1/44 stefano maraspin università degli studi di udine web content personalization course thursday,...

1/44Stefano Maraspin

Università degli Studi di UdineWeb Content Personalization Course

Thursday, 16/06/2005

Stefano Maraspin


Presentation Outline

- Privacy and Personalization - An Introductory Overview

- Current Data Acquisition Techniques and Company Privacy Disclosure Methods

- Proposed Improvements

- Future Developments


Definitions of Privacy

“Right of people to determine for themselves when, how and to what extent information about them is communicated to others”(Westin 1970)

“Giving people property rights in information about themselves and letting them sell those rights freely”(Posner 1984)


Where does Privacy comes into play?

- Data Collection

- Profiling

- Matching

[Kobsa & Teltzrow 2004b]


Collected Data Types

- User Data: demographic data, user skills, knowledge, interests, preferences, goals, plans

- Usage Data: observable usage and usage regularities (usage frequency, action sequences)

- Environment Data: Software and user's current location

\ /[Kobsa & Teltzrow 2004b] USER MODEL


Users Stated Behaviours

- Users being extremely or very concerned about divulging personal information online: 70%

- Users being (extremely) concerned about being tracked online: 65%

[Kobsa & Teltzrow 2004b][Berendt et al.2005]


Users Stated Behaviours II

- Users leaving web sites that required registration information: 40%

- Users having entered fake registration information: 35%

- Users having refrained from shopping online due to privacy concerns, or having bought less: 35%

[Kobsa & Teltzrow 2004b][Berendt et al.2005]


Most common users’ concerns

- Unsolicited Marketing

- Having a Computer “figuring things out” about them

- Simply being watched

- Price Discrimination

[Cranor 2003]


But, at the same time...

Answers to the Question: “Are you currently a registered user with any websites thatrequired you to provide your name and email address at registration?”

[TRUSTe 2004a]


But, at the same time... II

I like registering my information onwebsites because it allows the site toremember me and to customize thecontent I receive when I visit it.

I do not like registering because I have to give personal information about me, but I will do so if it is necessary to obtain content/information that I really want.

I never/almost never register even if I’dlike to access content on the site because I have to give personal information.

[TRUSTe 2004a]


Something Important To Notice!

- Users will be much more tollerant to Data Acquisition when they can perceive the benefits deriving from it [Chellappa 2005]

- There are discrepancies between stated preferences and actual behaviour

[Berendt et al. 2005][Perik et al. 2005]


…and how about Privacy Laws?

- Privacy laws and guidelines usually call forparsimony, purpose-specifity, and user awareness or even user consent in the data collection and processing of personal data. [Kobsa 2001] [Kobsa 2002]

- Privacy laws protect the data of identified or identifiable* individuals in more than 30 countries, and a few states and provinces.[Kobsa 2002]

* This is the case, when a user connects to a system through a static IP connection


How to avoid these obstacles?

-Through anonymization

- By respecting privacy laws, self-regulatory privacy principles and/or users’ preferences(implies dealing with architectural issues of privacy management in personalized web sites and communicating to end users companies’ privacy policies). [Kobsa 2003][Kobsa & Teltzrow 2005]


Data Acquisition Techniques Classification

Unconscious

Conscious

Anonymous Identifiable

Session Cookies (ebay), Tracking

Cookies (doubleclick),

Web Log Mining

Spyware (Claria, 180 Solutions)

[eTrust b][Flora 2005]

Username/Password Combinations

Amazon (adaptive customization), IBM (adaptable customization)

Collaborative Filtering

(Audioscrobbler)


Usually not harmful; very limited informations collected, both in quantity and scope (IE for Localization purposes)

Phisical Anonimity:- Proxies (not 100% secure)

- ONION v1 [Mathewson 2005] - TOR (low latency communication through proxies net) [Dingledine & Mathewson 2005] [Mathewson 2005]

JunkBuster – Additional Guidelines

Anonymous Acquisition


Identifiable Acquisition - Amazon


Identifiable Acquisition

- User identification usually happens through a username/password combination

- Happens either through direct acquisition (IE user explicit preferences) or indirect methods (observation, clickstream, purchase history...)

- Have to (or at least should) comply with different international Laws (current approaches: multiple web site versions – IE IBM, use largest permissible dominator – IE Disney Website) [Kobsa & Wang 2005]


Complying with Laws – Policy Disclosure


TRUSTe

Mission: To Build Trust through Privacy

TRUSTe® is an independent, nonprofit organization dedicated to enabling individuals and organizations to establish trusting relationships based on respect for personal identity and information in the evolving networked world. [TRUSTe]

Noticeable are TRUSTe Regulations in case of an affiliate's bankruptcy (...quitean important issue actually!) [TRUSTe 2001]


About P3P

- Platform for Privacy Preferences Project (P3P), by the World Wide Web Consortium [Cranor et al. 2002]

- Automated way for users to gain more control over the use of personal information on Web sites they visit.

- Server Side: standardized set of multiple-choice questions, covering all the major aspects of a Web site's privacy policies, disclosed in a standard, machine-readable format. (XML file, either specified as HTTP1.1 header or P3Pv1 link in page's head)

- Client Side: individual privacy policies stored among other browser preferences; users can easily find them and interact with them


P3P - Server Set-Up


P3P - Client Set-Up


P3P – Working Schema


1.Current lengthy and legalistic privacy statements (alone as they are) “don’t work” [Kobsa & Teltzrow 2005]

2.It's very hard to comply with all international laws (offering multiple versions of a web site might cause a lot of overhead, when different laws differ significantly) [Kobsa & Wang 2005]

Current Implementation Shortcomings


Current Implementation Shortcomings II

3.P3P requires users to make privacy decisions in advance, without regard to specific circumstances in a particular site context; this disregards the situational nature of privacy, where initially stated privacy preferences and actual usage behavior often differ significantly; [Kobsa & Teltzrow 2004a]

4.Low Diffusion (Current P3P adoption rate on the top 100 web sites is only 30%; the Mozilla browser supports it only partially). [Kobsa & Teltzrow 2004a]


Current Implementation Shortcomings III

5.Both P3P and Privacy Policies do not provide information about the benefits of providing the requested data; users indicate to be willing to share personal data more willingly if the site would offer personalized services; [Kobsa & Teltzrow 2004a]

6.They do not enhance users’ understanding of basic privacy settings. [Kobsa & Teltzrow 2004a][Kobsa & Teltzrow 2005]


Why haven’t things evolved yet?

Industry people think they're doing everything well, but it pretty much it seems like they're not...

54% of users think industry's not handling personal data in an appropriate manner; 90% of industry respondents think they're doing well... [Harris Interactive 2000][Responsys 2000]

86% of users think they should be able to control their stored data; only 40% of businesses allow personal data verification, correction and update [Deloitte & Dimension Data 2001]

These discrepancies clearly show that there are some issues regarding Privacy. [Kobsa & Teltzrow 2004b]


Current Proposals for a better Approach

Privacy Policies Should facilitate:

1.Comprehension2.Consciousness3.Control4.Consent

[Kobsa 2001] [Kobsa & Teltzrow 2004b] [Kobsa & Teltzrow 2005]


1.Provide security mechanisms that commensurate with the technical state of the art and the sensitivity of the stored user data;

2.Use a Software Product Line Approach for Handling the very rapidly changing Privacy Constraints in Personalization. [Kobsa & Wang 2005]

3.Provide contextualized privacy informations, keeping privacy statements in the “background”, to fulfill legal requirements and offer reference and (self) protection; [Kobsa & Teltzrow 2005]

Advanced Proposals for a better Approach


Advanced Proposals for a better Approach II

[Kobsa & Teltzrow 2005]


Unconscious Acquisition - CLARIA

Gator Advertising Information Network (GAIN)


- Class: Spyware/Adware (theoretically conscious method)

- Not pirates but Venture Capitals behind (same one investing in Cisco, Sun, Redhat, Iomega,...)

- More than 8 Million Computers Affected Worldwide

- Collected users info include: first name, country, postal code, visited web sites and session behavior (visited pages, elapsed time, response to Gator-launched ads) [eTrust a]

- Information sold to advertisers to allow personalized ads delivery to users

- Commission Theft [Flora 2005]

Unconscious Acquisition – CLARIA II


Privacy Preserving Techniques

- Collaborative Filtering

- Web Based Systems


Privacy in Collaborative Filtering

- Server Oriented: User Data Randomized Perturbation Techniques [Polat & Du 2003]

- Client Oriented: Peer to Peer infrastructure; Community concept; aggregate data only is compared to make predictions [Canny 2002]

- Limited (and scrambled) information flow [Berkovsky et al. 2005]


Privacy in User-Adaptive Systems

The term user-adaptive system denotes a user, a user modeling server, the user’s individual model on this server, and the user-adaptive applicationsthat the user employs and that access this user model.A modeling component denotes a component of a user-adaptive system [Kobsa 2003]


Privacy in User-Adaptive Systems II

- Pseudonymity (and thus anonymity at the transport layer) [Kobsa & Schreck 2003]

- Use of Redundant-Components Architectures (components with similar functionality) [Kobsa 2003]

- Profile and Personae Management (on the server side) [Arlein et al. 2000]

- Use of Identity Management Systems (a client side technique) [Richardson & Greer 2005]


Ongoing Research


Prime- The PRIME project receives research funding from the Community’s Sixth Framework Programme and the Swiss Federal Office for Education and Science.[Hogben & Roessler 2005]

- Integrated Project in the Information Society Technologies Priority

- Duration: 4 years (March 2004 – February 2008)

- Budget: M€ 16

- Number of participants: 20


PRIME II


PRIME III

PRIME takes a highly interdisciplinary approach in order to produce solutions that are

– Technically feasible;

– Understandable and manageable by end users;

– Socially desirable and acceptable;

– Legally required;

– Commercially viable and exploitable.


Appendix A - Bibliography I[Arlein et al. 2000] R.M. Arlein, B. Jai, M. Jakobsson, F. Monrose, M. K. Reiter, Privacy-preserving global customization, in Proceedings of the 2nd ACM conference on Electronic commerce, Minneapolis, Minnesota, USA, ACM Press, USA, 176-184

[Berendt et al. 2005] B. Berendt, O. Günther, S. Spiekermann, Privacy in E-Commerce: Stated Preferences vs. Actual Behavior, Communications of the ACM, volume 48, issue 4 (April 2005) Transforming China, 2005, 101-106

[Berkovsky et al. 2005] S. Berkovsky, Y. Eytani, T. Kuflik, F. Ricci, Privacy-Enhanced Collaborative Filtering, http://www.isr.uci.edu/pep05/papers/PEPfinal.pdf, 2005.

[Canny 2002] J. Canny, Collaborative Filtering with Privacy via Factor Analysis, in ACM Conference on Reasearch and Development in Information Retrieval (Sigr 2002), 2002.

[Chellappa 2005] R. K. Chellappa, R. Sin, Personalization versus Privacy: An Empirical Examination of the Online Consumer’s Dilemma. Information Technology and Management, http://asura.usc.edu/~ram/rcf-papers/per-priv-itm.pdf.

[Cranor 2003] L. Cranor, 'I Didn't Buy it for Myself': Privacy and Ecommerce Personalization, in Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society, October 30, 2003, Washington, DC.

[Cranor et al. 2002] L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, The Platform for Privacy Preferences 1.0 (P3P1.0) Specification - W3C Recommendation 16 April 2002, http://www.w3.org/TR/P3P/, 2002.

[Deloitte & Dimension Data 2001] Deloitte Touche Tohmatsu and Dimension Data, Survey Reveals Major Corporations are Getting Ready for New Privacy Law, http://www.deloitte.com.au/internet/items/item.asp?id=5413, Canberra, Australia, 2001.

[Dingledine & Mathewson 2005] R. Dingledine, N. Mathewson, Tor Protocol Specification, http://tor.eff.org/cvs/tor/doc/tor-spec.txt, 2005.


Appendix A - Bibliography II

[eTrust a] eTrust Spyware Encyclopedia - Gator/GAIN/Claria, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453088629

[eTrust b] eTrust Spyware Encyclopedia - eTrust Spyware Encyclopedia – DoubleClick, http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453060829

[Flora 2005] M. Flora, Spyware: dalla parte dell’attacante, in Proceedings of the E-privacy 2005 Conference - Data retention: da regola ad eccezione, 27-28/05/2005, Firenze, Italy, 2005.

[Harris Interactive 2000] Harris Interactive, A Survey of Consumer Privacy Attitudes and Behaviors, http://www.bbbonline.org/UnderstandingPrivacy/library/harrissummary.pdf, Rochester, NY, USA, 2000

[Hogben & Roessler 2005] G. Hogben, T. Roessler, PRIME: Privacy-Aware Identity Management, http://www.w3.org/2005/Talks/0512-tlr-prime/, 2005.

[Kobsa 2001] A. Kobsa, Tailoring Privacy to Users' Needs (Invited Keynote), in M. Bauer, P.J. Gmytrasiewicz, J. Vassileva (a cura di), User Modeling 2001 - 8th International Conference UM 2001 Sonthofen Germany, July 2001 Proceedings, Springer, Germania, 2001, 303-313.

[Kobsa 2002] A. Kobsa, Personalized Hypermedia and International Privacy, Communications of the ACM, volume 45, issue 5 (May 2002) the adaptive web, 2002, 64-67

[Kobsa 2003] A. Kobsa, A Component Architecture for Dynamically Managing Privacy Constraints in Personalized Web-Based Systems, in R. Dingledine (a cura di), Privacy Enhancing Technologies: Third International Workshop, PET 2003, Dresden, Germany, Springer-Verlag, Germania, 2003, 177-188.


Appendix A - Bibliography III

[Kobsa & Schreck 2003] A. Kobsa, J. Schreck, Privacy Through Pseudonymity in User-Adaptive Systems, ACM Transactions on Internet Technology 3 (2), 2003,149-183. [Kobsa & Teltzrow 2005] A. Kobsa, M. Teltzrow, Contextualized Communication of Privacy Practices and Personalization Benefits: Impacts on Users’ Data Sharing and Purchase Behavior, to appear in D. Martin and A. Serjantov (a cura di), Privacy Enhancing Technologies: Fourth International Workshop, PET 2004, Toronto, Canada. Springer LNCS 3424, 329-343.

[Kobsa & Teltzrow 2004a] A. Kobsa, M. Teltzrow, Communication of Privacy and Personalitation in e-Business, in Proceedings of the Workshop “WHOLES: A Multiple View of Individual Privacy in a Networked World”, Stockholm, Sweden, 2004, Svezia, 2004.

[Kobsa & Teltzrow 2004b] A. Kobsa, M. Teltzrow, Impacts of User Privacy Preferences on Personalized Systems: a Comparative Study, in C.M. Karat, J. Blom and J. Karat (a cura di), Designing Personalized User Experiences for eCommerce, Kluwer Academic Publishers, Olanda, 315-332.

[Kobsa & Wang 2005] A. Kobsa, Yang Wang, A Software Product Line Approach for Handling Privacy Constraints in Web Personalization, http://www.isr.uci.edu/pep05/papers/yang-draft_33.pdf, 2005.

[Kuflik et al. 2003] T. Kuflik, B. Shapira, Y. Elovici e A. Maschiach, Privacy Preservation Improvement by Learning Optimal Profile Generation Rule, in P. Brusilovsky, A. Corbett, F. De Rosis (a cura di), User Modeling 2003 - 9th International Conference UM 2003 Johnstown PA, USA June 2003 Proceedings, Springer, Germania, 2003, 168-177.


Appendix A - Bibliography IV

[Mathewson 2005] N. Mathewson, Mixminion and Tor: Two deployed anonymity networks, in Proceedings of the E-privacy 2005 Conference - Data retention: da regola ad eccezione, 27-28/05/2005, Firenze, Italy, 2005.

[Perik et al. 2005] E. Perik, B. de Ruyter, P. Markopoulos, Privacy & Personalization: Preliminary Results of an Empirical Study of Disclosure Behaviour, http://www.isr.uci.edu/pep05/papers/EPerik_PrivacyPersonalization_UM05.pdf, 2005.

[Polat & Du 2003] H. Polat, W. Du, Privacy-Preserving Collaborative Filtering Using Randomized Perturbation Techniques, in Proceedings of the third IEEE International Conference on Data Mining 11-19/11/2003 Melbourne, Florida.

[Responsys 2000] Responsys.com - Online Marketers Have Little Confidence in Self-Regulation of Internet Privacy, 2000

[Richardson & Greer 2005] B. Richardson, J. Greer, A Single Sign-On Identity Management System Without a Trusted Third Party, http://www.isr.uci.edu/pep05/papers/Brian_Richardson_PEP_2005.pdf, 2005. [Tasso & Omero 2002] C. Tasso, P. Omero, La Personalizzazione dei Contenuti Web, Collana di informatica FrancoAngeli, Italia, 2002, 96-97.

[TRUSTe 2004a] 2004 Q4 Consumer Privacy Study, http://www.truste.org/pdf/Q4_2004_Consumer_Privacy_Study.pdf

[TRUSTe] Privacy Whitepaper, http://www.truste.org/pdf/WriteAGreatPrivacyPolicy.pdf

[TRUSTe 2001] TRUSTe's Guidelines on Mergers, Acquisitions, and Bankruptcies, http://www.truste.org/docs/mabs.doc

1/44 stefano maraspin università degli studi di udine web content personalization course thursday,...

Documents