Poster: Community-Based Security and Privacy Protection During Web Browsing

When surfing the web today people want to be secure and their data to remain private. Internet users however do not see the protection of their privacy or security as the primary goal of their activity. They do not care for their online security and privacy actively [3]. Frequently appearing unnecessary warning messages constantly lower the users’ trust in those warnings. In this work, we present first ideas of a community based approach known from rating systems in online shopping to provide others with security and privacy relevant information on arbitrary websites. Such a system could then be used to warn users about critical websites and reestablish the users’ trust in warning messages. Using web browsers often leads to errors and warnings that do not denote any immediate danger to the user (e.g. blocking downloads). This leads to users constantly ignoring other warnings that would be really valuable to them [1]. On the other hand, there are cases (especially for phishing attacks) where the user is not alerted at all. Since the browsers security warnings are not absolutely correct, users quickly get habituated to them. We recommend a new approach by using community opinions as in rating systems to make people more comfortable about the source of the warnings. We do this by creating a browser plugin that will be capable of collecting and displaying security and privacy ratings for different web sites. Cranor et al. [2] presented in 2006 thoughts on ”User Interfaces for Privacy Agents” and came up with a particular user interface that was able to visualize the P3P privacy preferences of a website. They called it ”Privacy Bird”. A little bird icon at the top of the browser tells the user how well his privacy preferences match the ones provided by the website owner using P3P. A problem with visualizing P3P is that the information which is matched to the users preferences is provided by the website itself. Like that websites can simply fake their privacy appearance. Another idea to enhance user perception for security risks is security toolbars. Wu et al. [4] provided a good overview over existing toolbars in 2006. They categorized current approaches and compared them during a user study. They found people not noticing the warnings due to the fact that they have another primary goal besides their wish to be secure. Having users participate in classifying good and bad sites may raise the overall awareness for the problem space. Figure 1: Mockup images of the final plugin. Showing a) the browser screen b) the status-bar indication for a site c) the no-voters-yet-warning c) a critical privacy level and d) a critical security level.