Measuring security and privacy on the Web
The idea and use of PrivacyScore.org
- Track: Decentralised Internet and Privacy devroom
- Room: H.1301 (Cornil)
- Day: Sunday
- Start: 15:30
- End: 15:55
PrivacyScore.org (in public beta since June 2017) is an automated website scanning platform that allows anyone to investigate websites for privacy and security issues. Users can use PrivacyScore to compare related websites (e.g., of all political parties in a country). We will present insights from running the platform, interesting results, and discuss future plans for the platform with the audience.
We present our approach for making the Web a safer place: by making privacy invasions and security mishaps more transparent to users, web site operators, and data protection authorities. This lead us to the creation of PrivacyScore. PrivacyScore is a website scanning platform that simplifies the process of comparing security and privacy aspects of websites. PrivacyScore focuses on lists of websites, while existing scanners such as Webbkoll, Mozilla Observatory, Track the Trackers by Fraunhofer SIT, securityheaders.io, etc. focus on single sites. Furthermore, PrivacyScore is non-commercial and available as open source software. All recorded data is made available publicly for research purposes.
We believe that public benchmarks are a useful tool to improve security and privacy in the long run. On the one hand, such benchmarks can help with raising awareness of users, on the other hand a benchmarking platform like PrivacyScore can be of use for data protection agencies that want to or have to audit content providers in their jurisdiction, which will become more widespread in 2018 with the European general data protection regulation. The generated datasets are also of value for researchers: For instance, we are interested in analyzing whether public "blaming and shaming" poor performance within a peer group of sites creates an incentive for site operators to implement additional security and privacy measures.
In our talk we will present insights on the effectiveness of the public shaming approach that we have gained from running PrivacyScore in public since June 2017. We (and other users) have already created several lists to analyze security and privacy aspects of more than 18,000 sites. In some cases we were able to observe how web site operators react when they learn how their site ranks in comparison to their competitors.
Speakers
Tobias Mueller |