New Approaches for Ensuring User Online Privacy
Files
TR Number
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
With the increase of requesting personal information online, unauthorized disclosure of user privacy is a significant problem faced by today's Internet. As a typical identity theft, phishing usually employs fraudulent emails and spoofed web sites to trick unsuspecting users into divulging their private information. Even legitimate web sites may collect private information from unsophisticated users such as children for commercial purposes without their parents' consent. The Children's Online Privacy Protection Act (COPPA) of 1998 was enacted in reaction to the widespread collection of information from children and subsequent abuses identified by the Federal Trade Commission (FTC).
COPPA is aimed at protecting child's privacy by requiring parental consent before collecting information from children under thirteen.
In this thesis, we propose two solutions for ensuring user online privacy. By analyzing common characteristics of phishing pages, we propose a client-side tool, Trident, which works as a browser plug-in for filtering phishes. The experiment results show that Trident can identify 98-99% online and valid phishing pages, as well as automatically validate legitimate pages. To protect child's privacy, we introduce the POCKET (parental online consent on kids' electronic privacy) framework, which is a technically feasible and legally sound solution to enforce COPPA. Parents answer a questionnaire on their privacy requirements and the POCKET user agent generates a privacy preferences file. Meantime, the merchants are required to possess a privacy policy that is authenticated by a trusted third party. Only web sites that possess and adhere to their privacy policies are allowed to collect child's information; web sites whose policies do not match the client's preferences are blocked. POCKET framework incorporates a transaction protocol to secure the data exchange between an authenticated client and a POCKET-compliant merchant.