CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi,

Slides:



Advertisements
Similar presentations
RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Advertisements

Working with the Internet
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
Back to Table of Contents
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
INTERNET and CODE OF CONDUCT
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Standards and Guidelines for Web Page Publishing December 9, 2009.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
C4- Social, Legal, and Ethical Issues in the Digital Firm
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.
Notes for Discussion on a Privacy Practice © Joe Cleetus.
Canada’s Anti Spam Legislation. What is CASL? CASL was intended to combat negative online behaviour  spam  phishing  malware  spyware  It will create.
CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:
The Significance and Evolution of End User Privacy Julie Earp College of Management North Carolina State University WISE 2010 Sponsored by TRUST June 21-24,
CSU - DCE Webmaster I HTML - Forms - Fort Collins, CO Copyright © XTR Systems, LLC Designing Web Sites using HTML - Introduction to Forms Instructor:
2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.
Data Protection Act AS Module Heathcote Ch. 12.
Protecting Students on the School Computer Network Enfield High School.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Web Site Access Control with Apache Fort Collins, CO Copyright © XTR Systems, LLC Web Site Access Control Using the Apache Web Server Instructor: Joseph.
The Teacher Is In Charge There are dozens of free services, but Gaggle.Net is the only service designed specifically for classroom use. The biggest.
Chapter 8 Browsing and Searching the Web. 2Practical PC 5 th Edition Chapter 8 Getting Started In this Chapter, you will learn: − What is a Web page −
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
CSU - DEO Introduction to CGI - Fort Collins, CO Copyright © XTR Systems, LLC Introduction to the Common Gateway Interface (CGI) Instructor: Joseph DiVerdi,
A Little Bit About Cookies Fort Collins, CO Copyright © XTR Systems, LLC A Little Bit About Cookies Instructor: Joseph DiVerdi, Ph.D., M.B.A.
Internet Architecture and Governance
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Managing the Information Copyright © Texas Education Agency, All rights reserved.
Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.
Restoring Privacy, Cleaning Your Computer's Cookies and Beacons.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
DATA ACCURACY- one of the issues of computer ethics. Providing inaccurate data input results in erroneous information & decision making. Information on.
Microsoft Office 2008 for Mac – Illustrated Unit D: Getting Started with Safari.
CSU - DCE Advanced Perl Introductions - Fort Collins, CO Copyright © XTR Systems, LLC Advanced Perl Programming Instructor: Joseph DiVerdi, Ph.D.
27.1 Chapter 27 WWW and HTTP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
The Internet Technological Background. Topic Objectives At the end of this topic, you should be able to do the following: Able to define the Internet.
Data protection—training materials [Name and details of speaker]
Protecting your search privacy A lesson plan created & presented by Maria Bernhey (MLS) Adjunct Information Literacy Instructor
Unit 2- Privacy and Cyberspace Kaizen MIDTERM Definition of Terms How is Technology eroding our privacy and anonymity? Protecting privacy online.
Top Ten Ways to Protect Privacy Online -Abdul M. Look for privacy policies on Web Sites  Web sites can collect a lot of information about your visit.
TRANSBORDER DATA FLOWS INA MEIRING. THE PROTECTION OF PERSONAL INFORMATION ACT (“POPI”) > 'personal information' means information relating to an identifiable,
CSU - DCE Webmaster I HTML & URLs - Fort Collins, CO Copyright © XTR Systems, LLC Designing Web Sites With HTML - Using Effective Links Instructor:
Surveillance around the world
StudentTranscripts Service Overview
Data Protection Legislation
StudentTranscripts Service Overview
StudentTranscripts Service Overview
G.D.P.R General Data Protection Regulations
Web Privacy Chapter 6 – pp 125 – /12/9 Y K Choi.
StudentTranscripts Service Overview
StudentTranscripts Service Overview
Unit# 5: Internet and Worldwide Web
The activity of Art. 29. Working Party György Halmos
BMV Leisure & Shaftesbury Luxury Lodges GDPR Statement
StudentTranscripts Service Overview
General Date Protection Regulation
Presentation transcript:

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi, Ph.D., M.B.A.

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Privacy is Currently a Concern to –Private Citizens –Organizations –Governments Privacy Means Different Things –Personal Information –Intellectual Property –State Secrets Many, If Not Most, Citizens are poorly or misinformed About Privacy Issues

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Privacy is Certainly to Be a Growing Concern –As Internet-Based Communications & eCommerce Increase in Usage & Popularity Because of the Vast Amount of Data That Can be Collected Using the Internet Because of its Ubiquity –Private Citizens World-Wide Have Expressed Concerns Over Their Right to Privacy However, Many Do Not Understand the True Risks or How to Defend Against Them

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape A shopper –Browsing through various stores –In a physical shopping mall –Stopping to glance at a specific item In a specific store –Does not have to worry that his or her every move is recorded

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Current Web-site & eCommerce Technology –Makes it Technologically Feasible –For Data to be Recorded About Every Item –Clicked-on by a Visitor –Browsing Through An Electronic Shopping Mall or Visiting a Web Site

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Designers & operators of web sites who disregard the privacy of their users do so at their own peril Users of web services who are not concerned with privacy may soon find they have none Users who feel that their privacy has been violated may avoid certain sites and may even avoid the Web

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Relevance to Webmaster Consider: –You are the Webmaster of a commercial site which generated gross annual revenues of $2 million until customers concluded that the site provided insufficient privacy of their personal information –You are a web development consultant who has responsibility for a $200,000 contract to develop a site (any site) which has received numerous privacy violation complaints

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Legislator Weighs In “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.”

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Legislator Weighs In “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.” –Vice-President Albert Gore, July 1998

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Web Privacy in Brief Web Security is a complex topic, encompassing: –Log files –Cookies –Personally Identifiable Information –Anonymizers –Unanticipated Disclosure –Data Encryption –Key Escrow (Agencies) –Key Recovery (Agencies)

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Federal Trade Commission 1998 Report to Congress Articulated Core Principles of privacy protection for Adults widely accepted in the USA, Canada, and Europe: –Notice –Choice –Access –Integrity & Security –Enforcement

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles Notice –Users should be made aware of an entity’s information practices before any personal information is gathered Choice –Users should be given the opportunity to consent or deny any secondary uses of information Other than the processing of the immediate transaction Including mailing notices or data transfer to third parties

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles (con’t) Access –Users should be able to access their personal data and review it without significant delays and should also be able to easily correct inaccurate personal information in a timely manner Integrity & Security –The data regarding users’ personal information should be processed in a fashion so that the data is accurate and that data needs to be kept confidential as it is transmitted, processed, & stored by the entity

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles (con’t) Enforcement –Users should have recourse if any of the above core principles are violated

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC FTC Report

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Personal Information address Postal address Telephone number Social Security Number Date of Birth or Age Gender Education Interests Hobbies

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 Personal data on the Internet shall be: –Processed Fairly & Lawfully –Collected & Processed for Specified, Explicit, Legitimate Purposes –Accurate & Current –Kept No Longer Than Deemed Necessary to Fulfill the Stated Purpose

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 Users have the following rights: –Access to Personal Information –Correction, Erasure, & Blocking of Information –Objection to Usage –Able to Oppose Automated Individual Decisions –Access to Judicial Remedy & Compensation

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 This Directive Affects Many US Companies –All of Which Transact Business in the EU –Gives EU Member Countries a Global Reach With an Attached Liability for Non-Compliance –Requires Non-EU Companies Compliance to Conduct eCommerce in Europe

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Log Files Every time a Web browser views a site’s page, a record is kept in that site’s server’s log files Log files are under the control of the person or organization that controls the Web server –Webmaster? Log files are subject to subpoena

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Log Files (con’t) Each time a page is requested or CGI script run from a web server, the server records the following information in its log files: –Hostname or IP address of requesting computer –Time of day of the request –Requested URL –Time to transfer requested file –User name if HTTP authentication is used –Any errors which occurred –Requesting web browser identifier and OS –Previous web page accessed, i.e., referring link

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Access Log File Contents dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59: ] "GET /magnetometer/ HTTP/1.0" dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59: ] "GET /magnetometer/cgi/lister.pl HTTP/1.0" dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59: ] "GET /magnetometer/gif/MacPerl.gif HTTP/1.0" dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59: ] "GET /magnetometer/gif/top.gif HTTP/1.0" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET / HTTP/1.1" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET /jpeg/banner.jpeg HTTP/1.1" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET /magnetometer/cgi/lister.pl HTTP/1.1" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET /magnetometer/gif/MacPerl.gif HTTP/1.1" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET /magnetometer/gif/top.gif HTTP/1.1" freedu libertysurf.se - - [20/Jul/2000:04:04: ] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.1" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET / HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /jpeg/banner.jpeg HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /classes/index.html HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /classes/DCE0791/index.html HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /classes/DCE0791/materials.html HTTP/1.0" otc18.otc.colostate.edu - - [20/Jul/2000:09:28: ] "GET /classes/DCE0791/materials/imaging_class.ppt HTTP/1.0" 206 1

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link When a URL is requested several pieces of information are supplied to the server with the request including the current URL, either –The currently viewed page –The word “bookmark” –Nothing, if the URL was typed into the “location” The HTTP specification declares that the sending of this information should be an option under the user’s control but no Web browser has implemented this control

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link Uses To gauge the efficacy of companies’ advertisements paid for on certain web sites –Click on an ad and the current URL is supplied to the ad’s server - cha-ching! To measure how customers move through a site By search engines to determine viewers’ predilections –Strong correlation exists between interests and viewed URLs

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link Problems Its presence represents a revelation of personal information –The URL that the user previously viewed Cryptographic protocols, e.g., SSL, are often used to embed personal information in URLs but the subsequent request may result in the passing of that information to another site and without encryption

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC (Infamous) Cookies Introduced by Netscape in Navigator v2.0 Original purpose was to enable a server to track a browser through multiple HTTP requests –Necessary for applications, e.g., shopping cart –Allows storage of a user’s preferences in cookie Intended to improve privacy –Removed the requirement for the server to request and store personal information in a central data bank

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Cookie Issues Rule of unintended consequences Initial implementation allowed any site to request all cookies from a browser thereby revealing (lots of) personal information Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC More Cookie Issues Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display There is an opportunity for abuse

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Cookie File Structure DomainExpirePathSecureExpirationVendor Specific Fields hotwired.lycos.comFALSE/webmonkey/99/09FALSE Lycos_WebographicsSampled

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Controlling Cookie Use It is possible for users to control the actual use of cookies in a browser Open Navigator or Communicator Go to Edit->Preferences->Advanced

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Anonymizers A server designed to act as a certain type of proxy –Browser sends requested URL to anonymizer with anonymizer’s URL –Anonymizer processes request and makes request to requested URL using its own address information –Information from destination site is returned to anonymizer –Anonymizer passes information back to original browser

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Anonymizers (con’t) Vary in sophistication and capabilities Some can’t handle forms Many have problems with active content Hinder personalization Fairly simple to implement Reasons for use: –Personal Values - “…should be able to surf anonymously…” –Advertising on the anonymizer –Monitor use and users of anonymizer - fraudulent and/or oxymoronic

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground Simple but workable policy: –Do not require users to register in order to use site –Allow users to register using their address if they wish to receive information –Do not share a user’s address with any other entity without that user’s explicit permission or as lawfully required –Whenever an message is sent to a user, explain how the address was obtained, and how it can be removed from the mailing list

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground (con’t) Do not make log files publicly accessible Delete log files when no longer needed If log files must be retained online for extended periods of time, remove personally identifiable information Encrypt log files if possible Do not distribute personal information about users Discipline or terminate employees who violate privacy policy

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground (con’t) State site’s Privacy Policy on home page Allow site to be audited by impartial external professionals if questions regarding policies arise

CSU - DCE Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Quick Survey Change your browser’s preferences to require warning when a cookie is requested Take a look right now at some sites (fewer than one dozen) using a browser to determine whether they state the site’s privacy policy Make some notes for discussion When you are done restore the previous cookie preferences

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.