Online information privacy tools for web applications

Seminar Synopsis
5

10
Seminar Title: Online information privacy tools for web applications

Name Of Student: Rohan Deepak Kapdi

15

Roll No: TCOA-12

20 Class: TE-A

Name of Guide:Dr Ganesh Regulwar

25
Name of Department : Computer Engineering

Name of College: Dr. D. Y. Patil Institute of Technology, Pimpri-411018

30

35

40

45

50 Rohan Deepak Kapdi Dr. Ganesh Regulwar

(TCOA-12) (Seminar Guide)

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 1

 Online information privacy tools for web applications

Online information privacy tools for web applications

ABSTRACT :
The increased use of Internet for everyday activities is bringing new threats to personal privacy. This paper
5 gives an overview of existing and potential privacy enhancing technologies for the Internet, as well as
motivation and challenges for future work in this field. Today the service providers are capable of
assembling a huge measure of user information using Big Data techniques. For service providers, user
information has become a vital asset. The present business models are attentive to collect extensive users’
information to extract useful knowledge to the service providers.
10 Considering business models that are slanted towards service providers, privacy has become a crucial issue
in today’s fast growing digital world. Hence, this paper elaborates personal information flow between users,
service providers, and data brokers. Thus, empowering users and enhancing awareness are essential to
comprehending the value of secrecy.

15

INTRODUCTION
Every day, Internet users send ten billion text messages and make one billion posts. This sharing of
messages and post is said as “mass-self communication” by Manuel Castells [1]. This communication
contains personal information. Hence, along with protection of personal information, there is a strong need
20 to notify users about data collection, its use and what next happens to their data.
The developed privacy protection principles like W3C P3P, Privacy by Design, “Laws of Identity” from
Kim Cameron emphasis on notification of data collection, user control over data, minimum data disclosure
and user defined consent for data use. However, today user has no control over their personal information.
Service providers have already assigned a value to personal data. They apply it to build accurate customer
25 profiles, do target advertising, sell and sharing collected information or analyzed information to other
entities without user notification and consent. Personal data is becoming an integral voice of service use on
the network. The present business models focused less on user privacy. The current framework for the
protection of user privacy includes ENISA , OpenID , UMA focused on minimum data disclosure to have
fine-grained control. Data brokers make their revenue by selling user information to publishers and
30 advertisers. Hence, Big data is now the Big business. Practices of data brokers’ raise privacy issues. The end
users are unaware of the involvement of data brokers in the bargain. There is no notification to end user
about the user information collection, manipulation, and sharing. Besides, a recent study taken in

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 2

 Online information privacy tools for web applications
India highlighted the fact that the user privacy concerns could be noteworthy. 65 percent of respondents are
unaware of privacy issues, rights, and knowledge.

5 WHO ARE DATA BROKERS ?

Acxiom, the largest data broker, has gathered information relating to 700 million customers worldwide and
3000 data segments for nearly every U.S. user [14]. In the Indian setting, “Zifzi” company provides IT and
Marketing solutions by providing 12 categories of Indian databases (electronic mail addresses, mobile
numbers, business seekers, credit card holders, statewide and citywide databases, and so on) [15]. This
10 means that, the other clients and need people can buy information like profiles, company, religion,
usernames, salary and income sources, medical history, drug abuses, and sexual orientation from many
information brokers. Internet users do not recognize that the greatest menace to personal data privacy comes
from them.

15

HOW DO DATA BROKERS WORK ?

Data brokers collect the user data from the discrete sources like governments (central and state
government), openly available media (social media, the Internet, blogs) and commercial sources (phone
20 companies, banks, car companies, and so on). After analysis of gathered data, they separate the users as
sports loving, interested in cancer solutions, trekking enthusiasts, blended with political posts, food choices,
and hence along. Besides, they organize collected information into different segments, which are
individually identifiable dossiers that containing, e.g., Marital status, location, income, shopping, hobbies,
job, and travel plan. Then, segmented information is ready to sell to other data brokers, advertisers, or
25 government sectors without the user’s direct awareness .

TOOLS TO SUPPORT PRIVACY

 JustDelete Me:
30 It is a list of the most popular web apps and services by providing links to delete
your account from those services. When you click on a service, you're automatically taken to the page where
you can delete your account so you don't have to go searching for it. Each one (app/service) is color coded
representing the difficulty level of deletion. Green is easy, yellow is medium, red is hard, and black is
impossible. For example, Amazon.com and the NewYorkTimes.com are rated "hard" to delete, while movie

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 3

 Online information privacy tools for web applications
directory IMDB.com and PayPal are listed as "easy." Sites such as Pinterest and Netflix are "impossible".
This Provides up to date information about whether an account is easy to delete before you sign up.

5  Ghostery (anti-tracking tool) :

Ghostery is a tracking tool that can be added to your browser to show you how
you're being tracked online -- and by whom. Available for most modern browsers for desktop and mobile, its
aim is to inform users of how many companies are tracking your activities, like what sites you visit, and
which companies collect data on you in order to serve you adverts. It also (at the time of writing) blocks just
10 shy of 1,980 trackers.

 DuckDuckGo :(Privacy Search Engine)

The best-known example of this is DuckDuckGo. What we like about DuckDuckGo

is it protects searches by stopping 'search leakage' by default. This means visited sites will not know what
other terms a user searched for and will not be sent a user's IP address or browser user agent. It also offers
15 an encrypted version that connects to the encrypted versions of major websites, preserving some privacy
between the user and the site. In addition, DuckDuckGo offers a neat password-protected 'cloud save'
setting that makes it possible to create search policies and sync these across devices using the search engine.

 Tor:(Web Browser)

This Firefox-based browser that runs on the Tor network can be used with
20 Windows, Mac or Linux PCs. This browser is built on an entire infrastructure of ‘hidden' relay servers,
which means that you can use the internet with your IP and digital identity hidden. Unlike other browsers,
Tor is built for privacy only, so it does lack certain security features such as built-in antivirus and anti-
malware software.

25  Privacy Badger

It is a free and open-source browser extension for Google Chrome, Mozilla

Firefox, Opera, and Firefox for Android created by the Electronic Frontier Foundation (EFF). Its purpose is
to promote a balanced approach to internet privacy between consumers and content providers by blocking
advertisements and tracking cookies that do not respect the Do Not Track setting in a user's web browser.

30

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 4

 Online information privacy tools for web applications

 MyPermission:

This is another online privacy protection tool from Online Permissions Technologies for
5 application and browsers. This tool provides real-timealerts to users as soon as any application gets
connected. The user is enabled to control over their data that are accessed by the applications. The single
interface will show the list of all service permissions. This app will give rise to other functionality like
revoke, trust when the user isonline.

10

15

LITERATURE SURVEY
Author Title of Paper Proposed method of Advantages Limitations
Name finding
solution tries to minimize the Even though individuals living in
Enhancing Privacy of User attribute determination such overhead of typical access and using the buildings from which
Information Brokering in Smart as gender, age, geo-location, and control solutions and is, the energy information is collected
Jukka Jalku therefore, suitable for cases
Districts by Adaptive prediction using SNS are not directly monitored, the
Pseudonymization (social network services). where large data streams are collected information may violate
analyzed in real-time. their privacy.
1. In order to improve data
security and availability, a On the one hand, some of these
An Effective Data Privacy PH_WT algorithm based on methods divided too much
Protection Algorithm Based on partitioned histogram data haar wavelet transform is histogram intervals, which violate
Yi Qiao Differential Privacy in Edge
Xi-Hua Ping
publishing algorithm based on proposed.. the ϵ -differential privacy. On the
Computing wavelet transform for other hand, because too many
Xi-Xi Mau 2.The results show that this
information security. algorithm is superior to other intervals are divided and too much
algorithms in privacy noise is added, adding noise to each
protection and data interval makes the data unusable..
availability.
1. The framework enables
a privacy preferences expression device administrators to
A User-Friendly Privacy
framework for BLE-based register their devices and
Shi-Cho Cha Framework for Users to Achieve
Kuo-Hui Yeh Consents With Nearby BLE applications named PrivacyBat. privacy polices. BLE pairing protocol is vulnerable
Zi-Jia Huang Devices The framework defines 2. The proposed framework to brute force attacks
Chunhua Su specifications for users to achieve also defines a standard means
agreements on privacy practices for users to notify BLE
with nearby BLE devices. devices of their privacy
preferences.
Yanqing Yao A Generalized Constraint of introduce α-mutual information It’s well known that entropies Shannon entropy is typically not the
Privacy: α -Mutual Information security via the Rényi entropy for are used to quantify the “right” notion of entropy for
Security a series of privacy schemes and randomness, uncertainty, or cryptography, because it is possible
aim to bridge the gap between diversity of a distribution. to define pathological distributions
statistical security and α-mutual that have high Shannon entropy but
information security. are useless to cryptographic
Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 5
 Online information privacy tools for web applications
Encryption-Free Framework of
Privacy-Preserving Image
Recognition for Photo-Based
Kasuaki
Information Services
Nakamora
algorithms
EnfPire successfully
propose a framework of privacy-
degrades the server's spot-
preserving image recognition
recognition accuracy from encryption cost is computationally
called EnfPire, in which the
99.8% to 41.4% while high in general, which is
server cannot uniquely determine
keeping 86.9% of the spot- undesirable for mobile devices.
the recognition result but client
recognition accuracy on the
users can do so.
user side.

they only consider whether the

Cyber-Physical-Social Aware Extensive evaluation results
peers are innocent or malicious but
Privacy Preserving in Location- we design a CPS-aware algorithm show that the proposed
Konglin Zhu ignore the relationship between the
Based Service to find the Nash equilibrium for approach reduces privacy
Wenke Yan peers, whereas such a relationship
Lin Zhang the maximization of privacy leakage by 50% in the case
between each pairwise of users
utility that malicious servers and
affects the privacy leakage
users exist in the network.
tremendously

The idea of replacing the user

location query by the center of the location privacy
k-Anonymity Location Privacy the anonymous group is preserving algorithm
carrying out the preserving of
Fan Ying Algorithm Based on Clustering proposed. The number of proposed by this paper
location privacy will have an effect
Mei Wu repeated queries is reduced, and alleviates the conflict
Xiao Pan
on the accuracy of user location
the quality of query service is between privacy preserving
Lijuan Zheng Publisher: IEEE information, which will then affect
improved on the premise of and quality of query service
the quality of users’ query service.
ensuring security through the without affecting the security
experimental analysis and of location information.
comparison with other schemes.

OBJECTIVES
The Objectives are as follows :
 To understand the most important privacy risks involved when the user communicates and access
5 variety of online services.As this research revolves around privacy awareness, so it’s vital to know the
understanding of the users towards privacy
 To interpret and analyze the privacy and data policy set by the service providers.

 To improve users’ understanding of privacy policy through visualization tool.

10
 To develop a method to collect user review of services based on user experiences.

 To understand issues and challenges: To get better insights of privacy issues and challenges in privacy
this surveys useful. This survey will give more chances to identify the possible threats to the users’
15 information privacy

TOPIC DESCRIPTIPON
20 Information privacy is considered an important aspect of information sharing.
With the advancement of the digital age, personal information vulnerabilities have increased.

Information privacy may be applied in numerous ways, including encryption, authentication and data
masking - each attempting to ensure that information is available only to those with authorized access.

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 6

 Online information privacy tools for web applications
These protective measures are geared toward preventing data mining and the unauthorized use of personal
information, which are illegal in many parts of the world.

Information privacy relates to different data types, including:

 Internet privacy (online privacy): All personal data shared over the Internet is subject to privacy
5 issues. Most websites publish a privacy policy that details the website's intended use of collected
online and/or offline collected data.
 Financial privacy: Financial information is particularly sensitive, as it may easily used to commit
online and/or offline fraud.
 Medical privacy: All medical records are subject to stringent laws that address user access privileges.
10 By law, security and authentication systems are often required for individuals that process and store
medical records.

15 APPLICATIONS
 These tools are used to enhance Privacy Enhancing Technologies(PET’s).
 Tools help you in keeping your information private.
 You can keep track of wich websites track you and what do they do with your personal data.
 UMA(User Managed Access) tools allows you to choose how your data may be used or what
20 information to provide to certain websites.
 Tools like TOSDr help you to avoid the hidden agreements which you may not read during agreeing the
conditions.

25

REFERENCES

30 1. M. Kuneva, “European Commission - PRESS RELEASES - Press release - Meglena Kuneva

European Consumer Commissioner KeynoteSpeech Roundtable on Online Data Collection,
Targeting and Profiling Brussels, 31 March 2009.” [Online]. Available:
http://europa.eu/rapid/press-release_SPEECH-09-156_en.htm. [Accessed: 17-Dec-2016].

35 2. “P3P: The Platform for Privacy Preferences.” [Online]. Available: http://www.w3.org/P3P/.

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 7
 Online information privacy tools for web applications
[Accessed: 17-Oct-2016].

3. A. Cavokian and D. Reed, “Big Privacy:Bridging Big Data andthe Personal Data Ecosystem
Through Privacy by Design,” 2013. [Online]. Available:
5 https://www.ipc.on.ca/images/Resources/pbd-big_privacy.pdf. [Accessed: 28-Jan-2017].

4. Kim Cameron, “The Laws of Identity -.” [Online]. Available:

http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf. [Accessed: 21-
Sept-2016].
10
5. “Sharing Information: A Day in Your Life | Consumer Information.” [Online]. Available:
http://www.consumer.ftc.gov/media/video-0022-sharing-information-day-your-life.
[Accessed: 18-Dec-2016].

15 6. “The Data Brokers: Selling your personal information.” [Online]. Available:

http://www.cbsnews.com/news/data-brokers-selling-personal-information-60-minutes/.

7. “Getting to know you | The Economist.” [Online]. Available:

http://www.economist.com/news/special-report/21615871-everything-people-do-online
20 avidly-followed-advertisers-and-third-party.

8. “Deliverables — ENISA.” [Online]. Available: https://www.enisa.europa.eu/activities/risk

management/emerging-and-future-risk/deliverables. [Accessed: 12-Jun-2015].

25 9. “OpenID Connect | OpenID.” [Online]. Available: http://openid.net/connect/. [Accessed:

29-Dec-2016].

10. “Home - WG - User Managed Access - Kantara Initiative.” [Online]. Available:

https://kantarainitiative.org/confluence/display/uma/Home. [Accessed: 29-Jan-2017].
30
11. A. Acquisti, “The economics of Personal Data and the Economics of Privacy,” Econ. Pers.
Data Priv. 30 years after OECD Priv. Guidel.

12. H. Olesen and S. Khajuria, “Accessing and Disclosing Protected Resources: A User-Centric
35 View,” in 2015 IEEE 81st Vehicular Technology Conference (VTC Spring), 2015, pp. 1–5.

13. “Sharing Information: A Day in Your Life, Fed. Trade Comm’n,.” [Online]. Available:
http://www.consumer.ftc.gov/media/video-0022-sharing-information-day-your-life.
[Accessed: 19-May-2016].
40
14. “Acxiom, Annual Report 2013.” [Online]. Available:
http://d3u9yejw7h244g.cloudfront.net/wp-content/uploads/2013/09/2013-Annual
Report.pdf.

45 15. “Indian Database.” [Online]. Available:

http://www.zifzi.com/index.php?route=product/category&path=20. [Accessed: 18-May-
2016].

16. Futuresight, “Futuresight:, ‘User perspectives on mobile privacy, Summary of research

50 findings.’” [Online]. Available: http://www.gsma.com/publicpolicy/wp
content/uploads/2012/03/futuresightuserperspectivesonuserprivacy.pdf.

Dr. D. Y. Patil Institute Of Technology, Pimpri, Pune-18 8