OLC Presentation Jipson


Published on

Dr. Jipson's OLC Presentation from Thursday, September 25, 2008

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • OLC Presentation Jipson

    1. 1. Be Careful what You Post: The Myth of Internet Privacy Dr. Art Jipson University of Dayton Criminal Justice Studies Program Sociology, Anthropology, and Social Work
    2. 2. Internet Information Concerns Privacy Security Bandwidth Content Public Access Commercialization
    3. 3. Internet Privacy Laws “ Enjoying the right to privacy means having control over your own personal data and the ability to grant or deny access to others.”
    4. 4. Balancing Act on Privacy
    5. 5. Basic Issues <ul><li>The Children's Online Privacy Protection Act (COPPA) </li></ul><ul><li>Gender and Electronic Privacy </li></ul><ul><li>USA PATRIOT Act </li></ul><ul><li>Terrorist Information Awareness </li></ul><ul><li>Cookies </li></ul><ul><li>Spam </li></ul><ul><li>Software </li></ul><ul><li>Spyware </li></ul>
    6. 6. “ You have zero privacy [on the Internet] anyway. Get over it.” Scott McNealy, 1999 CEO, SUN Microsystems
    7. 7. Public Interest In Protecting Individual Privacy
    8. 8. The Children's Online Privacy Protection Act (COPPA) <ul><li>The Children's Online Privacy Protection Act (&quot;COPPA&quot;) specifically protects the privacy of children under the age of 13 by requesting parental consent for the collection or use of any personal information of the users. </li></ul><ul><li>Main requirements of the Act </li></ul><ul><li>The Act was passed in response to a growing awareness of Internet marketing techniques that targeted children and collected their personal information from websites without any parental notification. </li></ul>
    9. 9. The Children's Online Privacy Protection Act (COPPA) <ul><li>In the 1990s, children began to access the Web more and more. Marketers would track information kids gave out in chat rooms or while playing games (such as addresses, full names, ages, etc.) and would retain this data in order to sell to third parties. It became very easy for anyone to simply send money to one of these companies and receive lists of children’s addresses and personal information. </li></ul>
    10. 10. The Children's Online Privacy Protection Act (COPPA) <ul><li>COPPA applies to any website directed specifically at children, any general site which has a children’s section, and any foreign websites aimed at U.S. children </li></ul><ul><li>On each website, there must be an easily accessible privacy policy </li></ul><ul><li>A web operator must obtain parental permission via credit card, digital signature, or a signed and faxed consent form. </li></ul><ul><li>The operator must also make available any information collected about the child to the guardians of the child. </li></ul>
    11. 11. Gender and Electronic Privacy <ul><li>Pretexting and Cyberstalking : </li></ul><ul><li>*Pretexting is the practice of collecting information about a person using false pretenses. </li></ul><ul><ul><li>*Cyberstalking-- Coincidence Design , Amy Boyer case </li></ul></ul><ul><li>Video voyeurism and webcams </li></ul>
    12. 12. Case of Amy Boyer <ul><li>Twenty-year-old Amy Boyer lived at home with her parents in Nashua, New Hampshire, was employed at a local dentist’s office, and had a boyfriend. In early October of 1999, she logged onto the Web with her mother to check out travel rates for a trip she was planning. </li></ul><ul><li>On October 15, Amy, ambushed outside the dentist’s office as she got in her car, was shot and killed. Her killer then committed suicide. </li></ul><ul><li>Then when police confiscated the killer’s computer, they found the connection—two Web sites devoted to Amy Boyer, created by Liam Youens, 21, who had been carrying a torch for her ever since junior high school. But he did not know Amy and Amy never knew Liam. He’d seen her in the hallway one day, became infatuated, and his “love” grew from there. </li></ul><ul><li>As he saw Amy with a new boyfriend, his love became anger, then hate, fueled by two Web sites he created, one on Tripod, the other on Geocities. </li></ul><ul><li>A cyberstalking victim? Yes. But like a dangerous intersection that doesn’t get a stop light until someone dies, Amy died before anyone took cyberstalking seriously.   </li></ul>
    13. 13. USA PATRIOT Act <ul><li>“ U niting and S trengthening A merica by P roviding A ppropriate T ools R equired to I ntercept and O bstruct T errorism Act of 2001” </li></ul><ul><li>Authorizes the installation of devices to record all computer routing, addressing, and signaling information. </li></ul><ul><li>Governs government access to stored email and other electronic communications. </li></ul><ul><li>Creates a new exception, permitting government interception of the &quot;communications of a computer trespasser&quot; if the owner or operator of a &quot;protected computer&quot; authorizes the interception. The new exception has broad implications, given that a &quot;protected computer&quot; includes any &quot;which is used in interstate or foreign commerce or communication&quot; (which, with the Internet, includes effectively any computer). </li></ul>
    14. 14. Terrorist Information Awareness USA PATRIOT ACT TIA Objective Surveillance of communications is an essential tool to pursue and stop terrorists.    This new law will allow surveillance of all communications used by terrorists, including e-mails, the Internet, and cell phones. To revolutionize the ability of the United States to detect, classify and identify foreign terrorists – and decipher their plans – and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts. Strategy Law enforcement agencies have to get a new warrant for each new district they investigate, even when they're after the same suspect.  Under this new law, warrants are valid across all districts and across all states.  And, finally, the new legislation greatly enhances the penalties that will fall on terrorists or anyone who helps them. The project would scan the Internet and commercial databases for electronic evidence of terrorist preparations. Intelligence and law enforcement officials would check -- without warrants -- travel and credit card records, Internet mail and banking transactions, new driver's license records and more. Criticism The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is &quot;relevant&quot; to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This would create systematic surveillance of Americans on home soil. He is proposing to make government a peeper into lawful transactions among private citizens.
    15. 15. Cookies <ul><li>A cookie is a mechanism that allows a web site to record your comings and goings, usually without your knowledge or consent. </li></ul><ul><li>Cookies do provide outside sources with personal information, but only information that you give while on the website. Yes, it does violate personal privacy to a degree, but cookies can be turned off or restricted to specific websites. </li></ul>
    16. 16. Cookies <ul><li>A server cannot set a cookie for a domain that it isn't a member of. </li></ul><ul><li>How does a cookie work? </li></ul><ul><li>Doubleclick </li></ul><ul><li>This usage of cookies is the most controversial, and has led to the polarized opinions on cookies, privacy, and the Internet. </li></ul>
    17. 17. Cookie Concerns <ul><li>Snooping </li></ul><ul><li>Virus carrier </li></ul><ul><li>Hacking </li></ul><ul><li>User profiling </li></ul>Fixing browser bugs eliminated cookie concerns EXCEPT for User Profiling > Briefly < And now … Super Cookies
    18. 18. Have you been spammed?
    19. 19. Have you been spammed? Junk mail … flooding the Internet (Usenet and/or e-mail) with many unsolicited copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.
    20. 20. Spam <ul><li>Spam is unsolicited commercial e-mail. </li></ul><ul><li>Spammers get e-mail addresses in three ways: </li></ul><ul><li>*by scavenging, the practice of automatically collecting e-mail addresses listed or posted on web pages and electronic bulletin boards </li></ul><ul><li>* by guessing, where the spammer uses dictionary terms or randomly- generated strings to develop e-mail addresses </li></ul><ul><li>*and by purchasing e-mail addresses through list brokers. </li></ul><ul><li>Currently, there is no federal legislation regulating the transmission of spam. </li></ul><ul><li>&quot;Remove me&quot; options </li></ul>
    21. 21. Spambots are looking for you! Spambots are programs that search and automatically extract e-mail addresses, which are then used as targets for spam.
    22. 22. Spam mail – printer toner # From Date Subject 1 [email_address] 20-JUN-1999 copier & laser printer supplies 2 cc123@boardermail.com 27-JUN-1999 copier & laser printer supplies 3 hunt25@boardermail.com 12-JUL-1999 copier & laser printer supplies 4 art123@ureach.com 23-AUG-1999 laser printer toner advertisement 5 art1234@ureach.com 30-AUG-1999 laser printer toner advertisement 6 art1234@ureach.com 30-AUG-1999 laser printer toner advertisement 7 art123@techpointer.com 26-SEP-1999 laser printer toner advertisement 8 art222@techpointer.com 3-OCT-1999 laser printer toner advertisement 9 art1235@visto.com 19-OCT-1999 laser printer toner advertisement 10 art1235@visto.com 19-OCT-1999 laser printer toner advertisement 11 art123@visto.com 20-OCT-1999 laser printer toner advertisement 12 [email_address] 27-NOV-1999 laser printer toner advertisement 13 [email_address] 27-NOV-1999 laser printer toner advertisement 14 bmark@atlantaoffice. com 28-NOV-1999 laser printer toner advertisement 15 bmark@guestbooks.net 13-DEC-1999 laser printer toner advertisement 16 bmark@crosswinds.net 28-FEB-2000 laser printer toner advertisement 17 bmark1@crosswinds.net 28-FEB-2000 laser printer toner advertisement 18 bps@buffymail.com 28-MAR-2000 laser printer toner cartridges 19 r2d2@ureach.com 28-MAR-2000 laser printer toner advertisement 20 bps@buffymail.com 20-JUN-2000 laser printer toner cartridges
    23. 23. Spam Case study: One person, six years
    24. 24. Software <ul><li>Excel </li></ul><ul><li>WORD </li></ul><ul><li>PowerPoint </li></ul>Contained (GUID) Globally Unique Identifier [Called a Microsoft System ID (MSID) by MS that included the NIC ethernet address] All searches (Yahoo…) routed through Microsoft <ul><li>Internet Explorer V5.0 (search feature) </li></ul><ul><li>Windows Media Player ( super cookie ) </li></ul>Reports media use to Microsoft Contains unique ID serial number accessible by web http://www.computerbytesman.com/privacy/supercookiedemo.htm
    25. 25. Spyware More than 800 infested programs including: CuteFTP DigiCAM Ezforms GIF Animator Image Carousel JPEG Optimizer Netscape Smart Download Notepad + PKZIP Printshop Real Audioplayer Tucows uploader http://www.infoforce.qc.ca/spyware/
    26. 26. Web Browsers Every time you visit a site on the Internet you provide information about yourself.
    27. 27. Verifications <ul><li>Publication renewals have requested: </li></ul><ul><ul><li>Birth day </li></ul></ul><ul><ul><li>Birth month </li></ul></ul><ul><ul><li>Birth year </li></ul></ul><ul><ul><li>Birth state </li></ul></ul><ul><ul><li>Birth city </li></ul></ul><ul><ul><li>Color of eyes </li></ul></ul><ul><ul><li>Mother’s maiden name </li></ul></ul>
    28. 28. Web Bugs Do you see the web bug?
    29. 29. What is a Web Bug? <ul><li>Graphic </li></ul><ul><li>Usually transparent </li></ul><ul><li>Usually 1-by-1 pixel size </li></ul><ul><li>Represented as HTML IMG tag </li></ul><ul><li>Retrieved from source other than message </li></ul><ul><li>Found in web site or e-mail </li></ul>
    30. 30. Why a Web Bug? <ul><li>Monitor web site access </li></ul><ul><li>Collect reader browser info </li></ul><ul><li>No cookie needed </li></ul><ul><li>When is e-mail read </li></ul><ul><li>E-mail forwarding record </li></ul><ul><ul><li>Other readers </li></ul></ul><ul><ul><li>Find anonymous e-mail source </li></ul></ul><ul><li>Check spam list for active e-mail addresses </li></ul>
    31. 31. Specialized Privacy Probes <ul><li>Wiretap </li></ul><ul><ul><li>Web Bug + JAVA code </li></ul></ul><ul><ul><li>Retrieve e-mail comments </li></ul></ul><ul><ul><li>Retrieve mailing list </li></ul></ul><ul><li>Computer Triangulation </li></ul><ul><ul><li>Pinpoint physical location </li></ul></ul><ul><ul><ul><li>Country and City (90% accuracy) </li></ul></ul></ul><ul><ul><ul><li>ZIP code (possible) </li></ul></ul></ul>
    32. 32. Advertisement Competition A browser window &quot;plug-in&quot; comes bundled with software that hovers pop-ups over competitors advertisement banners Free, advertising supported application for filling in forms
    33. 33. Hijackware Hidden application could turn every computer running Kazaa into a node of a private network called Altnet and controlled by Brilliant Digital. http://news.com.com/2102-1023-875274.html SETI without the ethics! Free file sharing software
    34. 34. What can Librarians Do? Educate yourself so you can inform the patrons of the library
    35. 35. Software <ul><li>Install system/application security patches </li></ul><ul><li>Upgrade Windows Media Player </li></ul><ul><li>Change default (turn off Super Cookie) </li></ul>UNCHECK
    36. 36. Anonymous web surfing <ul><li>Internet Explorer plug-in </li></ul><ul><li>FREE – cannot visit secure sites </li></ul><ul><li>Blocks IP address </li></ul><ul><li>Blocks cookies </li></ul>http://www.anonymizer.com/
    37. 37. Encrypted e-mail P retty G ood P rivacy GPG (GNU Privacy Guard) is a PGP compatible alternative replacement based on the OpenPGP standard http://www.gnupg.org/
    38. 38. P3P Platform for Privacy Preferences <ul><li>Industry Standard ( 16 April 2002 ) </li></ul><ul><li>Specify web site privacy policy </li></ul><ul><li>Compare with user/browser privacy preference </li></ul>http://www.w3.org/P3P/
    39. 39. P3P Tool Privacy Bird automatically searches for privacy policies at every website you visit http://www.privacybird.com/ The bird icon alerts you about Web site privacy policies with a visual symbol and optional sounds.
    40. 40. Non-secure site
    41. 41. Secure site
    42. 42. Cookies are optional <ul><li>Netscape </li></ul><ul><ul><li>v3 Options/Network Preferences/Protocols </li></ul></ul><ul><ul><li>v4 Edit/Preferences/Advanced </li></ul></ul><ul><li>Internet Explorer </li></ul><ul><ul><li>v3 Internet Options/Advanced </li></ul></ul><ul><ul><li>v4 View/Internet Options/Advanced </li></ul></ul><ul><ul><li>v5 Tools/Internet Options/Security </li></ul></ul>
    43. 43. Cookie Rejection Default Preferred
    44. 44. Check the cookie jar http://www.karenware.com/powertools/ptcookie.html
    45. 45. Manage the Cookie Jar http://www.analogx.com/ contents/download/network/cookie.htm CookieWall
    46. 46. Cookie Cop Plus http://www.pcmag.com/print_article/0,3048,a=7719,00.asp
    47. 47. What to do about spam <ul><li>Ignore </li></ul><ul><li>Delete </li></ul><ul><li>Block </li></ul><ul><li>Filter </li></ul><ul><li>Change e-mail address </li></ul>
    48. 48. What NOT to do about spam <ul><li>Do NOT forward </li></ul><ul><li>Do NOT reply </li></ul><ul><li>Do NOT send REMOVE request </li></ul><ul><ul><li>Verified e-mail address </li></ul></ul><ul><ul><li>Verify messages read </li></ul></ul><ul><ul><li>Show lack of anti-spam knowledge </li></ul></ul><ul><ul><li>RESULTS – MORE SPAM </li></ul></ul>
    49. 49. Avoiding web spambots <ul><li>Use a graphic </li></ul><ul><li>Use a graphic @ symbol </li></ul><ul><li>Use TABLE </li></ul><ul><li>Spell out address </li></ul><ul><ul><li>hintz AT ifas.ufl.edu </li></ul></ul><ul><ul><li>hintz AT ifas DOT ufl DOT edu </li></ul></ul><ul><ul><li>hintz@ifasNOJUNK.ufl.edu (remove NOJUNK) </li></ul></ul><ul><li>Do not use “ mailto: ” TAG </li></ul><ul><li>unless encoded – </li></ul><ul><li>mailto:hintz@ufl.edu </li></ul>[email_address]
    50. 50. Pop-Up Delete Pop-Up and Pop-Under windows that don’t have a close box can only be removed by using < A l t > - < F 4 >
    51. 51. Specialized Privacy Probes Disable JAVA Script In E-Mail Client Install Microsoft patch http://office.microsoft.com/Assistance/2000/Out2ksecFAQ.aspx
    52. 52. Firewall Tiny Personal Firewall 2.0 http://www.tinysoftware.com/
    53. 53. Firewall http://www.agnitum.com/products/outpost/ Open Architecture Supports plug-ins Intrusion Detection Advertisement Blocking Content Filtering E-mail Guard Privacy Control
    54. 54. Spyware Firewall http://www.zonealarm.com/ Check both INCOMING and OUTGOING requests
    55. 55. Anti-Spyware http://www.lavasoft.de/
    56. 56. Universal Web Filter Proxomitron eliminate cyber-spam like pop-up windows, alerts, banners, animated GIFs, auto-play music, sounds, dynamic HTML, Java and more http://www.spamblocked.com/proxomitron/ transforms web pages on the fly turn off some of those fancy new HTML features that web browsers support
    57. 57. PC Cleaner http://www.bmesite.com/ Internet Sweeper
    58. 58. Where is the source? http://www.neoworx.com/products/ntx/default.asp
    59. 59. Provide accurate personal information ONLY if appropriate for the services requested. Would you give personal information to strangers? 24% of users have supplied false information Create a Virtual User John Smith 7/7/77 blue eyes red hair
    60. 60. How to protect your privacy <ul><li>Web browsing </li></ul><ul><ul><li>Use only sites with privacy policy </li></ul></ul><ul><ul><li>Use only secure on-line forms </li></ul></ul><ul><ul><li>Reject unnecessary cookies </li></ul></ul><ul><ul><li>Limit personal information entry </li></ul></ul><ul><ul><li>Provide bogus info when appropriate </li></ul></ul><ul><ul><li>Opt-out of 3 rd party info sharing </li></ul></ul><ul><ul><li>Use anonymizers </li></ul></ul><ul><ul><li>Clear cache after browsing </li></ul></ul>
    61. 61. Conclusion: Remember, the Internet is a public network If you are connected, protect yourself
    62. 62. ANY QUESTIONS? <ul><li>Thank you very much for listening! </li></ul>