CS44 – Nick Ragouzis – 2007 Privacy – a study in assiduity –

CS44 – Nick Ragouzis – 2007

Privacy– a study in assiduity –


Assiduous adj. 1: marked by careful unremitting attention …

… or persistent application

Assiduity n. 1: the quality or state of being assiduous : DILIGENCE2: persistent personal attention


Asymmetry in Value and Options


What does this suggest to you?


Privacy for Chocolate?


Source: IdentityEconomics.com


Source: zillow.com

Expectation of privacy?


Key to Vigilance:

“Why?”


Passwords

• If you’ve got to go … online:

• The best privacy protection you’ve got

• Until you get something better


Password Savvy• Card pins are different: Remember and destroy*

• Don’t worry: write it down, keep it with you• Long password: 12 glyphs• Something you will remember: not tough for you• Follow rule or its variations, e.g.:

• First and last third: Caps• Middle third: Numbers and punctuation

• Avoid complete dictionary words; personal details• Vary passwords across systems, please

• Don’t be complacent: Naked userid and password are just not smart privacy and security policy


Challenge Questions Working For You


Distributed Identity Systems are Savvy


Wireless Networks

Do you really need to hook up right now?


Hygienic Wireless

• Replace your home WiFi with WPA2 units• Set it up properly!

• Follow hygienic wired practices:• Separate from your internal wired net• Move to wired for important data• Use savvy password practices• Secure *before* identifier exchange• Encrypted data exchange• Secure identifiers


Free Wireless & KiosksSecurity before Convenience

• Follow savvy practices

• Clear history

• Delete cookies: before and after

• Do not insert unencrypted media

• In any case: Avoid financial transactions• Keystroke loggers, etc.

• Consider: Anonymous secure proxy browsing


Privacy is not Free

• Exercising choice

• Controlling made decisions

• Rewarding those who honor privacy

• Punish those who don’t


Choosing Privacy

• Read the policy, know what’s right, or not

• Specific, articulated purpose

• Specific data

• Specific, limited, availability of data

• Understand their ‘data sharing’ partnerships

• No pass-through of web-bugs/beacons

• Aggregate data only

• Limited time; EU: 12 months


Recognize TroubleWe may collect information that can identify you when using our website or in some other manner (think partnership with free wireless, e.g.,) or from our business partners (any one who pays us, e.g.,) or from third parties (or just from anywhere else). We may combine the personal information that we receive from different sources.

Your choices: suck it up, or go away.Editorialized slightly from: evite.com/pages/custservice/privacy.jsp, October, 2007


Use only Session Cookies


evite.com/webbug.img?u=wetrackyou

Install and learn to use AdBlock

• Single-pixel transparent non-linking gifs

• Personalized beacons attached to banners


evite.com/webbug.img?u=wetrackyou

Install and learn to use AdBlock


Know your Counterparty

This requires special attention!


Can you see the problem?


Attend to Details


Avoiding the Hook

• Sender: … a m e r c a …• Look closely at the sender

• If necessary (for emails purporting to be from high-value services), look inside the email header

• Click-here links:• Always look closely at the URL

• Preferred: only use book-marked URLs to financial institutions or private data collections


Google Safe Browsing for Firefox


New IE Address Bar Indicators


Using Encrypted Services


Read the Source …



Discussion


Privacy Resources

• eff.org

• idcommons.net

• cdt.org

Date post:	12-Jan-2016
Category:	Documents
Upload:	regina-young
View:	217 times
Download:	0 times

CS44 – Nick Ragouzis – 2007 Privacy – a study in assiduity –

Documents