VoyForums
1 CLICK GIVES FREE FOOD!
www.TheHungerSite.com
Protect Habitat with a Click!
www.TheRainforestSite.com
Non-profit ad served by VoyForums...

VoyUser Login optional ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 123456789[10] ]


[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 23:24:56 02/02/16 Tue
Author: robin
Subject: Internet privacy

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large scale computer sharing.[1]

Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.

Some experts such as Steve Rambam, a private investigator specializing in Internet privacy cases, believe that privacy no longer exists; saying, "Privacy is dead – get over it".[2] In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose."[3] On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance

Levels of privacy

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit to and look at online. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, companies are now sending Internet users spam and advertising on similar products.

There are also several governmental organizations that protect individual's privacy and anonymity on the Internet, to a point. In an article presented by the FTC, in October 2011, a number of pointers were brought to attention that helps an individual internet user avoid possible identity theft and other cyber-attacks. Preventing or limiting the usage of Social Security numbers online, being wary and respectful of emails including spam messages, being mindful of personal financial details, creating and managing strong passwords, and intelligent web-browsing behaviours are recommended, among others.[6]

Posting things on the Internet can be harmful or in danger of malicious attack. Some information posted on the Internet is permanent, depending on the terms of service, and privacy policies of particular services offered online. This can include comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can potentially find it and access it. Some employers may research a potential employee by searching online for the details of their online behaviours, possibly affecting the outcome of the success of the candidate.[7]
Risks to Internet privacy

Companies are hired to watch what internet sites people visit, and then use the information, for instance by sending advertising based on one's browsing history. There are many ways in which people can divulge their personal information, for instance by use of "social media" and by sending bank and credit card information to various websites. Moreover, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer potentially more intrusive details about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.[8]

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use.[9] These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults).

Several social networking sites try to protect the personal information of their subscribers. On Facebook, for example, privacy settings are available to all registered users: they can block certain individuals from seeing their profile, they can choose their "friends", and they can limit who has access to one's pictures and videos. Privacy settings are also available on other social networking sites such as Google Plus and Twitter. The user can apply such settings when providing personal information on the internet.

In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued.[10]

Children and adolescents often use the Internet (including social media) in ways which risk their privacy: a cause for growing concern among parents. Young people also may not realise that all their information and browsing can and may be tracked while visiting a particular site, and that it is up to them to protect their own privacy. They must be informed about all these risks. For example, on Twitter, threats include shortened links that lead one to potentially harmful places. In their e-mail inbox, threats include email scams and attachments that get them to install malware and disclose personal information. On Torrent sites, threats include malware hiding in video, music, and software downloads. Even when using a smartphone, threats include geolocation, meaning that one's phone can detect where they are and post it online for all to see. Users can protect themselves by updating virus protection, using security settings, downloading patches, installing a firewall, screening e-mail, shutting down spyware, controlling cookies, using encryption, fending off browser hijackers, and blocking pop-ups.[11][12]

However most people have little idea how to go about doing many of these things. How can the average user with no training be expected to know how to run their own network security (especially as things are getting more complicated all the time)? Many businesses hire professionals to take care of these issues, but most individuals can only do their best to learn about all this.[13]

In 1998, the Federal Trade Commission in the USA considered the lack of privacy for children on the Internet, and created the Children Online Privacy Protection Act (COPPA). COPPA limits the options which gather information from children and created warning labels if potential harmful information or content was presented. In 2000, Children's Internet Protection Act (CIPA) was developed to implement safe Internet policies such as rules[clarification needed], and filter software. These laws, awareness campaigns, parental and adult supervision strategies and Internet filters can all help to make the Internet safer for children around the world.[14]
HTTP cookies
Main article: HTTP cookie

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies—for example, those used by Google Analytics—are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.[15]

In the past, web sites have not generally made the user explicitly aware of the storing of cookies, however tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US law makers to take action in 2011.[16][17] Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but recently, users have become conscious of possible detrimental effects of Internet cookies: a recent study done has shown that 58% of users have at least once, deleted cookies from their computer, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.

The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
use of cross-site scripting or other techniques to steal information from a user's cookies.

Cookies do have benefits that many people may not know. One benefit is that for websites that one frequently visits that requires a password, cookies make it so they do not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's user name and password that a cookie saves. While a lot of sites are free, they have to make a profit some how so they sell their space to advertisers. These ads, which are personalized to one's likes, can often freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies.[18] These cookies are not made by the website itself, but by web banner advertising companies. These third-party cookies are so dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they give out this information to other companies.

Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person’s preferences. These windows are an irritation because they are often hard to close out of because the close button is strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while trying to exit out of it, can take one to another unwanted website.

Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched, would frighten most users.[19]

Some users choose to disable cookies in their web browsers.[20] Such an action can reduce some privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated.[21]

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.
Flash cookies
Main article: Local shared object

When some users choose to disable HTTP cookie to reduce privacy risks as noted, new types of cookies were invented: since cookies are advertisers' main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites.[22] Another 2011 study of social media found that, “Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies.”[23] However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage.[24]

Although browsers such as Internet Explorer 8 and Firefox 3 have added a ‘Privacy Browsing’ setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled[25] or uninstalled,[26] and Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past security defects[27] have allowed spyware or malware to be installed: there have also been problems with Oracle's Java.[28]
Evercookies
Main articles: Zombie cookie and Evercookie

Evercookies, created by Samy Kamkar,[29][30] are JavaScript-based applications which produce cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.[31] Evercookies are one type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.
Anti-fraud uses

Some anti-fraud companies have realized the potential of evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator's computer but hackers can usually easily get rid of these. The advantage to evercookies is that they resist deletion and can rebuild themselves.
Advertising uses

There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. Evercookies enable advertisers to continue to track a customer regardless of if one deletes their cookies or not. Some companies are already using this technology but the ethics are still being widely debated.
Criticism

Anonymizer nevercookies are part of a free Firefox plugin that protects against evercookies. This plugin extends Firefox's private browsing mode so that users will be completely protected from evercookies.[32] Nevercookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.
Device fingerprinting

Device fingerprinting is a fairly new technology that is useful in fraud prevention and safeguarding any information from one's computer. Device fingerprinting uses data from the device and browser sessions to determine the risk of conducting business with the person using the device.[33] This technology allows companies to better assess the risks when business is conducted through sites that include, e-commerce sites, social networking and online dating sites and banks and other financial institutions. ThreatMetrix is one of the leading vendors of device fingerprinting. This company employs a number of techniques to prevent fraud. For example, ThreatMetrix will pierce the proxy to determine the true location of a device.[33] Due to the growing number of hackers and fraudsters using 'botnets' of millions of computers that are being unknowingly controlled,[33] this technology will help not only the companies at risk but the people who are unaware their computers are being used.

It is difficult to surf the web without being tracked by device fingerprinting today. However, for people who do not want device fingerprinting, there are ways to attempt to block fingerprinting. The only ways to stop device fingerprinting cause web browsing to be very slow and websites to display information incorrectly. “There are not convenient options for privacy when it comes to device fingerprinting” said Peter Eckersely a staff scientist at the Electronic Frontier Foundation and privacy-advocacy group. Trying to avoid device fingerprinting is mostly just impractical and inconvenient. Fingerprints are tough to avoid because they are taken from data that are routinely passed from computers to websites automatically. Even if someone changes something slightly, the fingerprinters can still recognize the machine. There is one way to figure out that a device is being fingerprinted. The software JavaScript can be used to collect fingerprinting data. If it asks a browser for specific information, that could be a clue that a fingerprinter is working. Companies that are most known for conducting fingerprinting are advertisers.[34]
Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)

Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) is device fingerprinting software technology that identifies the device (computer, tablet, smartphone, …) being used to access a website. This information in turn can be used to help differentiate legitimate users from those using false identities or those attempting to work anonymously. A.D.A.P.T. uses only HTTP and JavaScript to identify a device and identifies devices without requesting any personal information entered directly by the user. It makes an accurate “fingerprint” of the device by using many different pieces of information including, operating system, browser, and PC characteristics. A.D.A.P.T. is concealed in that the user of the device has no idea that the device is being “fingerprinted” and there is no actual tagging of the device.[35]
Canvas fingerprinting

Canvas fingerprinting is one of a number of browser fingerprinting techniques of tracking online users that allow websites to uniquely identify and track visitors using HTML5 canvas element instead of browser cookies or other similar means.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

[ Contact Forum Admin ]


Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2017 Voyager Info-Systems. All Rights Reserved.