• IIW and Privacy Informer App Updates

    November 10, 2011 • Uncategorized • 0 Comments

    We were hard at work on a development death march for the weeks leading into the Internet Identity Workshop #13 (conference notes to be posted soon on the IIW website), but we succeeded and Dwight showed the Facebook Privacy Informer App at the conference. The goal of the Privacy Informer App is to analyze the inherent privacy risks associated with a particular website or online service. It then convolves the inherent risk metrics with how the viewer has configured their website and browser privacy settings, and generates a final number that rates your personal privacy risk (see this earlier post for more info on the algorithm). Detail data, and strategies for controlling that risk while still getting value out of the website or service, are also provided as a result of the analysis.

    Back in August, when Facebook made major changes in how they present your privacy settings and how they dynamically load their pages, we had to do a major retooling of the screen scraping code in the app. So we created a table driven, asynchronous, sequencing engine in cross-browser compatible JavaScript. Kynetx is used to trigger the app when the browser loads the Facebook Privacy Settings page. The engine runs from the viewer’s browser, which has some advantages and disadvantages over one that runs as a web service.

    To make the basic sequencing engine useful, several “filter” and action functions were created that can be included in the sequence table to scrape information off of Facebook and send it out to the DataBanker server for scoring. The weakness of that approach is that it puts the Facebook page into an iframe.

    Those of you familiar with using iframes know that while they’re useful for creating mash-ups, some websites abuse them to steal Google link “mojo” from the organization that actually created the content. For that reason, many websites include code that detects iframes and refuses to render the content. And that’s what Facebook recently did to break my Privacy Informer app again. Other apps that review your Facebook privacy settings, like the Reclaim Privacy app, appear to have been broken by that same change.

    Now, we have to create a true browser add-on to do the screen scraping without an iframe. That also means that we have to create an add-on for at least four browsers – Safari, Internet Explorer, Firefox and Chrome. It’s good that only some of the URL detection, context data and sequencing need to be coded into the add-on, and that leaves a lot of the code in JavaScript. That should help reduce the difficulty inherent in supporting multiple browsers.

    The Facebook and Chrome versions of the app should be completed soon, and will be posted on DataBanker.com. The next post will describe how Facebook issues helped extend the privacy scoring algorithm to include security and reputation issues. We’ll also list a small sampling of services that provide useful data and tools for understanding your online privacy.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Current ye@r *