posted on 2006-01-01, 00:00authored byLorrie Faith Cranor, Sasha Romanowsky, Jason Hong, Alessandro Acquisti, Batya Friedman
A proper security architecture is an essential part of implementing robust and reliable
networked applications. Security patterns have shown how reoccurring problems can be
best solved with proven solutions. However, while they are critical for ensuring the
confidentiality, integrity and availability of computing systems, security patterns do not
specifically (or necessarily) address the privacy of individuals. Building on existing
privacy pattern work, we identify three privacy patterns for web-based activity:
INFORMED CONSENT FOR WEB-BASED TRANSACTIONS, MASKED ONLINE TRAFFIC, and
MINIMAL INFORMATION ASYMMETRY. The first pattern addresses a system architecture
issue and draws on Friedman’s model for informed consent. The second and third
patterns provide support for end users and extend Jiang’s ‘Principle of Minimum
Asymmetry.’ These patterns describe how users can protect their privacy by both
revealing less about themselves, and acquiring more information from the party with
whom they are communicating.