Embed Size (px)
Citation preview
04/12/2023 1
Privacy Concerns
INF 308K Internet Applications
Policy Discussion of
04/12/2023 2
OutlineDefinitions & ContextsWays in which Personal
Information Gets Revealed (Consent, Controversy, & Violation)
Solutions to Protect Online Privacy
Discussion
04/12/2023 3
Definitions & Contexts
04/12/2023 4
What Is Privacy?Privacy -- the ability of an individual or
group to seclude themselves or information about themselves and thereby reveal themselves selectively.
-- a personal, subjective condition. One person cannot decide for another what his or her sense of privacy should be.
04/12/2023 5
How our privacy is affected?
Crime
Cybercrime
Unsolicited Activities
Done Online
Physical Privacy
Informational Privacy
Where your interests ARE immediately violated via the Internet
Where your interests MIGHT be compromised via the Internet
04/12/2023 6
Online PrivacyThe ability to control what
information one reveals about oneself over the Internet, and to control who can access that information.
04/12/2023 7
How people are concerned?
Internet Privacy Internet Security
Where ordinary users are most concerned
Concerns in dispute
04/12/2023 8
How they look at privacy?
“Privacy is the future. Get used to it.”
-- Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001).
“You have zero privacy anyway. Get over it.”
-- Scott McNealy, CEO, Sun Microsystems, 1999
04/12/2023 9
How they look at privacy?
"you have to realize that we're people and we just need privacy and we need our respect and these are just things you have to have as a human being."
-- Britney Spears
June15, 2006
NBC Dateline
04/12/2023 10
Sensitivity of Information (shared in online social networks)
Sensitive information is information or knowledge that might
result in loss of an advantage or level of security if revealed (disclosed) to others who might have low or unknown trustability and/or indeterminable or hostile intentions. Loss, misuse, modification or unauthorized access to sensitive
information can adversely affect the privacy of an individual.
04/12/2023 11
How Your Personal Information Gets Revealed
04/12/2023 12
By ISPInternet Service Providers (ISP)
always know your IP address and the IP address to which you are communicating.
ISPs are capable of observing. unencrypted data passing between you and the Internet, but not properly-encrypted data.
They are usually prevented to do so due to social pressure and law.
04/12/2023 13
By Email
EmailsMay be inappropriately spread by
the original receiver May be interceptedMay be legally viewed or
disclosed by services providers or authorities.
04/12/2023 14
By Listserves & discussion groupsThere is no barrier for unsolicited
messages or Emails within a mailing list or online discussion group.
Any member of the list or group could collect and distribute your Email address and information you post.
04/12/2023 15
By Internet BrowsersMost web browsers can save
some forms of personal data, such as browsing history, cookies, web form entries and password.
You may accidentally reveal such information when using a browser on a public computer or someone’s.
04/12/2023 16
What cookie are?Cookies are data packets sent by a
server to a web client and then sent back unchanged by the client each time it accesses that server.
Cookies are used for authenticating, session tracking and maintaining specific information about users, such as site preferences or the contents of their electronic shopping carts.
Cookies are only data, not programs nor viruses
04/12/2023 17
Why some people dislike cookies? Cookies can be hijacked and
modified by attackers. Cookies can be used to track
browsing behavior so some think they are tagged.
04/12/2023 18
A Sample of Cookie
• If you type JavaScript:alert(document.cookie) into the address bar, when logged onto a site, it is possible to see the cookies which have been set from that domain.
04/12/2023 19
By Search EngineSearch engines have and use the
ability to track each one of your searches (e.g. ,IP address, search terms, time)
04/12/2023 20
What search engines did?
“August, 7, 2006, AOL apologized for releasing search log data on subscribers that had been intended for use with the company's newly launched research site. Almost 2 weeks before that, AOL had quietly released roughly 20 million search records from 658,000 users on their new AOL Research site. The data includes a number assigned to the anonymous user, the search term, the date and time of the search, and the website visited as a result of the search.”
“In January 2006 the U.S. Department of Justice issued a subpoena asking popular search engines to provide a "random sampling" of 1 million IP addresses that used the search engine, and a random sampling of 1 million search queries submitted over a one-week period. The government wanted the information to defend a child pornography law. Microsoft, Yahoo, and AOL reportedly complied with the request, while Google fought the subpoena.”
04/12/2023 21
Privacy Policy Sample Clauses Yahoo: “Yahoo! collects personal information when you register
with Yahoo!, when you use Yahoo! products or services, when you visit Yahoo! pages or the pages of certain Yahoo! partners, and when you enter promotions or sweepstakes. Yahoo! may combine information about you that we have with information we obtain from business partners or other companies.”
Google: “Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. Also, in order to protect you from fraud, phishing, and other misconduct, we may collect information about your interaction with our services. Any such information we collect will only be used to detect and prevent fraud or other misconduct.”
04/12/2023 22
By indirect MarketingWeb bugs: a graphic (in a Web site or
a graphic-enabled email) that can confirm when the message or Web page is viewed and record the IP address of the viewer.
Third party cookies: a web page may contain images or other components stored on servers in other domains. Cookies that are set during retrieval of these components are called third-party cookies.
04/12/2023 23
By Direct MarketingDirect marketing is a sales pitch
targeted to a person based on previous consumer choices. It is ubiquitous these days.
Many companies also sell or share your information to others. This Sharing with other businesses can be done rapidly and cheaply.
04/12/2023 24
By Instant MessagingYour IM conversation can be
saved onto a computer even if only one person agrees.
Workplace IM can be monitored by your employer.
Spim: Spam distributed in IM.
04/12/2023 25
By Social Networks, Blog & Personal WebsitesEmployers and school officials are
increasingly sensitive to the messages you convey in social networks.
04/12/2023 26
Too many cases to list“An October 2007 survey of employers found
that 44% use social networking sites to obtain information about job applicants. And 39% have searched such sites for information about current employees.”
“In 2005 a Pennsylvania high school student was suspended for 10 days and transferred into an alternative education program after making an unflattering MySpace profile for his principal. The ACLU is currently representing the student in a lawsuit against the school district.”
04/12/2023 27
Want to a hacker?
04/12/2023 28
By Official UseCourt records When you file a
lawsuit for divorce or are a party to a civil lawsuit or criminal case, court records, are accessible to the public.
Government The government may want your personal information for law enforcement purposes as well as for foreign intelligence investigations. Various laws govern these procedures.
04/12/2023 29
According to a New York Times article (published February 4, 2006)
AOL receives more than 1,000 subpoenas each month seeking information about AOL users. Most of these subpoenas come from law enforcement and generally ask for the user’s name, address, records of when the individual signed on and off of the Internet, and the IP address.
04/12/2023 30
By Employers
According to the 2005 Electronic Monitoring & Surveillance Survey from the American Management Association and The ePolicy Institute
76% of employers monitor employees' Web site connections;
65% use technology to block connections to banned Web sites;
55% monitor e-mail.
04/12/2023 31
By CybercrimeSpyware takes advantage of security
holes by attacking the browser and forcing it to be downloaded and installed and gather your information without your knowledge.
Phishing occurs when criminal lure the victim into providing financial data.
Pharming occurs when criminals plant programs in the victim’s computer which re-direct the victim from legitimate Web sites to scam look-alike sites.
04/12/2023 32
Solutions to Protect Online Privacy
04/12/2023 33
Cookie Controls
04/12/2023 34
Other Technical ResortsAnti-virus softwareFirewalls & ProxiesEncryption toolsAnonymizer
04/12/2023 35
The Platform for Privacy Preferences (P3P)developed by the World Wide Web
Consortium (W3C), is a protocol allowing websites to declare their intended use of information they collect about browsing users and allow users to configure their browsers or other software tools in such a way that they are notified whether web site privacy policies match their pre-set preferences.
04/12/2023 36
Legal Authorities The Supreme Court has taken a
hands-off approach to regulating the Internet in favor of free speech.
The federal government is increasingly interested in regulating the Internet, for example through child pornography and gambling laws.
The White House appears to welcome the lack of restriction on data sharing and surveillance.
04/12/2023 37
The Only Two Absolute Choices
Insulate yourself from the Internet• Raise awareness of privacy• learn to safeguard your privacy with a minimum sacrifice of convenience
04/12/2023 38
DiscussionHow do you draw the line on online
Privacy? Have you had or heard any bad
experience in which one’s privacy was invaded over the internet? You might want to put forth such a real-life example to alert us.
What do you think of P3P? Any suggestions on how to improve it?
Any conceptual solutions to the general public’s anxiety over online privacy invasion?
