Upload File

privacy enhancing technologies: protecting information online

  • Home
  • Documents
  • Privacy Enhancing Technologies: Protecting Information Online
2
FEATURE Browsing the Internet results in the creation of information about a user’s browsing habits and preferences that Web sites can capture. Web sites may obtain information through a variety of mechanisms, all of which raise issues about privacy of personal information. Privacy enhancing tech- nologies can be utilized by users to restrict or limit the information made available online. Anonymous surfing Cookies are small packets of information created by the servers of Web sites visited by users. The cookie is automatically stored on the user’s hard drive without their knowledge (unless the user’s browser has been set to reject them), and may be accessed by the server when the user revisits the particular site. The information stored on a cookie can include header data (e.g. IP address, browser information and time/date of visit) and click-stream data (i.e. a list of sites last browsed by the user) as well as any information which is voluntarily disclosed to a site, for example, for registration purposes. The cookie sends the information stored on it to the Web site which can use it to ‘personalize’ a page. For example, if a user has previously searched for information on ‘travel insurance’, a banner advert containing a related product such as ‘cheap flights’ will appear. Cookies can also save a user time by limiting the need for re-registering or re- entering a password to gain site access. Cookies provide a source of valuable marketing information. Popular links and features can be identified and, particularly if a user has registered with a site and therefore disclosed personal data, a valuable customer profile may be built. This profiling enables Web sites to build databases and carry out data mining, information from which can be used to plan future marketing strategies. Although cookies can be considered useful, saving users time and personalizing their online experience, many still object to the fact that unbeknown to them, Web sites store personal information about them for use, for example, for marketing purposes. In response to this objection, technologies have been developed to prevent cookies from being stored, or to give users options on which cookies they wish to accept. The simplest way a user can take control of their cookies is by pre- setting their browser to notify them when a Web site tries to store a new cookie. Internet Explorer and Netscape browsers both provide a facility which notifies users before cookies are set, and offers them the option to reject them. However, pre-setting your browser in this way can soon become an annoyance, requiring a user to take action to actively reject each cookie. A better method of eradicating cookies is by use of software such as the Cookie Crusher, Cookie Crumbler or Cookie Monster which can be pre-set to remove all cookies from user’s hard drives without prompting. Further information about these technologies, and cookies generally, is available from www.cookiecentral.com. Anonymizer Anonymizer.com offers a service that does more than simply ensure that cookies are rejected or deleted. To prevent information of any kind being made available to a Web site or listed in the history folder of a user’s browser, users can visit the Anonymizer Web page (www.anonymizer.com) and view other Web addresses through the Anonymizer site. In this way the Anonymizer site acts as a kind of intermediary barrier between the user and the Web site preventing information about the user being made available to Web sites which are viewed through it. Anonymous messaging Anonymizer E-mail is a service that enables individuals to send messages that do not identify the sender of the message (available through www.anonymizer.com). This system has the advantage of enabling individuals to freely post messages voicing their opinions without fear that expressing their views will be unfairly damaging to themselves. Using re-mailers can also limit spamming since spammers have less opportunity to obtain a user’s E-mail address. Cryptography In 1990 a counter terrorism Bill was proposed in the US which stated “manufacturers of electronic comm- unications service equipment shall ensure that communications systems permit the Government to obtain the plain text contents of voice, data and other communications when appropriately authorized by law.” In effect, the proposal meant that manufacturers of encryption technologies Privacy Enhancing Technologies: Protecting Information Online Racheal Ott Use of the Internet around the globe is on the increase. An estimated 40 million users in the UK alone, now have access to the Internet either at home or at work. However, despite the increase in awareness about the Internet as an information source, people who make use of the Internet for personal or business purposes are generally unaware that whilst browsing the Web they may make their personal information available to the Web sites that they visit. “Although cookies can be considered useful ... many still object to the fact that ... Web sites store personal information about them” 11

Upload: racheal-ott

Post on 19-Sep-2016

215 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Privacy Enhancing Technologies: Protecting Information Online

FEATURE

Browsing the Internet results in the creationof information about a user’s browsinghabits and preferences that Web sites cancapture. Web sites may obtain informationthrough a variety of mechanisms, all ofwhich raise issues about privacy of personalinformation. Privacy enhancing tech-nologies can be utilized by users to restrictor limit the information made availableonline.

Anonymous surfingCookies are small packets of informationcreated by the servers of Web sites visited byusers. The cookie is automatically stored onthe user’s hard drive without theirknowledge (unless the user’s browser hasbeen set to reject them), and may beaccessed by the server when the user revisitsthe particular site. The information storedon a cookie can include header data (e.g. IPaddress, browser information and time/dateof visit) and click-stream data (i.e. a list ofsites last browsed by the user) as well as anyinformation which is voluntarily disclosedto a site, for example, for registrationpurposes.

The cookie sends the information storedon it to the Web site which can use it to‘personalize’ a page. For example, if a user haspreviously searched for information on‘travel insurance’, a banner advert containinga related product such as ‘cheap flights’ willappear. Cookies can also save a user time bylimiting the need for re-registering or re-entering a password to gain site access.

Cookies provide a source of valuablemarketing information. Popular links and

features can be identified and, particularly ifa user has registered with a site andtherefore disclosed personal data, a valuablecustomer profile may be built. Thisprofiling enables Web sites to builddatabases and carry out data mining,information from which can be used to planfuture marketing strategies.

Although cookies can be considereduseful, saving users time and personalizingtheir online experience, many still objectto the fact that unbeknown to them, Websites store personal information aboutthem for use, for example, for marketingpurposes.

In response to this objection,technologies have been developed toprevent cookies from being stored, or togive users options on which cookies theywish to accept. The simplest way a user cantake control of their cookies is by pre-setting their browser to notify them when aWeb site tries to store a new cookie.Internet Explorer and Netscape browsersboth provide a facility which notifies usersbefore cookies are set, and offers them theoption to reject them.

However, pre-setting your browser in thisway can soon become an annoyance,requiring a user to take action to actively

reject each cookie. A better method oferadicating cookies is by use of softwaresuch as the Cookie Crusher, CookieCrumbler or Cookie Monster which can bepre-set to remove all cookies from user’shard drives without prompting. Furtherinformation about these technologies, andcookies generally, is available fromwww.cookiecentral.com.

AnonymizerAnonymizer.com offers a service that doesmore than simply ensure that cookies arerejected or deleted. To prevent informationof any kind being made available to a Website or listed in the history folder of a user’sbrowser, users can visit the AnonymizerWeb page (www.anonymizer.com) and viewother Web addresses through theAnonymizer site. In this way theAnonymizer site acts as a kind ofintermediary barrier between the user andthe Web site preventing information aboutthe user being made available to Web siteswhich are viewed through it.

Anonymous messagingAnonymizer E-mail is a service that enablesindividuals to send messages that do notidentify the sender of the message (availablethrough www.anonymizer.com). Thissystem has the advantage of enablingindividuals to freely post messages voicingtheir opinions without fear that expressingtheir views will be unfairly damaging tothemselves. Using re-mailers can also limitspamming since spammers have lessopportunity to obtain a user’s E-mailaddress.

CryptographyIn 1990 a counter terrorism Bill wasproposed in the US which stated“manufacturers of electronic comm-unications service equipment shall ensurethat communications systems permit theGovernment to obtain the plain textcontents of voice, data and othercommunications when appropriatelyauthorized by law.”

In effect, the proposal meant thatmanufacturers of encryption technologies

Privacy EnhancingTechnologies: ProtectingInformation OnlineRacheal Ott

Use of the Internet around the globe is on the increase. An estimated 40 million usersin the UK alone, now have access to the Internet either at home or at work. However,despite the increase in awareness about the Internet as an information source, peoplewho make use of the Internet for personal or business purposes are generally unawarethat whilst browsing the Web they may make their personal information available tothe Web sites that they visit.

“Although cookies can beconsidered useful ... manystill object to the fact that... Web sites store personalinformation about them”

11

Page 2: Privacy Enhancing Technologies: Protecting Information Online

FEATURE

would have to insert ‘back doors’ in theirproducts, to enable the Government to readanyone’s encrypted information. Althoughthe Bill failed to become law, it was inresponse to this threat that PhilZimmerman decided to develop a strongencryption tool, for use by the general E-mail sending public, which was capable ofpreventing Government access.

‘Pretty Good Privacy’ (known as PGP) wastherefore born, combining features ofconventional and public key cryptography,the PGP system has become the conventionalmeans by which users world wide send secureencrypted E-mail messages. The maindrawback of the system however, is that it canonly be used to communicate between partiesthat use PGP. Without the PGP system thereceiver of PGP encrypted cipher-text willnot be able to decrypt it.

PGP is freely available for download onthe Web; users outside the US can visit theInternational PGP site at www.pgpi.org forfurther information.

Recent developments

Internet Engineering Task Force

The Internet Engineering Task Force(IETF) recently proposed a new InternetProtocol (IP) address scheme, which wouldinclude a serial number, unique to eachcomputer. Privacy advocates have voicedconcerns over these proposed IP addresses,which enable information sent over theInternet to be traced to a particularcomputer. The serial number could also bematched with cookies stored on a users harddrive to create a profile of the user of aparticular computer. The IETF have soughtto reassure those with privacy concerns bytaking steps to identify a method toconfigure the proposed IP addresses toavoid inclusion of the unique identifyingnumber. It remains to be seen whether this

scheme will be a cause of concern to privacyadvocates, however….

Enonymous.com

Enonymous.com, a US-based Internetcompany has developed a software toolaimed at enabling users to protect theirpersonal data online whilst makingavailable selected anonymous informationwhich can then be utilized by Web sites tocreate a personalized shopping experience.

Users who wish to take advantage of thissystem can download the software from thewww.enonymous.com site. The softwareinitially asks the user to enter their personaldata (e.g. name, address and telephonenumber) which is then securely coded andstored. Users can then choose to join the‘enonymous community’ by disclosing theirpersonal characteristics (e.g. likes, dislikes,age and profession). The characteristicinformation and identifying data are neverlinked, enabling users to have the benefit ofcustomized browsing without concerns overprivacy.

The enonymous software additionallyoffers a privacy seal and awareness service.The four-star scheme has rated 10 000 Websites on the strength of their privacy policies.When a user visits a rated site, the softwareautomatically informs the user of theexistence and extent of the site’s policy. Thesoftware also automatically recognizes Webpages which feature online forms. Users canchoose to allow the software to automaticallycomplete the form using an anonymousprofile which combines fictitious identifyingdata with the user’s own characteristics. Thisoption again enables users to protect theirprivacy whilst benefiting from a personalizedbrowsing experience.

Novell digitalme

Novell recently launched a new, free serviceaimed at allowing Web users to controltheir personal information online. Thedigitalme technology (www.digitalme.com)enables users to create a variety of digitalcalling cards containing different, specifiedamounts of their personal information oftheir choice, depending on to whom theinformation is to be disclosed. For example,a card that can be used for online shoppingmay be created which contacts only thatpersonal information which a user is

prepared to disclose to the E-retailer. Amore detailed card could be created forsending to friends and family. A card couldalso be created for use in work situations, atype of digital business card.

The cards can only be accessed andaltered by their creator; protected by strongencryption technology, the database wherethe cards are stored does not even permitNovell to gain access to a user’s mecards.

Those who sign up can build a digitalmeaddress book when they exchange cardswith other users. The advantage of thisaddress book is that it is always current. If auser, for example, updates their addressdetails, the change will automatically benotified to those users with whom they havealready exchanged details. The technology

used enables users to manage and tracktheir personal information, a crucial featurefor those with privacy concerns.

The Internet has sparked an informationrevolution. Users world wide now have instantaccess to information previously beyond theirreach. Many users however, fail to recognizethat their own personal information, disclosedvoluntarily online, obtained through the useof cookies or available through unsecuremessaging services, has become part of thisnew information source.

Whilst some users may feel happy abouttrading their personal information in returnfor a more tailored service or incentivessuch as free access to an online newspaper,others feel anxious about the effect thesetechnologies have on their ability to controltheir personal privacy. The market hasresponded to the needs of users who havesuch concerns by developing a variety oftechnological tools that can be employed tosafeguard their personal information online.

About the author

Rachael Ott works at Masons Leeds office.Specializing in Information and Technologylaw, Rachael is currently seconded to theInformation Computer and CommunicationsPolicy Division of the OECD in Paris.

12

“...the softwareautomatically informs theuser of the existence andextent of the site’s policy”

“the proposal meant thatmanufacturers of

encryption technologieswould have to insert ‘backdoors’ in their products”


Protecting your Online Reputation | Maintaining your privacy - Enhancing your employability

Privacy Enhancing Technologies (PET)

Protecting your credit and privacy

Protecting Client Privacy and Confidentiality

Protecting Our Privacy ch.1

Protecting Your Users’ Privacy

Protecting Donor Privacy

Protecting Privacy

Protecting Patient Privacy:

Protecting the Privacy of Consumers' Social Security … · protecting the privacy of consumers' social security numbi ... indiana george radanovich ... protecting the privacy of

Protecting Data Privacy

Protecting your online privacy

Protecting Consumer Privacy

Protecting Privacy and Civil Rights

Protecting Your Clients' Privacy

Privacy Protecting Technologies

Protecting privacy in practice

Social Privacy Protector - Protecting Users’ Privacy in

Data Protection Office PRIVACY ENHANCING TECHNOLOGIESdataprotection.govmu.org/English/Documents/Publications/Guideline… · privacy enhancing technologies. privacy enhancing technologies

Protecting Patient Privacy

Protecting Employee Privacy (Read-Only)€¦ · PrivacyOffice Scott%Mathews Senior%Privacy%Analyst%for%Intelligence PROTECTING EMPLOYEE PRIVACY WHILE DETECTING INSIDER THREATS

PROTECTING BENEFICIARY PRIVACY - ReliefWeb

Privacy-Protecting Policies

Privacy Enhancing Technologies

Facilitating Analytics while Protecting Privacy

Protecting your privacy online

Enhancing privacy and accuracy

Protecting Personal Data Privacy & Security

Protecting Student Digital Privacy Bill

Privacy Legislation Amendment (Enhancing Online Privacy

Protecting People. Enhancing Lives

National Cybersecurity Strategy 2017-2021 · Establishing an appropriate legislative framework is essential for enhancing cyberspace security, combating cybercrimes, protecting privacy

Protecting patient privacy and confidentiality

Protecting Privacy From Aerial Surveillance

Protecting and Enhancing Hankelow s Natural Environment · Protecting and Enhancing Hankelow’s Natural Environment May 2017 ... Protecting and Enhancing Hankelow’s Natural Environment