Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Policy, Law and Technology Online Privacy

Published byÅke Sandström Modified over 5 years ago

Similar presentations

Presentation on theme: "Privacy Policy, Law and Technology Online Privacy"— Presentation transcript:

1 Privacy Policy, Law and Technology Online Privacy
September 30, 2008

2 Evaluating information sources
Don’t believe everything you read! News sources are usually a reporter's interpretation of what someone else did Conference and journal papers are first hand reports of research studies that have been peer reviewed but journals usually have more review than conferences Technical reports are usually first hand reports of research studies that have not been peer reviewed (yet) Look for subsequent conference or journal publications Web sites and books are anything goes, but books at least have an editor (usually) When possible, cite research results and technical information from peer reviewed sources

3 How are online privacy concerns different from offline privacy concerns?

4 Web privacy concerns Data is often collected silently
Web allows large quantities of data to be collected inexpensively and unobtrusively Data from multiple sources may be merged Non-identifiable information can become identifiable when merged Data collected for business purposes may be used in civil and criminal proceedings Users given no meaningful choice Few sites offer alternatives

5 Unsolicited marketing
Desire to avoid unwanted marketing (spam, postal mail, telemarketing) causes some people to avoid giving out personal information May not seem very important from a privacy perspective, but this is actually one of the biggest concerns that people talk about The computer will track what I do and then I’ll get lots of junk mail about it

6 My computer can “figure things out about me”
The little people inside my computer might know it’s me… … and they might tell their friends

7 Inaccurate inferences
“My TiVo thinks I’m gay!”

8 Surprisingly accurate inferences
Everyone wants to be understood. No one wants to be known.

9 You thought that on the Internet nobody knew you were a dog…
The problem is, you all thought that on the Internet nobody knew you were a dog… …but then you started getting personalized ads for your favorite brand of dog food

10 Price discrimination Concerns about being charged higher prices
Concerns about being treated differently Economists love price discrimination because in theory it leads to everyone being better off, but consumers hate it. Any time there is a suggestion that an ecommerce retailer is engaging in price discrimination, people are outraged.

11 Revealing private information to other users of a computer
Revealing info to family members or co-workers Gift recipient learns about gifts in advance Co-workers learn about a medical condition Revealing secrets that can unlock many accounts Passwords, answers to secret questions, etc.

12 Exposing secrets to criminals
Stalkers, identity thieves, etc. People who break into account may be able to access profile info People may be able to probe recommender systems to learn profile information associated with other users

13 Subpoenas Data on online activities is increasingly of interest in civil and criminal cases The only way to avoid subpoenas is to not have data In the US, your files on your computer in your home have much greater legal protection that your files stored on a server on the network

14 Government surveillance
Governments increasingly looking for personal records to mine in the name of fighting terrorism People may be subject to investigation even if they have done nothing wrong

15 Citizen surveillance

16 Risks may be magnified in future
Wireless location tracking Semantic web applications Ubiquitous computing

17 How online tracking works

18 Browser Chatter Browsers chatter about
IP address, domain name, organization, Referring page Platform: O/S, browser What information is requested URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties Advertising networks Anyone who might subpoena log files later

19 Typical HTTP request with cookie
GET /retail/searchresults.asp?qu=beer HTTP/1.0 Referer: User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) Host: Accept: image/gif, image/jpeg, image/pjpeg, */* Accept-Language: en Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0

20 Referer log problems GET methods result in values in URL
These URLs are sent in the referer header to next host Example: Access log example:

21 Cookies What are cookies? What are people concerned about cookies?
What useful purposes do cookies serve?

22 Cookies 101 Cookies can be useful Cookies can do unexpected things
Used like a staple to attach multiple parts of a form together Used to identify you when you return to a web site so you don’t have to remember a password Used to help web sites understand how people use them Cookies can do unexpected things Used to profile users and track their activities, especially across web sites

23 How cookies work – the basics
A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically Please store cookie xyzzy Here is cookie xyzzy site browser site browser First visit to site Later visits

24 How cookies work – advanced
Cookies are only sent back to the “site” that set them, but this may be any host in domain Sites setting cookies indicate path, domain, and expiration for cookies Cookies can store user info or a database key that is used to look up user info Either way the cookie enables info to be linked to the current browsing session Send me with any request to x.com until 2008 Send me with requests for index.html on y.x.com for this session only Database Users … Visits … User=Joe = x.com Visits=13 User=

25 Cookie terminology Cookie Replay – sending a cookie back to a site
Session cookie – cookie replayed only during current browsing session Persistent cookie – cookie replayed until expiration date First-party cookie – cookie associated with the site the user requested Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company

26 Web bugs Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred Also called web beacons, clear gifs, tracker gifs,etc. Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page Also embedded in HTML formatted messages, MS Word documents, etc. For software to detect web bugs see:

27 How data can be linked Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie Number of times you visit a link, time, date What page you visit What page you visited last Information you type into a web form If multiple cookies are replayed together, they are usually logged together, effectively linking their data Narrow scoped cookie might get logged with broad scoped cookie

28 Ad networks search for medical information buy CD
set cookie replay cookie Ad Ad Ad company can get your name and address from CD order and link them to your search Search Service CD Store

29 What ad networks may know…
Personal data: address Full name Mailing address (street, city, state, and Zip code) Phone number Transactional data: Details of plane trips Search phrases used at search engines Health conditions “It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith

30 Online and offline merging
In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90% of US households. In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases By the first week in March 2000 the plans were put on hold Stock dropped from $125 (12/99) to $80 (03/00)

31 Offline data goes online…
The Cranor family’s 25 most frequent grocery purchases (sorted by nutritional value)! The Stop and Shop grocery store began posting purchase information for customers who had frequent shopper cards. Anyone who was aware of a frequent shopper number (printed on receipts) could access a customer’s information if that customer had not yet set a password. This “service” has been discontinued.

32 Steps sites take to protect privacy
Opt-out cookie DoubleClick Purging identifiable data from server logs Amazon.com honor system

33 Behavioral targeting In 2007/2008, more concerns raised about “behavioral” targeting as a new round of companies started deploying systems to target ads based on previous online behavior What is the distinction between behavioral and contextual advertising? How do you implement effective notice and choice? Where should notice be provided? Opt-in? Opt-out? When? Where? Do we need a “do not track” list? Is it acceptable for ISPs to do this (deep packet inspection)? Is it acceptable for search engines to do this?

Download ppt "Privacy Policy, Law and Technology Online Privacy"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Basic Communication on the Internet:

Basic Communication on the Internet:
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.

Accessing and Using the e-Book Collection from EBSCOhost ® When an arrow appears, click to proceed to the next slide at your own pace. To go back, click.
6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.

6 C H A P T E R © 2001 The McGraw-Hill Companies, Inc. All Rights Reserved1 Electronic Mail Electronic mail has revolutionized the way people communicate.
Netiquette Rules.

Netiquette Rules.
Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.

Computers and Society Carnegie Mellon University Spring 2006 Cranor/Tongia/Farber 1 Privacy Week 7 - February.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
XP Browser and E-mail Basics1. XP Browser and E-mail Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.

XP Browser and Basics1. XP Browser and Basics2 Learn about Web browser software and Web pages The Web is a collection of files that reside.
ECON 425/563 // CPSC 455/555 NOVEMBER 6, 2008 Online Privacy.

ECON 425/563 // CPSC 455/555 NOVEMBER 6, 2008 Online Privacy.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?

Lorrie Faith Cranor AT&T Labs-Research Online Privacy Promise or Peril?
Interactive Brand Communication Class 9 Targeting the Internet Consumer Kuen-Hee Ju-Pak CSUF.

Interactive Brand Communication Class 9 Targeting the Internet Consumer Kuen-Hee Ju-Pak CSUF.
Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.

Privacy Policy, Law and Technology Carnegie Mellon University Spring 2004 Lorrie Cranor 1 Online privacy concerns.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.

“If you build it, they will come.”. Virtual Business  There is much more that goes into a virtual business than just building the web site.  You will.
Behavior Tracking Dhaval Patel.

Behavior Tracking Dhaval Patel.
Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.

Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.
Copyright ©: 1995-2011 SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Social networks and communities Suitable for: Improver.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Similar presentations

Ads by Google