Online Privacy Promise or Peril Lorrie Faith Cranor AT T Labs Research http lorrie cranor org Online privacy in the comics Cathy February 25 2000 2 Why is Cathy concerned Cathy March 1 2000 3 How did Irving find this out He snooped her email He looked at the files on her computer He observed the chatter sent by her browser He set cookies through banner ads and web bugs that allowed him to track her activities across web sites 4 What do browsers chatter about Browsers chatter about IP address domain name organization Referring page Platform O S browser What information is requested URLs and search terms Cookies To anyone who might be listening End servers System administrators Internet Service Providers Other third parties Advertising networks Anyone who might subpoena log files later 5 A typical HTTP request GET retail searchresults asp qu beer HTTP 1 0 Referer http www us buy com default asp User Agent Mozilla 4 75 en X11 U NetBSD 1 5 ALPHA i386 Host www us buy com Accept image gif image jpeg image pjpeg Accept Language en Cookie buycountry us dcLocName Basket dcCatID 6773 dcLocID 6773 dcAd buybasket loc parentLocName Basket parentLoc 6773 ShopperManager 2F ShopperManager 2F 66FUQ ULL0QBT8MMTVSC5MMNKBJFWDVH7 Store 107 Category 0 6 What about cookies Cookies can be useful used like a staple to attach multiple parts of a form together used to identify you when you return to a web site so you don t have to remember a password used to help web sites understand how people use them Cookies can do unexpected things used to profile users and track their activities especially across web sites 7 How do cookies work A cookie stores a small string of characters A web site asks your browser to set a cookie Whenever you return to that site your browser sends the cookie back automatically Cookies are only sent back to the site that set them Please store cookie xyzzy site Here is cookie xyzzy browser First visit to site site browser Later visits 8 YOU Search for medical information Buy book Set cookie Read cookie Ad Search engine Ad Ad company can get your name and address from book order and link them to your search Book Store 9 Web bugs Invisible images embedded in web pages that cause cookies to be transferred Work just like banner ads from ad networks but you can t see them unless you look at the code behind a web page Also embedded in HTML formatted email messages For more info on web bugs see http www privacyfoundation org education webbug html 10 Referer log problems GET methods result in values in URL These URLs are sent in the referer header to next host Example http www merchant com cgi bin o rder name Tom Jones address her e there credit card 23487692323 4 PIN 1234 index html 11 What DoubleClick knows about Richard M Smith Personal data My My My My Email address full name mailing address street city state and Zip code phone number Transactional data Names of VHS movies I am interesting in buying Details of a plane trip Search phrases used at search engines Health conditions 12 No clicks required It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers Richard M Smith 13 Offline data goes online My 25 most frequent grocery purchases 14 My purchase patterns have changed recently 15 Public concern April 1997 Louis Harris Poll of Internet users 5 say they have been the victim of an invasion of privacy while on the Internet 53 say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge 16 Beyond concern April 1999 Study Beyond Concern Understanding Net Users Attitudes About Online Privacy by Cranor Ackerman and Reagle US panel results reported http www research att com projects privacystudy Internet users more likely to provide info when they are not identified Some types of data more sensitive than others Many factors important in decisions about information disclosure Acceptance of persistent identifiers varies according to purpose Internet users dislike automatic data transfer 17 March 2000 BusinessWeek poll Telephone survey of 1 014 US adults by Harris Interactive http businessweek com 2000 00 12 b3673006 htm 63 not comfortable with anonymous online profiling 89 not comfortable with identified online profiling 95 not comfortable with identified online profiling that includes sensitive information 91 not comfortable with web sites sharing their info to track them across multiple sites 18 No one wants to be known Cathy February 22 2000 19 IBM Harris multi national survey Telephone interviews with 1000 adults in each of three countries US UK Germany http www ibm com services e business priwkshop html Americans profess the greatest degree of confidence in the way companies handle their personal information but Americans also are the most likely among the three groups of citizens to take steps to protect their privacy Americans appear to be motivated to take privacy protection measures not so much from a set of specific concerns but by a general sense that their personal information may be misused 20 International issues European Union Data Directive prohibits secondary uses of data without informed consent Creating personally identifiable online profiles will have to be opt in in most cases Upfront notice must be given when data is collected no web bugs No transfer of data to non EU countries unless there is adequate privacy protection 21 Children s issues Children s Online Privacy Protection Act COPPA requires parental consent before collecting personallyidentifiable data from children online 22 Subpoenas Data on online activities is increasingly of interest in civil and criminal cases The only way to avoid subpoenas is to not have data Your files on your computer in your home have much greater legal protection that your files stored on a server on the network 23 Online privacy key concerns Data is often collected silently Web allows lots of data to be collected easily cheaply unobtrusively and automatically Individuals not given meaningful choice Data from many sources may be merged Even non identifiable data can become identifiable when merged Data collected for business purposes may be used in civil and criminal proceedings 24 Some solutions Privacy policies Voluntary guidelines and codes of conduct Seal programs Chief privacy officers Laws and regulations Software tools 25 Privacy policies Policies let consumers know about site s privacy practices