User Tools

Site Tools


internet_privacy
Snippet from Wikipedia: Internet privacy

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing.

Privacy can entail either personally identifiable information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to identify a specific person typically. Other forms of PII may soon include GPS tracking data used by apps, as the daily commute and routine information can be enough to identify an individual.

Some experts such as Steve Rambam, a private investigator specializing in Internet privacy cases, believe that privacy no longer exists; saying, "Privacy is dead – get over it". In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose." On the other hand, in his essay "The Value of Privacy", security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."

The Internet is a global network of interconnected smaller computer networks. Although many people use term “Internet” and “World Wide Web” interchangeably, the two terms are not equivalent in meaning. The Internet and the Web are separate, but related, entities. The Internet is a massive network of networks, connecting millions of computers together globally, forming a network. On the Internet, a computer can communicate with any other computer, as long as both computers are connected to the Internet.

Data is transmitted between computers and networks in small packets using the Internet Protocol (IP); they are reassembled at their destination. The Internet originated in work that was funded by the Advanced Research Projects Administration (ARPA), a research funding arm of the Department of Defense.

Origin

The conceptual foundation for the internet's creation was significantly developed by three individuals and a research conference, each of which changed the way we thought about communication, business and the exchange of technology:

  • Vannevar Bush wrote the first description of the potential uses for information technology with his description of the “memex” automated library system.
  • Norbert Wiener invented the field of Cybernetics, encouraging future researchers to focus on the use of technology to extend human capabilities.
  • The 1956 Dartmouth Artificial Intelligence conference defined the concept that technology was improving at an exponential rate, and provided the first serious consideration of the consequences, the benefits and advantages or such a network.
  • Marshall McLuhan made the idea of a global village interconnected by an electronic nervous system part of our popular culture. <ref>http://www.livinginternet.com/i/ii.htm </ref>
  • Ethan K. Heinz (cousin of Teresa Heinz), in 1969, created a network named ARPANet. ARPANet was developed in the US as a means for various research universities and government facilities to “talk” or communicate with each other, even in an event such as war.<ref>://www.internetisseriousbusiness.com</ref> ARPANet grew quickly and eventually evolved into today's Internet. Today, the Internet is a public, cooperative, and self-sustaining facility that can be accessed by hundreds of millions of people worldwide; the Internet has grown into a worldwide computer network where anyone can have a chat with anyone else almost anywhere in the world, and is a vast source of free information.

Description

The Internet is sometimes also known as “cyberspace.” Most users are familiar with the World Wide Web of homepages, marked up with HTML; the Web is facilitated by one of numerous protocols that operate on the Internet. There are also email, file transfer, etc.

The common protocol used to access websites (including this one) is the Hyper-Text Transfer Protocol (HTTP). The creator of this is Sir Tim Berners-Lee, who recently in an online magazine article claimed that given the opportunity, he wouldn't use the HTTP format for websites. Berners-Lee is currently the director of the W3C (World Wide Web Consortium).

Ted Stevens famously referred to the internet as “a series of tubes” during a panel on network neutrality. While the statement was technically inaccurate, it is a reasonable depiction of the internet as an interconnected system to a lay person.

The internet is formed from two basic elements, routers and connections. A router is basically a small computer that acts like a switching station, similar to the pumping stations of public water utilities. The connections are the pipes themselves, acting as a means to move packets from one router to another, and eventually from server to client.

TCP/IP

TCP/IP is the basic communication language or protocol of the Internet. Two recent adaptations of Internet technology, the intranet and the extranet, also use TCP/IP.

Ownership of the Internet

It is true that the Internet is more a concept than an actual tangible entity. Despite this fact, the Internet still relies on a physical infrastructure that connects networks to other networks. Access to the Internet is controlled by telephone companies, because telephone companies own many of the infrastructure backbones and most of the connectivity hardware; however, no one actually owns the Internet, and no single person or organization controls the Internet in its entirety. There are many organizations, corporations, governments, schools, private citizens, and service providers that all own pieces of the infrastructure.

Controversy

Although the Internet has been shown to contain valuable information, it also contains pornographic or otherwise vulgar material. Therefore, some conservatives would like to see tighter controls on the Internet which would limit what can be hosted and what can be downloaded.

In 1999, Democratic presidential candidate Al Gore misspoke when intending to take partial credit for the development of the internet when he referenced his High Performance Computing and Communication Act of 1991, commonly known as the “Gore Bill”:<ref>http://www.cnn.com/ALLPOLITICS/stories/1999/03/09/president.2000/transcript.gore/</ref>

:CNN's WOLF BLITZER: I want to get to some of the substance of domestic and international issues in a minute, but let's just wrap up a little bit of the politics right now.

:Why should Democrats, looking at the Democratic nomination process, support you instead of Bill Bradley, a friend of yours, a former colleague in the Senate? What do you have to bring to this that he doesn't necessarily bring to this process?

:AL GORE: Well, I will be offering – I'll be offering my vision when my campaign begins. And it will be comprehensive and sweeping. And I hope that it will be compelling enough to draw people toward it. I feel that it will be.

:But it will emerge from my dialogue with the American people. I've traveled to every part of this country during the last six years. During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country's economic growth and environmental protection, improvements in our educational system.

In response to Al Gore's comments, Robert Kahn and Vinton Cerf, the two men responsible for the creation of the TCP/IP protocol which the internet uses for most of its communication and two men often credited as the creators of the internet along with Sir Tim Berners-Lee, said the following: <blockquote> <p>Al Gore was the first political leader to recognize the importance of the Internet and to promote and support its development.</p>

<p>No one person or even small group of persons exclusively “invented” the Internet. It is the result of many years of ongoing collaboration among people in government and the university community. But as the two people who designed the basic architecture and the core protocols that make the Internet work, we would like to acknowledge VP Gore’s contributions as a Congressman, Senator and as Vice President. No other elected official, to our knowledge, has made a greater contribution over a longer period of time.</p>

<p>Last year the Vice President made a straightforward statement on his role. He said: “During my service in the United States Congress I took the initiative in creating the Internet.” We don't think, as some people have argued, that Gore intended to claim he “invented” the Internet. Moreover, there is no question in our minds that while serving as Senator, Gore's initiatives had a significant and beneficial effect on the still-evolving Internet. The fact of the matter is that Gore was talking about and promoting the Internet long before most people were listening.<ref>http://www.interesting-people.org/archives/interesting-people/200009/msg00052.html</ref></p> </blockquote>

Their letter continued to go on to enumerate Al Gore's involvement in the early periods of the internet.

Keeping Pornography out of the Reach of Children

Studies have shown that 90% of children have been exposed to pornography, with the average age of exposure being 11 years old<ref>http://www.healthymind.com/s-porn-stats.html</ref>. Many countries have attempted to take steps to keep underage children from viewing pornographic material. Australia has taken the important step of requiring internet service providers to use web filters to keep inappropriate material from being displayed in houses and schools<ref>http://www.abc.net.au/news/stories/2007/12/31/2129471.htm</ref>. Australia had also considered mandatory internet filtering, however this bold move was recently struck down by their current government<ref>http://www.telegraph.co.uk/news/worldnews/australiaandthepacific/australia/9665983/Australia-scraps-plan-to-filter-internet.html</ref>. This effort is being blocked by civil liberties groups (such as the American Civil Liberties Union) who believe that pornagrophy should be considered free speech, and therefore not under the jurisdiction of the government.

Currently many private companies offer software-based web filtering for home use. Public schools in many US states are required to employ web filters. Most private schools, libraries, and employers also choose to use web filters.

Prescient Quotes on Police State Internet Surveillance

See Also

Contrast with:

References

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third-parties, and displaying of information pertaining to oneself via the Internet. Internet privacy is a subset of computer privacy. Privacy concerns have been articulated from the beginnings of large scale computer sharing.<ref>

</ref>

Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.

Some experts such as Steve Rambam, a private investigator specializing in Internet privacy cases, believe that privacy no longer exists; saying, “Privacy is dead – get over it”.<ref>

</ref> In fact, it has been suggested that the “appeal of online services is to broadcast personal information on purpose.”<ref name=“Pogue”>

</ref> On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, “Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance.”<ref>

</ref><ref>

</ref>

Levels of privacy

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit to and look at online. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, companies are now sending Internet users spam and advertising on similar products.

There are also many government groups that protect our privacy and be safe on the Internet. The Federal Trade Commission (FTC) stresses that protecting individual’s social security number while dealing with things on the Internet is very important. Pay attention to the trash and e-mails that are received from the Internet. Hackers can easily access these important e-mails. Make difficult passwords so not just anyone can easily access information. Verify the sources to make sure they are safe and okay to give personal information. The Internet Crime Complaint Center (IC3) works in a partnership with the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to help and receive criminal complaints related to the Internet. The US Department of State has a mission to reduce the crime on the Internet internationally. An example of this would be scams that happen from different countries on the Internet.<ref>Vincent, Nicole. (2011,October 18). Preventing Identity Theft and Cyber Crimes.http://onguardonline.gov/blog/preventing-identity-theft-and-other-cyber-crimes.</ref>

Posting things on the Internet can be harmful to individuals. The information posted on the Internet is permanent. This includes comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can find it and read it. This action can come back and hurt people in the long run when applying for jobs or having someone find person information.<ref>No Author. Washington State Office of the Attorney General. (2008). Families and Educators: Information is Permanent. http://www.atg.wa.gov/InternetSafety/FamiliesAndEducators.aspx.</ref>

Risks to Internet privacy

In the modern technological world, the privacy of millions of people is threatened. Companies are hired to watch what internet sites people visit, and then use the information, for instance by sending advertising based on one's browsing history. There are many ways in which people can divulge their personal information, for instance by use of “social media” and by sending bank and credit card information to various websites. Moreover, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer potentially more intrusive details about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.<ref name=NAS-V110-I15>

</ref>

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use.<ref>

</ref> These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults).

Several social networking sites try to protect the personal information of their subscribers. On Facebook, for example, privacy settings are available to all registered users: they can block certain individuals from seeing their profile, they can choose their “friends”, and they can limit who has access to one's pictures and videos. Privacy settings are also available on other social networking sites such as Google Plus and Twitter. The user can apply such settings when providing personal information on the internet.

In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued.<ref>

</ref>

Children and adolescents often use the Internet (including social media) in ways which risk their privacy: a cause for growing concern among parents. Young people also may not realise that all their information and browsing can and may be tracked while visiting a particular site, and that it is up to them to protect their own privacy. They must be informed about all these risks. For example, on Twitter, threats include shortened links that lead one to potentially harmful places. In their e-mail inbox, threats include email scams and attachments that get them to install malware and disclose personal information. On Torrent sites, threats include malware hiding in video, music, and software downloads. Even when using a smartphone, threats include geolocation, meaning that one's phone can detect where they are and post it online for all to see. Users can protect themselves by updating virus protection, using security settings, downloading patches, installing a firewall, screening e-mail, shutting down spyware, controlling cookies, using encryption, fending off browser hijackers, and blocking pop-ups.<ref>Mediati, N. (2010). The Most Dangerous Places on the Web. PC World, 28(11), 72–80.</ref><ref>Youn, S. (2009). Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents. Journal Of Consumer Affairs, 43(3), 389–418.</ref>

However most people have little idea how to go about doing many of these things. How can the average user with no training be expected to know how to run their own network security (especially as things are getting more complicated all the time)? Many businesses hire professionals to take care of these issues, but most individuals can only do their best to learn about all this.<ref>Larose, R., & Rifon, N. J. (2007). Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior. Journal Of Consumer Affairs, 41(1), 127–149.</ref>

In 1998, the Federal Trade Commission in the USA considered the lack of privacy for children on the Internet, and created the Children Online Privacy Protection Act (COPPA). COPPA limits the options which gather information from children and created warning labels if potential harmful information or content was presented. In 2000, Children's Internet Protection Act (CIPA) was developed to implement safe Internet policies such as rules

, and filter software. These laws, awareness campaigns, parental and adult supervision strategies and Internet filters can all help to make the Internet safer for children around the world.<ref>

</ref>

HTTP cookies

A HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies—for example, those used by Google Analytics—are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.<ref>Krishnamurthy B, Wills CE. (2009). On the Leakage of Personally Identifiable Information Via Online Social Networks.</ref>

In the past, web sites have not generally made the user explicitly aware of the storing of cookies, however tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US law makers to take action in 2011.<ref name=“eulaw”>

</ref><ref>

</ref> Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but recently, users have become conscious of possible detrimental effects of Internet cookies: a recent study done has shown that 58% of users have at least once, deleted cookies from their computer, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.<!– United Virtualities has built a substitute: PIE (persistent identification element). PIEs unlike cookies, cannot be easily deleted or detected and can reinstate any deleted cookie. PIEs also hold a sufficient amount more data than a cookie can. If a website is connected to a PIE, then one's browser will be marked with a Flash object. This is very alike to the process of a cookie.

–>

The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

  • the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
  • use of cross-site scripting or other techniques to steal information from a user's cookies.

Cookies do have benefits that many people may not know. One benefit is that for websites that one frequently visits that requires a password, cookies make it so they do not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's user name and password that a cookie saves. While a lot of sites are free, they have to make a profit some how so they sell their space to advertisers. These ads, which are personalized to one's likes, can often freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies.<ref>

</ref> These cookies are not made by the website itself, but by web banner advertising companies. These third-party cookies are so dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they give out this information to other companies.

Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person’s preferences. These windows are an irritation because they are often hard to close out of because the close button is strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while trying to exit out of it, can take one to another unwanted website.

Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched, would frighten most users.<ref>http://0-vnweb.hwwilsonweb.com.sculib.scu.edu/hww/results/getResults.jhtml?_DARGS=/hww/results/results_common.jhtml.35</ref>

Some users choose to disable cookies in their web browsers.<ref>Trust and Privacy Online: Why Americans Want to Rewrite the Rules. Pew Internet & American Life Project. Released Aug. 20, 2000</ref> Such an action eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location.

The process of profiling (also known as “tracking”) assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. <!– TODO: Elaborate. Inability of individuals to review or correct false info about themselves. Reselling of the data. Concerns about undesirable uses to which this info is applied (eg, spamming and junk mail). –>

Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals. <!– Fix above para –>

Flash cookies

When some users choose to disable http cookies to reduce privacy risks as noted, new types of cookies were invented: since cookies are advertisers' main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites.<ref>

</ref> Another 2011 study of social media found that, “Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies.”<ref name=“Heyman, R. 2011”>Heyman, R., & Pierson, J. (2011). Social media and cookies: challenges for online privacy. The Journal of Policy, Regulation and Strategy for Telecommunications, Information and Media, 13, 30–42.</ref> However, modern browsers and anti-malware software can now block or detect and remove such cookies.<!– Firms such as United Virtualities implemented “Zombie cookies” after they learned that 30% of internet users were deleting HTTP cookies. The zombie cookie, also known as a Persistent Identification Element (PIE) is tagged to the user’s browser, providing each with a unique ID, similar to traditional cookie coding. The PIE is made up of two cookies. Essentially, the first is an http cookie and the second is the flash cookie. This suggests that the zombie cookie or PIE cannot be easily deleted, since users typically remove html cookies. <ref name=“Heyman, R. 2011”/> This study shows how the two different types of cookies commonly exist in popular visited websites. For the users who choose to disable http cookies, flash cookies could very well still exist if the two cookies overlap for a specific visited website. –>

Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. <!– More information should be posted on flash cookies and how they impact users' privacy –> Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage.<ref>

</ref>

Although browsers such as Internet Explorer 8 and Firefox 3 have added a ‘Privacy Browsing’ setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled<ref>How to disable Flash in Firefox</ref> or uninstalled,<ref>Adobe Flash uninstaller</ref> and Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past security defects<ref>Adobe security advisories</ref> have allowed spyware or malware to be installed: there have also been problems with Oracle's Java.<ref>Oracle Java security advisory</ref> <!– User privacy controls have a hard time blocking flash cookies because they are so flexible. –>

Evercookies

Evercookies, created by Samy Kamkar,<ref>http://technolog.msnbc.msn.com/_news/2010/09/22/5157641-evercookie-is-one-cookie-you-dont-want-to-bite</ref> are JavaScript-based applications which produce cookies in a web browser that actively “resist” deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.<ref>schneier</ref> Evercookies are one type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Anti-fraud uses

Some anti-fraud companies have realized the potential of evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator's computer but hackers can usually easily get rid of these. The advantage to evercookies is that they resist deletion and can rebuild themselves.

Advertising uses

There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. Evercookies enable advertisers to continue to track a customer regardless of if one deletes their cookies or not. Some companies are already using this technology but the ethics are still being widely debated.

Criticism

Anonymizer nevercookies are part of a free Firefox plugin that protects against evercookies. This plugin extends Firefox's private browsing mode so that users will be completely protected from evercookies.<ref>Nevercookie Eats Evercookie With New Firefox Plugin. SecurityWeek.Com (2010-11-10). Retrieved on 2013-08-16.</ref> Nevercookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.

Device fingerprinting

Device fingerprinting is a fairly new technology that is useful in fraud prevention and safeguarding any information from one's computer. Device fingerprinting uses data from the device and browser sessions to determine the risk of conducting business with the person using the device.<ref name=“networkworld.com”>Device fingerprinting defends against online fraud. Networkworld.com (2009-04-20). Retrieved on 2013-08-16.</ref> This technology allows companies to better assess the risks when business is conducted through sites that include, e-commerce sites, social networking and online dating sites and banks and other financial institutions. ThreatMetrix is one of the lending vendors of device fingerprinting. This company employs a number of techniques to prevent fraud. For example, ThreatMetrix will pierce the proxy to determine the true location of a device.<ref name=“networkworld.com”/> Due to the growing number of hackers and fraudsters using 'botnets' of millions of computers that are being unknowingly controlled,<ref name=“networkworld.com”/> this technology will help not only the companies at risk but the people who are unaware their computers are being used.

It is difficult to surf the web without being tracked by device fingerprinting today. However, for people who do not want device fingerprinting, there are ways to attempt to block fingerprinting. The only ways to stop device fingerprinting cause web browsing to be very slow and websites to display information incorrectly. “There are not convenient options for privacy when it comes to device fingerprinting” said Peter Eckersely a staff scientist at the Electronic Frontier Foundation and privacy-advocacy group. Trying to avoid device fingerprinting is mostly just impractical and inconvenient. Fingerprints are tough to avoid because they are taken from data that are routinely passed from computers to websites automatically. Even if someone changes something slightly, the fingerprinters can still recognize the machine. There is one way to figure out that a device is being fingerprinted. The software JavaScript can be used to collect fingerprinting data. If it asks a browser for specific information, that could be a clue that a fingerprinter is working. Companies that are most known for conducting fingerprinting are advertisers.<ref>

</ref>

Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)

Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.) is device fingerprinting software technology that identifies the device (computer, tablet, smartphone, …) being used to access a website. This information in turn can be used to help differentiate legitimate users from those using false identities or those attempting to work anonymously. A.D.A.P.T. uses only HTTP and JavaScript to identify a device and identifies devices without requesting any personal information entered directly by the user. It makes an accurate “fingerprint” of the device by using many different pieces of information including, operating system, browser, and PC characteristics. A.D.A.P.T. is concealed in that the user of the device has no idea that the device is being “fingerprinted” and there is no actual tagging of the device.<ref name=ADAPT>Sentinel Advanced Detection Analysis & Predator Tracking (A.D.A.P.T.), Eschell Hamel (Sentinel Tech Holding Corp), a paper submitted to the Internet Safety Technical Task Force, Berkman Center for Internet and Society, Harvard University, July 30, 2008</ref>

Photographs on the Internet

]] Today many people have digital cameras and post their photographs online. The people depicted in these photos might not want to have them appear on the Internet.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures. Some people wore a 'no photos' tag to indicate they would prefer not to have their photo taken.

The Harvard Law Review published a short piece called “In The Face of Danger: Facial Recognition and Privacy Law”, much of it explaining how “privacy law, in its current form, is of no help to those unwillingly tagged.”<ref>In the Face of Danger: Facial Recognition and the Limits of Privacy Law. (2007). Retrieved from Harvard, Harvard Law Review: http://www.harvardlawreview.org/issues/120/may07/note_4397.php.</ref> Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other.<ref>Facebook's Privacy Policy. (2010). Retrieved from Facebook: http://www.facebook.com/policy.php.</ref> However, these, as well as other pictures, can allow other people to invade a person’s privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC News, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by some phones and tablets including iPhones automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.<ref>Heussner, M. K. (2010). Celebrities' Photos, Videos May Reveal Location. Retrieved from ABC: http://abcnews.go.com/technology/ celebrity-stalking-online-photos-give-location/ story?id=11162352&page=1.</ref>

Face recognition technology can be used to gain access to a person's private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social network sites to identify individuals in the offline world. Data captured even included a user's social security number.<ref>

</ref> Experts have warned of the privacy risks faced by the increased merging of our online and offline identities. The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a smartphone screen.<ref>

</ref> Since these technologies are widely available, our future identities may become exposed to anyone with a smartphone and an Internet connection. Researchers believe this could force us to reconsider our future attitudes to privacy.

Google Street View

Google Street View, released in the U.S. in 2007, is currently the subject of an ongoing debate about possible infringement on individual privacy.<ref name=“guardian1”>Rodrigues ://www.guardian.co.uk/technology/2009/nov/29/google-street-view, Rodrigues, J. (November 29, 2009). Google Street View’s headaches around the world. The Guardian. http://www.guardian.co.uk/technology/2009/nov/29/google-street-view</ref><ref name=“autogenerated2”>Shankland, S. (2008, May 13). Google begins blurring faces in Street View. CNet News. http://news.cnet.com/8301-10784_3-9943140-7.html|Shankland</ref> In an article entitled “Privacy, Reconsidered: New Representations, Data Practices, and the Geoweb”, Sarah Elwood and Agnieszka Leszczynski (2011) argue that Google Street View “facilitate[s] identification and disclosure with more immediacy and less abstraction.”<ref name=“autogenerated3”>Elwood, S., & Leszczynski, A. (2011). Privacy, reconsidered: New representations, data practices, and the geoweb. Geoforum, 42, 6–15.</ref> The medium through which Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a person’s whereabouts, activities, and private property. Moreover, the technology’s disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a person’s appearance or that of his or her personal belongings – there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and people’s faces in 2008,<ref name=“guardian1” /> the technology is faulty and does not entirely ensure against accidental disclosure of identity and private property.<ref name=“autogenerated2”/> Elwood and Leszczynski note that “many of the concerns leveled at Street View stem from situations where its photograph-like images were treated as definitive evidence of an individual’s involvement in particular activities.”<ref name=“autogenerated3”/> In one instance, Ruedi Noser, a Swiss politician, barely avoided public scandal when he was photographed in 2009 on Google Street View walking with a woman who was not his wife – the woman was actually his secretary.<ref name=“guardian1”/> Similar situations necessarily arise from the fact that Street View provides high-resolution photographs – and photographs hypothetically offer compelling objective evidence.<ref name=“autogenerated3”/> But as the case of the Swiss politician illustrates, even supposedly compelling photographic evidence is sometimes subject to gross misinterpretation. This example further suggests that Google Street View may provide opportunities for privacy infringement and harassment through public dissemination of the photographs. Google Street View does, however, blur or remove photographs of individuals and private property from image frames if the individuals request further blurring and/or removal of the images. This request can be submitted for review through the “report a problem” button that is located on the bottom left hand side of every image window on Google Street View, however Google has made attempts to report a problem difficult by disabling the “Why are you reporting the street view” icon.

Search engines

Search engines have the ability to track a user’s searches. Personal information can be revealed through searches by the user's computer, account, or IP address being linked to the search terms used. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud.<ref name=“privacyrights.org”>(December 2010) Online Privacy: Using the Internet Safely. Retrieved from http://www.privacyrights.org/fs/fs18-cyb.htm</ref> A search engine takes all of its users and assigns each one a specific ID number. Those in control of the database often keep records of where on the Internet each member has traveled to. AOL’s system is one example. AOL has a database 21 million members deep, each with their own specific ID number. The way that AOLSearch is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user isn’t known, a full profile of a member can be made just by using the information stored by AOLSearch. By keeping records of what people query through AOLSearch, the company is able to learn a great deal about them without knowing their names.<ref name=“AOL's disturbing glimpse into users' lives”>(August 2006) CNET news. Retrieved from http://news.cnet.com/2100-1030_3-6103098.html</ref>

Search engines also are able to retain user information, such as location and time spent using the search engine, for up to ninety days. Most search engine operators use the data to get a sense of which needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The Google search engine is given as an example of a search engine that retains the information entered for a period of three fourths of year before it becomes obsolete for public usage. Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine has promoted a tool of “AskEraser” which essentially takes away personal information when requested.<ref>

</ref> Some changes made to internet search engines included that of Google's search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remembers previous information that pertains to the individual. Google search engine not only seeks what is searched, but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising.<ref>

</ref> A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that include observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where one's location is currently by locating IP Addresses and geographical locations.<ref>

</ref>

Google had publicly stated on January 24, 2012, that its privacy policy will once again be altered. This new policy will change the following for its users: (1) the privacy policy will become shorter and easier to comprehend and (2) the information that users provide will be used in more ways than it is presently being used. The goal of Google is to make users’ experiences better than they currently are.<ref>Cain Miller, C. (2012, January 25). A New Policy On Privacy From Google. The New York Times, p. B3</ref>

This new privacy policy is planned to come into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Google’s new privacy policy will combine all data used on Google’s search engines (i.e., YouTube and Gmail) in order to work along the lines of a person’s interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results.<ref>Steinhauser, G. (2012, February 3). Google's Privacy Policy Changes Prompt EU Probe. The Huffington Post. Retrieved from http://www.huffingtonpost.com/2012/02/ 03/google-privacy-policy_n_1253467.html</ref>

Google’s privacy policy explains information they collect and why they collect it, how they use the information, and how to access and update information. Google will collect information to better service its users such as their language, which ads they find useful or people that are important to them online. Google announces they will use this information to provide, maintain, protect Google and its users. The information Google uses will give users more relevant search results and advertisements. The new privacy policy explains that Google can use shared information on one service in other Google services from people who have a Google account and are logged in. Google will treat a user as a single user across all of their products. Google claims the new privacy policy will benefit its users by being simpler. Google will for example be able to correct the spelling of a user’s friend’s name in a Google search or notify a user they are late based on their calendar and current location. Even though Google is updating their privacy policy, its core privacy guidelines will not change. For example, Google does not sell personal information or share it externally.<ref>

</ref>

Users and public officials have raised many concerns regarding Google’s new privacy policy. The main concern/issue involves the sharing of data from multiple sources. Because this policy gathers all information and data searched from multiple engines when logged into Google, and uses it to help assist users, privacy becomes an important element. Public officials and Google account users are worried about online safety because of all this information being gathered from multiple sources.<ref>Reuters. (2012, February 1). Google defends change to privacy policies. Chicago Tribune. Retrieved from http://www.chicagotribune.com/business/breaking/chi-google-defends-change-to-privacy-policies-20120201,0,3821438.story</ref>

Some users do not like the overlapping privacy policy, wishing to keep the service of Google separate. The update to Google’s privacy policy has alarmed both public and private sectors. The European Union has asked Google to delay the onset of the new privacy policy in order to ensure that it does not violate E.U. law. This move is in accordance with objections to decreasing online privacy raised in other foreign nations where surveillance is more heavily scrutinized.<ref>James Canter, "E.U. Presses Google to Delay Privacy Policy Changes" 'The New York Times,' February 3, 2012</ref> Canada and Germany have both held investigations into the legality of both Facebook, against respective privacy acts, in 2010. The new privacy policy only heightens unresolved concerns regarding user privacy.<ref>Jay Perry, "Facebook vs. Canada. It's about to get ugly." 'Techi,' May 22, 2010</ref><ref>Robert McMillan, "Google Relents, Will Hand Over European Wi-Fi Data" 'PCWorld,' June 3, 2010</ref>

An additional feature of concern to the new Google privacy policy is the nature of the policy. One must accept all features or delete existing Google accounts.<ref>"Google privacy policy is subject of backlash" 'The Washington Post.'</ref> The update will affect the Google+ social network, therefore making Google+’s settings uncustomizable, unlike other customizable social networking sites. Customizing the privacy settings of a social network is a key tactic that many feel is necessary for social networking sites. This update in the system has some Google+ users wary of continuing service.<ref name=“Facebook. PIC”>EPIC – In re Facebook. (n.d.). EPIC – Electronic Privacy Information Center. Retrieved January 25, 2011/</ref> Additionally, some fear the sharing of data amongst Google services could lead to revelations of identities. Many using pseudonyms are concerned about this possibility, and defend the role of pseudonyms in literature and history.<ref>Jillian York "A Case for Pseudonyms" EFF.org, July 29, 2011</ref>

<!– Consumer Privacy Advocates Seek Search Engine Solution The Troubling Future of Internet Search What Search Engines Know About You

-->
Some solutions to being able to protect user privacy on the Internet can include programs such as “Rapleaf” which is a website that has a search engine that allows users to make all of one's search information and personal information private. Other websites that also give this option to their users are Facebook and Amazon.<ref>

</ref> Other search engines such as DuckDuckGo don't store personal information. Scroogle anonymized Google searches from 2002–2012. A still operating alternative to Scroogle is the Dutch search engine Startpage.com which also anonymizes Google searches.

Privacy issues of social networking sites

The advent of the Web 2.0 has caused social profiling and is a growing concern for Internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in social networking media websites like Facebook, Instagram, and MySpace. These social networking sites have seen a boom in their popularity starting from the late 2000s. Through these websites many people are giving their personal information out on the internet.

These social networks keep track of all interactions used on their sites and save them for later use. Issues include cyberstalking, location disclosure, social profiling, 3rd party personal information disclosure, and government information collection without the need for a search warrant.

It has been a topic of discussion of who is held accountable for the collection and distribution of personal information. Some will say that it is the fault of the social networks because they are the ones who are storing the vast amounts of information and data, but others claim that it is the users who are responsible for the issue because it is the users themselves that provide the information in the first place. This relates to the ever-present issue of how society regards social media sites. There is a growing number of people that are discovering the risks of putting their personal information online and trusting a website to keep it private. Once information is online it is no longer completely private. It is an increasing risk because younger people are having easier internet access than ever before, therefore they put themselves in a position where it is all too easy for them to upload information, but they may not have the caution to consider how difficult it can be to take that information down once it is out in the open. This is becoming a bigger issue now that so much of society interacts online which was not the case fifteen years ago. In addition, because of the quickly evolving digital media arena, peoples interpretation of privacy is evolving as well, and it is important to consider that when interacting online. New forms of social networking and digital media such as Instagram and Snapchat may call for new guidelines regarding privacy. What makes this difficult is the wide range of opinions surrounding the topic, so it is left mainly up to our judgement to respect other peoples online privacy in some circumstances. Sometimes it may be necessary to take extra precautions in situations where somebody else may have a tighter view on privacy ethics. No matter the situation it is beneficial to know about the potential consequences and issues that can come from careless activity on social networks.

Internet service providers

Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet.

However, ISPs are usually prohibit their staffs from participating in such activities due to legal, ethical, business, or technical reasons.

Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.).

Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant.

An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)

An Anonymizer such as I2P – The Anonymous Network or Tor can be used for accessing web services without them knowing one's IP address and without one's ISP knowing what the services are that one accesses. Also, additional software has been developed that serves as secure and anonymous alternative for other applications, such as, for example, Bitmessage can be used as an alternative for email and Cryptocat as an alternative for online chat.

While signing up for internet services, each computer contains a unique IP, Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from one's ISP.<ref>

</ref>

General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud.<ref>

</ref> In 2007, the Council of Europe held its first annual Data Protection Day on January 28, which has since evolved into the annual Data Privacy Day.<ref name=dataprivacyday>

</ref>

T-Mobile USA doesn't store any information on web browsing. Verizon Wireless keeps what websites a subscriber visits for up to a year. Virgin Mobile keeps text messages for three months. Verizon keeps text messages for three to five days. None of the other carriers keep texts of messages at all, but they keep a record of who texted who for over a year. AT&T Mobility keeps for five to seven years a record of who text messages who and the date and time, but not the content of the messages. Virgin Mobile keeps that data for two to three months.<ref>

</ref>

HTML5

HTML5 is the latest version of Hypertext Markup Language specification. HTML defines how user agents, such as web browsers, are to present websites based upon their underlying code. This new web standard changes the way that users are affected by the internet and their privacy on the internet. HTML5 expands the number of methods given to a website to store information locally on a client as well as the amount of data that can be stored. As such, privacy risks are increased. For instance, merely erasing cookies may not be enough to remove potential tracking methods since data could be mirrored in web storage, another means of keeping information in a user's web browser.<ref name=“PrivacyWHATWG”>

</ref> There are so many sources of data storage that it is challenging for web browsers to present sensible privacy settings. As the power of web standards increases, so do potential misuses.<ref>Vega, T. (2010, October 10). New web code draws concern over privacy risks. The New York Times. Retrieved from http://www.nytimes.com/2010/10/11/business/media/11privacy.html?adxnnl=1&pagewanted=all</ref>

HTML5 also expands access to user media, potentially granting access to a computer's microphone or webcam, a capability previously only possible through the use of plug-ins like Flash.<ref name=“getUserMedia”>

</ref> It is also possible to find a user's geographical location using the geolocation API. With this expanded access comes increased potential for abuse as well as more vectors for attackers.<ref name=“SophosHTML5”>

</ref> If a malicious site was able to gain access to a user's media, it could potentially use recordings to uncover sensitive information thought to be unexposed. However, the World Wide Web Consortium, responsible for many web standards, feels that the increased capabilities of the web platform outweigh potential privacy concerns.<ref name=“W3CHTML5Privacy”>

</ref> They state that by documenting new capabilities in an open standardization process, rather than through closed source plug-ins made by companies, it is easier to spot flaws in specifications and cultivate expert advice.

Besides elevating privacy concerns, HTML5 also adds a few tools to enhance user privacy. A mechanism is defined whereby user agents can share blacklists of domains that should not be allowed to access web storage.<ref name=“PrivacyWHATWG” /> Content Security Policy is a proposed standard whereby sites may assign privileges to different domains, enforcing harsh limitations on JavaScript use to mitigate cross-site scripting attacks. HTML5 also adds HTML templating and a standard HTML parser which replaces the various parsers of web browser vendors. These new features formalize previously inconsistent implementations, reducing the number of vulnerabilities though not eliminating them entirely.<ref name=“HTML5 Security Realities”>

</ref><ref name=“W3C HTML Templates”>

</ref>

Big Data

Big Data is generally defined as the rapid accumulation and compiling of massive amounts of information that is being exchanged over digital communication systems. The data is large (often exceeding exabytes) and cannot be handled by conventional computer processors, and are instead stored on large server-system databases. This information is assessed by analytic scientists using software programs; which paraphrase this information into multi-layered user trends and demographics. This information is collected from all around the Internet, such as by popular services like Facebook, Google, Apple, Spotify or GPS systems. Big Data provides companies with the ability to:

  • Infer detailed psycho-demographic profiles of internet users, even if they were not directly expressed or indicated by users.<ref name=NAS-V110-I15/>
  • Inspect product availability and optimize prices for maximum profit while clearing inventory.
  • Swiftly reconfigure risk portfolios in minutes and understand future opportunities to mitigate risk.
  • Mine customer data for insight, and create advertising strategies for customer acquisition and retention.
  • Identify customers who matter the most.
  • Create retail coupons based on a proportional scale to how much the customer has spent, to ensure a higher redemption rate.
  • Send tailored recommendations to mobile devices at just the right time, while customers are in the right location to take advantage of offers.
  • Analyze data from social media to detect new market trends and changes in demand.
  • Use clickstream analysis and data mining to detect fraudulent behavior.
  • Determine root causes of failures, issues and defects by investigating user sessions, network logs and machine sensors.<ref name=SAS>

    </ref>

Other potential Internet privacy risks

  • Malware is a term short for “malicious software” and is used to describe software to cause damage to a single computer, server, or computer network whether that is through the use of a virus, trojan horse, spyware, etc.<ref name=“http://technet.microsoft.com/en-us/library/dd632948.aspx”>Received from http://technet.microsoft.com</ref>
  • Spyware is a piece of software that obtains information from a user's computer without that user's consent.<ref name=“http://technet.microsoft.com/en-us/library/dd632948.aspx” />
  • A web bug is an object embedded into a web page or email and is usually invisible to the user of the website or reader of the email. It allows checking to see if a person has looked at a particular website or read a specific email message.
  • Phishing is a criminally fraudulent process of trying to obtain sensitive information such as user names, passwords, credit card or bank information. Phishing is an internet crime in which someone masquerades as a trustworthy entity in some form of electronic communication.
  • Pharming is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address. Pharming can be conducted by changing the hosts file on a victim’s computer or by exploiting a vulnerability on the DNS server.
  • Social engineering where people are manipulated or tricked into performing actions or divulging confidential information.<ref>

    </ref>

  • Malicious proxy server (or other “anonymity” services).
  • Use of weak passwords that are short, consist of all numbers, all lowercase or all uppercase letters, or that can be easily guessed such as single words, common phrases, a person's name, a pet's name, the name of a place, an address, a phone number, a social security number, or a birth date.<ref>

    </ref>

  • Using the same login name and/or password for multiple accounts where one compromised account leads to other accounts being compromised.<ref name=DigitalToolstoCurbSnooping-NYT-17July2013>"Digital Tools to Curb Snooping", Somini Sengupta, New York Times, 17 July 2013</ref>
  • Allowing unused or little used accounts, where unauthorized use is likely to go unnoticed, to remain active.<ref>

    </ref>

  • Using out-of-date software that may contain vulnerabilities that have been fixed in newer more up-to-date versions.<ref name=DigitalToolstoCurbSnooping-NYT-17July2013/>

Public views

While internet privacy is widely acknowledged as the top consideration in any online interaction,<ref name=“onlinelibrary.wiley.com”>Miyazaki, A. D. and Fernandez, A. (2001), Consumer Perceptions of Privacy and Security Risks for Online Shopping. Journal of Consumer Affairs, 35: 38–39.http://onlinelibrary.wiley.com/store/10.1111/j.1745-6606.2001.tb00101.x/asset/j.1745-6606.2001.tb00101.x.pdf?v=1&t=h1pz2kin&s=ec33c6ed7a0fec7e4d5e18c726b3942364daf3bd</ref> as evinced by the public outcry over SOPA/CISPA, public understanding of online privacy policies is actually being negatively affected by the current trends regarding online privacy statements.<ref>Menn, J. (Feb. 19, 2012), Data Collection Arms Race Feeds Privacy Fears. Reuters.http://www.reuters.com/article/2012/02/19/us-data-collection-idUSTRE81I0AP20120219</ref> Users have a tendency to skim internet privacy policies for information regarding the distribution of personal information only, and the more legalistic the policies appear, the less likely users are to even read the information.<ref name=“Milne, G. R 2004”>Milne, G. R. and Culnan, M. J. (2004), Strategies for reducing online privacy risks: Why consumers read (or don't read) online privacy notices. J. Interactive Mark., 18: 24–25.http://onlinelibrary.wiley.com/store/10.1002/dir.20009/asset/20009_ftp.pdf?v=1&t=h1pz629d&s=a78473ef1ef6eca684ea4d34dfcb37039775d127</ref> Coupling this with the increasingly exhaustive license agreements companies require consumers to agree to before using their product, consumers are reading less about their rights.

Furthermore, if the user has already done business with a company, or is previously familiar with a product, they have a tendency to not read the privacy policies that the company has posted.<ref name=“Milne, G. R 2004”/> As internet companies become more established, their policies may change, but their clients will be less likely to inform themselves of the change.<ref name=“onlinelibrary.wiley.com”/> This tendency is interesting because as consumers become more acquainted with the internet they are also more likely to be interested in online privacy. Finally, consumers have been found to avoid reading the privacy policies if the policies are not in a simple format, and even perceive these policies to be irrelevant.<ref name=“Milne, G. R 2004”/> The less readily available terms and conditions are, the less likely the public is to inform themselves of their rights regarding the service they are using.

Concerns of Internet privacy and real life implications

While dealing with the issue of internet privacy, one must first be concerned with not only the technological implications such as damaged property, corrupted files, and the like, but also with the potential for implications on their real lives. One such implication, which is rather commonly viewed as being one of the most daunting fears risks of the Internet, is the potential for identity theft. Although it is a typical belief that larger companies and enterprises are the usual focus of identity thefts, rather than individuals, recent reports seem to show a trend opposing this belief. Specifically, it was found in a 2007 “Internet Security Threat Report” that roughly ninety-three percent of “gateway” attacks were targeted at unprepared home users. It should be noted that the term “gateway” attack was used to refer to attack which aimed not at stealing data immediately, but rather at gaining access for future attacks.<ref name=“Krapf, E. 2007”>Krapf, E. (2007). A Perspective On Internet Security. Business Communications Review, 37(6), 10–12.</ref>

But how, one might ask, is this still thriving given the increasing emphasis on internet security? The simple, but unfortunate solution, according to Symantec’s “Internet Security Threat Report”, is that of the expanding “underground economy”. With more than fifty percent of the supporting servers located in the United States, this “underground economy” has become a haven for internet thieves, who use the system in order to sell stolen information. These pieces of information can range from generic things such as a user account or email to something as personal as a bank account number and PIN (personal identification numbers).<ref name=“Krapf, E. 2007”/>

While the processes these internet thieves use are abundant and unique, one popular trap unsuspecting people fall into is that of online purchasing. This is not to allude to the idea that every purchase one makes online will leave them susceptible to identity theft, but rather that it increases the chances. In fact, in a 2001 article titled “Consumer Watch”, the popular online site PC World went as far as calling secure e-shopping a myth. Though unlike the “gateway” attacks mentioned above, these incidents of information being stolen through online purchases generally are more prevalent in medium to large sized e-commerce sites, rather than smaller individualized sites. This is assumed to be a result of the larger consumer population and purchases, which allow for more potential leeway with information.<ref name=“Kandra, Anne 2001, PC”>Kandra, Anne. (2001, July). The myth of secure e-shopping. PC World, 19(7), 29–32.</ref>

Ultimately, however, the potential for a violation of one's privacy is typically out of their hands after purchasing from an online “e-tailer” or store. One of the most common forms in which hackers receive private information from online “e-tailers” actually comes from an attack placed upon the site’s servers responsible for maintaining information about previous transactions. For as experts explain, these “e-trailers” are not doing nearly enough to maintain or improve their security measures. Even those sites that clearly present a privacy or security policy can be subject to hackers’ havoc as most policies only rely upon encryption technology which only apply to the actual transfer of a customer’s data. However, with this being said, most “e-tailers” have been making improvements, going as far as covering some of the credit card fees if the information’s abuse can be tracked back to the site’s servers.<ref name=“Kandra, Anne 2001, PC”/>

As one of the largest growing concerns American adults have of current internet privacy policies, identity and credit theft remain a constant figure in the debate surrounding privacy online. A 1997 study by the Boston Consulting Group showed that participants of the study were most concerned about their privacy on the Internet compared to any other media.<ref name=“Langford”>Langford, D. (Ed.). (2000). Internet Ethics. Houndmills: MacMillan Press Ltd.</ref> However, it is important to recall that these issues are not the only prevalent concerns our society has. Based on a Pew Research Center study conducted in 2001, it appears that child pornography, hackers acquiring access to business and government networks, and “prank” computer viruses also demand constant attention in regards to privacy concerns. Though some may call it a modern-day version of McCarthyism, another prevalent issue also remains members of our own society sending disconcerting emails to one another. It is for this reason in 2001 that for one of the first times ever the public demonstrated an approval of government intervention in their private lives.<ref name=“pewinternet.org”>Fox, Susannah & Lewis, Oliver. (2001, April 2). Fear of online crime: Americans support FBI interception of criminal suspects’ email and new laws to protect online privacy. Pew Internet & American Life Project. http://www.pewinternet.org.</ref>

With the overall public anxiety regarding the constantly expanding trend of online crimes, in 2001 roughly fifty-four percent of Americans polled showed a general approval for the FBI monitoring those emails deemed suspicious. Thus, it was born the idea for the FBI program: “Carnivore”, which was going to be used as a searching method, allowing the FBI to hopefully home in on potential criminals. Unlike the overall approval of the FBI’s intervention, “Carnivore” was not met with as much of a majority’s approval. Rather, the public seemed to be divided with forty-five percent siding in its favor, forty-five percent opposed to the idea for its ability to potentially interfere with ordinary citizen’s messages, and ten percent claiming indifference. While this may seem slightly tangent to the topic of internet privacy, it is important to consider that at the time of this poll, the general population’s approval on government actions was declining, reaching thirty-one percent versus the forty-one percent it held a decade prior. This figure in collaboration with the majority’s approval of FBI intervention demonstrates an emerging emphasis on the issue of internet privacy in society and more importantly the potential implications it may hold on citizens’ lives.<ref name=“pewinternet.org”/>

Laws and regulations

Global privacy policies

Google has long been attacked for their lack of privacy in the U.S. as well as abroad. In 2007, however, the tables began to turn. Peter Fleischer, a Google representative, addressed the U.N. in France regarding privacy issues and expressed that the current international privacy policies were not adequately protecting consumers. Instead of continuing to enforce broken and ineffective Internet privacy laws, the Google representative proposed that the United Nations establish a global privacy policy that would efficiently protect consumers privacy while causing the least possible amount of negative impact on web browsers such as Google. At that time, Google was under investigation by the European Union for violating the global privacy policies that were already in place. The greatest issue related to Internet privacy internationally is that of data collection. At this point in time, the U.S. and the European Union had separate sets of privacy policies, making it increasingly difficult for companies such as Google to exist globally without violating such policies. Google is just one example of a large company whose primary goal is to make money by serving their product, web browsing, to consumers. Consumers, however, are concerned with the quality of that product and their privacy. Online data collection by search engines allows Internet businesses to track consumer’s online roadmap, everything from the sites they visit to the purchases they make. This poses problems globally to those who are web users around the world, especially in a world where there is no overarching privacy policy. The general consensus of this issue regarding international privacy violations at the time of Fleischer’s U.N. address is that, since the Internet is global, the privacy policies should also be global and unified.

Data protection regulation

Currently, as of March 2012, the need for a set of unified privacy policies has been met by the European Union with proposed legislation. The Data Protection Regulation is a proposed set of consistent regulations across the European Union that will protect Internet users from clandestine tracking and unauthorized personal data usage. This regulation will further protect users' privacy rights in two key ways: clearly defining the term “personal data” and increasing punishments for those who violate users' online privacy. In Article 4(2) of the proposed legislation, the definition of personal data is expanded significantly to include any information online that could be traced to an individual. In Articles 77 and 79 of the proposed legislation, appropriate punishments are outlined for many possible violations of users' privacy rights by controllers and effective enforcement of data protection is guaranteed. The Data Protection Regulation will also hold companies accountable for violations of the regulation by implementing a unified legislation outlining specific repercussions for various types of violations based on severity. The CDT, the Center for Democracy & Technology, has carefully evaluated this proposed legislation in detail and officially issued an analysis on March 28, 2012. The Center for Democracy & Technology is a nonprofit organization that advocates for Internet freedom and online privacy through government public policy. Analyses such as this interpret the governmental propositions for Internet users and promote democracy by allowing all the opportunity to agree or disagree with the proposition prior to its ruling. This analysis is posted publicly on the Internet, in compliance with the mission of CDT, and addresses each section of the Data Protection Regulation and the potential pitfalls of each article. The two major issues the CDT addresses in this analysis of the Data Protection Regulation are the inflexible rules against profiling users based on their Internet usage and the parental consent policy in regards to controlling the online information of children. The European Union seems to be following the lead of the Obama administration’s recently implemented privacy bill and global Internet privacy policies are on the horizon.

Internet privacy in China

One of the most popular topics of discussion in regards to Internet privacy is China. The main concern with privacy of Internet users in China is the lack thereof. China has a well known policy of censorship when it comes to the spread of information through public media channels. Censorship has been prominent in Mainland China since the communist party gained power in China over 60 years ago. With the development of the Internet, however, privacy became more of a problem for the government. The Chinese Government has been accused of actively limiting and editing the information that flows into the country via various media. The Internet poses a particular set of issues for this type of censorship, especially when search engines are involved. Yahoo! for example, encountered a problem after entering China in the mid-2000s. A Chinese journalist, who was also a Yahoo! user, sent private emails using the Yahoo! server regarding the Chinese government. The Chinese staff of Yahoo! intercepted these emails and sent the journalist’s reportedly bad impression of the country to the Chinese government, which in turn sentenced the journalist to ten years in prison.

These types of occurrences have been reported numerous times and have been criticised by foreign entities such as the creators of the Tor anonymity network, which was designed to circumvent network surveillance in multiple countries. User privacy in China is not as cut-and-dry as it is in other parts of the world.

China, reportedly

, has a much more invasive policy when Internet activity involves the Chinese government. For this reason, search engines are under constant pressure to conform to Chinese rules and regulations on censorship while still attempting to keep their integrity. Therefore, most search engines operate differently in China than in the other countries, such as the US or Britain, if they operate in China at all. There are two types of intrusions that occur in China regarding the internet: the alleged intrusion of the company providing users with Internet service, and the alleged intrusion of the Chinese government.

The intrusion allegations made against companies providing users with Internet service are based upon reports that companies, such as Yahoo! in the previous example, are using their access to the internet users' private information to track and monitor users' Internet activity. The claims made against the Chinese government lies in the fact that the government is forcing Internet-based companies to track users private online data without the user knowing that they are being monitored. Both alleged intrusions are relatively harsh and possibly force foreign Internet service providers to decide if they value the Chinese market over internet privacy.

Used by government agencies are array of technologies designed to track and gather Internet users' information are the topic of much debate between privacy advocates, civil liberties advocate and those who believe such measures are necessary for law enforcement to keep pace with rapidly changing communications technology.

Specific examples:

  • Following a decision by the European Union’s council of ministers in Brussels, in January, 2009, the UK's Home Office adopted a plan to allow police to access the contents of individuals' computers without a warrant. The process, called “remote searching”, allows one party, at a remote location, to examine another's hard drive and Internet traffic, including email, browsing history and websites visited. Police across the EU are now permitted to request that the British police conduct a remote search on their behalf. The search can be granted, and the material gleaned turned over and used as evidence, on the basis of a senior officer believing it necessary to prevent a serious crime. Opposition MPs and civil liberties advocates are concerned about this move toward widening surveillance and its possible impact on personal privacy. Says Shami Chakrabarti, director of the human rights group Liberty, “The public will want this to be controlled by new legislation and judicial authorisation. Without those safeguards it’s a devastating blow to any notion of personal privacy.”<ref>

    </ref>

  • The FBI's Magic Lantern software program was the topic of much debate when it was publicized in November, 2001. Magic Lantern is a Trojan Horse program that logs users' keystrokes, rendering encryption useless to those infected.<ref>

    </ref>

See also

References

Further reading

External links

internet_privacy.txt · Last modified: 2020/03/12 18:35 (external edit)