The landscape of the World Wide Web with all its versatile services heavily relies on the disclosure of private user information. Unfortunately, the growing amount of personal data collected by service providers poses a significant privacy threat for Internet users. Targeting growing privacy concerns of users, privacy-enhancing technologies emerged. One goal of these technologies is the provision of tools that facilitate a more informative decision about personal data disclosures. A famous PET representative is the PRIME project that aims for a holistic privacy-enhancing identity management system. However, approaches like the PRIME privacy architecture require service providers to change their server infrastructure and add specific privacy-enhancing components. In the near future, service providers are not expected to alter internal processes. Addressing the dependency on service providers, this paper introduces a user-centric privacy architecture that enables the provider-independent protection of personal data. A central component of the proposed privacy infrastructure is an online privacy community, which facilitates the open exchange of privacy-related information about service providers. We characterize the benefits and the potentials of our proposed solution and evaluate a prototypical implementation.
Read full abstract