Skip to main content
SpringerLink
Log in

PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites

  • Conference paper
  • First Online:
Privacy Technologies and Policy (APF 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10518))

Included in the following conference series:

Abstract

Website owners make conscious and unconscious decisions that affect their users, potentially exposing them to privacy and security risks in the process. In this paper we introduce PrivacyScore, an automated website scanning portal that allows anyone to benchmark security and privacy features of multiple websites. In contrast to existing projects, the checks implemented in PrivacyScore cover a wider range of potential privacy and security issues. Furthermore, users can control the ranking and analysis methodology. Therefore, PrivacyScore can also be used by data protection authorities to perform regularly scheduled compliance checks. In the long term we hope that the transparency resulting from the published assessments creates an incentive for website owners to improve their sites. The public availability of a first version of PrivacyScore was announced at the ENISA Annual Privacy Forum in June 2017.

A German version of this paper with a more detailed discussion of the legal considerations is available at [21].

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Available online at https://privacyscore.org/.

  2. 2.

    See https://github.com/privacyscore.

References

  1. Celery: Distributed task queue (2017). http://www.celeryproject.org/

  2. Common Vulnerabilities and Exposures (2017). https://cve.mitre.org/

  3. Django web framework (2017). https://www.djangoproject.com/

  4. EasyList (2017). https://easylist.to/

  5. Metasploit Penetration Testing Software (2017). https://www.metasploit.com/

  6. Cloudflare: Incident report on memory leak caused by Cloudflare parser bug (2017). https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

  7. Wetter, D.: testssl.sh (2017). https://testssl.sh/

  8. dataskydd: Kommunundersökning (2016). https://dataskydd.net/kommuner-201611/

  9. dataskydd: Webbkoll (2017). https://webbkoll.dataskydd.net/en/

  10. Eckersley, P.: How unique is your web browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010). doi:10.1007/978-3-642-14527-8_1

    Chapter  Google Scholar 

  11. EFF: Privacy Badger (2017). https://eff.org/privacybadger

  12. Englehardt, S., Narayanan, A.: Online tracking: a 1-million-site measurement and analysis. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS 2016), pp. 1388–1401. ACM (2016)

    Google Scholar 

  13. Graham, M.: Robots.txt meant for search engines don’t work well for web archives (2017). https://blog.archive.org/2017/04/17/robots-txt-meant-forsearch-engines-dont-work-well-for-web-archives/

  14. High-Tech Bridge: SSL/TLS Server Test (2017). https://www.htbridge.com/ssl/

  15. Holz, R., Amann, J., Mehani, O., Kâafar, M.A., Wachs, M.: TLS in the wild: an internet-wide analysis of TLS-based protocols for electronic communication. In: Proceedings of the 23nd Annual Network and Distributed System Security Symposium (NDSS 2016). The Internet Society (2016)

    Google Scholar 

  16. Khandelwal, S.: ‘Web Of Trust’ Browser Add-On Caught Selling Users’ Data (2016). http://thehackernews.com/2016/11/web-of-trust-addon.html

  17. Kitterman, S.: Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. RFC 7208 (2014)

    Google Scholar 

  18. Kucherawy, M., Zwicky, E.: Domain-based Message Authentication, Reporting, and Conformance (DMARC). RFC 7489 (2015)

    Google Scholar 

  19. Laperdrix, P., Rudametkin, W., Baudry, B.: Beauty and the beast: diverting modern web browsers to build unique browser fingerprints. In: Proceedings of Symposium on Security and Privacy (S&P 2016), pp. 878–894. IEEE (2016)

    Google Scholar 

  20. Lauinger, T., Chaabane, A., Arshad, S., Robertson, W., Wilson, C., Kirda, E.: Thou shalt not depend on me: analysing the use of outdated javascript libraries on the web. In: Proceedings of the 24th Annual Network and Distributed System Security Symposium (NDSS 2017). The Internet Society (2017)

    Google Scholar 

  21. Maass, M., Laubach, A., Herrmann, D.: PrivacyScore: Analyse von Webseiten auf Sicherheits- und Privatheitsprobleme - Konzept und rechtliche Zulässigkeit. In: INFORMATIK 2017 (to appear). https://arxiv.org/abs/1705.08889, Gesellschaft für Informatik, Bonn (2017)

  22. Mayer, J.R., Mitchell, J.C.: Third-party web tracking: policy and technology. In: Proceedings of Symposium on Security and Privacy (S&P 2013), pp. 413–427. IEEE (2012)

    Google Scholar 

  23. Mayer, W., Zauner, A., Schmiedecker, M., Huber, M.: No need for black chambers: testing TLS in the e-mail ecosystem at large. In: Proceedings of the 11th International Conference on Availability, Reliability and Security (ARES 2016), pp. 10–20. IEEE (2016)

    Google Scholar 

  24. Moxie Marlinspike: sslstrip (2017). https://moxie.org/software/sslstrip

  25. Mozilla: Lightbeam (2017). https://www.mozilla.org/en-US/lightbeam/

  26. Mozilla: Observatory (2017). https://observatory.mozilla.org/

  27. Piwik: Piwik Free Web Analytics Software (2017). https://piwik.org/

  28. Qualys: SSL Server Test (2017). https://www.ssllabs.com/ssltest/

  29. Raymond Hill: uBlock Origin (2017). https://github.com/gorhill/uBlock

  30. Helme, S.: Publishing my daily crawler data for wider analysis (2017). https://scotthelme.co.uk/alexa-top-1-million-analysis-feb-2017

  31. Helme, S.: SecurityHeaders.io (2017). https://securityheaders.io/

  32. Starov, O., Nikiforakis, N.: Extended tracking powers: measuring the privacy diffusion enabled by browser extensions. In: Proceedings of the 26th International Conference on World Wide Web (WWW 2017). ACM (2017)

    Google Scholar 

Download references

Acknowledgments

This work has been co-funded by the DFG as part of project C.1 within the RTG 2050 “Privacy and Trust for Mobile Users”. The authors are grateful to Marvin Hebisch and Nico Vitt, who implemented a prototype, the attendants of the PET-CON 2017.1 workshop, and members of Digitalcourage e. V. for their valuable suggestions.

Author information

Authors and Affiliations

  1. Secure Mobile Networking Lab, Technische Universität Darmstadt, Darmstadt, Germany

    Max Maass

  2. Security in Distributed Systems Group, Universität Hamburg, Hamburg, Germany

    Pascal Wichmann, Henning Pridöhl & Dominik Herrmann

Authors
  1. Max Maass
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pascal Wichmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Henning Pridöhl
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dominik Herrmann
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Max Maass .

Editor information

Editors and Affiliations

  1. Centre for Legal Informatics, University of Vienna, Vienna, Austria

    Erich Schweighofer

  2. A-SIT, Graz, Austria

    Herbert Leitold

  3. European Union Agency for Network and Information Security, Heraklion, Greece

    Andreas Mitrakas

  4. Goethe University Frankfurt, Frankfurt, Hessen, Germany

    Kai Rannenberg

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Maass, M., Wichmann, P., Pridöhl, H., Herrmann, D. (2017). PrivacyScore: Improving Privacy and Security via Crowd-Sourced Benchmarks of Websites. In: Schweighofer, E., Leitold, H., Mitrakas, A., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2017. Lecture Notes in Computer Science(), vol 10518. Springer, Cham. https://doi.org/10.1007/978-3-319-67280-9_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67280-9_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67279-3

  • Online ISBN: 978-3-319-67280-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation