Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Some browsers don’t supply a referrer address, and in any case it can be easily spoofed so should never really be trusted!
  • 1. What is different about our concerns for the Internet? Documented concerns about privacy have been around for at least 100 years (since 1890 in Warren and Brandeis Harvard Law Review article). What is different is the scale of information and the ease with which is moves (both collected and released) on the Internet. Internet transactions unlike real world transactions have not been around long enough for the public to know the impact. An additional setback is that the general public does not understand technology. A good way of saying this is that the public has not yet developed a reasonable expectation of privacy for transactions on the Web. 2. Collection and centralization of information There are at least two types of manipulation of information which occur on the Internet- collection and centralization. We will see how differently these types of information implementation can affect our privacy. 3. Role of Informed Consent Concept of informed consent is well developed in the field of medical ethics . We extend its boundaries here and see how it is a useful tool for privacy discussions. 4. Reasonable expectation of privacy and Cookies Explore Cookies and offer an interpretation of reasonable expectation of privacy for them
  • 1. Privacy as the right “to be let alone” If Alice clubs Bob on the head with a baseball bat, she has not invaded his privacy. Yet she has not let Bob alone. 2. Privacy as control of information If Alice tells Bob about Charles’s smoking habit, Charles suffers no loss of privacy because his smoking habit is widely known. But he has no control of this information. 3. Privacy as Undocumented Personal Knowledge Any personal information which can be found in public documents such as newspapers and magazines cannot cause violations of privacy. Alice is unknowingly photographed sunbathing nude on her private beach. The photographed is published in various magazines. According to this definition of privacy, the next time someone sees Alice nude, she will not lose any privacy. 4. Privacy as Restricted Access Secrecy- extent to which we are known to others. Anonymity- extent to which we are the subject of others’ attention. Solitude- extent to which others have physical access to us. Loss of privacy can be good: lower auto insurance, leniency from courts. 5. If time, discuss why privacy is important (Rachels- social context for relations)
  • Segue from previous slide: When, then, is a loss of privacy a violation of privacy? 1. Disclosure All pertinent information must be disclosed to the subject (how and why the information is being collected) 2. Comprehension Subject understands risks and benefits of revealing information 3. Voluntariness Subject is under no pressure of duress to reveal the information 4. Competence Subject takes responsibility for releasing information 5. Consent Subject is given a choice whether to reveal the information
  • To summarize, if we are uncertain whether a collection of information causes a violation of privacy- that is, if we are uncertain of the reasonable expectations of privacy for a certain situation, obtaining informed consent will make the collection ethical.
  • Note that the data to be stored must always be a string…
  • Note that the data to be stored must always be a string…
  • With PHP => version 4.1, the $_COOKIE superglobal is the one to go for, otherwise 2 nd option.
  • Let’s look at the first line, The name of this cookie is NGUserID The value of this cookie is cf1947b7-20682-881794064-1 The expiration date is 942189160 The valid path is / (starting from the root) The valid domain is The secure transport flag is FALSE CNN probably uses this cookie to access a database of information about this user, cf1947b7-20682-881794064-1 , to access a database of information accumulated about this user.
  • Let’s look at the first line, The name of this cookie is NGUserID The value of this cookie is cf1947b7-20682-881794064-1 The expiration date is 942189160 The valid path is / (starting from the root) The valid domain is The secure transport flag is FALSE CNN probably uses this cookie to access a database of information about this user, cf1947b7-20682-881794064-1 , to access a database of information accumulated about this user.
  • Mayer-Schoenberger presents four reasons why cookies are an invasion of our privacy. 1. As we have seen, cookie are just a text file stored on the hard drive by your web browser. Technically, this is no different from cache files, temporary files, or log files which are stored on our hard drive without our knowledge. 2. Typical computer user is unaware of much information which is transferred to other machines. Web page visits always reveal: IP address Current time Previous Web page visited 3. This argument mistakes the tool for the use. The expiration date allows the realization of the accuracy and timeliness principles. It also allows for abuse of these principles.
  • Compare morally permissible uses of cookies to “doing good business”. These cookies are not unlike the memory of the Mr. Smith, the storekeeper of the local grocery store. The more your visit, the more Mr. Smith remembers about you, the better service he will give you, the more often you will return. Note that Mr. Smith can do good business with you without ever knowing your name. Same with cookies.
  • 1. Older Web browsers did not have a large choice of cookie options. Only one option- whether you are notified when a Web page you visit wants to set a cookie. Interesting to note that you could not disable cookies at this time. 2. During the research of this topic, the new Netscape Communicator came out. Distinguishes between our ethical and unethical uses of cookies. Includes an option to disable cookies entirely.
  • Cookies

    1. 1. Maintaining State in PHP Part I - Cookies 1
    2. 2. xHTML - a ‘stateless’ environment stateless (adj.) Having no information about what occurred previously.• Most modern applications maintain state, which means that they remember what you were doing last time you ran the application, and they remember all your configuration settings. This is extremely useful because it means you can mould the application to your working habits.• Each request for a new web page is processed without any knowledge of previous pages requested or processed. 2
    3. 3. How do they do that?For example: A user ‘logs in’ to a web page. Once logged in, the user can browse the site while maintaining their logged in state. 3
    4. 4. Is PHP stateless?• Variables are destroyed as soon as the page script finishes executing.• The script can access the ‘referrer’, the address of the previous page, although this can’t really be trusted. $_SERVER[HTTP_REFERER]• It is possible to add data to a database/text file to add persistent data, although this is not connected with a particular user… 4
    5. 5. Is PHP Stateless… No!• The usual way to maintain state in PHP pages is via the use of Sessions.• To understand how these work, we need to have a look at what and how cookies are.. 5
    6. 6. Taking the Byte Out of Cookies:Privacy, Consent, and the Web Daniel Lin Department of Computer Science University of Illinois at Urbana-Champaign Michael C. Loui Department of Electrical and Computer Engineering, and Coordinated Science Laboratory University of Illinois at Urbana-Champaign 6
    7. 7. Introduction• What is different about our concerns with privacy when we deal with the Internet?• Our contributions: – Difference between the collection and centralization of information. – The role of informed consent in the theory of privacy – Reasonable expectation of privacy and Internet cookies 7
    8. 8. Theories of Privacy• Right “to be let alone” (Warren & Brandeis)• Control of information (Fried, …)• Undocumented personal knowledge (Parent)• Privacy as restricted access (Gavison) – Secrecy – Anonymity – Solitude – Loss of privacy versus violation of privacy• Why privacy is important (Rachels, Benn) 8
    9. 9. Informed Consent and the Collection of Information• Disclosure• Comprehension• Voluntariness• Competence• Consent 9
    10. 10. Collection of Personal Information• An ethical collection of personal information causes a loss of privacy – Obtaining informed consent is sufficient but not necessary for an ethical collection of personal information• An unethical collection of personal information causes a violation of privacy – Collection of personal information is unethical when it does not comport with the reasonable expectation of privacy for this situation 10
    11. 11. Centralization of Information• Assembling personal information from multiple sources, originally collected for different purposes: “digital dossier”• Violation of privacy with no extra loss of privacy: – Composite portrait out of context – Unauthorized subsets of information 11
    12. 12. Reasonable Expectation of Privacy• Natural versus normative privacy (Moor)• Privacy in public places (Nissenbaum) – Supermarket: public place – Shopping cart: private in public?• The Internet – Home office: private place – Web access: public in private? 12
    13. 13. Internet Cookies• The Internet – Reasonable expectations of privacy are neither firmly rooted nor well developed• What are Internet cookies? – Internet cookies allow a Web site to gather and store information about our visit to that Web site 13
    14. 14. What is a Cookie?• A cookie is a small text file that is stored on a user’s computer.• Each cookie on the user’s computer is connected to a particular domain.• Each cookie be used to store up to 4kB of data.• A maximum of 20 cookies can be stored on a user’s PC per domain. 14
    15. 15. Example (1)1. User sends a request for page at for the first time. page request 15
    16. 16. Example (2)2. Server sends back the page xhtml to the browser AND stores some data in a cookie on the user’s PC. xhtml cookie data 16
    17. 17. Example (1)3. At the next page request for domain, all cookie data associated with this domain is sent too. page request cookie data 17
    18. 18. Set a cookiesetcookie(name [,value [,expire [,path [,domain [,secure]]]]])name = cookie namevalue = data to store (string)expire = UNIX timestamp when the cookie expires. Default is that cookie expires when browser is closed.path = Path on the server within and below which the cookie is available on.domain = Domain at which the cookie is available = If cookie should be sent over HTTPS connection only. Default false. 18
    19. 19. Set a cookie - examplessetcookie(‘name’,’Robert’) This command will set the cookie called name on the user’s PC containing the data Robert. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). It will expire and be deleted when the browser is closed (default expire). 19
    20. 20. Set a cookie - examplessetcookie(‘age’,’20’,time() +60*60*24*30) This command will set the cookie called age on the user’s PC containing the data 20. It will be available to all pages in the same directory or subdirectory of the page that set it (the default path and domain). It will expire and be deleted after 30 days. 20
    21. 21. Set a cookie - examplessetcookie(‘gender’,’male’,0,’/’) This command will set the cookie called gender on the user’s PC containing the data male. It will be available within the entire domain that set it. It will expire and be deleted when the browser is closed. 21
    22. 22. Read cookie data• All cookie data is available through the superglobal $_COOKIE: $variable = $_COOKIE[‘cookie_name’] or $variable = $HTTP_COOKIE_VARS[‘cookie_name’]; e.g. $age = $_COOKIE[‘age’] 22
    23. 23. Storing an array..• Only strings can be stored in Cookie files.• To store an array in a cookie, convert it to a string by using the serialize() PHP function.• The array can be reconstructed using the unserialize() function once it had been read back in.• Remember cookie size is limited! 23
    24. 24. Delete a cookie• To remove a cookie, simply overwrite the cookie with a new one with an expiry time in the past… setcookie(‘cookie_name’,’’,time()-6000)• Note that theoretically any number taken away from the time() function should do, but due to variations in local computer times, it is advisable to use a day or two. 24
    25. 25. To be first.. HEADER REQUESTS• As the setcookie command involves sending a HTTP header request, it must be executed before any xhtml is echoed to the browser, including whitespace. echoed whitespace before correct! setcookie incorrect. 25
    26. 26. Malicious Cookie Usage• There is a bit of a stigma attached to cookies – and they can be maliciously used (e.g. set via 3rd party banner ads).• The important thing to note is that some people browse with them turned off. e.g. in FF, Tools > Options > Privacy 26
    27. 27. The USER is in control• Cookies are stored client-side, so never trust them completely: They can be easily viewed, modified or created by a 3 rd party.• They can be turned on and off at will by the user. 27
    28. 28. What do Cookies Look Like?• All cookies contain the same information: – The name of the cookie – The value of the cookie – An expiration date – The path for which the cookie is valid – The domain for which the cookie is valid – A flag indicating whether the cookie requires secure transport 28
    29. 29. What do Cookies Look Like?• An example cookie file from a UNIX workstation using Netscape:# Netscape HTTP Cookie File# This is a generated file! Do not FALSE / FALSE 942189160 NGUserID cf1947b7-20682- FALSE / FALSE 942189160 KRRC d083adf8-4235- FALSE / FALSE 942189160 NGUserID d101991f- TRUE / FALSE 1920499140 id TRUE / FALSE 945734399 Count 1 29
    30. 30. Argument Against Cookies (Mayer-Schoenberger)• Cookies are stored on the user’s computer without the user’s consent or knowledge• Cookies are clandestinely and automatically transferred from the user’s computer to the Web server• Because cookies allow the Web server to set an expiration date, they violate the “accuracy” and “timeliness” principles in the European Union Directive on the Protection of Personal Data• Once the cookie is set, it is freely accessible to Web servers: FALSE 30
    31. 31. Morally Permissible Cookies Collection of Personal Information • Customer preferences • Online shopping 31 Mr. Smith
    32. 32. Immoral Uses of CookiesCentralization of Personal Information In order to measure our browsing behavior, target marketers track us over the Internet by adding cookies to the advertisement banners on so many Web pages. Is such a use of cookies ethical? Does it fit within a reasonable expectation of privacy on the Web? 32
    33. 33. Development of Cookie “Awareness”• Most Web browsers allow the user to configure their cookie options: Netscape Navigator Netscape Communicator 33
    34. 34. Summary and Conclusions• If the collection of personal information exceeds a reasonable expectation of privacy, obtaining informed consent makes such a collection ethical. If the collection of information lies within a reasonable expectation, informed consent does not seem necessary.• Internet cookies are a tool. They can be used in both morally permissible and immoral ways.• In general, Web servers cannot obtain your personal information unless you explicitly give it (e-mail address, credit card numbers, home address, phone number).• Do cookie notifications provide sufficient information for an informed choice?• Cookie notification detracts from the usability of Web browsers. How to improve? 34
    35. 35. What went wrong (The Cookie Concept)•Introduced for good reason: Helping users access their favorite web siteseasily from the second time onwards.•Sometimes used by unscrupulous entities for other reasons: It happened thatsome marketing firms tried to use this to access private information foradvertising campaigns. 35