Contact info

Browser Security and Human Values
(Funded by the National Science Foundation)

Research group:

  • Batya Friedman, Colby College
  • Edward Felten, Princeton University
  • Helen Nissenbaum, Princeton University

Executive Summary:

The common good of our information infrastructure depends on well-designed network security that is embraced by the public and private sectors. Well-designed network security requires well-formed technical mechanisms and responsiveness to underlying moral and societal values, as well as a well-thought out system of user interactions. In recent years, significant efforts have been directed toward developing the technical dimensions of network security, but little systematic work investigates and integrates the corresponding dimensions of human values and user experience. This collaborative project provides a model of interdisciplinary collaboration that can deepen our understanding of the cognitive, ethical and social implications of new types of inter-activity. It will study and implement security for a network browser that integrates these three key considerations: technical excellence, responsiveness to moral and societal values, and sensitivity to users' perceptions. It will: (1) develop a conceptual framework, or model, for network security that accounts for human values and user experience; (2) design and implement a working prototype of a network security system guided by the conceptual model; and (3) apply the experience of this project toward a better understanding of methodology for the general purpose of designing technology that is responsive, or sensitive to, human values. Drawing on the technical, philosophical, and social science expertise of the three investigators, the work will begin with a close study of the network security in existing browsers such as Netscape 4.0 and Internet Explorer 4.0. The goal is to characterize the technical mechanisms, grasp value implications, and understand users' perceptions of these systems. Based on this study, the investigators will develop a conceptual model that represents the interaction among technical characteristics, values supported by (or embodied in) the system, and users' perceptions of their interactive experience with it. This model will guide the next phase of the project: to design and implement a prototype for a security configuration that is explicitly responsive to values and users' perceptions. User studies and further philosophical analysis of the prototype will be used, in turn, to refine the security configuration and, ultimately, to refine and assess the model itself. Through industry contacts and other traditional methods, the investigators will disseminate the results of their study, including the conceptual model, prototype, and aspects of the multidisciplinary methodology they develop.

Phantom Access Agent: a Client-Side Approach to Personal Information Control (PDF)

Xaojian Zhao
New York University

Daniel C. Howe
New York University

David MaziŤres
New York University

Helen Nissenbaum
New York University


People have criticized on-line services for violating privacy by collecting too much personal information. Though web browsers must generally reveal basic network information such as a userís current IP address, web sites often collect far more, including a userís name, physical location, and email address. Service providers justify their data collection on the grounds that users benefit from such activities as they enable personalization of online experience. Unfortunately, there is no way to evaluate this claim as most services that collect information do so either by default, or as a condition of access, making it difficult or inconvenient for users to avoid revealing personal information. In this paper, we present the Phantom Access Agent, a lightweight application designed to conceal personal information from online services that require registration as a condition of access. PAA enables users to complete forms with random registration information and facilitates transparent reregistration on subsequent returns with a single button-click. Unlike several other systems that enhance usersí choices to share or not share personal information, PAA runs on usersí local computers, avoiding dependency on third-parties; whether on the online services themselves to fulfill the promises of their privacy policies or on proxies that offer protection by mediating transactions between individuals and web services. We believe that locating these powers on the client-side better models autonomously chosen privacy preferences.

Sustaining the Public Good Vision of the Internet:


Lucas Introna
London School of Economics

Helen Nissenbaum
University Center for Human Values
Princeton University


This paper argues that search engines raise not merely technical issues but also political ones. Our study of search engines suggest that they systematically exclude (in some cases by design and in some accidentally) certain sites in favor of others, systematically give prominence to some at the expense of others. We argue that such biases run counter to the basic architecture of the Web as well as the values and ideals that have fuelled widespread support for its growth and development. We consider ways of addressing the politics of search engines, raising doubts whether, in paricular, the market mechanism could serve as an acceptable corrective.


Email Helen Nissenbaum
Need Help? Web-Master