FOIT VACATION HOMEWORK

TOPIC - INTERNET PRIVACY

Submitted by: Pranay

DuttaIX-D

Yamuna 33

FOIT VACATION HOMEWORK

TOPIC - INTERNET PRIVACY

Submitted by: Pranay DuttaIX-D 33

Yamuna

1

Contents1. Introduction Page 1

2. Contents Page 2

3. Privacy Page 3

4. Levels of privacy Page 4

5. Risks to Internet Privacy Page 5

6. Cookies Page 6

7. Types of cookies Page 7

8. Phishing Page 8

9. Techniques of Phishing Page 9

10. Anti-Phishing Page 10

Internet Privacy in countries Page 11

Protecting the Computer Page 12-14

Onion Routing Page 15

The Onion Router Page 16

Protection at a Glance Page 17

Conclusion Page 18

Teacher’s Remarks Page 19

2

Privacy

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third-parties, and displaying of information pertaining to oneself via the Internet. Privacy can entail either Personally Identifying Information(PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person. Internet privacy forms a subset of computer privacy. Privacy concerns have been articulated from the beginnings of large scale computer sharing.

3

Levels Of Privacy

Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit to and look at online. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, companies are now sending Internet users spam and advertising on similar products. There are also many government groups that protect our privacy and be safe on the Internet. The Federal Trade Commission (FTC) stresses that protecting individual’s social security number while dealing with things on the Internet is very important. Posting things on the Internet can be harmful to individuals. The information posted on the Internet is permanent. This includes comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can find it and read it. This action can come back and hurt people in the long run when applying for jobs or having someone find person information.

4

Risk To Internet Privacy

In the modern technological world, the privacy of millions of people is threatened. Companies are hired to watch what internet sites people visit, and then use the information, for instance by sending advertising based on one's browsing history. There are many ways in which people can divulge their personal information, for instance by use of "social media" and by sending bank and credit card information to various websites. Moreover, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer potentially more intrusive details about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality. Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use. These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults). Several social networking sites try to protect the personal information of their subscribers.

5

Cookies Also known as browser

cookies or tracking cookies, cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, therefore disabling cookies may prevent users from using certain websites. Cookies are NOT viruses. Cookies use a plain text format. They are not compiled pieces of code so they cannot be executed nor are they self-executing. Accordingly, they cannot make copies of themselves and spread to other networks to execute and replicate again. Since they cannot perform these functions, they fall outside the standard virus definition.

6

Types of Cookies

1. HTTP cookies :- A HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies—for example, those used by Google Analytics—are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.

2. Flash cookies:- Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage. Although browsers such as Internet Explorer 8 and Firefox 3 have added a ‘Privacy Browsing’ setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled or uninstalled, and Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past security defects have allowed spyware or malware to be installed.

7

Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies.

Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. 8

Techniques of Phishing

1. Website forgery: - Once a victim visits the phishing website, the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original bar and opening up a new one with the legitimate URL. An attacker can even use flaws in a trusted website's own scripts against the victim. These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, making it very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal. A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site. To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites (a technique known as phlashing). These look much like the real website, but hide the text in a multimedia object. 9

Anti-PhishingOne strategy for combating phishing is to train people to recognize phishing attempts, and to deal with them. Education can be effective, especially where training provides direct feedback. One newer phishing tactic, which uses phishing emails targeted at a specific company, known as spear phishing, has been harnessed to train individuals at various locations. People can take steps to avoid phishing attempts by slightly modifying their browsing habits. When contacted about an account needing to be "verified" (or any other topic used by phishers), it is a sensible precaution to contact the company from which the email apparently originates to check that the email is legitimate. Alternatively, the address that the individual knows is the company's genuine website can be typed into the address bar of the browser, rather than trusting any hyperlinks in the suspected phishing message. Anti-phishing measures have been implemented as features embedded in browsers, as extensions or toolbars for browsers, and as part of website login procedures. Anti-phishing software is also available. Most websites targeted for phishing are secure websites meaning that SSL with strong PKI cryptography is used for server authentication, where the website's URL is used as identifier. In theory it should be possible for the SSL authentication to be used to confirm the site to the user, and this was SSL v2's design requirement and the meta of secure browsing. The standard display for secure browsing from the mid-1990s to mid-2000s was the padlock. The user is expected to confirm that the domain name in the browser's URL bar was in fact where they intended to go. URLs can be too complex to be easily parsed. Users often do not know or recognise the URL of the legitimate sites they intend to connect to, so that the authentication becomes meaningless. A condition for meaningful server authentication is to have a server identifier that is meaningful to the user; many ecommerce sites will change the domain names within their overall set of websites, adding to the opportunity for confusion. The browser needs to state who the authority is that makes the claim of who the user is connected to. At the simplest level, no authority is stated, and therefore the browser is the authority, as far as the user is concerned. The browser vendors take on this responsibility by controlling a root list of acceptable CAs. This is the current standard practice 10

Internet Privacy In Countries

Internet privacy in China: The main concern with privacy of Internet users in China is the lack thereof. China has a well known policy of censorship when it comes to the spread of information through public media channels. Censorship has been prominent in Mainland China since the communist party gained power in China over 60 years ago. With the development of the Internet, however, privacy became more of a problem for the government. The Chinese Government has been accused of actively limiting and editing the information that flows into the country via various media. The Internet poses a particular set of issues for this type of censorship, especially when search engines are involved. Yahoo! for example, encountered a problem after entering China in the mid-2000s. A Chinese journalist, who was also a Yahoo! user, sent private emails using the Yahoo! server regarding the Chinese government. The Chinese staff of Yahoo! intercepted these emails and sent the journalist’s reportedly bad impression of the country to the Chinese government, which in turn sentenced the journalist to ten years in prison. These types of occurrences have been reported numerous times and have been criticised by foreign entities such as the creators of the Tor anonymity network, which was designed to circumvent network surveillance in multiple countries. User privacy in China is not as cut-and-dry as it is in other parts of the world. China, reportedly, has a much more invasive policy when Internet activity involves the Chinese government. For this reason, search engines are under constant pressure to conform to Chinese rules and regulations on censorship while still attempting to keep their integrity. Therefore, most search engines operate differently in China than in the other countries, such as the US or Britain, if they operate in China at all. There are two types of intrusions that occur in China regarding the internet: the alleged intrusion of the company providing users with Internet service, and the alleged intrusion of the Chinese government. The intrusion allegations made against companies providing users with Internet service are based upon reports that companies, such as Yahoo! in the previous example, are using their access to the internet users' private information to track and monitor users' Internet activity. The claims made against the Chinese government lies in the fact that the government is forcing Internet-based companies to track users private online data without the user knowing that they are being monitored. Both alleged intrusions are relatively harsh and possibly force foreign Internet service providers to decide if they value the Chinese market over internet privacy.

11

Protecting your Computer

Install Anti-Virus Software - This should not even have to be listed, if you don’t have anti-virus software installed, you’re asking for trouble! And if your reason for not installing anti-virus software is because it’s too expensive, then that can reason can be shot down because there are several free anti-virus programs out there that are considered better than commercial software packages.

Update All Software - Installing an anti-virus program by itself is not enough. There are hundreds of new threats that are found daily and the anti-virus programs release updates regularly to combat the new threats. Make sure you anti-virus program is set to update automatically so that you don’t have to rely on your memory to do it. Also, this goes for all the software on your computer. The most important software to keep up to date is your Windows operating system.

Install only Trusted Software - If you’re not sure what a piece of software does from it’s name, then don’t install it. Also, don’t install anything you didn’t intend to install in the first place. Sometimes programs will ask you to install other programs during the install of the first application. Be careful of that because it’s usually spyware. Install software from big names sites only, such as Microsoft or Adobe.

12

Protecting your computer- Cont.

Delete Unknown Emails – If you receive emails from random people’s names, do not bother to open the email, just delete it. If you have any doubts after reading the name and the subject, it’s probably not someone you know. Never download or open attachments unless you are sure it’s from someone you know. Give the person a call quickly and ask them if you’re not sure. Most large companies that you create online accounts with will not send you attachments unless you specifically ask for them through their web site. Also, be wary of any emails from sites pretending to be banks, auction sites, etc asking for you to verify bank account info or address info. No bank ever does that.

Do not click on Ads - Avoid clicking on ads if you can. Especially those ads where something is flying around and if you shoot the duck, you win some prize! Ads have become more sophisticated in that they try to make the ad interactive so that you’ll be tempted to play it like a game.

Be careful what you attach to your computer – This is a more common way to transfer viruses than you might think. Everyone now has a USB flash stick that they carry around on their key chains, ready to snap into any computer. But who knows what your viruses are on your friends computers and what accidentally got transferred to their USB stick. A lot of virus programs will auto launch right when the USB stick is put into the computer, so you don’t even have to open or download any of the files to be infected.

13

Protecting your computer- Cont.

Turn On or Install a Firewall - If you’re running Windows XP, make sure windows firewall is turned on. A firewall prevents hackers from gaining access to your computer by limiting the number of ports that are open to the public. Also, when buying a wireless router, make sure it has a built in firewall. Having a software and hardware firewall is better than just having one or the other.

Secure Your Wireless Network – Most wireless routers are set to no security when you install them. Be sure to log into the router and at least set the basic security that requires a password. There are stronger encryption options, but if you don’t understand those, then simply set a password on the router, otherwise anyone can connect to your home network and access everything.

Use a Complex Password for Login – This means that you should already have a password to login to your computer. Not having a password at all is not a good idea. Create a password for all user accounts and make sure it’s complex. Complex means it should have numbers, upper case characters, lower case characters, and symbols. This makes it way more difficult for a hacker to get into your computer.

14

Onion routing is a technique for anonymous communication over a computer network. Messages are repeatedly encrypted and then sent through several network nodes called onion routers. Like someone peeling an onion, each onion router removes a layer of encryption to uncover routing instructions, and sends the message to the next router where this is repeated. This prevents these intermediary nodes from knowing the origin, destination, and contents of the message.[

Onion routing was developed by Michael G. Reed (formerly of Extreme Networks), Paul F. Syverson, and David M. Goldschlag, and patented by the United States Navy in US Patent No. 6266704 (1998). As of 2009, Tor is the predominant technology that employs onion routing. A routing onion (or just onion) is a data structure formed by 'wrapping' a plaintext message with successive layers of encryption, such that each layer can be 'unwrapped' (decrypted) like the layer of an onion by one intermediary in a succession of intermediaries, with the original plaintext message only being viewable by at most:

1. the sender

2. the last intermediary (the exit node)

3. the recipient

If there is end-to-end encryption between the sender and the recipient, then not even the last intermediary can view the original message; this is similar to a game of 'pass the parcel. An intermediary is traditionally called a node or router.

Onion Routing

15

Tor (previously TOR, an acronym for The Onion Router) is free software for enabling online anonymity. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than four thousand relays to conceal a user's location or usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity, including "visits to Web sites, online posts, instant messages, and other communication forms", back to the user and is intended to protect the personal privacy of users, as well as their freedom and ability to conduct confidential business by keeping their internet activities from being monitored. "Onion Routing" refers to the layers of the encryption used. The original data, including its destination, are encrypted and re-encrypted multiple times, and are sent through a virtual circuit comprising successive, randomly selected Tor relays. Each relay decrypts a "layer" of encryption to reveal only the next relay in the circuit, in order to pass the remaining encrypted data on to it. The final relay decrypts the last layer of encryption and sends the original data, without revealing or even knowing its sender, to the destination. This method reduces the chance of the original data being understood in transit and, more notably, conceals the routing of it.

Tor(The Onion Router)

16

PROTECTION AT A GLANCE

17

CONCLUSION

18

Teacher’s Name: - Mrs. Qudsiya Ali

Teacher’s remarks: -

Submitted by: -Name – Pranay DuttaClass/Section – IX-DHouse – YamunaRoll. No. – 33Guided by – Mrs. Qudsiya Ali

19

20