Personal Privacy and the Public Internet

John E. CarterKennesaw State University

IT 3700

How Much Did You Tell?

• "Most privacy violations don't come from whopping big intrusions but from the aggregation of hundreds of small bits of knowledge, none of which individually seems important. Who cares if someone knows your ZIP code or your social security number? What about a tossed-out receipt from your ATM or an old credit card receipt? What's your mother's maiden name? But put those violations all together and you're well on your way to identity theft -- or worse."

• InfoWorld. March 20, 2001.

How Did You Tell?

• Cookies• Web Bugs

How Safe Are Cookies?• Cookies were intended to provide long-term

“state” information, such as user ID’s or site preferences.

• By design, only a Web server in the domain of the server that creates a cookie can read that cookie.

• Internet Explorer 5.5 and 6.0 have a “backdoor” that allows any Web server to read any cookie on the user’s PC.

What’s in a Cookie?

• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMember John_Carter

• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMemberEmail jecarter@juno.com

• gserv.zdnet.co.uk FALSE / FALSE1016756726 Apache216.175.77.224.481801001031849261

What’s in a Cookie?

• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMember John_Carter

• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMemberEmail jecarter@juno.com

• gserv.zdnet.co.uk FALSE / FALSE1016756726 Apache216.175.77.224.481801001031849261

Innocent Website?

Web Bugs - Invisible Invaders

What Bugnosis Sees

What Do The Links Mean?• As the “invisible” graphics are downloaded

from the specified server, some minimum information is being collected about the viewer by that server:

• Operating System• Browser Type and Version• IP Address• Previous Page Viewed

How Is the Information Used?

• The intention is to track hits on pages and your page viewing to provide targeted advertising.

• If you visit two sites with digital camera information, the next ads you see will relate to digital cameras and accessories.

Do You Want Them to Know Where You’ve Been?

• The Network Advertising Initiative has a page that provides “opt-out” from most advertising data collection:

• http://www.networkadvertising.org/optout_nonppii.asp

Summary

• Do not reveal personal information inadvertently.• Turn on cookie notices in your Web browser,

and/or use cookie management software.• Keep a “clean” e-mail address.

• www.eff.org/Privacy/eff_privacy_top_12.html

Questions?

The original paper is on-line at

http://pigseye.kennesaw.edu/~jcarter3/3700paper.html

Thank You