A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future

Reay, Ian; Beatty, Patricia; Dick, Scott; Miller, James

doi:10.1109/tdsc.2007.1004

Cited by 37 publications

(31 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given the relative collapse of semi-automated privacy policies interpretation mechanisms such as the Platform for Privacy Preferences Project 3 (P3P), individuals are currently fully dependent upon human-readable privacy policies to understand what an organization will and will not do with their information (Reay et al 2007). Hence, we have conducted a cloze test experiment to assess the readability of privacy policies found on popular web sites.…”

Section: Discussionmentioning

confidence: 99%

A user-centric evaluation of the readability of privacy policies in popular web sites

2010

Self Cite

View full text Add to dashboard Cite

This paper reports on a formal subject-based experiment, which seeks to evaluate the readability of privacy policy statements found on the Internet. This experiment uses 50 participants and privacy policies collected from 10 of the most popular web sites on the Internet. It evaluates, using a cloze test, the subjects' ability to comprehend the content of these privacy policies. The paper also compares its results with the results from previous studies on this topic. In general, it finds that privacy policies are "difficult" to comprehend.

show abstract

Section: Discussionmentioning

confidence: 99%

A user-centric evaluation of the readability of privacy policies in popular web sites

2010

Self Cite

View full text Add to dashboard Cite

show abstract

“…The matching process results in a recommended disclosure behavior, which is signaled to the user. In addition to its frequently cited weaknesses (Electronic Privacy Information Center, 2000;Hogben et al, 2002), a crucial factor that prevents the widespread use of P3P is the lagging adoption of P3P privacy policies, which are offered by only a small fraction of service providers (Reay et al, 2007).…”

Section: Related Workmentioning

confidence: 99%

Collaborative privacy management

Guo

Zhang

Chen

2014

Proceedings of the ACM MobiCom Workshop on Security and Privacy in Mobile Environments

View full text Add to dashboard Cite

a b s t r a c tThe landscape of the World Wide Web with all its versatile services heavily relies on the disclosure of private user information. Unfortunately, the growing amount of personal data collected by service providers poses a significant privacy threat for Internet users. Targeting growing privacy concerns of users, privacy-enhancing technologies emerged. One goal of these technologies is the provision of tools that facilitate a more informative decision about personal data disclosures. A famous PET representative is the PRIME project that aims for a holistic privacy-enhancing identity management system. However, approaches like the PRIME privacy architecture require service providers to change their server infrastructure and add specific privacy-enhancing components. In the near future, service providers are not expected to alter internal processes. Addressing the dependency on service providers, this paper introduces a user-centric privacy architecture that enables the provider-independent protection of personal data. A central component of the proposed privacy infrastructure is an online privacy community, which facilitates the open exchange of privacy-related information about service providers. We characterize the benefits and the potentials of our proposed solution and evaluate a prototypical implementation. ª 2009 Elsevier Ltd. All rights reserved. IntroductionToday's rich service offer in the World Wide Web increasingly requires the disclosure of personal user data, which poses a growing privacy threat to Internet users. Web site providers utilize these personal data to create and analyze profiles or to trigger personalized advertisements. At the worst, personal information is released or sold to third parties. Motivated by users who needed technical means to protect their private data, privacy-enhancing technologies emerged (Burkert, 1997;Goldberg and Wagner, 1997). A frequently discussed subject in this area is anonymity on network level. On application level, privacy-enhancing technologies aim for solutions that assist users in controlling and managing the disclosure of personal data. Unfortunately, most approaches rely on the cooperation of service providers who are required to reveal their data handling practices truthfully.The goal of this paper is the introduction of a collaborative privacy community that facilitates a service provider-independent privacy management. We propose a user-centric privacy architecture and show the functions and the potentials of an inherent collaborative privacy community. Finally, we present a prototypical implementation of our solution.The remainder of this paper is structured as follows. After describing related work in Section 2, we present an overview as well as the components of a user-centric privacy architecture in Section 3. Section 4 introduces the content, functions as well as the implementation and evaluation of our * Corresponding author.E-mail address: jan.kolter@wiwi.uni-regensburg.de (J. Kolter). 0167-4048/$ -see front matter ª

show abstract

“…The vast majority of websites do not follow a standard protocol for disseminating their policy documents. The Platform for Privacy Preferences (P3P) 8 is a standard for machine-accessible privacy notices, but it has not been widely adopted [26], [27]. This lack of consistency makes collection of large sets of policy documents a time-intensive and laborious process.…”

Section: Data Sets and Collectionmentioning

confidence: 99%

Automated text mining for requirements analysis of policy documents

Massey

Eisenstein

Antón

et al. 2013

2013 21st IEEE International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

Abstract-Businesses and organizations in jurisdictions around the world are required by law to provide their customers and users with information about their business practices in the form of policy documents. Requirements engineers analyze these documents as sources of requirements, but this analysis is a time-consuming and mostly manual process. Moreover, policy documents contain legalese and present readability challenges to requirements engineers seeking to analyze them. In this paper, we perform a large-scale analysis of 2,061 policy documents, including policy documents from the Google Top 1000 most visited websites and the Fortune 500 companies, for three purposes: (1) to assess the readability of these policy documents for requirements engineers; (2) to determine if automated text mining can indicate whether a policy document contains requirements expressed as either privacy protections or vulnerabilities; and (3) to establish the generalizability of prior work in the identification of privacy protections and vulnerabilities from privacy policies to other policy documents. Our results suggest that this requirements analysis technique, developed on a small set of policy documents in two domains, may generalize to other domains.

show abstract

A Survey and Analysis of the P3P Protocol's Agents, Adoption, Maintenance, and Future

Cited by 37 publications

References 22 publications

A user-centric evaluation of the readability of privacy policies in popular web sites

A user-centric evaluation of the readability of privacy policies in popular web sites

Collaborative privacy management

Automated text mining for requirements analysis of policy documents

Contact Info

Product

Resources

About