Lorrie Faith CranorAT&T Labs-Researchhttp://lorrie.cranor.org/Online PrivacyOnline PrivacyPromise or Peril?Promise or Peril?2Online privacy in the comics!Online privacy in the comics!CathyFebruary 25, 20003Why is Cathy concerned?Why is Cathy concerned?CathyMarch 1, 20004How did Irving find this out? How did Irving find this out? He snooped her email He looked at the files on her computer He observed the “chatter” sent by her browser He set cookies through banner ads and “web bugs” that allowed him to track her activities across web sites5What do browsers chatter about?What do browsers chatter about? Browsers chatter aboutIP address, domain name, organization, Referring pagePlatform: O/S, browser What information is requested URLs and search termsCookies To anyone who might be listeningEnd serversSystem administratorsInternet Service ProvidersOther third parties Advertising networksAnyone who might subpoena log files later6A typical HTTP requestA typical HTTP requestGET /retail/searchresults.asp?qu=beer HTTP/1.0Referer: http://www.us.buy.com/default.aspUser-Agent: Mozilla/4.75 [en] (X11; U; NetBSD1.5_ALPHA i386)Host: www.us.buy.comAccept: image/gif, image/jpeg, image/pjpeg, */*Accept-Language: enCookie: buycountry=us; dcLocName=Basket;dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773;ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=07What about cookies?What about cookies? Cookies can be useful used like a staple to attach multiple parts of a form together used to identify you when you return to a web site so you don’t have to remember a password used to help web sites understand how people use them Cookies can do unexpected things used to profile users and track their activities, especially across web sites8How do cookies work?How do cookies work? A cookie stores a small string of characters A web site asks your browser to “set” a cookie Whenever you return to that site your browser sends the cookie back automatically Cookies are only sent back to the site that set thembrowsersitePlease store cookie xyzzyFirst visit to sitebrowsersiteHere is cookie xyzzy Later visits9YOUSearchengineAdSearch formedicalinformationBookStoreAdBuy bookAd companycan get yourname and address frombook order andlink them to your searchReadcookieSetcookie10Web bugsWeb bugs Invisible “images” embedded in web pages that cause cookies to be transferred Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page Also embedded in HTML formatted email messagesFor more info on web bugs see:http://www.privacyfoundation.org/education/webbug.html11Referer Referer log problemslog problemsGET methods result in values in URLThese URLs are sent in the referer header to next hostExample: http://www.merchant.com/cgi_bin/order?name=Tom+Jones&address=here+there&credit+card=234876923234&PIN=1234& -> index.html12What DoubleClick knows…What DoubleClick knows…… about Richard M. Smith Personal data: My Email address My full name My mailing address (street, city, state, and Zip code) My phone number Transactional data: Names of VHS movies I am interesting in buying Details of a plane trip Search phrases used at search engines Health conditions13No clicks requiredNo clicks required“It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith14Offline data goes online…Offline data goes online…My 25 most frequent grocery purchasesMy 25 most frequent grocery purchases15My purchase patterns have changed recentlyMy purchase patterns have changed recently16Public concernPublic concern April 1997 Louis Harris Poll of Internet users5% say they have been the victim of an invasion of privacy while on the Internet53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge17Beyond concernBeyond concern April 1999 Study: Beyond Concern:Understanding Net Users' Attitudes About Online Privacy by Cranor, Ackerman and Reagle (US panel results reported)http://www.research.att.com/projects/privacystudy/Internet users more likely to provide info when they are not identifiedSome types of data more sensitive than othersMany factors important in decisions about information disclosureAcceptance of persistent identifiers varies according to purposeInternet users dislike automatic data transfer18March 2000 March 2000 BusinessWeekBusinessWeekpollpoll Telephone survey of 1,014 US adults by Harris Interactivehttp://businessweek.com/2000/00_12/b3673006.htm63% not comfortable with anonymous online profiling89% not comfortable with identified online profiling95% not comfortable with identified online profiling that includes sensitive information91% not comfortable with web sites sharing their info to track them across multiple sites19No one wants to be knownNo one wants to be knownCathyFebruary 22, 200020IBMIBM--Harris multiHarris multi--national surveynational survey Telephone interviews with 1000+ adults in each of three countries: US, UK, Germanyhttp://www.ibm.com/services/e-business/priwkshop.htmlAmericans profess the greatest degree of confidence in the way companies handle their personal information, but Americans also are the most likely among the three groups of citizens to take steps to protect their privacy. Americans appear to be motivated to take privacy protection measures, not so much from a set of specific concerns, but by a general sense that their personal information may be misused.21International issuesInternational issues European Union Data Directive prohibits secondary uses of data without informed consentCreating personally-identifiable online profiles will have to be opt-in in most casesUpfront notice must be given when data is collected – no web bugsNo transfer of data to non-EU countries unless there is adequate privacy protection22Children’s issuesChildren’s issuesChildren’s Online Privacy Protection Act (COPPA) requires parental consent before collecting personally-identifiable data from children online23SubpoenasSubpoenas Data on online activities is increasingly of interest in civil and criminal cases The only
View Full Document