Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi,

Published byDale Dickerson Modified over 9 years ago

Similar presentations

Presentation on theme: "CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi,"— Presentation transcript:

1 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi, Ph.D., M.B.A.

2 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Privacy is Currently a Concern to –Private Citizens –Organizations –Governments Privacy Means Different Things –Personal Information –Intellectual Property –State Secrets Many, If Not Most, Citizens are poorly or misinformed About Privacy Issues

3 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Privacy is Certainly to Be a Growing Concern –As Internet-Based Communications & eCommerce Increase in Usage & Popularity Because of the Vast Amount of Data That Can be Collected Using the Internet Because of its Ubiquity –Private Citizens World-Wide Have Expressed Concerns Over Their Right to Privacy However, Many Do Not Understand the True Risks or How to Defend Against Them

4 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape A shopper –Browsing through various stores –In a physical shopping mall –Stopping to glance at a specific item In a specific store –Does not have to worry that his or her every move is recorded

5 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Current Web-site & eCommerce Technology –Makes it Technologically Feasible –For Data to be Recorded About Every Item –Clicked-on by a Visitor –Browsing Through An Electronic Shopping Mall or Visiting a Web Site

6 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Landscape Designers & operators of web sites who disregard the privacy of their users do so at their own peril Users of web services who are not concerned with privacy may soon find they have none Users who feel that their privacy has been violated may avoid certain sites and may even avoid the Web

7 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Relevance to Webmaster Consider: –You are the Webmaster of a commercial site which generated gross annual revenues of $2 million until customers concluded that the site provided insufficient privacy of their personal information –You are a web development consultant who has responsibility for a $200,000 contract to develop a site (any site) which has received numerous privacy violation complaints

8 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Legislator Weighs In “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.”

9 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Legislator Weighs In “Privacy is a basic American value, in the Information Age and in every age. It must be protected. We need an electronic bill of rights for this electronic age.” –Vice-President Albert Gore, July 1998

10 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Web Privacy in Brief Web Security is a complex topic, encompassing: –Log files –Cookies –Personally Identifiable Information –Anonymizers –Unanticipated Disclosure –Data Encryption –Key Escrow (Agencies) –Key Recovery (Agencies)

11 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Federal Trade Commission 1998 Report to Congress Articulated Core Principles of privacy protection for Adults widely accepted in the USA, Canada, and Europe: –Notice –Choice –Access –Integrity & Security –Enforcement

12 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles Notice –Users should be made aware of an entity’s information practices before any personal information is gathered Choice –Users should be given the opportunity to consent or deny any secondary uses of information Other than the processing of the immediate transaction Including mailing notices or data transfer to third parties

13 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles (con’t) Access –Users should be able to access their personal data and review it without significant delays and should also be able to easily correct inaccurate personal information in a timely manner Integrity & Security –The data regarding users’ personal information should be processed in a fashion so that the data is accurate and that data needs to be kept confidential as it is transmitted, processed, & stored by the entity

14 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Core Principles (con’t) Enforcement –Users should have recourse if any of the above core principles are violated

15 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC FTC Report

16 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Personal Information E-mail address Postal address Telephone number Social Security Number Date of Birth or Age Gender Education Interests Hobbies

17 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 Personal data on the Internet shall be: –Processed Fairly & Lawfully –Collected & Processed for Specified, Explicit, Legitimate Purposes –Accurate & Current –Kept No Longer Than Deemed Necessary to Fulfill the Stated Purpose

18 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 Users have the following rights: –Access to Personal Information –Correction, Erasure, & Blocking of Information –Objection to Usage –Able to Oppose Automated Individual Decisions –Access to Judicial Remedy & Compensation

19 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC EU Directive of Oct 1998 This Directive Affects Many US Companies –All of Which Transact Business in the EU –Gives EU Member Countries a Global Reach With an Attached Liability for Non-Compliance –Requires Non-EU Companies Compliance to Conduct eCommerce in Europe

20 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Log Files Every time a Web browser views a site’s page, a record is kept in that site’s server’s log files Log files are under the control of the person or organization that controls the Web server –Webmaster? Log files are subject to subpoena

21 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Log Files (con’t) Each time a page is requested or CGI script run from a web server, the server records the following information in its log files: –Hostname or IP address of requesting computer –Time of day of the request –Requested URL –Time to transfer requested file –User name if HTTP authentication is used –Any errors which occurred –Requesting web browser identifier and OS –Previous web page accessed, i.e., referring link

22 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Access Log File Contents dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:20 -0600] "GET /magnetometer/ HTTP/1.0" 200 228 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:21 -0600] "GET /magnetometer/cgi/lister.pl HTTP/1.0" 200 5970 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:22 -0600] "GET /magnetometer/gif/MacPerl.gif HTTP/1.0" 200 2002 dnvr-dsl-gw8-c212.dnvr.uswest.net - - [20/Jul/2000:00:59:22 -0600] "GET /magnetometer/gif/top.gif HTTP/1.0" 200 3178 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:14 -0600] "GET / HTTP/1.1" 200 2211 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:15 -0600] "GET /jpeg/banner.jpeg HTTP/1.1" 200 14268 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:45 -0600] "GET /magnetometer/cgi/lister.pl HTTP/1.1" 200 5989 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:46 -0600] "GET /magnetometer/gif/MacPerl.gif HTTP/1.1" 200 2002 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:46 -0600] "GET /magnetometer/gif/top.gif HTTP/1.1" 200 3178 freedu-7-118.libertysurf.se - - [20/Jul/2000:04:04:48 -0600] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.1" 200 2524 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:10 -0600] "GET / HTTP/1.0" 200 2211 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:10 -0600] "GET /jpeg/banner.jpeg HTTP/1.0" 200 14268 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:17 -0600] "GET /classes/index.html HTTP/1.0" 200 2017 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:17 -0600] "GET /magnetometer/gif/sm_perl_id_313_wt.gif HTTP/1.0" 200 2524 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:19 -0600] "GET /classes/DCE0791/index.html HTTP/1.0" 200 2810 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:22 -0600] "GET /classes/DCE0791/materials.html HTTP/1.0" 200 3903 otc18.otc.colostate.edu - - [20/Jul/2000:09:28:39 -0600] "GET /classes/DCE0791/materials/imaging_class.ppt HTTP/1.0" 206 1

23 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link When a URL is requested several pieces of information are supplied to the server with the request including the current URL, either –The currently viewed page –The word “bookmark” –Nothing, if the URL was typed into the “location” The HTTP specification declares that the sending of this information should be an option under the user’s control but no Web browser has implemented this control

24 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link Uses To gauge the efficacy of companies’ advertisements paid for on certain web sites –Click on an ad and the current URL is supplied to the ad’s server - cha-ching! To measure how customers move through a site By search engines to determine viewers’ predilections –Strong correlation exists between interests and viewed URLs

25 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Referring Link Problems Its presence represents a revelation of personal information –The URL that the user previously viewed Cryptographic protocols, e.g., SSL, are often used to embed personal information in URLs but the subsequent request may result in the passing of that information to another site and without encryption

26 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC (Infamous) Cookies Introduced by Netscape in Navigator v2.0 Original purpose was to enable a server to track a browser through multiple HTTP requests –Necessary for applications, e.g., shopping cart –Allows storage of a user’s preferences in cookie Intended to improve privacy –Removed the requirement for the server to request and store personal information in a central data bank

27 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Cookie Issues Rule of unintended consequences Initial implementation allowed any site to request all cookies from a browser thereby revealing (lots of) personal information Quick change to browser to permit delivery of cookies to a particular server (identified by domain) that were issued by that server

28 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC More Cookie Issues Web developers (webmasters?) soon realized that cookies could be “attached” to files other than HTML, e.g., GIF. Combining this capability with the delivery of banner images from advertising companies allowed those advertisers continued access to detailed tracking information Advertisers claim that such tracking permits interested-targeted delivery and reduction of repetitious display There is an opportunity for abuse

29 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Cookie File Structure DomainExpirePathSecureExpirationVendor Specific Fields hotwired.lycos.comFALSE/webmonkey/99/09FALSE970380000Lycos_WebographicsSampled www.macfixit.comFALSE/cgi-bin/ultimateFALSE968113043lastLogin2451426.2017 www.macfixit.comFALSE/cgi-bin/ultimateFALSE968113043LastLoginDT09-04-1999%2008%3A17%20PM www.admission.comFALSE/htmlFALSE972187149admissionEN%26US.netscape.comTRUE/FALSE1293840002UIDC199.45.180.157:0912144896:401606.adobe.comTRUE/FALSE1924905604AWID199.45.180.157:10771:912192070:677 www.direct-jobs.comFALSE/FALSE2137622378CFTOKEN11642676 www.direct-jobs.comFALSE/FALSE2137622379CFID122728 www.damark.comFALSE/FALSE2145830703ST_USER0913838850898991.imgis.comTRUE/FALSE1074483659JEB28F799D77DAA0A516CEA8F4B23004E025.zdnet.comTRUE/FALSE1041310803cgversion4.zdnet.comTRUE/FALSE1041310806browserCEA8F4B2383B0D81.yahoo.comTRUE/FALSE1271361603B8vl686iata7fn.ngadcenter.netTRUE/FALSE2145801606NGID2061691f-20905-917899077-5

30 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Controlling Cookie Use It is possible for users to control the actual use of cookies in a browser Open Navigator or Communicator Go to Edit->Preferences->Advanced

31 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Anonymizers A server designed to act as a certain type of proxy –Browser sends requested URL to anonymizer with anonymizer’s URL –Anonymizer processes request and makes request to requested URL using its own address information –Information from destination site is returned to anonymizer –Anonymizer passes information back to original browser

32 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Anonymizers (con’t) Vary in sophistication and capabilities Some can’t handle forms Many have problems with active content Hinder personalization Fairly simple to implement Reasons for use: –Personal Values - “…should be able to surf anonymously…” –Advertising on the anonymizer –Monitor use and users of anonymizer - fraudulent and/or oxymoronic

33 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground Simple but workable policy: –Do not require users to register in order to use site –Allow users to register using their email address if they wish to receive information –Do not share a user’s email address with any other entity without that user’s explicit permission or as lawfully required –Whenever an email message is sent to a user, explain how the address was obtained, and how it can be removed from the mailing list

34 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground (con’t) Do not make log files publicly accessible Delete log files when no longer needed If log files must be retained online for extended periods of time, remove personally identifiable information Encrypt log files if possible Do not distribute personal information about users Discipline or terminate employees who violate privacy policy

35 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Moral High Ground (con’t) State site’s Privacy Policy on home page Allow site to be audited by impartial external professionals if questions regarding policies arise

36 CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Quick Survey Change your browser’s preferences to require warning when a cookie is requested Take a look right now at some sites (fewer than one dozen) using a browser to determine whether they state the site’s privacy policy Make some notes for discussion When you are done restore the previous cookie preferences

Download ppt "CSU - DCE 0791 - Webmaster Privacy Class - Fort Collins, CO Copyright © XTR Systems, LLC Privacy Issues of the World Wide Web Instructor: Joseph DiVerdi,"

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
Working with the Internet

Working with the Internet
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.

Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
Back to Table of Contents

Back to Table of Contents
CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.

CC3.12 Lecture 12 Erdal KOSE Based of Prof. Ziegler Lectures.
6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?

6/10/2015Cookies1 What are Cookies? 6/10/2015Cookies2 How did they do that?
Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
INTERNET and CODE OF CONDUCT

INTERNET and CODE OF CONDUCT
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
Standards and Guidelines for Web Page Publishing December 9, 2009.

Standards and Guidelines for Web Page Publishing December 9, 2009.
“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.

“Internet” and “Operator” (COPPA Statute) InternetOperator Collectively the myriad of computer and telecommunications facilities, including equipment.
C4- Social, Legal, and Ethical Issues in the Digital Firm

C4- Social, Legal, and Ethical Issues in the Digital Firm
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.

Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
INTERNET PRIVACY Marketing companies www.doubleclick.net The cookie leak security hole in the HTML Email messages The Web Bug Can we trust the privacy.

INTERNET PRIVACY Marketing companies The cookie leak security hole in the HTML messages The Web Bug Can we trust the privacy.

Similar presentations

Ads by Google