Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.

Slides:



Advertisements
Similar presentations
The Internet and the Web
Advertisements

® Microsoft Office 2010 Browser and Basics.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Communicating Information: Web Design. It’s a big net HTTP FTP TCP/IP SMTP protocols The Internet The Internet is a network of networks… It connects millions.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
ECON 425/563 // CPSC 455/555 NOVEMBER 6, 2008 Online Privacy.
Layer 7- Application Layer
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?
Privacy Implications of Online Data Collection Lorrie Faith Cranor AT&T Labs-Research DIMACS Workshop.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Privacy Week 5 - February 13,
The Internet & The World Wide Web Notes
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Lorrie Faith Cranor AT&T Labs-Research Online Privacy What are People So Concerned About and What is Being Done About it?
Behavior Tracking Dhaval Patel.
Internet Standard Grade Computing. Internet a wide area network spanning the globe. consists of many smaller networks linked together. Service a way of.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy.
The Internet and E-Commerce Back to Table of Contents.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Online Privacy Concerns.
DATA COMMUNICATION DONE BY: ALVIN SAMPATH CARLVIN SAMPATH.
Lecturer: Ghadah Aldehim
The Internet A Wide Area Network across the world The network of networks –Lots of smaller networks joined together.
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
Staying Safe Online Keep your Information Secure.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
Windows Internet Explorer 9 Chapter 1 Introduction to Internet Explorer.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
XHTML Introductory1 Linking and Publishing Basic Web Pages Chapter 3.
XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
Computers and Society Carnegie Mellon University Spring 2005 Lorrie Cranor and Dave Farber 1 Privacy Week 9 - March.
Web Page Design I Basic Computer Terms “How the Internet & the World Wide Web (www) Works”
COOKIES. INTERNET COOKIES What are they Where are they found What should you do about them.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.
Technology Vocabulary Words. Understanding the meaning A motherboard is the main circuit board of the computer. Why do you think it is called a motherboard.
1 UNIT 13 The World Wide Web Lecturer: Kholood Baselm.
How the Web Works Building a Website – Lesson 1. How People Access the Web Browsers People access websites using software called a web browser. To view.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.
Security Privacy Relationship Which FIPs may be relevant to security breaches of customer privacy information? –Must be accountable for all PII in its.
The Internet, Fourth Edition-- Illustrated 1 The Internet – Illustrated Introductory, Fourth Edition Unit B Understanding Browser Basics.
COM: 111 Introduction to Computer Applications Department of Information & Communication Technology Panayiotis Christodoulou.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
1 UNIT 13 The World Wide Web. Introduction 2 Agenda The World Wide Web Search Engines Video Streaming 3.
1 UNIT 13 The World Wide Web. Introduction 2 The World Wide Web: ▫ Commonly referred to as WWW or the Web. ▫ Is a service on the Internet. It consists.
Fall Personal privacy Rights of individuals/entities Informational /database protection Government Regulation & surveillance Workplace Privacy.
CS 115: COMPUTING FOR THE SOCIO-TECHNO WEB TECHNOLOGIES FOR PRIVATE (AND NOT-SO-PRIVATE) COMMUNICATIONS.
Technology Vocabulary Words
How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February
Unit 11 Using the Internet & Browsing the Web
Evolution of Internet.
Unit 12 Using the Internet & Browsing the Web
Introducing the World Wide Web
COOKIES.
Latest Updates on BlackHawk Mines Music : Privacy Policy
INTERNET.
CS 115: COMPUTING FOR The Socio-Techno Web
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Unit 27 Web Server Scripting Extended Diploma in ICT
Configuring Internet-related services
Privacy Policy, Law and Technology Online Privacy
Presentation transcript:

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns Week 4 - February 3, 5

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 2 HW3 discussion Question 1  Examples of good and bad privacy policies - what did you like/dislike? Ban the sale of personal info or compensation? Privacy advocacy group web sites

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 3 How are online privacy concerns different from offline privacy concerns?

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 4 Web privacy concerns Data is often collected silently  Web allows large quantities of data to be collected inexpensively and unobtrusively Data from multiple sources may be merged  Non-identifiable information can become identifiable when merged Data collected for business purposes may be used in civil and criminal proceedings Users given no meaningful choice  Few sites offer alternatives

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 5 Browser Chatter Browsers chatter about  IP address, domain name, organization,  Referring page  Platform: O/S, browser  What information is requested URLs and search terms  Cookies To anyone who might be listening  End servers  System administrators  Internet Service Providers  Other third parties Advertising networks  Anyone who might subpoena log files later

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 6 Typical HTTP request with cookie GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0 QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 7 Referer log problems GET methods result in values in URL These URLs are sent in the referer header to next host Example: rder?name=Tom+Jones&address=here +there&credit+card= & PIN=1234&->index.html Access log example

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 8 Cookies What are cookies? What are people concerned about cookies? What useful purposes do cookies serve?

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 9 Cookies 101 Cookies can be useful  Used like a staple to attach multiple parts of a form together  Used to identify you when you return to a web site so you don’t have to remember a password  Used to help web sites understand how people use them Cookies can do unexpected things  Used to profile users and track their activities, especially across web sites

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 10 How cookies work – the basics A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically browsersite Please store cookie xyzzy First visit to site browsersite Here is cookie xyzzy Later visits

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 11 How cookies work – advanced Cookies are only sent back to the “site” that set them – but this may be any host in domain  Sites setting cookies indicate path, domain, and expiration for cookies Cookies can store user info or a database key that is used to look up user info – either way the cookie enables info to be linked to the current browsing session Database Users … … Visits … Send me with any request to x.com until 2008 Send me with requests for index.html on y.x.com for this session only User=Joe = x.com Visits=13 User=

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 12 Cookie terminology Cookie Replay – sending a cookie back to a site Session cookie – cookie replayed only during current browsing session Persistent cookie – cookie replayed until expiration date First-party cookie – cookie associated with the site the user requested Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested  Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 13 Web bugs Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred Also called web beacons, clear gifs, tracker gifs,etc. Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page Also embedded in HTML formatted messages, MS Word documents, etc. For software to detect web bugs see:

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 14 How data can be linked Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie  Number of times you visit a link, time, date  What page you visit  What page you visited last  Information you type into a web form If multiple cookies are replayed together, they are usually logged together, effectively linking their data  Narrow scoped cookie might get logged with broad scoped cookie

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 15 Ad networks Ad company can get your name and address from CD order and link them to your search Ad search for medical information set cookie buy CD replay cookie Search ServiceCD Store

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 16 What ad networks may know… Personal data:  address  Full name  Mailing address (street, city, state, and Zip code)  Phone number Transactional data:  Details of plane trips  Search phrases used at search engines  Health conditions “It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 17 Online and offline merging In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90% of US households. In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases By the first week in March 2000 the plans were put on hold  Stock dropped from $125 (12/99) to $80 (03/00)

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 18 Offline data goes online… The Cranor family’s 25 most frequent grocery purchases (sorted by nutritional value)!

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 19 Subpoenas Data on online activities is increasingly of interest in civil and criminal cases The only way to avoid subpoenas is to not have data In the US, your files on your computer in your home have much greater legal protection that your files stored on a server on the network

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 20 Spyware Spyware: Software that employs a user's Internet connection, without their knowledge or explicit permission, to collect information  Most products use pseudonymous, but unique ID Over 800 known freeware and shareware products contain Spyware, for example:  Beeline Search Utility  GoZilla Download Manager  Comet Cursor Often difficult to uninstall! Anti-Spyware Sites:    

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 21 Devices that monitor you Creative Labs Nomad JukeBox Music transfer software reports all uploads to Creative Labs. Sportbrain Monitors daily workout. Custom phone cradle uploads data to company Web site for analysis. Sony eMarker Lets you figure out the artitst and title of songs you hear on the radio. And keeps a personal log of all the music you like on the emarker Web site. :CueCat Keeps personal log of advertisements you‘re interested in. See

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 22 Ubiquitous Computing User (devices) communicate with infrastructure that surrounds them  Allows geography to become relevant (new)  Opportunity to aid development E.g., McDonald's Coupons  Walking through a mall  … you have been to McDonald’s  … and you like Big Mac’s  Suddenly, Big Mac coupons appear on your PDA Anybody have a problem with this?

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 23 Tracking (GPS) Global Positioning System (GPS) uses 15+ satellites to triangulate (locate) receiver  Used to track users, vehicles, E-911E-911  Very important for commercial navigation, military applications, and tracking (with transmitter) OnStar uses technology  Offers roadside assistance  Emergency road assistance  Navigation, services locator (e.g., where is gas) Like many other technologies, can be abused  Tracking where people go, when they, who they (potentially) meet, …

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 24 When good technologies go bad … The Nanny Cam  X.10 Camera (heavily advertised on web)  Allows “small footprint” camera to transmit to local computer/TV (undetectable)  Sold to be used to monitor without detection  Transmits data via Any problems here? The Nanny-Cam (NBC)

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 25 HW4 discussion What privacy software did you try? Tell us about it. What privacy concern does it address? If you could commission privacy software, what would it do? Where did you find web bugs? What functions do they perform? Do you think we need to address online privacy issues separately from general privacy issues? Good examples of university privacy policies? What privacy-related areas seem to be missing from CMU policies?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.