ITIS 1210 Introduction to Web-Based Information Systems Chapter 48 How Internet Sites Can Invade Your Privacy
Introduction Privacy on the Net Growing concern Much information gathered Who will use it? How will it be used? Three basic technologies of concern Cookies Tracking Bugs
Introduction Some technologies have useful purpose Cookies Tracking May be used maliciously also What if government is behind it? “Big Brother”
Cookies Small data file placed on your computer May contain Username and password Favorite sites Last time you visited Uses: Identifies your preferences Eliminates need to log on
Cookies Name comes from “magic cookie” as used by Unix programmers Packet of data passed between programs Nor meaningful itself Used as an identifier like a coat check ticket Created by Lou Montulli 1994 at Netscape
Cookies Why cookies? The Web is basically “stateless” No memory of previous events A site doesn’t “know” that You’re a user You have an ongoing “conversation” Sites only Accept requests Deliver content
Cookies Cookies are formatted in a special way Can only be read by the site that placed them Where are cookies stored? Netscape Cookies.txt file Each line is one cookie Internet Explorer Tools … Internet Options … Settings … View Files
Cookies How they work You visit a Web site Your browser examines the cookie files If one from that Web site is found Browser sends that file’s information to the site Site now “knows” something about you Servers can place cookies on your hard drive With/without your permission
Cookies Example – you’re shopping on the Web Cookie established for you with a unique “shopping session ID” May have an expiration date Every time you put an item in your cart, the site’s server Erases old cookie Stores new cookie (with all your current items) Server can read your cookie at any time to find the current status
Tracking Examine log files What pages are most popular? What IP addresses are using a site? How many pages are read in a typical visit? What order are pages read in? What page are users on when they click on a link that brings them to another page Clickthrough
Tracking Sniffers Examine packets coming into or out of a site Identifies users Cookies IP addresses
Tracking Accumulates data about Who is making requests? Where are the requests coming from? Average amount of time spent on a site Average number of pages read per session Most popular pages Helps make sites better
Bugs “Bug” as in “wiretap” Can be included in Lets others actually view your Basic purpose is to trace a user’s use of the Web Sites they visit How they get from one site to another Can also be used to intercept
Bugs Works in HTML-enabled An offer of some service or for a product contains two items: JavaScript code that can read the message A “clear GIF” HTML reference to a tiny graphic One pixel in size Transparent (so you can’t see it)
Bugs The JavaScript code reads the Your browser contacts the server to download the clear GIF Remember what’s in a packet? Identifying information Your IP address The server now knows something about you
Bugs The server can place a cookie using identifying information sent by Web bug Can match cookie with identifying information from the Can now track your use of the Internet Who responded to this offer If that person forwards the to someone else the process begins again
Internet Passports Lets user control Which personal information can be released to a Web site What type of information on surfing habits can be gathered How that information can be used
Internet Passports Variety of methods available Platform for Privacy Preferences (P3P) P3P Privacy Finder at Carnegie Mellon University Privacy Finder Privacy Finder Internet Content and Exchange Standard (ICE) ICE Open Profiling Standard (OPS) OPS Starts by filling out a profile For more information search for “internet passport” or go to
Privacy Organizations Electronic Privacy Information Center
Internet Passports Starts by filling out a profile Identifies person Name, address, phone, etc. Identifies Surfing data that can be shared Or not! Profile stored in browser When person visits a Web site the passport is sent to that site
Internet Passports Site’s server examines data in the passport Might automatically log a person in if they included their username and password in the passport While at site the person reads a sports story and buys a book Profile permits inclusion of sports story but not about the purchase
Internet Passports Person visits another site That server “sees” that the person has recently read a sports story But not about the purchase because the passport doesn’t permit it Might then send him an ad about sports memorabilia But not about books on sale
Internet Passports At a different site the server “sees” that the person has restricted information about their buying habits Server declines to send Web pages to a user with this kind of profile The user can’t even view the Web site