personal privacy and the public internet john e. carter kennesaw state university it 3700
DESCRIPTION
How Did You Tell? Cookies Web BugsTRANSCRIPT
Personal Privacy and the Public Internet
John E. CarterKennesaw State University
IT 3700
How Much Did You Tell?
• "Most privacy violations don't come from whopping big intrusions but from the aggregation of hundreds of small bits of knowledge, none of which individually seems important. Who cares if someone knows your ZIP code or your social security number? What about a tossed-out receipt from your ATM or an old credit card receipt? What's your mother's maiden name? But put those violations all together and you're well on your way to identity theft -- or worse."
• InfoWorld. March 20, 2001.
How Did You Tell?
• Cookies• Web Bugs
How Safe Are Cookies?• Cookies were intended to provide long-term
“state” information, such as user ID’s or site preferences.
• By design, only a Web server in the domain of the server that creates a cookie can read that cookie.
• Internet Explorer 5.5 and 6.0 have a “backdoor” that allows any Web server to read any cookie on the user’s PC.
What’s in a Cookie?
• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMember John_Carter
• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMemberEmail [email protected]
• gserv.zdnet.co.uk FALSE / FALSE1016756726 Apache216.175.77.224.481801001031849261
What’s in a Cookie?
• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMember John_Carter
• www.alphaworks.ibm.com FALSE / FALSE1104538901 awMemberEmail [email protected]
• gserv.zdnet.co.uk FALSE / FALSE1016756726 Apache216.175.77.224.481801001031849261
Innocent Website?
Web Bugs - Invisible Invaders
What Bugnosis Sees
What Do The Links Mean?• As the “invisible” graphics are downloaded
from the specified server, some minimum information is being collected about the viewer by that server:
• Operating System• Browser Type and Version• IP Address• Previous Page Viewed
How Is the Information Used?
• The intention is to track hits on pages and your page viewing to provide targeted advertising.
• If you visit two sites with digital camera information, the next ads you see will relate to digital cameras and accessories.
Do You Want Them to Know Where You’ve Been?
• The Network Advertising Initiative has a page that provides “opt-out” from most advertising data collection:
• http://www.networkadvertising.org/optout_nonppii.asp
Summary
• Do not reveal personal information inadvertently.• Turn on cookie notices in your Web browser,
and/or use cookie management software.• Keep a “clean” e-mail address.
• www.eff.org/Privacy/eff_privacy_top_12.html
Questions?
The original paper is on-line at
http://pigseye.kennesaw.edu/~jcarter3/3700paper.html
Thank You