Privacy management on the Web
Publication Date: 2010-Dec-23
The IP.com Prior Art Database
Users of Web sites are rarely aware of the information they are sharing with modern Web browsers hiding much of this from the user. As a result, most Web users are not able to determine how much an organisation knows about them based on their online activity alone. This can lead to concerns over personal privacy and a belief that organisations do not provide adequate protections to the data that they collect. This invention provides a reliable mechanism by which a user of a Web site can conclusively establish what and how much information has been directly shared. This provides a means by which the user can answer the question "how much does this organisation know about me?"
Page 01 of 3
Privacy management on the Web
Current solutions focus on the collection and sharing of information in the form of Web cookies. However, information may be gathered by an organisation through several other means, including interactive prompts, form-filling, the uploading of files and through interaction with Web browser extensions or "add-ins". Each of these cases fail to reliably provide a complete view of information that has been shared during online interaction between the user and the organisation and thus, does not satisfactorily provide an answer to the user.
Other solutions attempt to monitor access to information sources by intercepting calls to well-known API functions. This provides a robust method for identifying the information source but fails to identify what data are actually being retrieved. An example of such a solution is http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx.
The solution herein detects the actual data being accessed and links this to the subject's Web session.
The core of the solution comprises a component that interrogates requests for information, identifying both the source and the target of the request and the payload of the response. The advantage of the solution is the introduction of a common layer for capturing and monitoring of transactions for retrieving information across multiple sources in the system and the user. The component captures each request for data, identifies what is being sought and creates (or appends to) a record that associates this information with the Web session of the user under which this transaction occurred. The user is then able to query this record in order to determine what information has been retrieved from the system (or directly from the user) and where this information has been sent, thus providing a comprehensive historical record of information flow for each Web site visited.
For example, a Web page consists of a form in which the user enters personal details. The user duly enters the required information and submits POST. This information (along with additional data retrieved from some cookies referenced in the Web page) is sent to the Web server. The component in the solution will intercept both the requests for information and the resulting response -- in this example, the Web site is requesting information from the user in the form...