itis 1210 introduction to web-based information systems chapter 48 how internet sites can invade...
TRANSCRIPT
ITIS 1210ITIS 1210Introduction to Web-Based Introduction to Web-Based
Information SystemsInformation Systems
Chapter 48Chapter 48
How Internet Sites Can Invade Your PrivacyHow Internet Sites Can Invade Your Privacy
IntroductionIntroduction
Privacy on the NetPrivacy on the Net Growing concernGrowing concern Much information gatheredMuch information gathered Who will use it?Who will use it? How will it be used?How will it be used?
Three basic technologies of concernThree basic technologies of concern CookiesCookies TrackingTracking BugsBugs
IntroductionIntroduction
Some technologies have useful purposeSome technologies have useful purpose CookiesCookies TrackingTracking
May be used maliciously alsoMay be used maliciously also What if government is behind it?What if government is behind it?
““Big Brother”Big Brother”
CookiesCookies
Small data file placed on your computerSmall data file placed on your computer May containMay contain
Username and passwordUsername and password Favorite sitesFavorite sites Last time you visitedLast time you visited
Uses:Uses: Identifies your preferencesIdentifies your preferences Eliminates need to log onEliminates need to log on
CookiesCookies
Name comes from “magic cookie” as used Name comes from “magic cookie” as used by Unix programmersby Unix programmers Packet of data passed between Packet of data passed between
programsprograms Nor meaningful itselfNor meaningful itself Used as an identifier like a coat Used as an identifier like a coat
check ticketcheck ticket Created by Lou MontulliCreated by Lou Montulli
1994 at Netscape1994 at Netscape
CookiesCookies
Why cookies?Why cookies? The Web is basically “stateless”The Web is basically “stateless”
No memory of previous eventsNo memory of previous events
A site doesn’t “know” thatA site doesn’t “know” that You’re a userYou’re a user You have an ongoing “conversation”You have an ongoing “conversation”
Sites onlySites only Accept requestsAccept requests Deliver contentDeliver content
CookiesCookies
Cookies are formatted in a special wayCookies are formatted in a special way Can only be read by the site that placed themCan only be read by the site that placed them
Where are cookies stored?Where are cookies stored? NetscapeNetscape
Cookies.txtCookies.txt file file Each line is one cookieEach line is one cookie
Internet ExplorerInternet Explorer Tools … Internet Options … Settings … View FilesTools … Internet Options … Settings … View Files
CookiesCookies
How they workHow they work You visit a Web siteYou visit a Web site Your browser examines the cookie filesYour browser examines the cookie files If one from that Web site is foundIf one from that Web site is found
Browser sends that file’s information to the siteBrowser sends that file’s information to the site Site now “knows” something about youSite now “knows” something about you
Servers can place cookies on your hard Servers can place cookies on your hard drivedrive With/without your permissionWith/without your permission
CookiesCookies
Example – you’re shopping on the WebExample – you’re shopping on the Web Cookie established for you with a unique Cookie established for you with a unique
“shopping session ID”“shopping session ID” May have an expiration dateMay have an expiration date
Every time you put an item in your cart, the Every time you put an item in your cart, the site’s serversite’s server Erases old cookieErases old cookie Stores new cookie (with all your current items)Stores new cookie (with all your current items)
Server can read your cookie at any time to Server can read your cookie at any time to find the current statusfind the current status
TrackingTracking
Examine log filesExamine log files What pages are most popular?What pages are most popular? What IP addresses are using a site?What IP addresses are using a site? How many pages are read in a typical visit?How many pages are read in a typical visit? What order are pages read in?What order are pages read in? What page are users on when they click on a What page are users on when they click on a
link that brings them to another pagelink that brings them to another page ClickthroughClickthrough
TrackingTracking
SniffersSniffers Examine packets coming into or out of a siteExamine packets coming into or out of a site
Identifies usersIdentifies users CookiesCookies IP addressesIP addresses
TrackingTracking
Accumulates data aboutAccumulates data about Who is making requests?Who is making requests? Where are the requests coming from?Where are the requests coming from? Average amount of time spent on a siteAverage amount of time spent on a site Average number of pages read per sessionAverage number of pages read per session Most popular pagesMost popular pages
Helps make sites betterHelps make sites better
BugsBugs
““Bug” as in “wiretap”Bug” as in “wiretap” Can be included in emailCan be included in email
Lets others actually view your emailLets others actually view your email
Basic purpose is to trace a user’s use of Basic purpose is to trace a user’s use of the Webthe Web Sites they visitSites they visit How they get from one site to anotherHow they get from one site to another
Can also be used to intercept emailCan also be used to intercept email
BugsBugs
Works in HTML-enabled emailWorks in HTML-enabled email An offer of some service or for a productAn offer of some service or for a product
Email contains two items:Email contains two items: JavaScript code that can read the email JavaScript code that can read the email
messagemessage A “clear GIF”A “clear GIF”
HTML reference to a tiny graphicHTML reference to a tiny graphic One pixel in sizeOne pixel in size
Transparent (so you can’t see it)Transparent (so you can’t see it)
BugsBugs
The JavaScript code reads the emailThe JavaScript code reads the email Your browser contacts the server to Your browser contacts the server to
download the clear GIFdownload the clear GIF Remember what’s in a packet?Remember what’s in a packet? Identifying informationIdentifying information
Your IP addressYour IP address
The server now knows something about The server now knows something about youyou
BugsBugs
The server can place a cookie using The server can place a cookie using identifying information sent by Web bugidentifying information sent by Web bug Can match cookie with identifying information Can match cookie with identifying information
from the emailfrom the email
Can now track your use of the InternetCan now track your use of the Internet Who responded to this offerWho responded to this offer
If that person forwards the email to If that person forwards the email to someone else the process begins againsomeone else the process begins again
Internet PassportsInternet Passports
Lets Lets useruser control control Which personal information can be released Which personal information can be released
to a Web siteto a Web site What type of information on surfing habits can What type of information on surfing habits can
be gatheredbe gathered How that information can be usedHow that information can be used
Internet PassportsInternet Passports
Variety of methods availableVariety of methods available Platform for Privacy Preferences (P3P)Platform for Privacy Preferences (P3P)
Privacy Finder at Carnegie Mellon UniversityPrivacy Finder at Carnegie Mellon University
Internet Content and Exchange Standard (ICE)Internet Content and Exchange Standard (ICE) Open Profiling Standard (OPS)Open Profiling Standard (OPS)
Starts by filling out a profileStarts by filling out a profile
For more information search for “internet For more information search for “internet passport” or go to www.passport.compassport” or go to www.passport.com
Privacy OrganizationsPrivacy Organizations
Electronic Privacy Information CenterElectronic Privacy Information Center http://www.epic.org/http://www.epic.org/
Internet PassportsInternet Passports
Starts by filling out a profileStarts by filling out a profile Identifies personIdentifies person
Name, address, phone, etc.Name, address, phone, etc.
Identifies Surfing data that can be sharedIdentifies Surfing data that can be shared Or not!Or not!
Profile stored in browserProfile stored in browser When person visits a Web site the When person visits a Web site the
passport is sent to that sitepassport is sent to that site
Internet PassportsInternet Passports
Site’s server examines data in the Site’s server examines data in the passportpassport Might automatically log a person in if they Might automatically log a person in if they
included their username and password in the included their username and password in the passportpassport
While at site the person reads a sports While at site the person reads a sports story and buys a bookstory and buys a book Profile permits inclusion of sports story but not Profile permits inclusion of sports story but not
about the purchaseabout the purchase
Internet PassportsInternet Passports
Person visits another sitePerson visits another site That server “sees” that the person has That server “sees” that the person has
recently read a sports storyrecently read a sports story But not about the purchase because the But not about the purchase because the
passport doesn’t permit itpassport doesn’t permit it
Might then send him an ad about sports Might then send him an ad about sports memorabiliamemorabilia But not about books on saleBut not about books on sale
Internet PassportsInternet Passports
At a different site the server “sees” that the At a different site the server “sees” that the person has restricted information about person has restricted information about their buying habitstheir buying habits
Server declines to send Web pages to a Server declines to send Web pages to a user with this kind of profileuser with this kind of profile
The user can’t even view the Web siteThe user can’t even view the Web site