Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College"— Presentation transcript:

1 Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College dfk@cs.dartmouth.edu

2 The Web Eases Access o It is easier for you to access information o But, as more of life becomes digital & networked o Commerce... o Communication... o Entertainment... o It is easier for them to track you

3 What Makes the Web Different? “The Web is simply another medium of information distribution and gathering; it differs quantitatively because the volumes are so high and the costs so low" å Junkbusters.com, submission to FTC, 1997

4 Informational Privacy Privacy...is the claim of individuals... to determine for themselves when, how, and to what extent information about them is communicated to others...” å Alan F. Westin

5 Information Protection on the Web l People eavesdropping in your communications l People hacking into personal or proprietary information (in databases, caches, or logs) l People collecting, exchanging, and using personal information

6 Federal Trade Commission o FTC survey of 1400 web sites o 14% provide privacy notice of some kind o 2% list a complete policy o FTC survey of 212 children’s sites o 89% collect personal data o 54% disclose this fact o < 10% provide parental control

7 Outline o Data-collection mechanisms o Correlating data from multiple sources o Possible solutions o Technical solutions o Legal solutions and regulations o Summary

8 Data-Collection Mechanisms o Direct o Information you enter into forms on Web pages o Indirect o Monitoring and recording your surfing activity o Derived o From the correlation of multiple direct and indirect

9 Web forms o Entry boxes on Web page o You might enter identifying information o Name o Address o Social Security number o E-mail address o Credit-card number o password o...

10 Server Logs o Every HTTP request from client to server o URL for page you want o URL for page you’re leaving o Time o IP address of browser o Browser brand & version o OS brand & version o All recorded in a “log” file on server o This web page demonstrates...web page

11 Using Server Logs o Server’s administrator can analyze the logs o Common analysis produces summary statssummary stats o But you can go further… o Try to extract picture of each browsing user o Sequence and timing of accesses o But identified only by IP address

12 Cookies o Data, not food o Data, not software Web server Browser (client) 1. Send request to server ? 3. Send cookie back with future requests to that server ? 2. Send web page and cookie

13 Why Cookies? o Web servers are stateless o They process a sequence of independent requests o No way to link new request with earlier requests o Cookies provide state o Server sends info it wants to remember, as a cookie o Browser stores cookie, possibly for months o Browser sends cookie with new requests

14 The Sweet Side of Cookies o Cookie state allows interactive applications o “Shopping basket” o Automatic log-in o Customized home pages o Personalized “what’s new” listings

15 The Dark (Burnt?) Side of Cookies o Cookies identify your browser to server o From click to click, or session to session o Server can thus track your movements o What pages you fetch, what images you see o How long between fetches o What advertisements you’ve seen o What preferences you chose

16 Other sources o Traditional databases o Direct Marketers o Credit agencies o Motor vehicle records o Magazine subscriptions o … o DejaNews DejaNews o Profile of an author (which newsgroups) Profile of an author

17 Correlating Information o The real danger comes from correlation o Merging information collected in one way o With information collected in another way o Biggest concern: o Data collected about “anonymous” surfer o … is linked with an identified surfer

18 Cookies For Advertising o Consider on-line advertising agency o E.g., doubleclick.netdoubleclick.net o tag leads your browser to fetch ad from agency o Agency sends cookie along with image o Cookies help them to avoid repeating ads

19 Cookies Across Web Sites o Many Web sites reference that agency’s ads o Agency sees every page you reference on every server that sells to Agency o Recall the “referring URL” is sent with every request o Agency can correlate surfing patterns across servers

20 Matching a Name to that Surfer o If one web site learns your identity o Sell the information to agency o Agency uses cookie to locate your surfing pattern o Agency then o uses (or sells) your name and surfing pattern, or o sells your name to other web servers, in real time

21 P3P o Platform for Privacy Preferences Platform for Privacy Preferences o Proposed standard o User specifies privacy preferences o Browser records them o Server specifies privacy policy o Sent to browser on request o Browser matches preferences with policy o Ask user whenever policy weaker than preferences

22 Regulation: Industry o Microsoft o AOL o Apple o Gateway o Netscape o Yahoo! o... o American Advertising Federation o Direct Marketing Association o Disney o MCI o Time Warner o Nationsbank o...

23 Regulation: Congress o Personal Information Privacy Act of 1997 o No traffic in SS#s without consent o Childrens’ Privacy Act of 1997 o Must provide some parental control o But… WIPO Treaties Implementation Act o Passed the House on August 4 o May disallow the removal or blocking of cookies

24 Regulation: White House o Al Gore’s July 31 announcement o Protect personal info and medical records o Stop identity theft o Approved by Senate on 7/30 o Protect children’s privacy on-line o Challenge the private sector o Online Privacy Alliance o Warned them that government will step in

25 Summary o Privacy is hard to find on the Web o Technologies developed for one purpose... o e.g., cookies o Can be used for other purposes o e.g., tracking users’ surfing habits o Correlation mechanisms o You may not be anonymous when you think you are o Regulation likely

26 Web Resources o Collected during this research o http://www.cs.dartmouth.edu/~dfk/tangled-web.html http://www.cs.dartmouth.edu/~dfk/tangled-web.html

Download ppt "Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College"

Similar presentations

The Internet and the Web

The Internet and the Web
Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.

Tips and tools to keep you and your information safe on-line. We will go over a lot of information today, so it is important to pay attention and follow.
Ethical Issues concerning Internet Privacy 1.  Personal information on the Internet has become a hot commodity because it can be collected, exchanged,

Ethical Issues concerning Internet Privacy 1.  Personal information on the Internet has become a hot commodity because it can be collected, exchanged,
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Microsoft Passport www.passport.com Waldemar Swiercz.

Microsoft Passport Waldemar Swiercz.
Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.

Privacy & Security By Martin Perez. Introduction  Information system - People : meaning use, the people who use computers. - Procedures : Guidelines.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.

By: Mr Hashem Alaidaros MKT 445 Lecture 3 Title: Affiliate Marketing.
WEB ANALYTICS Prof Sunil Wattal. Business questions How are people finding your website? What pages are the customers most interested in? Is your website.

WEB ANALYTICS Prof Sunil Wattal. Business questions How are people finding your website? What pages are the customers most interested in? Is your website.
With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.

With Internet Explorer 9 Getting Started© 2013 Pearson Education, Inc. Publishing as Prentice Hall1 Exploring the World Wide Web with Internet Explorer.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Similar presentations

Ads by Google