Web page privacy risk detection

US 8,621,635 B2
Filed: 08/18/2008
Issued: 12/31/2013
Est. Priority Date: 08/18/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving HTML code associated with a webpage;

processing the HTML code to identify one or more third parties providing content for the webpage based at least in part upon domain names and file names associated with the content;

for individual identified third parties, storing data to relate a third party to one or more webpages for which the third party provides content;

detecting whether a particular third party is in a position to observe browsing habits of a user according to data stored relative to the particular third party, the data representing a number of times the user has encountered the same particular third party across multiple websites;

responsive to said detecting, assigning one of multiple levels of perceived risk to the particular third party based at least in part upon the data exceeding a configurable threshold value that corresponds to the one of the multiple levels of perceived risk; and

responsive to said detecting, outputting a user interface instrumentality that can enable the user to take one or more actions regarding content from the particular third party.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments enable detection of third party content sources that may pose a privacy risk to a user. In at least some embodiments, webpages navigated to via a browser can be processed to identify third party content sources that provide content for the webpages. Data may be stored to relate the third party content sources to webpages in which the third party content is encountered. The data may then be analyzed to determine when a particular third party is in a position to observe browsing habits of a user. Responsive to determining a privacy risk, notification may be output in a variety of ways to inform a user of potentially risky content. In at least some other embodiments, notification can be made by way of a user interface instrumentality that is automatically presented to a user to inform the user of a potentially risky third party content source.

Citations

20 Claims

1. A computer-implemented method comprising:
- receiving HTML code associated with a webpage;
  
  processing the HTML code to identify one or more third parties providing content for the webpage based at least in part upon domain names and file names associated with the content;
  
  for individual identified third parties, storing data to relate a third party to one or more webpages for which the third party provides content;
  
  detecting whether a particular third party is in a position to observe browsing habits of a user according to data stored relative to the particular third party, the data representing a number of times the user has encountered the same particular third party across multiple websites;
  
  responsive to said detecting, assigning one of multiple levels of perceived risk to the particular third party based at least in part upon the data exceeding a configurable threshold value that corresponds to the one of the multiple levels of perceived risk; and
  
  responsive to said detecting, outputting a user interface instrumentality that can enable the user to take one or more actions regarding content from the particular third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1 wherein said detecting and outputting are performed by a Web browser.
  - 3. The computer-implemented method of claim 1, wherein the user interface instrumentality comprises a pop-up window.
  - 4. The computer-implemented method of claim 1, wherein the user interface instrumentality comprises one or more selectable buttons to enable the user to provide input to specify whether to block or allow the content.
  - 5. The computer-implemented method of claim 1, wherein the user interface instrumentality comprises a selectable link to enable the user to obtain additional information regarding the particular third party.
  - 6. The computer-implemented method of claim 5, wherein the selectable link, when selected, causes a redirection to a website of the particular third party to enable the user to obtain the additional information from the particular third party.
  - 7. The computer-implemented method of claim 1, wherein the detecting comprises incrementing a counter associated with the particular third party each time the particular third party is related to a different webpage across multiple domains to which the user has navigated.
  - 8. The computer-implemented method of claim 1 further comprising:
    - receiving input from the user via the user interface instrumentality; and
      
      blocking or allowing the content from the particular third party in accordance with the input from the user.

9. A computer-implemented method comprising:
- receiving HTML code associated with a webpage;
  
  processing the HTML code to identify a content item from a third party content source to be included in the webpage;
  
  merging a record for the content item with another record for another content item based at least in part upon the content item and the other content item having a sufficiently similar domain name and file name to associate the content item and the other content item with the third party content source;
  
  calculating a number of times content from the same third party content source has been encountered in webpages navigated to by an application across multiple websites;
  
  based at least in part upon a calculated number of times, ascertaining whether the third party content source is in a position to observe browsing habits of the user of the application;
  
  assigning one of multiple different levels of perceived risk to the third party content source based at least in part upon the calculated number of times exceeding a configurable threshold value that corresponds to the one of the multiple different levels of perceived risk; and
  
  providing a user interface instrumentality output configured to facilitate one or more selectable actions regarding the third party content source.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer-implemented method of claim 9, further comprising responsive to said ascertaining, outputting a user interface instrumentality to notify the user of a detected third party content source.
  - 11. The computer-implemented method of claim 10, further comprising:
    - presenting the assigned level of perceived risk via the user interface instrumentality output to notify the user of the detected third party content source.
  - 12. The computer-implemented method of claim 10, wherein the user interface instrumentality is in the form of a menu bar item appearing in a menu bar of the application.
  - 13. The computer-implemented method of claim 9, further comprising responsive to said ascertaining, outputting a user interface instrumentality having a plurality of selectable portions to enable the user to take actions with respect to the detected third party content source, the plurality of selectable portions including at least:
    - a selectable button to block content from the third party content source;
      
      a selectable button to allow content from the third party content source; and
      
      a selectable button to defer a decision on content from the third party content source until a subsequent encounter with content from the same third party content source.
  - 14. The computer-implemented method of claim 9, wherein the application is a Web browser.
  - 15. The computer-implemented method of claim 9, wherein the ascertaining comprises comparing the calculated number of times content from the third party content source has been encountered to multiple threshold values each indicative of one of the multiple levels of perceived risk.

16. A system comprising:
- one or more processing devices;
  
  one or more computer readable storage media;
  
  computer readable instructions embodied on the one or more computer readable storage media which, when executed by the one or more processing devices, implement a Web browser that performs operations to;
  
  determine that a content item and another content item are provided by a third party content source based at least in part upon the content item and the other content item having path data that shares a domain name and a file name;
  
  calculate a number of times a third party content source provides content for webpages navigated to by the Web browser that reflects opportunities of the same third party content source across multiple websites to collect browsing data associated with a user based at least in part upon a number of times the third party content source provides the content item or the other content item;
  
  determine when the third party content source is in a position to observe browsing habits of the user based at least in part upon the calculated number of times being within a range of values that correspond to one of multiple different levels of perceived risk, the multiple different levels of perceived risk being assignable to the third party content source; and
  
  output a notification to communicate that the third party content source is in a position to observe browsing habits of the user, the notification including selectable actions regarding the third party content source.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the Web browser outputs the notification as a pop-up window.
  - 18. The system of claim 16, wherein the Web browser outputs the notification as a menu bar item of the Web browser.
  - 19. The system of claim 16, wherein the notification that is output includes a plurality of selectable portions to enable a user to allow, block, or ignore the third party content source that is determined to be in a position to observe browsing habits.
  - 20. The system of claim 16, wherein the Web browser further performs operations to:
    - maintain a database describing encounters in webpages with multiple content items from third party content sources, wherein the database is configured to store data to match uniform resource indicators (URIs) of each of said content items with webpages in which the content items are encountered; and
      
      merge content items in the database based at least in part upon similarities in query strings or parameters of said content items to arrive at the calculated number of times the third party content source provides content for webpages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zeigler, Andrew, Ganjam, Anantha P., Patton, Mara B., Hitchcock, Jessica A., Hachamovitch, Dean J., Chor, Anthony T.
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Lauzon, Thomas C

Application Number

US12/193,587
Publication Number

US 20110016533A1
Time in Patent Office

1,961 Days
Field of Search

726/25, 726/26, 715/808, 715/840
US Class Current

726/25
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/552   involving long-term monitor...

G06F 2221/2119   Authenticating web pages, e...

G06Q 30/00   Commerce

H04L 63/168   above the transport layer

Web page privacy risk detection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Web page privacy risk detection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links