论文信息 - Standardizing and Implementing Do Not Sell

Standardizing and Implementing Do Not Sell

The California Consumer Privacy Act gives consumers the right to request that businesses do not sell their personal information. "Selling'' is defined broadly and covers, among others, making personal information available to ad networks on websites via third party cookies. We began standardizing and implementing Do Not Sell technologies with the goal of integrating Do Not Sell directly into browser settings. Based on OptMeowt, our proof of concept Do Not Sell browser extension, we conduct experiments on the design, implementation, and current state of Do Not Sell. OptMeowt automatically places Do Not Sell cookies on visited sites and sends Do Not Sell headers per our draft standard. We believe that standardizing Do Not Sell provides an important building block for evolving the web towards increased privacy protections.

Sebastian Zimmeck | Kuba Alicki

[1] Norman M. Sadeh,et al. MAPS: Scaling Privacy Compliance Analysis to a Million Apps , 2019, Proc. Priv. Enhancing Technol..

[2] Norbert Pohlmann,et al. "Your hashed IP address: Ubuntu.": perspectives on transparency tools for online advertising , 2019, ACSAC.

[3] Bin Liu,et al. Automated Analysis of Privacy Requirements for Mobile Apps , 2016, NDSS.

[4] Mark Nottingham. Well-Known Uniform Resource Identifiers (URIs) , 2019, RFC.

[5] Cédric Lauradoux,et al. Security Analysis of Subject Access Request Procedures - How to Authenticate Data Subjects Safely When They Request for Their Data , 2019, APF.

[6] Xiaoyin Wang,et al. GUILeak : Identifying Privacy Practices on GUI-Based Data , 2017 .

[7] Sebastian Zimmeck. The Information Privacy Law of Web Applications and Cloud Computing , 2013 .

[8] Mitsuaki Akiyama,et al. Understanding the Inconsistencies between Text Descriptions and the Use of Privacy-sensitive Resources of Mobile Apps , 2015, SOUPS.

[9] Ram Krishnan,et al. Toward a Framework for Detecting Privacy Policy Violations in Android Application Code , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).