Security and privacy in user modeling

User-adaptive (or "personalized") systems take individual character­ istics of their current users into account and adapt their behavior ac­ cordingly. Several empirical studies demonstrate their benefits in areas like education and training, online help for complex software, dynamic information delivery, provision of computer access to people with dis­ abilities, and to some extent information retrieval. Recently, personal­ ized systems have also started to appear on the World Wide Web where they are primarily used for customer relationship management. The aim hereby is to provide value to customers by serving them as individuals and by offering them a unique personal relationship with the business. Studies show that web visitors indeed spend considerably more time at personalized than at regular portals and view considerably more web pages. Personalized sites in general also draw more visitors and turn more visitors into buyers. Personalization therefore would look like a win-win technology for both consumers and online businesses. However, it has a major down­ side: in order to be able to exhibit personalized behavior, user-adaptive systems have to collect considerable amounts of personal data and "lay them in stock" for possible future usage. Moreover, the collection of information about the user is often performed in a relatively inconspic­ uous manner (such as by monitoring users' web navigation behavior), in order not to distract users from their tasks.

0 Introduction.- 1. User Modeling.- 2. Privacy.- 3. Security.- 4. Requirements for Anonymity and Pseudonymity.- 5. Requirements for Security.- 6. Solutions for Anonymity and Pseudonymity.- 7. Solutions for Security.- 8. Selected User Modeling Components.- 9 Summary and Conclusion.- References.

User-adaptive (or "personalized") systems take individual character istics of their current users into account and adapt their behavior ac cordingly. Several empirical studies demonstrate their benefits in areas like education and training, online help for complex software, dynamic information delivery, provision of computer access to people with dis abilities, and to some extent information retrieval. Recently, personal ized systems have also started to appear on the World Wide Web where they are primarily used for customer relationship management. The aim hereby is to provide value to customers by serving them as individuals and by offering them a unique personal relationship with the business. Studies show that web visitors indeed spend considerably more time at personalized than at regular portals and view considerably more web pages. Personalized sites in general also draw more visitors and turn more visitors into buyers. Personalization therefore would look like a win-win technology for both consumers and online businesses. However, it has a major down side: in order to be able to exhibit personalized behavior, user-adaptive systems have to collect considerable amounts of personal data and "lay them in stock" for possible future usage. Moreover, the collection of information about the user is often performed in a relatively inconspic uous manner (such as by monitoring users' web navigation behavior), in order not to distract users from their tasks.

0 Introduction.- 1. User Modeling.- 2. Privacy.- 3. Security.- 4. Requirements for Anonymity and Pseudonymity.- 5. Requirements for Security.- 6. Solutions for Anonymity and Pseudonymity.- 7. Solutions for Security.- 8. Selected User Modeling Components.- 9 Summary and Conclusion.- References.