Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Cranor, and Batya Friedman

European Conference on Pattern Languages of Programs

January 2006

A proper security architecture is an essential part of implementing robust and reliable networked applications. Security patterns have shown how reoccurring problems can be best solved with proven solutions. However, while they are critical for ensuring the confidentiality, integrity and availability of computing systems, security patterns do not specifically (or necessarily) address the privacy of individuals. Building on existing privacy pattern work, we identify three privacy patterns for web-based activity: INFORMED CONSENT FOR WEB-BASED TRANSACTIONS, MASKED ONLINE TRAFFIC, and MINIMAL INFORMATION ASYMMETRY. The first pattern addresses a system architecture issue and draws on Friedman’s model for informed consent. The second and third patterns provide support for end-users and extend Jiang’s ‘Principle of Minimum Asymmetry.’ These patterns describe how users can protect their privacy by both revealing less about themselves, and acquiring more information from the party with whom they are communicating.

design tools, privacy