Open Privacy Bridge
Problem Statement
With every digital account a user creates, they are trusting yet another organization with properly preserving their privacy. Privacy policies and practices aren't always presented in a consumable format so everyday web users are typically blindly giving over control of their digital data.
The Open Privacy Bridge (OpenPB) Solution
Open Privacy Bridge, or OpenPB, is a first of its kind privacy threat intelligence platform. Our platform aggregates elements from a number of sources such as website policies, data breach disclosures, and website cookie analytic tools. OpenPB then presents this information in a consumable format for users in order for them to better understand privacy implications of the services they are currently using.
We believe there is a gap with few technologies offering visibility for the common every day user into how at risk their privacy is, as well as how discoverable these other privacy enabled technologies are.
The OpenPB protocol was originally conceptualized in a MICS first semester project. Our capstone team then formed around making the concept a reality. OpenPB encompasses three core components:
The Platform
The primary element is a web application which aggregates and presents relevant privacy information to a user. We envisioned this application as a privacy version of LastPass, which is used to centrally manage passwords, or Mint, which is used to aggregate financial information for personal budgeting.
The OpenPB Platform may be accessed here.
The Protocol
The second element, which is a key enabler of our solution, is a new privacy specification called the OpenPB protocol. This protocol standardizes privacy taxonomy and enables users to obtain standardized privacy information within an application in an interoperable and REST-like manner. In a similar way a privacy policy provides transparency for humans into the collection of their personal data, the OpenPB protocol provides a complementary machine readable transparency which enables scalability and accountability.
An overview of the architectural design which enables this to work may be found in the side bar.
The Extension
The final element of our solution is the browser extension. Our solution focuses on web applications as a common source of privacy data collection. In order to build a data base of policy, breach, and other aggregated data, we utilize a browser extension to enable information capture. The OpenPB web browser extension is a lightweight application which allows for the capture of web application domains used by an individual.
Acknowledgements
The OpenPB team would like to thank our W295 Capstone instructors Ryan Liu and Dr. Sekhar Sarukkai for their invaluable insights, UC Berkeley's Center for Long Term Cybesecurity (CLTC) for believing in our vision enough to support funding it, Sarah Powazek of CLTC and Cooper Quintin of Electronic Frontier Foundation for their feedback, the SheildsUp team for their encouragement, and to all of our MICS cohort for their support.