OLC Presentation Jipson

Be Careful what You Post: The Myth of Internet Privacy Dr. Art Jipson University of Dayton Criminal Justice Studies Program Sociology, Anthropology, and Social Work

Internet Information Concerns Privacy Security Bandwidth Content Public Access Commercialization

Internet Privacy Laws “ Enjoying the right to privacy means having control over your own personal data and the ability to grant or deny access to others.”

Basic Issues The Children's Online Privacy Protection Act (COPPA) Gender and Electronic Privacy USA PATRIOT Act Terrorist Information Awareness Cookies Spam Software Spyware

“ You have zero privacy [on the Internet] anyway. Get over it.” Scott McNealy, 1999 CEO, SUN Microsystems

Public Interest In Protecting Individual Privacy

The Children's Online Privacy Protection Act (COPPA) The Children's Online Privacy Protection Act ("COPPA") specifically protects the privacy of children under the age of 13 by requesting parental consent for the collection or use of any personal information of the users. Main requirements of the Act The Act was passed in response to a growing awareness of Internet marketing techniques that targeted children and collected their personal information from websites without any parental notification.

The Children's Online Privacy Protection Act (COPPA) In the 1990s, children began to access the Web more and more. Marketers would track information kids gave out in chat rooms or while playing games (such as addresses, full names, ages, etc.) and would retain this data in order to sell to third parties. It became very easy for anyone to simply send money to one of these companies and receive lists of children’s addresses and personal information.

The Children's Online Privacy Protection Act (COPPA) COPPA applies to any website directed specifically at children, any general site which has a children’s section, and any foreign websites aimed at U.S. children On each website, there must be an easily accessible privacy policy A web operator must obtain parental permission via credit card, digital signature, or a signed and faxed consent form. The operator must also make available any information collected about the child to the guardians of the child.

Gender and Electronic Privacy Pretexting and Cyberstalking : *Pretexting is the practice of collecting information about a person using false pretenses. *Cyberstalking-- Coincidence Design , Amy Boyer case Video voyeurism and webcams

Case of Amy Boyer Twenty-year-old Amy Boyer lived at home with her parents in Nashua, New Hampshire, was employed at a local dentist’s office, and had a boyfriend. In early October of 1999, she logged onto the Web with her mother to check out travel rates for a trip she was planning. On October 15, Amy, ambushed outside the dentist’s office as she got in her car, was shot and killed. Her killer then committed suicide. Then when police confiscated the killer’s computer, they found the connection—two Web sites devoted to Amy Boyer, created by Liam Youens, 21, who had been carrying a torch for her ever since junior high school. But he did not know Amy and Amy never knew Liam. He’d seen her in the hallway one day, became infatuated, and his “love” grew from there. As he saw Amy with a new boyfriend, his love became anger, then hate, fueled by two Web sites he created, one on Tripod, the other on Geocities. A cyberstalking victim? Yes. But like a dangerous intersection that doesn’t get a stop light until someone dies, Amy died before anyone took cyberstalking seriously.

USA PATRIOT Act “ U niting and S trengthening A merica by P roviding A ppropriate T ools R equired to I ntercept and O bstruct T errorism Act of 2001” Authorizes the installation of devices to record all computer routing, addressing, and signaling information. Governs government access to stored email and other electronic communications. Creates a new exception, permitting government interception of the "communications of a computer trespasser" if the owner or operator of a "protected computer" authorizes the interception. The new exception has broad implications, given that a "protected computer" includes any "which is used in interstate or foreign commerce or communication" (which, with the Internet, includes effectively any computer).

Terrorist Information Awareness USA PATRIOT ACT TIA Objective Surveillance of communications is an essential tool to pursue and stop terrorists. This new law will allow surveillance of all communications used by terrorists, including e-mails, the Internet, and cell phones. To revolutionize the ability of the United States to detect, classify and identify foreign terrorists – and decipher their plans – and thereby enable the U.S. to take timely action to successfully preempt and defeat terrorist acts. Strategy Law enforcement agencies have to get a new warrant for each new district they investigate, even when they're after the same suspect. Under this new law, warrants are valid across all districts and across all states. And, finally, the new legislation greatly enhances the penalties that will fall on terrorists or anyone who helps them. The project would scan the Internet and commercial databases for electronic evidence of terrorist preparations. Intelligence and law enforcement officials would check -- without warrants -- travel and credit card records, Internet mail and banking transactions, new driver's license records and more. Criticism The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This would create systematic surveillance of Americans on home soil. He is proposing to make government a peeper into lawful transactions among private citizens.

Cookies A cookie is a mechanism that allows a web site to record your comings and goings, usually without your knowledge or consent. Cookies do provide outside sources with personal information, but only information that you give while on the website. Yes, it does violate personal privacy to a degree, but cookies can be turned off or restricted to specific websites.

Cookies A server cannot set a cookie for a domain that it isn't a member of. How does a cookie work? Doubleclick This usage of cookies is the most controversial, and has led to the polarized opinions on cookies, privacy, and the Internet.

Cookie Concerns Snooping Virus carrier Hacking User profiling Fixing browser bugs eliminated cookie concerns EXCEPT for User Profiling > Briefly < And now … Super Cookies

Have you been spammed? Junk mail … flooding the Internet (Usenet and/or e-mail) with many unsolicited copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it.

Spam Spam is unsolicited commercial e-mail. Spammers get e-mail addresses in three ways: *by scavenging, the practice of automatically collecting e-mail addresses listed or posted on web pages and electronic bulletin boards * by guessing, where the spammer uses dictionary terms or randomly- generated strings to develop e-mail addresses *and by purchasing e-mail addresses through list brokers. Currently, there is no federal legislation regulating the transmission of spam. "Remove me" options

Spambots are looking for you! Spambots are programs that search and automatically extract e-mail addresses, which are then used as targets for spam.

Spam mail – printer toner # From Date Subject 1 [email_address] 20-JUN-1999 copier & laser printer supplies 2 cc123@boardermail.com 27-JUN-1999 copier & laser printer supplies 3 hunt25@boardermail.com 12-JUL-1999 copier & laser printer supplies 4 art123@ureach.com 23-AUG-1999 laser printer toner advertisement 5 art1234@ureach.com 30-AUG-1999 laser printer toner advertisement 6 art1234@ureach.com 30-AUG-1999 laser printer toner advertisement 7 art123@techpointer.com 26-SEP-1999 laser printer toner advertisement 8 art222@techpointer.com 3-OCT-1999 laser printer toner advertisement 9 art1235@visto.com 19-OCT-1999 laser printer toner advertisement 10 art1235@visto.com 19-OCT-1999 laser printer toner advertisement 11 art123@visto.com 20-OCT-1999 laser printer toner advertisement 12 [email_address] 27-NOV-1999 laser printer toner advertisement 13 [email_address] 27-NOV-1999 laser printer toner advertisement 14 bmark@atlantaoffice. com 28-NOV-1999 laser printer toner advertisement 15 bmark@guestbooks.net 13-DEC-1999 laser printer toner advertisement 16 bmark@crosswinds.net 28-FEB-2000 laser printer toner advertisement 17 bmark1@crosswinds.net 28-FEB-2000 laser printer toner advertisement 18 bps@buffymail.com 28-MAR-2000 laser printer toner cartridges 19 r2d2@ureach.com 28-MAR-2000 laser printer toner advertisement 20 bps@buffymail.com 20-JUN-2000 laser printer toner cartridges

Spam Case study: One person, six years

Software Excel WORD PowerPoint Contained (GUID) Globally Unique Identifier [Called a Microsoft System ID (MSID) by MS that included the NIC ethernet address] All searches (Yahoo…) routed through Microsoft Internet Explorer V5.0 (search feature) Windows Media Player ( super cookie ) Reports media use to Microsoft Contains unique ID serial number accessible by web http://www.computerbytesman.com/privacy/supercookiedemo.htm

Spyware More than 800 infested programs including: CuteFTP DigiCAM Ezforms GIF Animator Image Carousel JPEG Optimizer Netscape Smart Download Notepad + PKZIP Printshop Real Audioplayer Tucows uploader http://www.infoforce.qc.ca/spyware/

Web Browsers Every time you visit a site on the Internet you provide information about yourself.

Verifications Publication renewals have requested: Birth day Birth month Birth year Birth state Birth city Color of eyes Mother’s maiden name

Web Bugs Do you see the web bug?

What is a Web Bug? Graphic Usually transparent Usually 1-by-1 pixel size Represented as HTML IMG tag Retrieved from source other than message Found in web site or e-mail

Why a Web Bug? Monitor web site access Collect reader browser info No cookie needed When is e-mail read E-mail forwarding record Other readers Find anonymous e-mail source Check spam list for active e-mail addresses

Specialized Privacy Probes Wiretap Web Bug + JAVA code Retrieve e-mail comments Retrieve mailing list Computer Triangulation Pinpoint physical location Country and City (90% accuracy) ZIP code (possible)

Advertisement Competition A browser window "plug-in" comes bundled with software that hovers pop-ups over competitors advertisement banners Free, advertising supported application for filling in forms

Hijackware Hidden application could turn every computer running Kazaa into a node of a private network called Altnet and controlled by Brilliant Digital. http://news.com.com/2102-1023-875274.html SETI without the ethics! Free file sharing software

What can Librarians Do? Educate yourself so you can inform the patrons of the library

Software Install system/application security patches Upgrade Windows Media Player Change default (turn off Super Cookie) UNCHECK

Anonymous web surfing Internet Explorer plug-in FREE – cannot visit secure sites Blocks IP address Blocks cookies http://www.anonymizer.com/

Encrypted e-mail P retty G ood P rivacy GPG (GNU Privacy Guard) is a PGP compatible alternative replacement based on the OpenPGP standard http://www.gnupg.org/

P3P Platform for Privacy Preferences Industry Standard ( 16 April 2002 ) Specify web site privacy policy Compare with user/browser privacy preference http://www.w3.org/P3P/

P3P Tool Privacy Bird automatically searches for privacy policies at every website you visit http://www.privacybird.com/ The bird icon alerts you about Web site privacy policies with a visual symbol and optional sounds.

Cookies are optional Netscape v3 Options/Network Preferences/Protocols v4 Edit/Preferences/Advanced Internet Explorer v3 Internet Options/Advanced v4 View/Internet Options/Advanced v5 Tools/Internet Options/Security

Cookie Rejection Default Preferred

Check the cookie jar http://www.karenware.com/powertools/ptcookie.html

Manage the Cookie Jar http://www.analogx.com/ contents/download/network/cookie.htm CookieWall

Cookie Cop Plus http://www.pcmag.com/print_article/0,3048,a=7719,00.asp

What to do about spam Ignore Delete Block Filter Change e-mail address

What NOT to do about spam Do NOT forward Do NOT reply Do NOT send REMOVE request Verified e-mail address Verify messages read Show lack of anti-spam knowledge RESULTS – MORE SPAM

Avoiding web spambots Use a graphic Use a graphic @ symbol Use TABLE Spell out address hintz AT ifas.ufl.edu hintz AT ifas DOT ufl DOT edu hintz@ifasNOJUNK.ufl.edu (remove NOJUNK) Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu [email_address]

Pop-Up Delete Pop-Up and Pop-Under windows that don’t have a close box can only be removed by using < A l t > - < F 4 >

Specialized Privacy Probes Disable JAVA Script In E-Mail Client Install Microsoft patch http://office.microsoft.com/Assistance/2000/Out2ksecFAQ.aspx

Firewall Tiny Personal Firewall 2.0 http://www.tinysoftware.com/

Firewall http://www.agnitum.com/products/outpost/ Open Architecture Supports plug-ins Intrusion Detection Advertisement Blocking Content Filtering E-mail Guard Privacy Control

Spyware Firewall http://www.zonealarm.com/ Check both INCOMING and OUTGOING requests

Anti-Spyware http://www.lavasoft.de/

Universal Web Filter Proxomitron eliminate cyber-spam like pop-up windows, alerts, banners, animated GIFs, auto-play music, sounds, dynamic HTML, Java and more http://www.spamblocked.com/proxomitron/ transforms web pages on the fly turn off some of those fancy new HTML features that web browsers support

PC Cleaner http://www.bmesite.com/ Internet Sweeper

Where is the source? http://www.neoworx.com/products/ntx/default.asp

Provide accurate personal information ONLY if appropriate for the services requested. Would you give personal information to strangers? 24% of users have supplied false information Create a Virtual User John Smith 7/7/77 blue eyes red hair

How to protect your privacy Web browsing Use only sites with privacy policy Use only secure on-line forms Reject unnecessary cookies Limit personal information entry Provide bogus info when appropriate Opt-out of 3 rd party info sharing Use anonymizers Clear cache after browsing

Conclusion: Remember, the Internet is a public network If you are connected, protect yourself

ANY QUESTIONS? Thank you very much for listening!

OLC Presentation Jipson

More Related Content

What's hot

Viewers also liked

Similar to OLC Presentation Jipson

Recently uploaded

OLC Presentation Jipson