Pri SEC A Privacy Settings Enforcement Controller 30

Background “Notice and Choice” Privacy notices privacy control settings communication and marketing preferences Problem:

Key Idea The main work in that context has been on automatically extracting opt-out

Method Duck. Go: the domain+“privacy” + “settings” Dataset: the privacy policies dataset from Linden

Method Pri. SEC’s Recipe. Generator module leverages the fact that, by default, all components

UI-Element Classification the HTML attributes of “radio buttons” and “text inputs” were consistent and

https: //youtu. be/Am 27 Hd. Q 5 u 1 w https: //youtu. be/YXHw. PGg_Z-M

Manually curated an evaluation set from the top 500 websites from the Amazon Alexa

Semantic Matching Dataset: Natural Language Queries(NLP) 77 tweets + 101 queries User-based Evaluation

the participants took 3. 75 x more time to complete the same task when

Conclusion Pri. SEC received a higher average System Usability Scale (SUS) of 72 compared

Slides: 11

Download presentation

Pri. SEC: A Privacy Settings Enforcement Controller 30 th USENIX Security Symposium (USENIX Security 21) Rishabh Khandelwal University of Wisconsin–Madison rkhandelwal 3@wisc. edu Thomas Linden University of Wisconsin–Madison tlinden 2@wisc. edu Hamza Harkous, Google Inc. harkous@google. com Kassem Fawaz, University of Wisconsin–Madison kfawaz@wisc. edu 汇报人：朱伟盛

Background “Notice and Choice” Privacy notices privacy control settings communication and marketing preferences Problem: users may find it hard to exercise informed privacy control for websites with deep menus for privacy settings.

Key Idea The main work in that context has been on automatically extracting opt-out links from privacy policies (1) building a unified understanding of the privacy control settings that scales across providers and web technologies (2) developing flexible user and programming interfaces that allow the user to interact with the settings in an intuitive way

Method Duck. Go: the domain+“privacy” + “settings” Dataset: the privacy policies dataset from Linden et al. 198 privacy control URLs(43 located behind logins) 498 non-control URLs. 100 for test and rest for training.

Method Pri. SEC’s Recipe. Generator module leverages the fact that, by default, all components designed to handle user interactions are expected to be focusable. Users can switch between elements by pressing the TAB key （tabbing）

UI-Element Classification the HTML attributes of “radio buttons” and “text inputs” were consistent and reliable across the top 500 websites from the Amazon Alexa Top Sites List principle: each group is the list of consecutive selectors of the same UI type that share the lowest common ancestor in HTML parse tree.

https: //youtu. be/Am 27 Hd. Q 5 u 1 w https: //youtu. be/YXHw. PGg_Z-M

Manually curated an evaluation set from the top 500 websites from the Amazon Alexa Top Sites List. 100 privacy control pages across 58 unique domains. Crawler filter 58 domains 9909 candidate URLs for control pages 1400 candidates (95/100). Is-Control classifier Recipe-Generator 94. 3% of the actual privacy control pages 54 in remaining 218 can get recipes. 323 pages (95+218+10)

Semantic Matching Dataset: Natural Language Queries(NLP) 77 tweets + 101 queries User-based Evaluation

the participants took 3. 75 x more time to complete the same task when using the baseline method.

Conclusion Pri. SEC received a higher average System Usability Scale (SUS) of 72 compared to 63 for the manual baseline. Pri. SEC overcomes the open nature of web development through novel algorithms that leverage the invariant behavior and rendering of webpages.