Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • May not seem very important from a privacy perspective, but this is actually one of the biggest concerns that people talk about The computer will track what I do and then I’ll get lots of junk mail about it
  • The problem is, you all thought that on the Internet nobody knew you were a dog…
  • Economists love price discrimination because in theory it leads to everyone being better off, but consumers hate it. Any time there is a suggestion that an ecommerce retailer is engaging in price discrimination, people are outraged.
  • The Stop and Shop grocery store began posting purchase information for customers who had frequent shopper cards. Anyone who was aware of a frequent shopper number (printed on receipts) could access a customer’s information if that customer had not yet set a password. This “service” has been discontinued.
  • slides

    1. 1. Privacy Policy, Law and Technology Online Privacy September 30, 2008
    2. 2. Evaluating information sources <ul><li>Don’t believe everything you read! </li></ul><ul><li>News sources are usually a reporter's interpretation of what someone else did </li></ul><ul><li>Conference and journal papers are first hand reports of research studies that have been peer reviewed </li></ul><ul><ul><li>but journals usually have more review than conferences </li></ul></ul><ul><li>Technical reports are usually first hand reports of research studies that have not been peer reviewed (yet) </li></ul><ul><ul><li>Look for subsequent conference or journal publications </li></ul></ul><ul><li>Web sites and books are anything goes, but books at least have an editor (usually) </li></ul><ul><li>When possible, cite research results and technical information from peer reviewed sources </li></ul>
    3. 3. How are online privacy concerns different from offline privacy concerns?
    4. 4. Web privacy concerns <ul><li>Data is often collected silently </li></ul><ul><ul><li>Web allows large quantities of data to be collected inexpensively and unobtrusively </li></ul></ul><ul><li>Data from multiple sources may be merged </li></ul><ul><ul><li>Non-identifiable information can become identifiable when merged </li></ul></ul><ul><li>Data collected for business purposes may be used in civil and criminal proceedings </li></ul><ul><li>Users given no meaningful choice </li></ul><ul><ul><li>Few sites offer alternatives </li></ul></ul>
    5. 5. Unsolicited marketing <ul><li>Desire to avoid unwanted marketing (spam, postal mail, telemarketing) causes some people to avoid giving out personal information </li></ul>
    6. 6. My computer can “figure things out about me” <ul><li>The little people inside my computer might know it’s me… </li></ul><ul><li>… and they might tell their friends </li></ul>
    7. 7. Inaccurate inferences <ul><li>“ My TiVo thinks I’m gay!” </li></ul>
    8. 8. Surprisingly accurate inferences Everyone wants to be understood. No one wants to be known.
    9. 9. You thought that on the Internet nobody knew you were a dog… … but then you started getting personalized ads for your favorite brand of dog food
    10. 10. Price discrimination <ul><li>Concerns about being charged higher prices </li></ul><ul><li>Concerns about being treated differently </li></ul>
    11. 11. Revealing private information to other users of a computer <ul><li>Revealing info to family members or co-workers </li></ul><ul><ul><li>Gift recipient learns about gifts in advance </li></ul></ul><ul><ul><li>Co-workers learn about a medical condition </li></ul></ul><ul><li>Revealing secrets that can unlock many accounts </li></ul><ul><ul><li>Passwords, answers to secret questions, etc. </li></ul></ul>
    12. 12. Exposing secrets to criminals <ul><li>Stalkers, identity thieves, etc. </li></ul><ul><li>People who break into account may be able to access profile info </li></ul><ul><li>People may be able to probe recommender systems to learn profile information associated with other users </li></ul>
    13. 13. Subpoenas <ul><li>Data on online activities is increasingly of interest in civil and criminal cases </li></ul><ul><li>The only way to avoid subpoenas is to not have data </li></ul><ul><li>In the US, your files on your computer in your home have much greater legal protection that your files stored on a server on the network </li></ul>
    14. 14. Government surveillance <ul><li>Governments increasingly looking for personal records to mine in the name of fighting terrorism </li></ul><ul><li>People may be subject to investigation even if they have done nothing wrong </li></ul>
    15. 15. Citizen surveillance
    16. 16. Risks may be magnified in future <ul><li>Wireless location tracking </li></ul><ul><li>Semantic web applications </li></ul><ul><li>Ubiquitous computing </li></ul>
    17. 17. How online tracking works
    18. 18. Browser Chatter <ul><li>Browsers chatter about </li></ul><ul><ul><li>IP address, domain name, organization, </li></ul></ul><ul><ul><li>Referring page </li></ul></ul><ul><ul><li>Platform: O/S, browser </li></ul></ul><ul><ul><li>What information is requested </li></ul></ul><ul><ul><ul><li>URLs and search terms </li></ul></ul></ul><ul><ul><li>Cookies </li></ul></ul><ul><li>To anyone who might be listening </li></ul><ul><ul><li>End servers </li></ul></ul><ul><ul><li>System administrators </li></ul></ul><ul><ul><li>Internet Service Providers </li></ul></ul><ul><ul><li>Other third parties </li></ul></ul><ul><ul><ul><li>Advertising networks </li></ul></ul></ul><ul><ul><li>Anyone who might subpoena log files later </li></ul></ul>
    19. 19. Typical HTTP request with cookie <ul><li>GET /retail/searchresults.asp?qu=beer HTTP/1.0 </li></ul><ul><li>Referer: </li></ul><ul><li>User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA i386) </li></ul><ul><li>Host: </li></ul><ul><li>Accept: image/gif, image/jpeg, image/pjpeg, */* </li></ul><ul><li>Accept-Language: en </li></ul><ul><li>Cookie: buycountry=us; dcLocName=Basket; dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=; parentLocName=Basket; parentLoc=6773; ShopperManager%2F=ShopperManager%2F=66FUQULL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107; Category=0 </li></ul>
    20. 20. Referer log problems <ul><li>GET methods result in values in URL </li></ul><ul><li>These URLs are sent in the referer header to next host </li></ul><ul><li>Example: </li></ul><ul><li>>index.html </li></ul><ul><li>Access log example: </li></ul>
    21. 21. Cookies <ul><li>What are cookies? </li></ul><ul><li>What are people concerned about cookies? </li></ul><ul><li>What useful purposes do cookies serve? </li></ul>
    22. 22. Cookies 101 <ul><li>Cookies can be useful </li></ul><ul><ul><li>Used like a staple to attach multiple parts of a form together </li></ul></ul><ul><ul><li>Used to identify you when you return to a web site so you don’t have to remember a password </li></ul></ul><ul><ul><li>Used to help web sites understand how people use them </li></ul></ul><ul><li>Cookies can do unexpected things </li></ul><ul><ul><li>Used to profile users and track their activities, especially across web sites </li></ul></ul>
    23. 23. How cookies work – the basics <ul><li>A cookie stores a small string of characters </li></ul><ul><li>A web site asks your browser to “set” a cookie </li></ul><ul><li>Whenever you return to that site your browser sends the cookie back automatically </li></ul>browser site Please store cookie xyzzy First visit to site browser site Here is cookie xyzzy Later visits
    24. 24. How cookies work – advanced <ul><li>Cookies are only sent back to the “site” that set them, but this may be any host in domain </li></ul><ul><ul><li>Sites setting cookies indicate path, domain, and expiration for cookies </li></ul></ul><ul><li>Cookies can store user info or a database key that is used to look up user info </li></ul><ul><ul><li>Either way the cookie enables info to be linked to the current browsing session </li></ul></ul>Database Users … Email … Visits … Send me with any request to until 2008 Send me with requests for index.html on for this session only User=Joe Email= Joe@ Visits=13 User=4576904309
    25. 25. Cookie terminology <ul><li>Cookie Replay – sending a cookie back to a site </li></ul><ul><li>Session cookie – cookie replayed only during current browsing session </li></ul><ul><li>Persistent cookie – cookie replayed until expiration date </li></ul><ul><li>First-party cookie – cookie associated with the site the user requested </li></ul><ul><li>Third-party cookie – cookie associated with an image, ad, frame, or other content from a site with a different domain name that is embedded in the site the user requested </li></ul><ul><ul><li>Browser interprets third-party cookie based on domain name, even if both domains are owned by the same company </li></ul></ul>
    26. 26. Web bugs <ul><li>Invisible “images” (1-by-1 pixels, transparent) embedded in web pages and cause referer info and cookies to be transferred </li></ul><ul><li>Also called web beacons, clear gifs, tracker gifs,etc. </li></ul><ul><li>Work just like banner ads from ad networks, but you can’t see them unless you look at the code behind a web page </li></ul><ul><li>Also embedded in HTML formatted email messages, MS Word documents, etc. </li></ul><ul><li>For software to detect web bugs see: </li></ul>
    27. 27. How data can be linked <ul><li>Every time the same cookie is replayed to a site, the site may add information to the record associated with that cookie </li></ul><ul><ul><li>Number of times you visit a link, time, date </li></ul></ul><ul><ul><li>What page you visit </li></ul></ul><ul><ul><li>What page you visited last </li></ul></ul><ul><ul><li>Information you type into a web form </li></ul></ul><ul><li>If multiple cookies are replayed together, they are usually logged together, effectively linking their data </li></ul><ul><ul><li>Narrow scoped cookie might get logged with broad scoped cookie </li></ul></ul>
    28. 28. Ad networks Ad company can get your name and address from CD order and link them to your search Search Service CD Store Ad Ad search for medical information set cookie buy CD replay cookie
    29. 29. What ad networks may know… <ul><li>Personal data: </li></ul><ul><ul><li>Email address </li></ul></ul><ul><ul><li>Full name </li></ul></ul><ul><ul><li>Mailing address (street, city, state, and Zip code) </li></ul></ul><ul><ul><li>Phone number </li></ul></ul><ul><li>Transactional data: </li></ul><ul><ul><li>Details of plane trips </li></ul></ul><ul><ul><li>Search phrases used at search engines </li></ul></ul><ul><ul><li>Health conditions </li></ul></ul>“ It was not necessary for me to click on the banner ads for information to be sent to DoubleClick servers.” – Richard M. Smith
    30. 30. Online and offline merging <ul><li>In November 1999, DoubleClick purchased Abacus Direct, a company possessing detailed consumer profiles on more than 90% of US households. </li></ul><ul><li>In mid-February 2000 DoubleClick announced plans to merge “anonymous” online data with personal information obtained from offline databases </li></ul><ul><li>By the first week in March 2000 the plans were put on hold </li></ul><ul><ul><li>Stock dropped from $125 (12/99) to $80 (03/00) </li></ul></ul>
    31. 31. Offline data goes online… The Cranor family’s 25 most frequent grocery purchases (sorted by nutritional value)!
    32. 32. Steps sites take to protect privacy <ul><li>Opt-out cookie </li></ul><ul><ul><li>DoubleClick </li></ul></ul><ul><ul><li> </li></ul></ul><ul><li>Purging identifiable data from server logs </li></ul><ul><ul><li> honor system </li></ul></ul><ul><ul><li> </li></ul></ul>
    33. 33. Behavioral targeting <ul><li>In 2007/2008, more concerns raised about “behavioral” targeting as a new round of companies started deploying systems to target ads based on previous online behavior </li></ul><ul><ul><li>What is the distinction between behavioral and contextual advertising? </li></ul></ul><ul><ul><li>How do you implement effective notice and choice? </li></ul></ul><ul><ul><ul><li>Where should notice be provided? </li></ul></ul></ul><ul><ul><ul><li>Opt-in? Opt-out? When? Where? </li></ul></ul></ul><ul><ul><li>Do we need a “do not track” list? </li></ul></ul><ul><li>Is it acceptable for ISPs to do this (deep packet inspection)? </li></ul><ul><li>Is it acceptable for search engines to do this? </li></ul>