PRIVIDOR Mission

PRIVIDOR (Privacy Violation Detector) is a software tool developed by Fraunhofer AISEC for the German Federal Commissioner for Data Protection and Freedom of Information.

The Privacy Violation Detector automatically checks web sites to identify potential privacy violations affecting the visitors of these web sites. PRIVIDOR therefore analyzes several aspects of a web page to detect indicators for such violations. These checks include the following privacy related topics:

  • Cross-site correlation of user behaviour for behavioural targeting
  • Gaining knowledge about the user's browser history (e.g. which social networks the user is involved in or which online banking services are accessed)
  • Usage of local user systems to store user-related information
  • Application of insecure transport mechanisms for input of (confidential) user data

PRIVIDOR Design

For a proper analysis PRIVIDOR simulates the visit of a web site via a remotely controlled modified Firefox browser: The page is downloaded, rendered and the included dynamic content is executed. The page content is then analyzed with the aid of custom Firefox Add-ons which monitor the content's runtime behaviour and trace JavaScript method invocations of DOM objects. Afterwards the collected data is summarized in reports which also include deviations of the behaviour over time. PRIVIDOR is a server-based solution that can be comfortably controlled via a Web Interface.

PRIVIDOR Design

PRIVIDOR Features

Due to its design PRIVIDOR is platform and browser independent and can be used by multiple users at the same time. Additionally PRIVIDOR offers the following features:

  • Watchlist to define (substrings of) URLs which shall be detected if included by the web site (e.g., social network plugins)
  • Integrating new functionalities such as new detection mechanisms for future threats or customization is easy due to the flexible and modular design of PRIVIDOR
  • The PRIVIDOR web interface supports different languages
  • Integrated user management to add, edit, and delete users of the web interface
  • Multiple instances of PRIVIDOR can be run simultaneously
  • URLs can be re-checked automatically in configurable intervals
  • Optionally domain internal links on a web page can be included for future checks of the website
  • Automatic email notifications for new reports

AISEC Offerings

Recent discussions and publications have shown that website operators often include services which seem to be not compliant with german and/or european data privacy regulations, e.g. the Facebook Like Button or the usage of Google Analytics without anonymization features.

PRIVIDOR supports institutions and companies having the need to check many URLs, e.g., with regard to compliance with data privacy regulations. Fraunhofer AISEC offers to support in customizing, extending, deploying, and tailoring of PRIVIDOR to specific individual requirements.

To receive more information on PRIVIDOR please visit our contact section.