PrimeLife – Privacy and Identity Management in Europe for Life Privacy Dashboard

We Are All Under The Microscope Website”, “Share Findings” and “About”. By site you visit. You select from a drop-down default it opens with the current website tab. list of queries together with a text box for Have you ever wondered what information This shows information about the current typing in the domain name for a website, or is being collected about you as you browse website, your preferences for this site, and a datum name or value. The queries include: the Web? Increasingly, many websites are some buttons for checking the website with working with third parties to collect more • Which data has been sent to a given third party tools which if clicked open up in a and more data on users. Data that can be website? new browser tab. The buttons cover Norton pooled and analysed to create detailed SafeWeb, Free Trust Seal, and TRUSTe. • Which sites a given datum value has profi les of their user‘s habits, been sent to? likes and dislikes, where they live, their age, gender, race, “No one would have believed in the early years of the • Which sites a given datum name has income, marital status and twenty fi rst century that this world was being watched been sent to? health concerns. The Privacy keenly and closely by inhuman intelligences; that as • Which sites use long lasting cookies? Dashboard, developed men busied themselves about their various concerns • Which sites use session cookies? within the PrimeLife project, they were scrutinised and studied, perhaps almost as • Which sites use Flash cookies? is an extension for the Firefox narrowly as a man with a microscope might scrutinise browser that enables you to the transient creatures that swarm and multiply in a • Which sites use DOM storage? see some of the practices drop of water. With infi nite complacency men went to • Which sites are 3rd parties? that websites are using, e.g. and fro over this globe about their little aff airs, serene • Which internal 3rd parties are used whether they include 3rd in their assurance of their dominion over personal by a given site? party content, perhaps with matters.” • What cookies are used by a given lasting cookies that can with thanks to H.G. Wells track you across the Web, or site? are using a variety of other • Which sites use invisible images? techniques. • Which sites use HTML5 pings? The information shown for the site covers Information About The Current Website • Which sites off er P3P policies? HTTP cookies, Flash cookies (Flash Local The Dashboard collects information about Shared Objects), 3rd party content, DOM • Which sites have you given access to the current website as pages load. This is storage, geolocation, HTML5 pings, invisible your geographic location? presented by an icon that appears on the images and suspicious URLs indicating the Further work is underway to make it easier browser‘s navigation toolbar next to the possible use of web-bugs (tracking devices). to browse the data track, including backward location fi eld. The icon displays one of three Cookies are classifi ed according to whether and forward buttons by analogy to a web aspects: a happy face, a thoughtful face they are retained beyond the current browser. and an indignant face. This is based upon browser session, and whether they are used rules of thumb that classify the website. for this site, an internal 3rd party site (one Protecting Your Privacy The indignant face is shown if the site uses with a common base domain) or are for The Dashboard allows you to set personal external 3rd party HTTP cookies or external external 3rd party sites. privacy preferences on a site by site basis. 3rd party fl ash cookies. The thoughtful face Querying The Data Track The preferences are available at two levels: appears if the site has lasting HTTP cookies, simple and advanced, off ering a choice fl ash cookies or external 3rd party content, The Data Track tab in the Privacy Dashboard between three predefi ned levels of privacy and lacks a link to a machine readable (P3P) dialogue allows you to query the database of (carefree, thoughtful and paranoid), or privacy policy. Otherwise the happy face information the extension collects on each detailed control over a range of settings: appears. These rules of thumb are to some extent arbitrary, and simply intended to draw • Never block content from the user‘s attention to the data collected. this site • Block external 3rd parties The fi rst time you visit a website, the Privacy Dashboard displays a privacy alert in a • Block external 3rd party notifi cation bar at the top of the page. This cookies is the same bar as used by Firefox to ask • Block all lasting cookies users for permission to save their user id and • Clear Flash Cookies password for the site. The notifi cation bar doesn‘t appear if the site is classifi ed with • Disable web page scripting the happy face. You are invited to choose • Disable access to your between 'accept always' (i.e. don‘t bother me geolocation again for this site), 'protect me', or to 'tell me • Disable HTML5 pings more'. The 'protect me' button ensures that • Don‘t send HTTP referrer for subsequent loads, scripting is disabled header along with cookies and 3rd party content. The 'tell me more' button displays the • Disable access to DOM Privacy Dashboard dialogue window. The storage dialogue can also be displayed at any time The Firefox extension is by clicking on the Privacy Dashboard icon on able to implement these by the navigation toolbar. directly intercepting and blocking HTTP requests, or The Privacy Dashboard dialogue has fi ve by setting browser options. tabs labelled “Data Track”, “Location”, “Current PrimeLife – Privacy and Identity Management in Europe for Life Privacy Dashboard

The latter is imperfect since the option to with attractive shops calling out for our Availability And Next Steps disable scripting applies to all new pages attention. Behind the high street is a maze The Firefox extension can be downloaded and not just to the current tab. The extension of dark alleyways that few of us are aware of. from the PrimeLife project website, and will does its best to limit changes to browser This is made up of the third party sites used shortly become an opensource project of wide options to the time the page is being for advertising and data gathering activities. its own right on W3C‘s servers. The aim is to loaded, but if several pages are being loaded It is time to light up the dark side of the Web, encourage a community of people interested concurrently on different tabs, then problems and create some transparency as to who, in a better understanding of how websites may well arise. Hopefully this problem will be what and how personal information is being collect data on users, and the further resolved by browser vendors offering more collected, bought and sold. development of tools and presentation fine grained options that can be set on a per To kick start this, the Privacy Dashboard is mechanisms to support this goal. tab or per website basis. being adapted to act as a web 'bot to visit References The Adobe Flash plug-in is ubiquitous and the top 1000 sites as listed by Google and to installed on pretty much all web browsers. collect data on the tracking techniques they 1. http://www.w3.org/2010/09/raggett- It runs in isolation from the rest of the web are using, and the relationships amongst the fresh-take-on-p3p/ browser and as such makes it impractical hidden ecosystem of third party tracking 2. http://www.w3.org/QA/2010/11/ for the Privacy Dashboard to intercept HTTP sites. The challenge is to find ways to present boosting_privacy_online_-_anon.html requests and to set Flash specific options. this data in informative and appealing ways. The extension is however able to access 3. http://idemix.wordpress.com/ The Privacy Dashboard 'bot will provide data the local file system to examine and when 4. https://addons.mozilla.org/en-US/firefox/ for the most popular sites, but to reach out to requested to delete the files used for Flash extensions/privacy-security/ the long tail of progressively less well known Local Shared Objects. sites, it will be essential to pool data gathered 5. http://www.primelife.eu/results/ Enhanced Support For Geolocation by large numbers of individual users of the opensource/76-dashboard Dashboard extension. The Privacy Dashboard also improves upon PrimeLife at a glance the browser’s built-in support, making it Related Work easier to track and revoke which sites you Project reference: There are a number of other Firefox extensions have told Firefox to provide your geolocation related to privacy, e.g., Adblock Plus, NoScript 216483 to. If you are on a WiFi connection you can and BetterPrivacy. These seek to block out check to see just where Google thinks you PrimeLife‘s objective: web page ads, to disable scripting or to are based upon your WiFi neighbourhood. Bring sustainable privacy and identity ma- offer greater control over cookies and other nagement to the web and develop tools for Sharing Your Findings With Others tracking devices. The Privacy Dashboard privacy-friendly identity management also does that and adds the means for users The data collected by the Privacy Dashboard Project duration: to gain greater visibility into how sites are as you browse gives a view about a small tracking them, and the means to query this March 2008 - June 2011 part of the Web. By pooling data from data, as well as to contribute to a broader many users it will be possible to build up a Partners: understanding of tracking across the Web. much more detailed picture of how sites 15 partners from industry, academia, research are tracking users. To this end, the Privacy The Privacy Dashboard is one of a group centres and data protection authorities Dashboard allows you to choose to share of three experiments looking into the role Total cost: your findings with others. The information of browser extensions for privacy. The About € 15.5 Million uploaded is limited to data about the site others include a fresh take on P3P, using and its relationship to third party sites, and the vocabulary defined by P3P for machine Total EC funding: avoids any information that could be used readable privacy policies, but constrained € 10.2 Million to identify you. You can determine the server to make it easier to provide a user interface Funding: the uploads are made to, along with the for setting preferences and generating The PrimeLife project receives research fun- frequency of the updates. human readable descriptions of the conflicts ding from the European Union‘s 7th Frame- between the user‘s preferences and the To encourage users to share their data, work Programme. site‘s policy. The browser extension looks the Privacy Dashboard invites users to opt for a link to the site‘s privacy policy which Contact: in when run for the first time. Thereafter, is represented in JSON (JavaScript Object Marit Hansen users can review and change their sharing Notation) for ease of processing. preferences on the “Share Findings” tab on t:+49-431-988-1214 the Privacy Dashboard user interface. The other extension enables websites to f:+49-431-988-1223 support anonymous credentials, where zero [email protected] Servers that pool the data should avoid knowledge proofs are exploited to show logging the client‘s IP address, time of Date of publication of this Primer: that the user is in possession of a credential upload, and the set of sites covered. This January 2011 from a recognized authority. The site can should be made clear in the server‘s privacy check that the user is say over 21 or under Want more info? policy. If you are at all concerned. you can of 16 years old, or is a member of a given group, course set your sharing preferences to use an Various deliverables are available online: or lives in a given city, but without learning http://www.primelife.eu/ anonymizing proxy for your uploads. any more. This fulfils the principle of minimal Lighting Up The Dark Side Of The Web disclosure of personal information. The demonstration couples the Firefox extension We are all familiar with big name websites to the Java-based idemix library developed and the brands they present. This can be by IBM Research. likened to a brightly lit high street packed