Issues set 3 CS 340 Spring 2015 Lotame Data Management Intelligence httpwwwlotamecomdatamanagementsolutionsdatamanagementtutorials Online tracking devices Cookies small text file that stores information ID: 529297
Download Presentation The PPT/PDF document "Privacy" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Privacy Issues (set 3)
CS 340
Spring 2015Slide2
Lotame: Data Management Intelligence
http://www.lotame.com/data-management-solutions/data-management-tutorials
Slide3
Online tracking devices
Cookies
: small text file that stores information
Stored client side, on hard driveCookie creator: Lou
Montulli
Originally
To allow for shopping cart functionality (online memory)Effort made to not allow the sharing of these between sitesNowThird party cookies: site to siteBehavioral Targeting: ad network; relationship with same advertiser
http://live.wsj.com/video/how-advertisers-use-internet-cookies-to-track-you/92E525EB-9E4A-4399-817D-8C4E6EF68F93.html#!92E525EB-9E4A-4399-817D-8C4E6EF68F93
Slide4
Third Party tracking files
“The first time a site is visited, it installs a tracking file, which assigns the computer a unique ID number. Later, when the user visits another site affiliated with the same tracking company, it can take note of where that user was before, and where he is now. This way, over time the company can build a robust profile.”Slide5
Online tracking devices cont’d
Beacons
a.k.a. pixel tag, web bug
Invisible image embedded in webpage
Image is not place there by website, but by other company for ad tracking
Potentials:
Capture of what is typed on a websiteBundles into a profile
http://www.brighttag.com/resources/tag-101/ Slide6
WSJ article: “
The Web's New Gold Mine: Your Secrets”
http://online.wsj.com/news/articles/SB10001424052748703940904575395073512989404
Info on Ashley Hayes-
Beaty
:4c812db292272995e5416a323e79bd37Valued at $0.001Slide7
The WSJ study findings
Surreptitious installation of tracking technology
Not just cookies, but real time logging
Buying and selling of profiles
Advertisers:
No longer paying for ad placement on a site
Paying instead to follow users around Internet with personalized marketing messagesSlide8
Online advertiser tracking companies
“considered anonymous because it identifies web browsers, not individuals.”
https://www.privatewifi.com/lotame-online-tracking-and-your-privacy/
What is tracked:
http://www.bluekai.com/consumers_privacyguidelines.php Opt out options:BlueKai http://www.bluekai.com/registry/
Lotame http://www.lotame.com/privacy Slide9
Taking control of the tracking
Tracking blockers like
Ghostery
https://www.youtube.com/watch?v=EKzyifAvC_USlide10
Which tracking technology is a transparent 1x1 pixel used to surreptitiously gather what people type?
Cookie
Beacon
Third Party Cookie
GhosterySlide11
Privacy
As consumers
:
Most European countries have specific laws and regulations aimed at protecting an individual’s (consumer) privacy.In the US, historically consumer privacy has relied on
social norms and
market forces
laws are typically a last resort or response to an eventhighly reactive and unsystematicSlide12
Misc. Privacy Laws
Fair Credit Reporting Act, 1970
Right to Financial Privacy Act, 1978
Cable Communications Policy Act, 1984Video Protection Privacy Act, 1988
Driver’s Protection Privacy Act, 1994
Children’s Online Privacy Protection Act (COPPA), 1998
Info on kids under 13Financial Services Modernization Act, 1999Health Insurance Portability and Accountability Act (HIPAA), 2001Slide13
Texas Infant DNA collection program, p. 96-97
Routine and often mandatory blood samples collected after birth.
Reason?
What happens to the samples after processed?
Discarded
OR
Stored indefinitelySee http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3065077/table/T1/ Motivations?Detect important health problemsLater identification
Are parents informed? Not always. Raises ethical issuesThis is not limited to Texas… Recent issue in Indiana http://www.wthr.com/story/25954821/2014/07/07/your-childs-dna-who-has-it
Alabama policy:
http://www.babysfirsttest.org/newborn-screening/states/alabama#second-section
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC3065077/
Slide14
Texas’ use of the newborn blood test cards to catalogue information unrelated to that infant’s direct health care is an example of a secondary use of information.
True
FalseSlide15
Opinion: Suppose a public school provides students with laptops. Should that school be able to turn on a web cam on the laptop to check on a student’s off campus behavior?
Yes
Maybe
NoSlide16
Robbins v. Lower Merion School District, p. 98-99
US District Court PA (2010)
School district
surreptitiously
activated webcams using
LANrev on laptops provided to students while students were off campusVideo: http://www.cbsnews.com/news/610k-settlement-in-school-webcam-spy-case
/Settlement: $610,000Slide17
European Union’s Right to be Forgotten
Check out Google’s page
“European privacy requests for search removals”
FAQs
Totals
Examples
Sites most impactedSlide18
Encryption on phones can make it impossible to comply with court orders
FBI director Coney’s criticism: Apple can no longer bypass smartphone user passwords with
iOS
8 Cannot comply with court orders
See video
http://www.cnn.com/2014/09/25/politics/fbi-apple-google-privacy/index.html
Slide19
Opinion: Do you expect that this inability will create serious problems for law enforcement?
Yes, frequently
Yes, sometimes
Yes, but rarely
NeverSlide20
Google’s Street view issues
What is captured by the cameras
Other information was recorded too
Info gathered about surrounding Wi-Fi
War driving
Slide21
Google’s Street View
Issue: does it violate privacy when photos are taken that show people engaged in activities visible from public property?
General rule: No, but there are some exceptions
Dept
of Defense: no content from military bases. Complied
Homeland Security: delay with Baltimore-Washington Metropolitan areaSlide22
Street view - Is the elevated camera a problem?Slide23
Opinion: The height of the street view camera is too tall.
Yes
NoSlide24
International views on Google Street View
Some European countries prohibit filming w/o consent even if done on public property
if the filming is for the purpose of public display
Japan: required lowering cameras to 2.05 meters (6.73
ft
) from 3 meters (9.8 feet)Slide25
The other problem of Street View: “
war driving”
Collecting data from unsecure networks as the street view car drives by:
“Snippets of e-mails, photographs, passwords, chat messages, postings on Web sites and social networks”
http://www.nytimes.com/2012/05/23/technology/google-privacy-inquiries-get-little-cooperation.html
In April 2013, Germany fined Google $189,225 in April for Street View’s privacy violationAmount google makes in 2 minutes. .002% of its $10.7 B profit last year.See article http://www.nytimes.com/2013/04/23/business/global/stern-words-and-pea-size-punishment-for-google.html
Slide26
Google v. Joffe
22 plaintiffs suing google for violating their privacy from war driving during Street View mapping
Google argued that the Wi-Fi info is accessible to anyone and as such does not constitute wiretapping
9
th
Circuit rejected Google’s argument
In June 2014, the US Supreme Court denied certiorari so class actions against Google for war driving can continuehttp://www.bloomberg.com/news/2014-06-30/google-rebuffed-by-u-s-high-court-on-privacy-lawsuit.html Slide27
Opinion: Do you agree with this statement. Since unsecure Wi-Fi is accessible to many Google did not violate privacy with its war driving.
I agree, no violation by Google
I disagree, this is a privacy violation by GoogleSlide28
Research study: “Experimental evidence of massive-scale emotional contagion through social networks”
On 689,003 Facebook users
Manipulated News Feed
Ethical breach?
http://www.theguardian.com/technology/2014/jun/30/facebook-emotion-study-breached-ethical-guidelines-researchers-say
http://www.usatoday.com/story/tech/2014/10/02/facebook-tightens-rules-for-research-experiments-on-users/16592011/
Slide29
August 2014 iCloud photo hack
Targeted attack on specific celebrity accounts, not a software or system vulnerability.
Guessed passwords
Researched and answered security questions
Found nude photos in celebrities’
iCloud
accounts & posted nude photos on sites like 4channCould have been prevented with two factor authentication. Requiring two of:Something user knowsSomething user hasSomething user isSlide30
Supplying a username and password constitutes two factor authentication.
True
False