|
Derived from: Web Security, Privacy, and Commerce, S.
Garfinkel & G. Spafford, O'Reilly, 2002
What is Privacy?
 | Four torts in American law that define privacy:
- Privacy intrusion: intruding into someone's space.
- Disclosure of private facts: publication of information about
an individual which has no compelling public interest to be published.
- Portrayal of information in false light: publishing details
that are not true or could be misinterpreted.
- Appropriation: use a person's name or likeness without
permission.
|
| Bottom line: from Prof. Alan Westin of Columbia University (1967), a
definition of information privacy: "the claim of individuals,
groups, or institutions to determine for themselves when, how, and to what
extent information about them is communicated to others." |
| Information can be categorized into:
 | Personal: information about a person (name, date of birth,
parents, education). |
| Private: information that is generally no known to the public:
educational records, financial records, etc. |
| Personally identifiable: shoe size, weight, etc. |
| Anonymized: personal or private information that has been
changed to hide the identity of the individual. |
| Aggregate: e.g., census information including economic, living
conditions, total number of male/female, educational level. |
|
| User-provided information is commonly collected in web sites; there
are few restrictions on what is collected OR how it is used. |
Web Privacy Issues
| Web systems collect a great deal of information via:
| Web server log files: web servers collect IP addresses,
date/time, pages visited, referring link (where did you come from),
errors if any. |
| RADIUS (Remote Authentication Dial-In User) logs are collected
by ISPs and include: date/time, user name, phone numbers, etc.. |
| Mail logs: track date/time, source, destination, subject. |
| DNS logs: bind DNS nameserver logs track resolution of domain
names (who/when went where). |
| Cookies:
permanent and temporary information stored on a user machine.
Often benign, they are used to maintain state information (i.e., moving
data from one web page to the next). |
| Web Bugs: typically a 1X1 pixel image that links to different
server causing the collection of information (see web server log info). |
|
| Protecting privacy techniques
| Choose reliable service providers; check reputation, published
privacy rules, Better Business Bureau. |
| Use good passwords (avoid family/common names, cool buzzwords,
dates, common numbers, etc.). |
| Protect your passwords -- don't write them down, reuse them,
share them, change them periodically. |
| Web browser techniques: clear your cache, clear your history,
clean out old cookies. |
|
| Avoiding identity theft:
| Shred your trash. |
| Monitor your credit report. |
| Carry only what you need in your wallet. |
| Cancel unneeded credit cards and accounts. |
| Avoid using Social Security numbers in accounts. |
| Use one credit card for store purchases, another for web. |
| Never give out information. |
| Use passwords.
|
|
|