Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Slides:



Advertisements
Similar presentations
What Companies Need to Know about P3P
Advertisements

The Internet and the Web
® Microsoft Office 2010 Browser and Basics.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Lorrie Cranor 1 Privacy Week 5.
ECON 425/563 // CPSC 455/555 NOVEMBER 6, 2008 Online Privacy.
Layer 7- Application Layer
Technological Implications for Privacy David Kotz Department of Computer Science Dartmouth College
Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
Privacy Implications of Online Data Collection Lorrie Faith Cranor AT&T Labs-Research DIMACS Workshop.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
PubMed Search Options (Basic Course: Module 6). Table of Contents  History  Advanced Search  Accessing full text articles from HINARI/PubMed  Failure.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Privacy Week 5 - February 13,
Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Intro - Outlook Show Graphics of Outlook Using Outlook Folders Outlook Web Access Contacts Calendar.
Online Privacy Technologies Dr. Lorrie Faith Cranor AT&T Labs-Research NTIA Online Privacy Technologies Workshop.
Lorrie Faith Cranor AT&T Labs-Research Online Privacy What are People So Concerned About and What is Being Done About it?
Behavior Tracking Dhaval Patel.
Topics Basic Internet Concepts. Types of Information. Search Tools & Techniques. Managing Internet Resources. Browsing a mail. Composing a mail. Attaching.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Online Privacy Concerns.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 History and Philosophy Week.
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
Staying Safe Online Keep your Information Secure.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 P3P I Week 6 - October.
ISP 1600 for Fall 2007 Web.Edu: How Internet Courses Work Course web site: Third meeting September 22, 2007.
CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
Computers and Society Carnegie Mellon University Spring 2005 Lorrie Cranor and Dave Farber 1 Privacy Week 9 - March.
Library Research What to ask? Where to look? Librarian Anna Jones.
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.
Saving State on the WWW. The Issue  Connections on the WWW are stateless  Every time a link is followed is like the first time to the server — it has.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
WEB SERVER SOFTWARE FEATURE SETS
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
Security Privacy Relationship Which FIPs may be relevant to security breaches of customer privacy information? –Must be accountable for all PII in its.
The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
A SSIGNMENT #3 Com tech. ANSL HTML Hypertext Markup Language, a standardized system for tagging text files to achieve font, color, graphic, and hyperlink.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
1 Privacy & Preference Committee Update Ensuring a healthy ecosystem via transparency & trust Date: January 13, 2009 Alan Chapell, President.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
Some from Chapter 11.9 – “Web” 4 th edition and SY306 Web and Databases for Cyber Operations Cookies and.
Fall Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy.
CS 115: COMPUTING FOR THE SOCIO-TECHNO WEB TECHNOLOGIES FOR PRIVATE (AND NOT-SO-PRIVATE) COMMUNICATIONS.
Section A: Web Technology
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February
COOKIES.
Latest Updates on BlackHawk Mines Music : Privacy Policy
CS 115: COMPUTING FOR The Socio-Techno Web
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Configuring Internet-related services
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
Privacy Policy, Law and Technology Online Privacy
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy September 25, 2007

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 2 Evaluating information sources Don’t believe everything you read! News sources are usually a reporter's interpretation of what someone else did Conference and journal papers are first hand reports of research studies that have been peer reviewed but journals usually have more review than conferences Technical reports are usually first hand reports of research studies that have not been peer reviewed (yet) Look for subsequent conference or journal publications Web sites and books are anything goes, but books at least have an editor (usually) When possible, cite research results and technical information from peer reviewed sources Research and Communication Skills

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 3 Homework 2 discussion Technology that causes privacy concerns Privacy risks and consequences Applying OECD principles Laws and self regulation What FIP does it address? Effectiveness?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 4 Homework 3 ch-fa07/hw/hw3.html ch-fa07/hw/hw3.html Don’t forget, project brainstorming due next Tuesday!

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 5 How are online privacy concerns different from offline privacy concerns?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 6 Web privacy concerns Data is often collected silently Web allows large quantities of data to be collected inexpensively and unobtrusively Data from multiple sources may be merged Non-identifiable information can become identifiable when merged Data collected for business purposes may be used in civil and criminal proceedings Users given no meaningful choice Few sites offer alternatives

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 7 Browser Chatter Browsers chatter about IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested  URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties  Advertising networks Anyone who might subpoena log files later

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 8 Typical HTTP request with cookie GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQU LL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 9 Referer log problems GET methods result in values in URL These URLs are sent in the referer header to next host Example: rder?name=Tom+Jones&address=here +there&credit+card= & PIN=1234&->index.html Access log example

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 10 Cookies What are cookies? What are people concerned about cookies? What useful purposes do cookies serve?

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 11 Cookies 101 Cookies can be useful Used like a staple to attach multiple parts of a form together Used to identify you when you return to a web site so you don’t have to remember a password Used to help web sites understand how people use them Cookies can do unexpected things Used to profile users and track their activities, especially across web sites

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 12 How cookies work – the basics A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically browsersite Please store cookie xyzzy First visit to site browsersite Here is cookie xyzzy Later visits

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 13 How cookies work – advanced Cookies are only sent back to the “site” that set them – but this may be any host in domain Sites setting cookies indicate path, domain, and expiration for cookies Cookies can store user info or a database key that is used to look up user info – either way the cookie enables info to be linked to the current browsing session Database Users … … Visits … Send me with any request to x.com until 2008 Send me with requests for index.html on y.x.com for this session only User=Joe = x.com Visits=13 User=

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 14 Cookie terminology Cookie Replay – sending a cookie back to a site Session cookie – cookie replayed only during current browsing session Persistent cookie – cookie replayed until expiration date First-party cookie – cookie associated with the site the user requested Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 15 Web bugs Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred Also called web beacons, clear gifs, tracker gifs,etc. Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page Also embedded in HTML formatted messages, MS Word documents, etc. For software to detect web bugs see:

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 16 How data can be linked Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie Number of times you visit a link, time, date What page you visit What page you visited last Information you type into a web form If multiple cookies are replayed together, they are usually logged together, effectively linking their data Narrow scoped cookie might get logged with broad scoped cookie

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 17 Ad networks Ad company can get your name and address from CD order and link them to your search Ad search for medical information set cookie buy CD replay cookie Search ServiceCD Store

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 18 What ad networks may know… Personal data: address Full name Mailing address (street, city, state, and Zip code) Phone number Transactional data: Details of plane trips Search phrases used at search engines Health conditions “It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 19 Online and offline merging In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90% of US households. In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases By the first week in March 2000 the plans were put on hold Stock dropped from $125 (12/99) to $80 (03/00)

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 20 Offline data goes online… The Cranor family’s 25 most frequent grocery purchases (sorted by nutritional value)!

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 21 Steps sites take to protect privacy Opt-out cookie DoubleClick ck/privacy/ad-cookie/ ck/privacy/ad-cookie/ Purging identifiable data from server logs Amazon.com honor system p/how-we-know.html/ p/how-we-know.html/

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 22 Subpoenas Data on online activities is increasingly of interest in civil and criminal cases The only way to avoid subpoenas is to not have data In the US, your files on your computer in your home have much greater legal protection that your files stored on a server on the network

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.