25.1. A Concrete Privacy ProblemTo ground the discussion in this chapter, we introduce a concrete privacy problem and a potential solution to the problem; we will refer back to both this problem and its solution throughout the chapter. The privacy problem that we examine is that of web cookies, and our solution is Acumen, a system that we have developed. Acumen uses social processes to help users manage their cookies. Browser cookies are a general mechanism used by web sites to maintain state across multiple web page requests from a single user.[1] While cookies can store arbitrary data, in practice, web sites frequently use cookies as persistent identifiers for users. Using cookies, then, a web site can identify all web page requests that a user makes to the site.
One concern that many Internet users have is the collection of personal data by entities such as corporations and government agencies; these users want the ability to control when, how, and what information they share with such entities. Browser cookies are particularly troublesome in this respect because web sites can use cookies to collect and aggregate information about users. In fact, many web sites can and do use cookies to monitor users' browsing activities and then link this data to personally identifiable information volunteered by users (e.g., name, email address), thereby creating personally identifiable profiles of users.[2] (Another tool used by such web sites is web bugs, discussed by David Martin in Chapter 23.)
Cookies are nearly ubiquitous among the most popular web sites.[3] As such, managing cookies on an individual or per-request basis is often confusing, tedious, and overly invasive for many users. Existing solutions for managing cookies, such as Platform for Privacy Preferences (P3P) user agents,[4] Privoxy,[5] and web browsers' tools, are insufficient at times. These tools are often not well understood by users, offer little awareness of ongoing cookie activity, and provide inflexible settings that do not adapt to changes in users' needs and attitudes.[6], [7] Cookies, then, remain an outstanding privacy problem, and there is a need for tools that enable users to better manage their cookies.
|