Privacy on the Web
The Internet is perhaps the greatest threat to
privacy. As Chapter 7 says, an advantage
of the Internet, which is also a disadvantage, is anonymity. A user can visit
web sites, send messages, and interact with applications without revealing an
identity. At least that is what we would like to think. Unfortunately, because
of things like cookies, ad-ware, spybots, and malicious code, the anonymity is
superficial and largely one-sided. Sophisticated web applications can know a
lot about a user, but the user knows relatively little about the application.
The topic is clearly of great interest: a
recent Google search returned 7 billion hits for the phrase "web
privacy."
In this section we investigate some of the ways
a user's privacy is lost on the Internet.
Understanding the Online Environment
The Internet is like a
nightmare of a big, unregulated bazaar. Every word you speak can be heard by
many others. And the merchants' tents are not what they seem: the spice
merchant actually runs a gambling den, and the kind woman selling scarves is
really three pirate brothers and a tiger. You reach into your pocket for money
only to find that your wallet has been emptied. Then the police tell you that
they would love to help but, sadly, no laws apply. Caveat emptor in excelsis.
We have previously described
the anonymity of the web. It is difficult for two unrelated parties to
authenticate each other. Internet authentication most often confirms the user's
identity, not the server's, so the user is unsure that the web site is
legitimate. This uncertainty makes it difficult to give informed consent to
release of private data: How can consent be informed if you don't know to whom
you are giving consent?
Payments on the Web
Customers of online merchants
have to be able to pay for purchases. Basically, there are two approaches: the
customer presents a credit card to the merchant or the customer arranges
payment through an online payment system such as PayPal.
Credit Card Payments
With a credit card, the user
enters the credit card number, a special number printed on the card (presumably
to demonstrate that the user actually possesses the card), the expiration date
of the card (to ensure that the card is currently active), and the billing
address of the credit card (presumably to protect against theft of credit
card). These protections are all on the side of the merchant: They demonstrate
that the merchant made a best effort to determine that the credit card use was
legitimate. There is no protection to the customer that the merchant will secure these data. Once
the customer has given this information to one merchant, that same information
is all that would be required for another merchant to accept a sale charged to
the same card.
Furthermore, these pieces of
information provide numerous static keys by which to correlate databases. As we
have seen, names can be difficult to work with because of the risk of
misspelling, variation in presentation, truncation, and the like. Credit card
numbers make excellent keys because they can be presented in only one way and
there is even a trivial check digit to ensure that the card number is a valid
sequence.
Because of problems with
stolen credit card numbers, there has been some consideration of disposable
credit cards: cards you could use for one transaction or for a fixed short
period of time. That way, if a card number is stolen or intercepted, it could
not be reused. Furthermore, having multiple card numbers limits the ability to
use a credit card number as a key to compromise privacy.
Payment Schemes
The other way to make web
payments is with an online payment scheme, such as PayPal (which is now a
subsidiary of the eBay auction site). You pay PayPal a sum of money and you
receive an account number and a PIN. You can then log in to the PayPal central
site, give an e-mail address and amount to be paid, and PayPal transfers that
amount. Because it is not regulated under the same banking laws as credit
cards, PayPal offers less consumer protection than does a credit card. However,
the privacy advantage is that the user's credit card or financial details are
known only to PayPal, thus reducing the risk of their being stolen. Similar
schemes use cell phones.
Site and Portal Registrations
Registering to use a site is
now common. Often the registration is free; you just choose a user ID and
password. Newspapers and web portals (such as Yahoo or MSN) are especially fond
of this technique. The explanation they give sounds soothing: They will enhance
your browsing experience (whatever that means) and be able to offer content to
people throughout the world. In reality, the sites want to obtain customer
demographics that they can then sell to marketers or show to advertisers to
warrant their advertising.
People have trouble
remembering numerous IDs so they tend to default to simple ones, often
variations on their names. And because people have trouble remembering IDs, the
sites are making it easier: Many now ask you to use your e-mail address as your
ID. The problem with using the same ID at many sites is that it now becomes a
database key on which previously separate databases from different sites can be
merged. Even worse, because the ID or e-mail address is often closely related
to the individual's real name, this link also connects a person's identity with
the other collected data. So now, a data aggregator can infer that V. Putin
browsed the New York Times looking for articles on vodka and longevity and then
bought 200 shares of stock in a Russian distillery.
You can, of course, try to
remember many different IDs. Or you can choose a disposable persona, register
for a free e-mail account under a name like xxxyyy, and never use the account
for anything except these mandatory free registrations. And it often seems that
when there is a need, there arises a service. See www.bugmenot.com
for a service that will supply a random anonymous ID and password for sites
that require a registration.
Whose Page Is This?
The reason for registrations
has little to do with the newspaper or the portal; it has to do with
advertisers, the people who pay so the web content can be provided. The web
offers much more detailed tracking possibilities than other media. If you see a
billboard for a candy bar in the morning and that same advertisement remains in
your mind until lunch time and you buy that same candy bar at lunch, the
advertiser is very happy: The advertising money has paid off. But the
advertiser has no way to know whether you saw an ad (and if so which one).
There are some coarse measures: After an ad campaign if sales go up, the
campaign probably had some effect. But advertisers would really like a closer
cause-and-effect relationship. Then the web arrived.
Third-Party Ads
You log in to Yahoo Sports
and you might see advertisements for mortgages, banking, auto loans, maybe some
sports magazines or a cable television offer, and a fast food chain. You click
one of the links and you either go directly to a "buy here now" form
or you get to print a special coupon worth something on your purchase in
person. Web advertising is much more connected to the purchaser: You see the ad,
you click on it, and they know the ad did its job by attracting your attention.
(With a highway billboard they never know if you watch it or traffic.) When you
click through and buy, the ad has really paid off. When you click through and
print a coupon that you later present, a tracking number on the coupon lets
them connect to advertising on a particular web site. From the advertiser's
point of view, the immediate feedback is great.
But each of these activities
can be tracked and connected. Is it anyone's business that you like basketball
and are looking into a second mortgage? Remember that from your having logged
in to the portal site, they already have an identity that may link to your
actual name.
Contests and Offers
We cannot resist anything
free. We will sign up for a chance to win a large prize, even if we have only a
minuscule chance of succeeding. Advertisers know that. So contests and special
offers are a good chance to get people to divulge private details. Another
thing advertisers know is that people are enthusiastic at the moment but
enthusiasm and attention wane quickly.
A typical promotion offers
you a free month of a service. You just sign up, give a credit card number,
which won't be charged until next month, and you get a month's use of the service
for free. As soon as you sign up, the credit card number and your name become
keys by which to link other data. You came via a web access, so there may be a
link history from the forwarding site.
Precautions for Web Surfing
In this section we discuss cookies
and web bugs, two technologies that are frequently used to monitor a user's
activities without the user's knowledge.
Cookies
Cookies are files of data set
by a web site. They are really a cheap way to transfer a storage need from a
web site to a user.
A portal such as Yahoo allows
a user to customize the look of the web page. Sadie wants the news headlines,
the weather, and her e -mail, with a bright background; Norman wants stock
market results, news about current movies playing in his area, and interesting
things that happened on this day in history, displayed on a gentle pastel
background. Yahoo could keep all this preference information in its database so
that it could easily customize pages it sends to these two users. But Netscape
realized that the burden could be shifted to the user. The web protocol is
basically stateless, meaning that the browser displays whatever it is given,
regardless of anything that has happened previously.
A cookie is a text file
stored on the user's computer and passed by the user's browser to the web site
when the user goes to that site. Thus, preferences for Sadie or Norman are
stored on their own computers and passed back to Yahoo to help Yahoo form and
deliver a web page according to Sadie's or Norman's preferences. A cookie
contains six fields: name, value, expiration date, path on the server to which
it is to be delivered, domain of the server to which it is to be delivered, and
whether a secure connection (SSL) is required in order for the cookie to be
delivered. A site can set as many cookies as it wants and can store any value
(up to 4,096 bytes) it wants. Some sites use cookies to avoid a customer's
having to log in on each visit to a site; these cookies contain the user's ID
and password. A cookie could contain a credit card number, the customer name
and shipping address, the date of the last visit to the site, the number of
items purchased or the dollar volume of purchases.
Match visits to a site with
displays of an ad for that site.
Match a purchase to an ad a
person viewed before making the purchase.
Record and report search
strings from a search engine.
Of course, all these counting
and matching activities produce statistics that the cookie's site can also send
back to the central site any time the bug is activated. And these collected
data are also available to send to any other partners of the cookie.
Let us assume you are going
to a personal investing page which, being financed by ads, contains spaces for
ads from four stockbrokers. Let us also assume eight possible brokers could
fill these four ad slots. When the page is loaded, DoubleClick retrieves its
cookie, sees that you have been to that page before, and also sees that you
clicked on broker B5 sometime in the past; then DoubleClick will probably
engineer it so that B5 is one of the four brokers displayed to you this time.
Also assume DoubleClick sees that you have previously looked at ads for very
expensive cars and jewelry. Then full-priced brokers, not discount brokerages,
are likely to be chosen for the other three slots. DoubleClick says that part
of its service is to present ads that are the most likely to be of interest to
the customer, which is in everybody's best interest.
But this strategy also lets
DoubleClick build a rich dossier of your web surfing habits. If you visit
online gambling sites and then visit a money-lending site, DoubleClick knows.
If you purchase herbal remedies for high blood pressure and then visit a health
insurance site, DoubleClick knows. DoubleClick knows what personal information
you have previously supplied on web forms, such as political affiliation,
sexual matters, religion, financial or medical status, or identity information.
Even without your supplying private data, merely opening a web page for one
political party could put you on that party's solicitation list and the other
parties' enemies lists. All this activity goes under the general name of online profiling. Each of these pieces
of data is available to the individual firm presenting the web page; DoubleClick
collects and redistributes these separate data items as a package.
Presumably all browsing is
anonymous. But as we have shown previously, login IDs, e-mail addresses, and
retained shipping or billing details can all lead to matching a person with
this dossier, so it is no longer an unnamed string of cookies. In 1999,
DoubleClick bought Abacus, another company maintaining a marketing database.
Abacus collects personal shopping data from catalog merchants, so with that
acquisition, DoubleClick gained a way to link personal names and addresses that
had previously been only patterns of a machine, not a person.
Cookies associate with a
machine, not a user. (For older versions of Windows this is true; for Unix and
Windows NT, 2000, and XP, cookies are separated by login ID.) If all members of
a family share one machine or if a guest borrows the machine, the apparent
connections will be specious. The second problem of the logic concerns the
correctness of conclusions drawn: Because the cookies associate actions on a
browser, their results are incomplete if a person uses two or more browsers or
accounts or machines. As in many other aspects of privacy, when the user does
not know what data have been collected, the user cannot know the data's
validity.
Web Bugs: Is There an Exterminator?
The preceding discussion of
DoubleClick had a passing reference to an invisible image. Such an image is
called a clear GIF, 1 x 1 GIF, or web bug. It is an image file 1 pixel by 1 pixel, so it is far too
small to detect by normal sight. To the web browser, an image is an image, regardless of size; the browser will
ask for a file from the given address.
The distinction between a
cookie and a bug is enormous. A cookie is a tracking device, transferred
between the user's machine and the server. A web bug is an invisible image that
invites or invokes a process. That process can come from any location. A
typical advertising web page might have 20 web bugs, inviting 20 other sites to
drop images, code, or other bugs onto the user's machine. All this occurs
without the user's direct knowledge or certainly control.
Unfortunately, extermination
is not so simple as prohibiting images smaller than the eye can see, because
many web pages use such images innocently to help align content. Or some
specialized visual applications may actually use collections of minute images
for a valid purpose. The answer is not to restrict the image but to restrict
the collection and dissemination of data.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.