Online Privacy Issues Overview by 72z4fy

VIEWS: 0 PAGES: 57

									                                               Course Overview

                                                   January 17, 2006




Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/   1
                                                                 Outline
      Introduction to usable privacy and security
      Review syllabus and course policies
              • Distribute survey

      Faculty research overview
      Introduce students




Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/   2
    Unusable security & privacy
-   Unpatched Windows machines compromised in minutes
-   Phishing web sites increasing by 28% each month
-   Most PCs infected with spyware (avg. = 25)
-   Users have more passwords than they can remember and practice poor
    password security
-   Enterprises store confidential information on laptops and mobile
    devices that are frequently lost or stolen




                                                                         3
    Grand Challenge
          “Give end-users
security controls they can understand
   and privacy they can control for
  the dynamic, pervasive computing
     environments of the future.”
- Computing Research Association 2003



                                        4
Just work
     security/privacy researchers
       and system developers




human computer interaction researchers
      and usability professionals

                                         6
Symposium On Usable Privacy and Security
              (SOUPS)

                 July 6-8, 2005
              Pittsburgh, PA USA
        http://cups.cs.cmu.edu/soups/
                                           7
A preview of some topics we’ll
    cover in this course
1.   Problems and approaches
2.   Passwords
3.   Symbols & metaphors
4.   Rethinking cookies
5.   Making Web privacy visible



                                  8
Problems and
 approaches


               1.
How do you stay safe online?




                               10
Experts recommend…
POP!




       12
   After installing all that
security and privacy software



                                13
Do you have any time left to
   get any work done?




                               14
Secondary tasks
        Approaches to usable
             security
- Make it “just work”
   - Invisible security
- Make security/privacy understandable
   - Make it visible
   - Make it intuitive
   - Use metaphors that users can relate to
- Train the user




                                              16
Make decisions
       - Developers
         should not expect
         users to make
         decisions they
         themselves can’t
         make


                             17
Present choices, not
     dilemmas
         - Chris Nodder
          (in charge of user
           experience for XP SP2)
19
20
Passwords



            2.
          Typical advice

- Pick a hard to guess password
- Don’t use it anywhere else
- Change it often
- Don’t write it down


                                  22
What do users do when every
web site wants a password?
24
25
Symbols &
Metaphors


            3.
                         Cookie flag




Netscape SSL icons




       IE6 cookie flag
                         Firefox SSL icon
                                            27
           Privacy Bird icons



   Privacy policy       Privacy policy
  matches user’s          does not
privacy preferences     match user’s
                           privacy
                         preferences
                                         28
Rethinking cookies



                 4.
30
31
Making Web privacy
      visible


                 5.
   Web site privacy policies

- Many posted
- Few read




                               33
What if your browser
 could read privacy
  policies for you?
      Platform for Privacy
      Preferences (P3P)
- 2002 W3C Recommendation
- XML format for Web
  privacy policies
                                    ( U Q uic kT
                             T IF F
                                ar e nn co mpres ime™ an




- Protocol enables clients
                                                            d
                                            d to s ed) deco a
                                       eede      s
                                                  ee th      m
                                                        is pic pres so r
                                                              ture.




  to locate and fetch
  policies from servers
                                                                           35
               Privacy Bird
- P3P user agent
- Free download
 http://privacybird.com/

- Compares user
  preferences with
  P3P policies


                              36
Chirping bird is privacy indicator
Red bird indicates mismatch
Privacy settings
  Example:
Sending flowers
        Wireless privacy

- Many users unaware that
  communications over wireless
  computer networks are not private




                                      43
Wall of sheep
                                                        Defcon 2001




         QuickTime™ an d a
TIFF (Uncompressed) decompressor
   are need ed to see this p icture .




    Photo credit: Kyoorius @ techfreakz.org http://www.techfreakz.org/defcon10/?slide=38
                                                  Defcon 2004




         QuickTime™ an d a
TIFF (Uncompressed) decompressor
   are need ed to see this p icture .




                    Photo credit: http://www.timekiller.org/gallery/DefconXII/photo0003
       Peripheral display

- Help users form more accurate
  expectations of privacy
- Without making the problem worse



                                     47
48
        Experimental trial

- 11 subjects in student workspace
- Data collected by survey and traffic
  analysis
- Did they refine their expectations of
  privacy?


                                          49
                Results

- No change in behavior
- Peripheral display raised privacy
  awareness in student workspace
- But they didn’t really get it



                                      50
Privacy awareness increased

“I feel like my information /activity /
 privacy are not being protected ….
 seems like someone can monitor or get
 my information from my computer, or
 even publish them.”


                                          51
But only while the display was
             on
“Now that words [projected on the
 wall] are gone, I'll go back to the
 same.”




                                       52
    Questions to ask about a
     security or privacy cue
- Do users notice it?
- Do they know what it means?
- Do they know what they are supposed to do when
  they see it?
- Will they actually do it?
- Will they keep doing it?


                                                   53
                                                               Syllabus
      http://cups.cs.cmu.edu/courses/ups-sp06/
      Homework (25%)
      Lecture (25%)
      Project (50%)
      Textbook and readings
      Schedule



Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/   54
                                                                  Survey
      Please fill out course survey and bring it
       with you to class on Thursday




Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/   55
                             Faculty research overview


                                                                                                                 Q uic kT ime ™ a n d a
                                                                                                     T IFF ( Un co m pr e ss e d) d ec o mp r es s or
                                                                                                         a re n ee d ed to s e e th is p ictu r e.


                                                                         QuickTime™ and a
                                                               TIF F (Uncompressed) decompressor
                                                                  are needed to see this picture.




                                   Lorrie                                Michael                             Jason
                                   Cranor                                Reiter                              Hong




Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/                  56
                                     Student introductions
       Introduce yourself to your neighbor and tell them
        your background. Tell them why you’re taking the
        course and what you want to get out of the
        course
       Form a group of ~4 and repeat
       Form a group of ~8 and repeat
       Pick someone to stand up in front of the class,
        introduce your group members, and summarize
        the reasons people in your group are taking the
        course and what you want to get out of the
        course
Usable Privacy and Security • Carnegie Mellon University • Spring 2006 • Cranor/Hong/Reiter • http://cups.cs.cmu.edu/courses/ups-sp06/   57

								
To top