Be Careful what You Be Careful what You Post: The Myth of Post: The Myth of Internet PrivacyInternet Privacy

Dr. Art JipsonDr. Art JipsonUniversity of Dayton

Criminal Justice Studies ProgramSociology, Anthropology, and Social Work

Internet Information ConcernsInternet Information Concerns

PrivacySecurity

Bandwidth Content

Public Access Commercialization

Internet Privacy Internet Privacy LawsLaws

“Enjoying the right to privacy means having control over your own personal data and the ability to grant or deny access to others.”

Balancing Act on Privacy Balancing Act on Privacy

Basic IssuesBasic Issues The Children's Online Privacy Protection Act

(COPPA) Gender and Electronic Privacy USA PATRIOT Act Terrorist Information Awareness Cookies Spam Software Spyware

“You have zero privacy [on the Internet] anyway.

Get over it.”

Scott McNealy, 1999CEO, SUN Microsystems

PublicInterest

InProtectingIndividual

Privacy

The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA) The Children's Online Privacy Protection Act

("COPPA") specifically protects the privacy of children under the age of 13 by requesting parental consent for the collection or use of any personal information of the users.

Main requirements of the Act

The Act was passed in response to a growing awareness of Internet marketing techniques that targeted children and collected their personal information from websites without any parental notification.

The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA)

In the 1990s, children began to access the Web more and more. Marketers would track information kids gave out in chat rooms or while playing games (such as addresses, full names, ages, etc.) and would retain this data in order to sell to third parties. It became very easy for anyone to simply send money to one of these companies and receive lists of children’s addresses and personal information.

The Children's Online Privacy Protection The Children's Online Privacy Protection Act (COPPA)Act (COPPA)

COPPA applies to any website directed specifically at children, any general site which has a children’s section, and any foreign websites aimed at U.S. children

On each website, there must be an easily accessible privacy policy

A web operator must obtain parental permission via credit card, digital signature, or a signed and faxed consent form.

The operator must also make available any information collected about the child to the guardians of the child.

Gender and Electronic PrivacyGender and Electronic Privacy Pretexting and

Cyberstalking:

*Pretexting is the practice of collecting information about a person using false pretenses.

■*Cyberstalking--Coincidence Design, Amy Boyer case

Video voyeurism and webcams

Case of Amy BoyerCase of Amy Boyer Twenty-year-old Amy Boyer lived at home with her parents in Nashua,

New Hampshire, was employed at a local dentist’s office, and had a boyfriend. In early October of 1999, she logged onto the Web with her mother to check out travel rates for a trip she was planning.

On October 15, Amy, ambushed outside the dentist’s office as she got in her car, was shot and killed. Her killer then committed suicide.

Then when police confiscated the killer’s computer, they found the connection—two Web sites devoted to Amy Boyer, created by Liam Youens, 21, who had been carrying a torch for her ever since junior high school. But he did not know Amy and Amy never knew Liam. He’d seen her in the hallway one day, became infatuated, and his “love” grew from there.

As he saw Amy with a new boyfriend, his love became anger, then hate, fueled by two Web sites he created, one on Tripod, the other on Geocities.

A cyberstalking victim? Yes. But like a dangerous intersection that doesn’t get a stop light until someone dies, Amy died before anyone took cyberstalking seriously.  

USA PATRIOT ActUSA PATRIOT Act “Uniting and Strengthening America by

Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001”

Authorizes the installation of devices to record all computer routing, addressing, and signaling information.

Governs government access to stored email and other electronic communications.

Creates a new exception, permitting government interception of the "communications of a computer trespasser" if the owner or operator of a "protected computer" authorizes the interception. The new exception has broad implications, given that a "protected computer" includes any "which is used in interstate or foreign commerce or communication" (which, with the Internet, includes effectively any computer).

Terrorist Information AwarenessTerrorist Information AwarenessUSA PATRIOT ACT TIA

Objective Surveillance of communications is an essential tool to pursue and stop terrorists.    This new law will allow surveillance of all communications used by terrorists, including e-mails, the Internet, and cell phones.

To revolutionize the ability of the United States to detect, classify and identify foreign terrorists – and decipher their plans – and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts.

Strategy Law enforcement agencies have to get a new warrant for each new district they investigate, even when they're after the same suspect.  Under this new law, warrants are valid across all districts and across all states.  And, finally, the new legislation greatly enhances the penalties that will fall on terrorists or anyone who helps them.

The project would scan the Internet and commercial databases for electronic evidence of terrorist preparations. Intelligence and law enforcement officials would check -- without warrants -- travel and credit card records, Internet mail and banking transactions, new driver's license records and more.

Criticism The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation.

This would create systematic surveillance of Americans on home soil. He is proposing to make government a peeper into lawful transactions among private citizens.

CookiesCookiesA cookie is a mechanism that allows a web site

to record your comings and goings, usually without your knowledge or consent.

Cookies do provide outside sources with personal information, but only information that you give while on the website. Yes, it does violate personal privacy to a degree, but cookies can be turned off or restricted to specific websites.

CookiesCookies

A server cannot set a cookie for a domain that it isn't a member of.

How does a cookie work?

Doubleclick

This usage of cookies is the most controversial, and has led to the polarized opinions on cookies, privacy, and the Internet.

Cookie ConcernsCookie Concerns Snooping Virus carrier Hacking User profiling

Fixing browser bugs eliminatedcookie concerns

EXCEPT for User ProfilingEXCEPT for User Profiling

> Briefly <

And now … Super Cookies

Have you been spammed?Have you been spammed?

SpamSpam Spam is unsolicited commercial e-mail.

Spammers get e-mail addresses in three ways: *by scavenging, the practice of automatically

collecting e-mail addresses listed or posted on web pages and electronic bulletin boards

* by guessing, where the spammer uses dictionary terms or randomly- generated strings to develop e-mail addresses

*and by purchasing e-mail addresses through list brokers.

Currently, there is no federal legislation regulating the transmission of spam.

"Remove me" options

Spambots are looking for you!Spambots are looking for you!

Spambots are programs that search and automatically extract e-mail addresses,

which are then used as targets for spam.

SpamSpam

Case study: One person, six years

SoftwareSoftware Excel WORD PowerPoint

Contained (GUID)Globally Unique Identifier

[Called a Microsoft System ID (MSID) by MSthat included the NIC ethernet address]

All searches (Yahoo…) routed through Microsoft

Internet Explorer V5.0 (search feature)

Windows Media Player (super cookie) Reports media use to MicrosoftContains unique ID serial number accessible by webhttp://www.computerbytesman.com/privacy/supercookiedemo.htm

SpywareSpywareMore than 800 infested programs including:

CuteFTPDigiCAMEzformsGIF AnimatorImage CarouselJPEG OptimizerNetscape Smart DownloadNotepad +PKZIPPrintshopReal AudioplayerTucows uploader

http://www.infoforce.qc.ca/spyware/

Every time you visit a site Every time you visit a site on the Interneton the Internet

you provide you provide information about yourself.information about yourself.

Web BrowsersWeb Browsers

VerificationsVerifications

Publication renewals have requested:■ Birth day■ Birth month■ Birth year■ Birth state■ Birth city■ Color of eyes■ Mother’s maiden name

Do you see the web bug?

Web BugsWeb Bugs

What is a Web Bug?What is a Web Bug? Graphic Usually transparent Usually 1-by-1 pixel size Represented as HTML IMG tag Retrieved from source other than message Found in web site or e-mail

Why a Web Bug?Why a Web Bug? Monitor web site access Collect reader browser info No cookie neededWhen is e-mail readE-mail forwarding record

■Other readers

■Find anonymous e-mail source

Check spam list for active e-mail addresses

Specialized Privacy ProbesSpecialized Privacy Probes

Wiretap■ Web Bug + JAVA code■ Retrieve e-mail comments■ Retrieve mailing list

Computer Triangulation■ Pinpoint physical location

• Country and City (90% accuracy)• ZIP code (possible)

Advertisement CompetitionAdvertisement Competition

A browser window "plug-in" comes bundled with software that hovers pop-ups over

competitors advertisement banners

Free, advertising supported application for filling in forms

HijackwareHijackware

Hidden application could turn every computer running Kazaa into a node of a private network called Altnet and controlled by

Brilliant Digital.

http://news.com.com/2102-1023-875274.html

SETI without the ethics!

Free file sharing software

What can Librarians Do?What can Librarians Do?

Educate yourself so you can inform the patrons of the library

SoftwareSoftware Install system/application security patches Upgrade Windows Media Player Change default (turn off Super Cookie)

UNCHECK

Anonymous web surfingAnonymous web surfing

Internet Explorer plug-in FREE – cannot visit secure sites Blocks IP address Blocks cookies http://www.anonymizer.com/

Encrypted e-mailEncrypted e-mail

PrettyGoodPrivacy

GPG(GNU Privacy Guard)is a PGP compatible alternative

replacement based on the OpenPGP standard

http://www.gnupg.org/

P3PP3PPlatform for Privacy PreferencesPlatform for Privacy Preferences

Industry Standard (16 April 2002) Specify web site privacy policy Compare with user/browser privacy preference

http://www.w3.org/P3P/

P3P ToolP3P Tool

Privacy Bird automatically searches for privacy policies at every website you visit

http://www.privacybird.com/

The bird icon alerts you about Web site privacy policies with a visual symbol and optional sounds.

Non-secure siteNon-secure site

Secure siteSecure site

Cookies are optionalCookies are optional

Netscape■ v3 Options/Network Preferences/Protocols■ v4 Edit/Preferences/Advanced

Internet Explorer■ v3 Internet Options/Advanced■ v4 View/Internet Options/Advanced■ v5 Tools/Internet Options/Security

Cookie Rejection Cookie Rejection

DefaultPreferred

Check the cookie jarCheck the cookie jar

http://www.karenware.com/powertools/ptcookie.html

Manage the Cookie JarManage the Cookie Jar

http://www.analogx.com/ contents/download/network/cookie.htm

CookieWall

Cookie Cop PlusCookie Cop Plus

http://www.pcmag.com/print_article/0,3048,a=7719,00.asp

What to do about spamWhat to do about spam

Ignore Delete Block Filter Change e-mail address

What What NOTNOT to do about spam to do about spam

Do NOT forward Do NOT reply Do NOT send REMOVE request

■ Verified e-mail address■ Verify messages read■ Show lack of anti-spam knowledge

■ RESULTS – MORE SPAMRESULTS – MORE SPAM

Avoiding web spambotsAvoiding web spambots

hintz@ifas.ufl.edu Use a graphic Use a graphic @ symbol Use TABLE Spell out address

■ hintz AT ifas.ufl.edu■ hintz AT ifas DOT ufl DOT edu■ hintz@ifasNOJUNK.ufl.edu (remove NOJUNK)

Do not use “ mailto: ” TAGunless encoded –

mailto&#58;hintz&#64;ufl&#46;edu

Pop-Up DeletePop-Up Delete

Pop-Up and Pop-Under windows that don’t have a close box can

only be removed by using

< A l t > - < F 4 >

Specialized Privacy ProbesSpecialized Privacy Probes

Disable JAVA ScriptIn

E-Mail Client

Install Microsoft patch

http://office.microsoft.com/Assistance/2000/Out2ksecFAQ.aspx

FirewallFirewall

Tiny Personal Firewall 2.0

http://www.tinysoftware.com/

FirewallFirewall

http://www.agnitum.com/products/outpost/

Open ArchitectureSupports plug-ins

Intrusion DetectionAdvertisement BlockingContent FilteringE-mail GuardPrivacy Control

Spyware FirewallSpyware Firewall

http://www.zonealarm.com/

Check both INCOMING and OUTGOING requests

Anti-SpywareAnti-Spyware

http://www.lavasoft.de/

Universal Web FilterProxomitron

eliminate cyber-spam like pop-up windows, alerts, banners, animated GIFs, auto-play music, sounds, dynamic HTML, Java and more

http://www.spamblocked.com/proxomitron/

transforms web pages on the fly

turn off some of those fancy new HTML features that web browsers support

PC CleanerPC Cleaner

http://www.bmesite.com/

InternetSweeper

Where is the source?Where is the source?

http://www.neoworx.com/products/ntx/default.asp

Provide accurate personal information

ONLY

if appropriate for theservices requested.

Would you give personalWould you give personal information to strangers? information to strangers?

24%of users havesupplied falseinformation

Create aVirtual User

John Smith7/7/77

blue eyesred hair

How to protect your privacyHow to protect your privacy Web browsing

■ Use only sites with privacy policy■ Use only secure on-line forms■ Reject unnecessary cookies■ Limit personal information entry■ Provide bogus info when appropriate■ Opt-out of 3rd party info sharing■ Use anonymizers■ Clear cache after browsing

Conclusion:Conclusion:

Remember,the Internet is a public network

If you are connected,

protect yourself

ANY QUESTIONS?ANY QUESTIONS?

Thank you very much for listening!