Master's defense: Enchancing Web Privacy with Policies and Trust

The Platform for Privacy Preferences (P3P) is a W3C standard that web sites can use to describe their privacy practices. The presence of P3P policies enable users to configure web browsers to constrain what they can and cannot do when visiting sites. It's a good idea that unfortunately is rarely used. We identify two reasons: (i) the languages available to define a user's privacy preferences are not expressive enough and (ii) most web sites do not have published P3P policies. We present enhancements to P3P that use semantic web languages and models of trust to help solve both of these problems. We propose the use of the RDF-based Rei policy language to specify user privacy preferences through an ontological representation of user requirements. We also introduce a new trust model to capture trust between users and websites, as it relates to privacy practices. This model incorporates attributes of a website, which we term as web evaluation statements as they provide a metric for quantifying the trust with website. We formalize this through a Web Evaluation Ontology(WEO). We also show how our proposed architecture is effective even in the absence of published P3P policies. Finally, we demonstrate the relevance of our work to the current web privacy landscape and offer it as a powerful enhancement to the state of the art in Web Privacy.