Be Careful what Be Careful what You Post: The You Post: The Myth of Internet Myth of Internet Privacy Privacy Dr. Art Jipson Dr. Art Jipson University of Dayton Criminal Justice Studies Program Sociology, Anthropology, and Social Work
Aug 31, 2014
Be Careful what You Be Careful what You Post: The Myth of Post: The Myth of Internet PrivacyInternet Privacy
Dr. Art JipsonDr. Art JipsonUniversity of Dayton
Criminal Justice Studies ProgramSociology, Anthropology, and Social Work
Internet Information ConcernsInternet Information Concerns
PrivacySecurity
Bandwidth Content
Public Access Commercialization
Internet Privacy Internet Privacy LawsLaws
“Enjoying the right to privacy means having control over your own personal data and the ability to grant or deny access to others.”
Balancing Act on Privacy Balancing Act on Privacy
Basic IssuesBasic Issues The Children's Online Privacy Protection Act
(COPPA) Gender and Electronic Privacy USA PATRIOT Act Terrorist Information Awareness Cookies Spam Software Spyware
“You have zero privacy [on the Internet] anyway.
Get over it.”
Scott McNealy, 1999CEO, SUN Microsystems
PublicInterest
InProtectingIndividual
Privacy
The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA) The Children's Online Privacy Protection Act
("COPPA") specifically protects the privacy of children under the age of 13 by requesting parental consent for the collection or use of any personal information of the users.
Main requirements of the Act
The Act was passed in response to a growing awareness of Internet marketing techniques that targeted children and collected their personal information from websites without any parental notification.
The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA)
In the 1990s, children began to access the Web more and more. Marketers would track information kids gave out in chat rooms or while playing games (such as addresses, full names, ages, etc.) and would retain this data in order to sell to third parties. It became very easy for anyone to simply send money to one of these companies and receive lists of children’s addresses and personal information.
The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA)
COPPA applies to any website directed specifically at children, any general site which has a children’s section, and any foreign websites aimed at U.S. children
On each website, there must be an easily accessible privacy policy
A web operator must obtain parental permission via credit card, digital signature, or a signed and faxed consent form.
The operator must also make available any information collected about the child to the guardians of the child.
Gender and Electronic PrivacyGender and Electronic Privacy Pretexting and
Cyberstalking:
*Pretexting is the practice of collecting information about a person using false pretenses.
■*Cyberstalking--Coincidence Design, Amy Boyer case
Video voyeurism and webcams
Case of Amy BoyerCase of Amy Boyer Twenty-year-old Amy Boyer lived at home with her parents in Nashua,
New Hampshire, was employed at a local dentist’s office, and had a boyfriend. In early October of 1999, she logged onto the Web with her mother to check out travel rates for a trip she was planning.
On October 15, Amy, ambushed outside the dentist’s office as she got in her car, was shot and killed. Her killer then committed suicide.
Then when police confiscated the killer’s computer, they found the connection—two Web sites devoted to Amy Boyer, created by Liam Youens, 21, who had been carrying a torch for her ever since junior high school. But he did not know Amy and Amy never knew Liam. He’d seen her in the hallway one day, became infatuated, and his “love” grew from there.
As he saw Amy with a new boyfriend, his love became anger, then hate, fueled by two Web sites he created, one on Tripod, the other on Geocities.
A cyberstalking victim? Yes. But like a dangerous intersection that doesn’t get a stop light until someone dies, Amy died before anyone took cyberstalking seriously.
USA PATRIOT ActUSA PATRIOT Act “Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001”
Authorizes the installation of devices to record all computer routing, addressing, and signaling information.
Governs government access to stored email and other electronic communications.
Creates a new exception, permitting government interception of the "communications of a computer trespasser" if the owner or operator of a "protected computer" authorizes the interception. The new exception has broad implications, given that a "protected computer" includes any "which is used in interstate or foreign commerce or communication" (which, with the Internet, includes effectively any computer).
Terrorist Information AwarenessTerrorist Information AwarenessUSA PATRIOT ACT TIA
Objective Surveillance of communications is an essential tool to pursue and stop terrorists. This new law will allow surveillance of all communications used by terrorists, including e-mails, the Internet, and cell phones.
To revolutionize the ability of the United States to detect, classify and identify foreign terrorists – and decipher their plans – and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts.
Strategy Law enforcement agencies have to get a new warrant for each new district they investigate, even when they're after the same suspect. Under this new law, warrants are valid across all districts and across all states. And, finally, the new legislation greatly enhances the penalties that will fall on terrorists or anyone who helps them.
The project would scan the Internet and commercial databases for electronic evidence of terrorist preparations. Intelligence and law enforcement officials would check -- without warrants -- travel and credit card records, Internet mail and banking transactions, new driver's license records and more.
Criticism The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation.
This would create systematic surveillance of Americans on home soil. He is proposing to make government a peeper into lawful transactions among private citizens.
CookiesCookiesA cookie is a mechanism that allows a web site
to record your comings and goings, usually without your knowledge or consent.
Cookies do provide outside sources with personal information, but only information that you give while on the website. Yes, it does violate personal privacy to a degree, but cookies can be turned off or restricted to specific websites.
CookiesCookies
A server cannot set a cookie for a domain that it isn't a member of.
How does a cookie work?
Doubleclick
This usage of cookies is the most controversial, and has led to the polarized opinions on cookies, privacy, and the Internet.
Cookie ConcernsCookie Concerns Snooping Virus carrier Hacking User profiling
Fixing browser bugs eliminatedcookie concerns
EXCEPT for User ProfilingEXCEPT for User Profiling
> Briefly <
And now … Super Cookies
Have you been spammed?Have you been spammed?
SpamSpam Spam is unsolicited commercial e-mail.
Spammers get e-mail addresses in three ways: *by scavenging, the practice of automatically
collecting e-mail addresses listed or posted on web pages and electronic bulletin boards
* by guessing, where the spammer uses dictionary terms or randomly- generated strings to develop e-mail addresses
*and by purchasing e-mail addresses through list brokers.
Currently, there is no federal legislation regulating the transmission of spam.
"Remove me" options
Spambots are looking for you!Spambots are looking for you!
Spambots are programs that search and automatically extract e-mail addresses,
which are then used as targets for spam.
SpamSpam
Case study: One person, six years
SoftwareSoftware Excel WORD PowerPoint
Contained (GUID)Globally Unique Identifier
[Called a Microsoft System ID (MSID) by MSthat included the NIC ethernet address]
All searches (Yahoo…) routed through Microsoft
Internet Explorer V5.0 (search feature)
Windows Media Player (super cookie) Reports media use to MicrosoftContains unique ID serial number accessible by webhttp://www.computerbytesman.com/privacy/supercookiedemo.htm
SpywareSpywareMore than 800 infested programs including:
CuteFTPDigiCAMEzformsGIF AnimatorImage CarouselJPEG OptimizerNetscape Smart DownloadNotepad +PKZIPPrintshopReal AudioplayerTucows uploader
http://www.infoforce.qc.ca/spyware/
Every time you visit a site Every time you visit a site on the Interneton the Internet
you provide you provide information about yourself.information about yourself.
Web BrowsersWeb Browsers
VerificationsVerifications
Publication renewals have requested:■ Birth day■ Birth month■ Birth year■ Birth state■ Birth city■ Color of eyes■ Mother’s maiden name
Do you see the web bug?
Web BugsWeb Bugs
What is a Web Bug?What is a Web Bug? Graphic Usually transparent Usually 1-by-1 pixel size Represented as HTML IMG tag Retrieved from source other than message Found in web site or e-mail
Why a Web Bug?Why a Web Bug? Monitor web site access Collect reader browser info No cookie neededWhen is e-mail readE-mail forwarding record
■Other readers
■Find anonymous e-mail source
Check spam list for active e-mail addresses
Specialized Privacy ProbesSpecialized Privacy Probes
Wiretap■ Web Bug + JAVA code■ Retrieve e-mail comments■ Retrieve mailing list
Computer Triangulation■ Pinpoint physical location
• Country and City (90% accuracy)• ZIP code (possible)
Advertisement CompetitionAdvertisement Competition
A browser window "plug-in" comes bundled with software that hovers pop-ups over
competitors advertisement banners
Free, advertising supported application for filling in forms
HijackwareHijackware
Hidden application could turn every computer running Kazaa into a node of a private network called Altnet and controlled by
Brilliant Digital.
http://news.com.com/2102-1023-875274.html
SETI without the ethics!
Free file sharing software
What can Librarians Do?What can Librarians Do?
Educate yourself so you can inform the patrons of the library
SoftwareSoftware Install system/application security patches Upgrade Windows Media Player Change default (turn off Super Cookie)
UNCHECK
Anonymous web surfingAnonymous web surfing
Internet Explorer plug-in FREE – cannot visit secure sites Blocks IP address Blocks cookies http://www.anonymizer.com/
Encrypted e-mailEncrypted e-mail
PrettyGoodPrivacy
GPG(GNU Privacy Guard)is a PGP compatible alternative
replacement based on the OpenPGP standard
http://www.gnupg.org/
P3PP3PPlatform for Privacy PreferencesPlatform for Privacy Preferences
Industry Standard (16 April 2002) Specify web site privacy policy Compare with user/browser privacy preference
http://www.w3.org/P3P/
P3P ToolP3P Tool
Privacy Bird automatically searches for privacy policies at every website you visit
http://www.privacybird.com/
The bird icon alerts you about Web site privacy policies with a visual symbol and optional sounds.
Non-secure siteNon-secure site
Secure siteSecure site
Cookies are optionalCookies are optional
Netscape■ v3 Options/Network Preferences/Protocols■ v4 Edit/Preferences/Advanced
Internet Explorer■ v3 Internet Options/Advanced■ v4 View/Internet Options/Advanced■ v5 Tools/Internet Options/Security
Cookie Rejection Cookie Rejection
DefaultPreferred
Check the cookie jarCheck the cookie jar
http://www.karenware.com/powertools/ptcookie.html
Manage the Cookie JarManage the Cookie Jar
http://www.analogx.com/ contents/download/network/cookie.htm
CookieWall
Cookie Cop PlusCookie Cop Plus
http://www.pcmag.com/print_article/0,3048,a=7719,00.asp
What to do about spamWhat to do about spam
Ignore Delete Block Filter Change e-mail address
What What NOTNOT to do about spam to do about spam
Do NOT forward Do NOT reply Do NOT send REMOVE request
■ Verified e-mail address■ Verify messages read■ Show lack of anti-spam knowledge
■ RESULTS – MORE SPAMRESULTS – MORE SPAM
Avoiding web spambotsAvoiding web spambots
[email protected] Use a graphic Use a graphic @ symbol Use TABLE Spell out address
■ hintz AT ifas.ufl.edu■ hintz AT ifas DOT ufl DOT edu■ [email protected] (remove NOJUNK)
Do not use “ mailto: ” TAGunless encoded –
mailto:hintz@ufl.edu
Pop-Up DeletePop-Up Delete
Pop-Up and Pop-Under windows that don’t have a close box can
only be removed by using
< A l t > - < F 4 >
Specialized Privacy ProbesSpecialized Privacy Probes
Disable JAVA ScriptIn
E-Mail Client
Install Microsoft patch
http://office.microsoft.com/Assistance/2000/Out2ksecFAQ.aspx
FirewallFirewall
Tiny Personal Firewall 2.0
http://www.tinysoftware.com/
FirewallFirewall
http://www.agnitum.com/products/outpost/
Open ArchitectureSupports plug-ins
Intrusion DetectionAdvertisement BlockingContent FilteringE-mail GuardPrivacy Control
Spyware FirewallSpyware Firewall
http://www.zonealarm.com/
Check both INCOMING and OUTGOING requests
Anti-SpywareAnti-Spyware
http://www.lavasoft.de/
Universal Web FilterProxomitron
eliminate cyber-spam like pop-up windows, alerts, banners, animated GIFs, auto-play music, sounds, dynamic HTML, Java and more
http://www.spamblocked.com/proxomitron/
transforms web pages on the fly
turn off some of those fancy new HTML features that web browsers support
PC CleanerPC Cleaner
http://www.bmesite.com/
InternetSweeper
Where is the source?Where is the source?
http://www.neoworx.com/products/ntx/default.asp
Provide accurate personal information
ONLY
if appropriate for theservices requested.
Would you give personalWould you give personal information to strangers? information to strangers?
24%of users havesupplied falseinformation
Create aVirtual User
John Smith7/7/77
blue eyesred hair
How to protect your privacyHow to protect your privacy Web browsing
■ Use only sites with privacy policy■ Use only secure on-line forms■ Reject unnecessary cookies■ Limit personal information entry■ Provide bogus info when appropriate■ Opt-out of 3rd party info sharing■ Use anonymizers■ Clear cache after browsing
Conclusion:Conclusion:
Remember,the Internet is a public network
If you are connected,
protect yourself
ANY QUESTIONS?ANY QUESTIONS?
Thank you very much for listening!