Privacy Dashboard Demo

Issue/Topic: Privacy Dashboard Demo

Convener: Dave Raggett

Session: 5C

Conference: IIW-Europe October 11, London Complete Notes Page

Notes-taker(s): Dave Raggett

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

This is a Firefox extension that allows you to what data collection behaviours websites use, and to set you privacy preferences on a per site basis, e.g. to block 3rd party content, to clear Flash cookies and so forth.

Initial problems with WiFi and inability to get an IP address. I therefore started with some screen shots from a one sheet flyer (from ICT2010), see: http://www.w3.org/2010/10/dashboard.pdf

After a while the network weather improved and I was able to show the Dashboard in operation.

In discussion it became clear that there is interest in finding out more about how different sites track people, and exposing the degree to which they do so. This is encouraging as I hope to launch an open source community project to take this further. One avenue would be to pool information collected by different people for a crowd sourced analysis of the bigger picture.

One thing I learned was that some 3rd party ad sites themselves load resources from other sites, sometimes as much as 15 levels deep.

In summary, let's turn the tables on the data miners who are profiling us all, and apply the same techniques on them! Knowledge is power...

I also demoed another Firefox extension I've written, see:

http://www.w3.org/2010/09/raggett-fresh-take-on-p3p/

This uses the P3P 1.1 vocabulary for privacy policies and applies it to a simplified object model, that makes it practical to auto generate the UI for user preferences, human readable policies and reports on the mismatch between user preferences and site policies.

P3P is still in use, but has suffered from its very flexibility. Microsoft implemented a very small subset (P3P compact policies) which only deal with HTTP cookies. My work covers a wider range -- the things that sites can collect from HTTP request headers during a session.

Identity and privacy are strongly coupled, and we are still at an early stage in how these will evolve online.

By a co-incidence, I watched Sandra Bullock in "The Net" on Sunday evening just before the workshop, see

http://en.wikipedia.org/wiki/The_Net_(1995_film)

The movie emphasises the degree to which our lives now depend on our digital personas and how fragile these can be when subjected to attack.

--

Dave Raggett  http://www.w3.org/People/Raggett