Chapter 48 - Personal Web Pages

Download Report

Transcript Chapter 48 - Personal Web Pages 

ITIS 1210
Introduction to Web-Based
Information Systems
Chapter 48
How Internet Sites Can Invade Your Privacy
Introduction
 Privacy on the Net




Growing concern
Much information gathered
Who will use it?
How will it be used?
 Three basic technologies of concern
 Cookies
 Tracking
 Bugs
Introduction
 Some technologies have useful purpose
 Cookies
 Tracking
 May be used maliciously also
 What if government is behind it?
 “Big Brother”
Cookies
 Small data file placed on your computer
 May contain
 Username and password
 Favorite sites
 Last time you visited
 Uses:
 Identifies your preferences
 Eliminates need to log on
Cookies
 Name comes from “magic cookie” as used
by Unix programmers
 Packet of data passed between
programs
 Nor meaningful itself
 Used as an identifier like a coat
check ticket
 Created by Lou Montulli
 1994 at Netscape
Cookies
 Why cookies?
 The Web is basically “stateless”
 No memory of previous events
 A site doesn’t “know” that
 You’re a user
 You have an ongoing “conversation”
 Sites only
 Accept requests
 Deliver content
Cookies
 Cookies are formatted in a special way
 Can only be read by the site that placed them
 Where are cookies stored?
 Netscape
 Cookies.txt file
 Each line is one cookie
 Internet Explorer
 Tools … Internet Options … Settings … View Files
Cookies
 How they work
 You visit a Web site
 Your browser examines the cookie files
 If one from that Web site is found
 Browser sends that file’s information to the site
 Site now “knows” something about you
 Servers can place cookies on your hard
drive
 With/without your permission
Cookies
 Example – you’re shopping on the Web
 Cookie established for you with a unique
“shopping session ID”
 May have an expiration date
 Every time you put an item in your cart, the
site’s server
 Erases old cookie
 Stores new cookie (with all your current items)
 Server can read your cookie at any time to
find the current status
Tracking
 Examine log files





What pages are most popular?
What IP addresses are using a site?
How many pages are read in a typical visit?
What order are pages read in?
What page are users on when they click on a
link that brings them to another page
 Clickthrough
Tracking
 Sniffers
 Examine packets coming into or out of a site
 Identifies users
 Cookies
 IP addresses
Tracking
 Accumulates data about





Who is making requests?
Where are the requests coming from?
Average amount of time spent on a site
Average number of pages read per session
Most popular pages
 Helps make sites better
Bugs
 “Bug” as in “wiretap”
 Can be included in email
 Lets others actually view your email
 Basic purpose is to trace a user’s use of
the Web
 Sites they visit
 How they get from one site to another
 Can also be used to intercept email
Bugs
 Works in HTML-enabled email
 An offer of some service or for a product
 Email contains two items:
 JavaScript code that can read the email
message
 A “clear GIF”
 HTML reference to a tiny graphic
 One pixel in size
 Transparent (so you can’t see it)
Bugs
 The JavaScript code reads the email
 Your browser contacts the server to
download the clear GIF
 Remember what’s in a packet?
 Identifying information
 Your IP address
 The server now knows something about
you
Bugs
 The server can place a cookie using
identifying information sent by Web bug
 Can match cookie with identifying information
from the email
 Can now track your use of the Internet
 Who responded to this offer
 If that person forwards the email to
someone else the process begins again
Internet Passports
 Lets user control
 Which personal information can be released
to a Web site
 What type of information on surfing habits can
be gathered
 How that information can be used
Internet Passports
 Variety of methods available
 Platform for Privacy Preferences (P3P)
 Privacy Finder at Carnegie Mellon University
 Internet Content and Exchange Standard (ICE)
 Open Profiling Standard (OPS)
 Starts by filling out a profile
 For more information search for “internet
passport” or go to www.passport.com
Privacy Organizations
 Electronic Privacy Information Center
 http://www.epic.org/
Internet Passports
 Starts by filling out a profile
 Identifies person
 Name, address, phone, etc.
 Identifies Surfing data that can be shared
 Or not!
 Profile stored in browser
 When person visits a Web site the
passport is sent to that site
Internet Passports
 Site’s server examines data in the
passport
 Might automatically log a person in if they
included their username and password in the
passport
 While at site the person reads a sports
story and buys a book
 Profile permits inclusion of sports story but not
about the purchase
Internet Passports
 Person visits another site
 That server “sees” that the person has
recently read a sports story
 But not about the purchase because the
passport doesn’t permit it
 Might then send him an ad about sports
memorabilia
 But not about books on sale
Internet Passports
 At a different site the server “sees” that the
person has restricted information about
their buying habits
 Server declines to send Web pages to a
user with this kind of profile
 The user can’t even view the Web site