not duplicate the approach of another browser vendor.

6 Exercise 4. For this question, you will make tracking measurement on http://www.cnn.com. Before start- ing, answer (a). Visit the website and manually note the trackers used as reported by tracking-transparency plug-ins. Appropriate tools include:

• Ghostery https://www.ghostery.com for Firefox, Chrome, Safari, Opera

• Disconnect https://disconnect.me/ for Chrome • Lightbeam https://www.mozilla.org/en-US/lightbeam/ for Firefox Remove all existing cookies prior to taking this measurement.

(a) How many and what sorts of third parties do you expect will track you on this site?

(b) Which tool(s) did you use to expose the trackers?

(c) How many and what sorts of third-party websites are tracking you on the site?

(d) Compare what you found via the plug-in(s) to the cookies being set on your browser as reported via your browser’s preferences.

7 Exercise 5. Gizmodo Media Group operates a network of widely read blogs such as Jezebel, Gizmodo, Kotaku, and io9. Each blog is operated from a different domain, e.g.

• http://www.jezebel.com • http://www.gizmodo.com

• http://www.kotaku.com • http://www.io9.com Nevertheless, Gizmodo Media Group is able to collect analytics and offer single sign-on commenting for Safari users across all of its web properties.

(a) How could Gizmodo Media Group have designed its cross-site analytics? (You do not have to guess correctlyany workable design is a satisfactory answer.)

(b) Sketch a methodology for determining how Gizmodo Media Group’s analytics work.

8 (c) Follow through on the methodology you described above and summarize the design of Gizmodo Media Group’s analytics. Note specifically how they achieve cross-site tracking in the context of non-Safari and Safari browsers.

(d) Make an argument for and an argument against the proposition that Gizmodo Media Group is circum- venting a consumer privacy protection. (You do not need to take a position.)

9