ABSTRACT
People have criticized on-line services for violating privacy by collecting too much personal information. Though web browsers must generally reveal basic network information such as a user’s current IP address, web sites often collect far more, including a user’s name, physical location, and email address. Service providers justify their data collection on the grounds that users benefit from such activities as they enable personalization of online experience. Unfortunately, there is no way to evaluate this claim as most services that collect information do so either by default, or as a condition of access, making it difficult or inconvenient for users to avoid revealing personal information. In this paper, we present the Phantom Access Agent, a lightweight application designed to conceal personal information from online services that require registration as a condition of access. PAA enables users to complete forms with random registration information and facilitates transparent reregistration on subsequent returns with a single button-click. Unlike several other systems that enhance users’ choices to share or not share personal information, PAA runs on users’ local computers, avoiding dependency on third-parties; whether on the online services themselves to fulfill the promises of their privacy policies or on proxies that offer protection by mediating transactions between individuals and web services. We believe that locating these powers on the client-side better models autonomously chosen privacy preferences.