Internet privacy

From Wikipedia, the free encyclopedia

You have new messages (last change).

Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. Many people use the term to mean universal Internet privacy: every user of the Internet possessing Internet privacy.

Internet privacy forms a subset of computer privacy. Experts in the field of Internet privacy have a consensus that Internet privacy does not really exist. Privacy advocates believe that it should exist.

Contents

[edit] Scope of this article

This article discusses Internet privacy. Readers should understand the general topics of privacy and personally-identifiable information.

[edit] Levels of privacy

People with only a casual interest in Internet privacy need not achieve total anonymity. Regular Internet users with an eye to privacy may succeed in achieving a desirable level of privacy through careful disclosure of personal information and by avoiding spyware. The revelation of IP addresses, non-personally-identifiable profiling, and so on might become acceptable trade-offs for the convenience that such users would otherwise lose in using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may use Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user.

[edit] Risks to Internet privacy

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which one may encounter through Internet use. Unfortunately, given the complexity of Internet privacy, many people do not understand the issues. Therefore this section covers not only "real" privacy risks, but also risks perceived as overemphasized. As an example for the complex issue of Privacy web site owners could decode your emails or computer Internet History, which is a breach of the user's privacy.

[edit] Cookies

See main article, HTTP cookie

Cookies have become perhaps the most widely-recognized privacy risk, receiving a great deal of attention. Although HTML-writers most commonly use cookies for legitimate, desirable purposes, cases of abuse can and do occur.

An HTTP cookie consists of a piece of information stored on a user's computer to add statefulness to web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy, although it does have implications for computer privacy, and specifically for computer forensics).

The original developers of cookies intended that only the website that originally sent them would retrieve them, therefore giving back only data already possessed by the website. However, in actual practice programmers can circumvent this intended restriction. Possible consequences include:

  • the possible placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
  • possible use in some circumstances of cross-site scripting or of other techniques to steal information from a user's cookies.

Many users choose to disable cookies in their web browsers. This eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) have an option to have the system clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper application (for example, PrivacyView) that will redirect cookies and cache data to some other location. The Private Internet Browsing feature found in the CryptoStick Software Suite redirects all Internet Explorer information to a USB flash memory device. This prevents the storing of browsing information on the actual computer: the information goes off-system when the user removes the USB flash memory device from the computer.

[edit] Browsing profiles

The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. On the Internet, certain organizations employ profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles may or may not link with information that personally identifies the people who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue, on the other hand, when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up Honeypot (computing) websites - featuring controversial topics - with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.


[edit] ISPs

Consumers obtain Internet access through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer's ISP. Given this, any ISP has the capability of observing anything and everything about the consumer's (unencrypted) Internet activities; however, ISPs presumably do not do this (or at least not fully) due to legal, ethical, business, and technical considerations.

ISPs do, however, collect at least some information about the consumers using their services. From a privacy standpoint, the ideal ISP would collect only as much information as it requires in order to provide Internet connectivity (IP address, billing information if applicable, etc). A common belief exists that most ISPs collect additional information, such as aggregate browsing habits or even personally-identifiable URL histories.

What information an ISP collects, what it does with that information, and whether it informs its consumers, can pose significant privacy issues. Beyond usages of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request need not involve a warrant.

An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Note however, that even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)

General concerns regarding internet user privacy have become a concern enough for a UN agency report to on the dangers of identity fraud[1].

[edit] Data logging

Many programs and operating systems are set up to perform data logging of usage. This may include recording times when the computer is in use, or which web sites are visited. If a third party has sufficient access to the computer, legitimately or not, this may be used to lessen the user's privacy. This could be avoided by disabling logging, or clearing logs regularly.

[edit] Other potential Internet privacy risks

[edit] Anonymous Internet usage

See main article, Internet anonymity

For anonymous browsing of websites, see anonymous proxy. For anonymous email, see anonymous remailer.

[edit] Examples of Cases that relate to Various Types of Privacy Issues

[edit] Jason Fortuny and Craigslist

In early September 2006, Jason Fortuny, a Seattle-area graphic designer and network administrator, posed as a woman and posted an ad to Craigslist Seattle seeking a casual sexual encounter with area men. Fortuny described the exercise as "The Craigslist Experiment", in a posting that detailed his goals.[2] On September 4, he posted to the internet all 178 of the responses, complete with photographs and personal contact details, encouraging others to further identify the respondents.[citation needed] Although some online exposures of personal information have been seen as justified as exposing malfeasance, many commentators on the Fortuny case saw no such justification here. "The men who replied to Fortuny's posting did not appear to be doing anything illegal, so the outing has no social value other than to prove that someone could ruin lives online", said law professor Jonathan Zittrain, while Wired writer Ryan Singel described Fortuny as "sociopathic".[3] Fortuny's prank was later duplicated by others, including Michael Crook, who also initiated email and online messaging sessions with his targets before publishing all the information he'd gathered.[4]

Past court decisions have held that personal ads by their very nature involve private matters. Therefore, people who respond to personal ads can reasonably expect their correspondence to remain private. Public exposure of such private correspondence, especially considering the premeditated, deliberate manner and wanton disregard for the wellbeing of others, could be interpreted as a criminal act in some jurisdictions.[citation needed]

[edit] Second Life database compromise

Also in September 2006, online game Second Life experienced a security breach that resulted in the exposure of its customer database, including the unencrypted names and addresses and the encrypted passwords and billing information of 650,000 users. Linden Lab, the company behind the game, notified the users of the breach and required all users (or 'residents') of the game to reset their passwords before logging in. [5]

[edit] Yahoo! and MSN search data

Data from major Internet companies, including Yahoo! and MSN (Microsoft) have already been subpoenaed by the United States[6] and China.[citation needed] AOL even provided a chunk of its own search data online[7], allowing reporters to track the online behaviour of private individuals[8].

[edit] US v. Zeigler

Ziegler: Online Porn Use on a Workplace Computer Is it Private and Protected by the Fourth Amendment?

The Internet, Computers and Privacy In Relation to The Fourth Amendment In the last decade, people have utilized computers and the internet for numerous useful and legal purposes. Unfortunately, criminals have also used the technology for illegal purposes. Accordingly, courts have had to determine whether law enforcement officials can access evidence of illegal activity stored on digital technology without encroaching on a person's Fourth Amendment rights.

Many cases discuss whether a private employee (i.e., not a government employee) who stores incriminating evidence in workplace computers is protected by the Fourth Amendment's reasonable expectation of privacy standard in a criminal proceeding. However, these cases do not appear to produce a uniform and consistent standard of law.

Most case law holds that employees do not have a reasonable expectation of privacy when it comes to their work related electronic communications. See, e.g. US v. Simons, 206 F.3d 392, 398 (4th Cir., Feb. 28, 2000).

However, one federal court held that employees can assert that the attorney-client privilege with respect to certain communications on company laptops. See Curto v. Medical World Comm., No. 03CV6327, 2006 U.S. Dist. LEXIS 29387 (E.D.N.Y. May 15, 2006).

Another recent federal case discussed this topic. On January 30, 2007, the Ninth Circuit court in US v. Ziegler, reversed its earlier August 2006 decision upon a petition for rehearing. In contrast to the earlier decision, the Court acknowledged that an employee has a right to privacy in his workplace computer. However, the Court also found that an employer can consent to any illegal searches and seizures. See US v. Ziegler, ___F.3d 1077 (9th Cir. Jan. 30, 2007, No. 05-30177). [1] Cf. US v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).

In Ziegler, an employee had accessed child pornography websites from his workplace. His employer noticed his activities, made copies of the hard drive, and gave the FBI the employee's computer. At his criminal trial, Ziegler filed a motion to suppress the evidence because he argued that the government violated his Fourth Amendment rights.

The Ninth Circuit allowed the lower court to admit the child pornography evidence. After reviewing relevant Supreme Court opinions on a reasonable expectation of privacy, the Court acknowledged that Ziegler had a reasonable expectation of privacy at his office and on his computer. That Court also found that his employer could consent to a government search of the computer, and that did not violate Ziegler's Fourth Amendment rights.

[edit] State v. Reid

State v. Reid: Online Sabotage of an Employer's Computer in New Jersey Is an employees internet use protected by her rights of privacy

A New Jersey appellate court has also issued an opinion on the privacy rights of computer users. That court held that computer users can expect that the personal information they give their internet service providers are considered private. State v. Reid 2007 N.J. Super. LEXIS 11 (January 22, 2007). [2].

In that case, prosecutors asserted that Shirley Reid broke into her employer’s computer system and changed its shipping address and password for suppliers. The police discovered her identity after getting a subpoena to the internet provider, Comcast Internet Service.

The lower court suppressed information from the internet service provider that linked Reid with the crime. The New Jersey appellate court agreed with this decision. As a result, New Jersey offers greater privacy rights to computer users than most federal courts. Although this case does not directly discuss the Fourth amendment, it illustrates that some states are providing more privacy protection to computer users than the federal courts. It also illustrates that caselaw on privacy in workplace computers is still evolving

[edit] See also

[edit] References

  1. ^ UN warns on password 'explosion'
  2. ^ Jason Fortuny (2006-09-08). RFJason Livejournal. Livejournal.com. Retrieved on September 12, 2006.
  3. ^ Ryan Singel (2006-09-08). Craigslist. Wired Blogs. Retrieved on September 12, 2006.
  4. ^ Lou Cabron (2006-09-18). In the Company of Jerk***s. 10 Zen Monkeys. Retrieved on September 29, 2006.
  5. ^ Eric Auchard (2006-09-11). Fantasy site Second Life has real-world privacy slip. Reuters. Retrieved on September 14, 2006.
  6. ^ Bush Administration Demands Search Data; Google Says No; AOL, MSN & Yahoo Said Yes
  7. ^ Forget The Government, AOL Exposes Search Queries To Everyone
  8. ^ They know all about you

[edit] External links

[edit] Resources and information

[edit] Advocacy groups

Retrieved from "http://en.wikipedia.org../../../i/n/t/Internet_privacy.html"
In other languages