Why should I worry about privacy and security? I’m not a criminal or a terrorist. I’ve got nothing to hide. These are things that most people think. They also believe the internet is much more secure and that their personal information is only available to them, whereas this is actually quite wrong.
There are more reasons to want to protect your privacy than can be named. The important principal is that you have a right to privacy as long as that right is used within the bounds of the law. Seeking privacy should not make you feel guilty. Privacy should be expected, and demanded. The reasons might be as simple as preserving your right to express unpopular opinions without being subjected to persecution, or as serious as communicating sensitive business information, revealing credit card numbers, legal discussions with your accountant, or hiding your true identity from a secret government. Regardless of your reasons, privacy is your right. Contrary to what some governing bodies might want the public to believe, not all those concerned with security and privacy are hackers or terrorists.
The internet provides one of the easiest communications tools ever afforded by mankind. It is quick, convenient, cheap….and as insecure as it is quick, convenient, and cheap. A message sent many months ago may remain on an ISP’s server or as a backup, and can be easily retrieved by anyone who knows how to do so. This is information which you personally have deleted for a reason – not to be accessed by someone else after you have finished with it. There have been times where information has be retrieved up to 6 months after, and used in a court case as evidence.
It can be quite simple for someone to intercept your messages or information if they want it. This may be just an administrator of your ISP or your office network. Or it might be a business competitor, legal foe, or government agency, with much more serious intentions.
There are an abundant means available to protect online privacy. Some are large and complex while others are extremely simple. The important fact is that some methods are almost totally lacking in security while others are practically bulletproof.
It is an all too common misconception that anonymity equals privacy. Anonymity and privacy may be related, but their significance is quite different.
Do you wonder what other people know about you? Cookies are available on certain websites, and these small files are placed on your computer and record data which most often contains information that the user would rather be kept secure. Information including passwords, credit card numbers and where the user has been.
There are hundreds of web-based email services that appear to offer anonymity. Few really do. These include names such as Hotmail, Yahoo, Excite and many more that could be listed. In each of these cases, the user is allowed to create a personal username that he uses for his messages. Unfortunately, through sign-up procedures and logging, it is amazingly simple to determine your ISP, and even your true identity, when you use these services.
Who wants to know what you’re saying? It might be a nosey fellow employee, your employer, your ISP, a competitor, friend, or legal team. Regardless of who wants to, it is remarkably easy for someone else to read what you write. It is common sense to protect information that you don’t want others to know, and people should ensure that they go to some lengths to do so.
There are a large number of nonprofit organizations that specialize in protecting your rights to privacy. It is time well spent to visit these sites, as you can learn what the current laws are, what is being proposed, and what is being done to protect privacy.
Filed Under: Internet, Science & Technology
Main article: Privacy
Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via of the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large scale computer sharing.
Privacy can entail either Personally Identifying Information (PII) or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to typically identify a specific person.
Some experts such as Steve Rambam, a private investigator specializing in Internet privacy cases, believe that privacy no longer exists; saying, "Privacy is dead – get over it". In fact, it has been suggested that the "appeal of online services is to broadcast personal information on purpose." On the other hand, in his essay The Value of Privacy, security expert Bruce Schneier says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."
Levels of privacy
Internet and digital privacy are viewed differently from traditional expectations of privacy. Internet privacy is primarily concerned with protecting user information. Law Professor Jerry Kang explains that the term privacy expresses space, decision, and information. In terms of space, individuals have an expectation that their physical spaces (i.e. homes, cars) not be intruded. Privacy within the realm of decision is best illustrated by the landmark case Roe v. Wade. Lastly, information privacy is in regards to the collection of user information from a variety of sources, which produces great discussion.
The 1997 Information Infrastructure Task Force (IITF) created under President Clinton defined information privacy as "an individual's claim to control the terms under which personal information--information identifiable to the individual--is acquired, disclosed, and used." At the end of the 1990s, with the rise of the Internet, it became clear that the internet and companies would need to abide by new rules to protect individual's privacy. With the rise of the internet and mobile networks the salience of internet privacy is a daily concern for users.
People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit to and look at online. When filling out forms and buying merchandise, that becomes tracked and because the information was not private, some companies are now sending Internet users spam and advertising on similar products.
There are also several governmental organizations that protect individual's privacy and anonymity on the Internet, to a point. In an article presented by the FTC, in October 2011, a number of pointers were brought to attention that helps an individual internet user avoid possible identity theft and other cyber-attacks. Preventing or limiting the usage of Social Security numbers online, being wary and respectful of emails including spam messages, being mindful of personal financial details, creating and managing strong passwords, and intelligent web-browsing behaviours are recommended, among others.
Posting things on the Internet can be harmful or in danger of malicious attack. Some information posted on the Internet is permanent, depending on the terms of service, and privacy policies of particular services offered online. This can include comments written on blogs, pictures, and Internet sites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can potentially find it and access it. Some employers may research a potential employee by searching online for the details of their online behaviours, possibly affecting the outcome of the success of the candidate.
Risks to Internet privacy
Companies are hired to watch what internet sites people visit, and then use the information, for instance by sending advertising based on one's browsing history. There are many ways in which people can divulge their personal information, for instance by use of "social media" and by sending bank and credit card information to various websites. Moreover, directly observed behaviour, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer potentially more intrusive details about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality. Further, even without any historical behavioural data, there are a large number of insights which can be generated solely by tracking onsite user interaction like post code, name and local address.
Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through Internet use. These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults).
Several social networking sites try to protect the personal information of their subscribers. On Facebook, for example, privacy settings are available to all registered users: they can block certain individuals from seeing their profile, they can choose their "friends", and they can limit who has access to one's pictures and videos. Privacy settings are also available on other social networking sites such as Google Plus and Twitter. The user can apply such settings when providing personal information on the internet.
In late 2007 Facebook launched the Beacon program where user rental records were released on the public for friends to see. Many people were enraged by this breach in privacy, and the Lane v. Facebook, Inc. case ensued.
Children and adolescents often use the Internet (including social media) in ways which risk their privacy: a cause for growing concern among parents. Young people also may not realise that all their information and browsing can and may be tracked while visiting a particular site, and that it is up to them to protect their own privacy. They must be informed about all these risks. For example, on Twitter, threats include shortened links that lead one to potentially harmful places. In their email inbox, threats include email scams and attachments that get them to install malware and disclose personal information. On Torrent sites, threats include malware hiding in video, music, and software downloads. Even when using a smartphone, threats include geolocation, meaning that one's phone can detect where they are and post it online for all to see. Users can protect themselves by updating virus protection, using security settings, downloading patches, installing a firewall, screening email, shutting down spyware, controlling cookies, using encryption, fending off browser hijackers, and blocking pop-ups.
However most people have little idea how to go about doing many of these things. How can the average user with no training be expected to know how to run their own network security (especially as things are getting more complicated all the time)? Many businesses hire professionals to take care of these issues, but most individuals can only do their best to learn about all this.
In 1998, the Federal Trade Commission in the USA considered the lack of privacy for children on the Internet, and created the Children Online Privacy Protection Act (COPPA). COPPA limits the options which gather information from children and created warning labels if potential harmful information or content was presented. In 2000, Children's Internet Protection Act (CIPA) was developed to implement safe Internet policies such as rules[clarification needed], and filter software. These laws, awareness campaigns, parental and adult supervision strategies and Internet filters can all help to make the Internet safer for children around the world.
The privacy concerns of Internet users pose a serious challenge (Dunkan, 1996; Till, 1997). In an online survey conducted, approximately seven out of ten individuals responded that what worries them most is their privacy over the Internet than over the mail or phone. Internet privacy is slowly but surely becoming a threat, as a person's personal data may slip into the wrong hands if passed around through the Web.
Main article: HTTP cookie
In the past, web sites have not generally made the user explicitly aware of the storing of cookies, however tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US lawmakers to take action in 2011. Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but recently, users have become conscious of possible detrimental effects of Internet cookies: a recent study done has shown that 58% of users have at least once, deleted cookies from their computer, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.
The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:
- the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or,
- use of cross-site scripting or other techniques to steal information from a user's cookies.
Cookies do have benefits that many people may not know. One benefit is that for websites that one frequently visits that requires a password, cookies make it so they do not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's user name and password that a cookie saves. While a lot of sites are free, they have to make a profit some how so they sell their space to advertisers. These ads, which are personalized to one's likes, can often freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies. These cookies are not made by the website itself, but by web banner advertising companies. These third-party cookies are so dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they give out this information to other companies.
Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person’s preferences. These windows are an irritation because they are often hard to close out of because the close button is strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while trying to exit out of it, can take one to another unwanted website.
Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched, would frighten most users.
Some users choose to disable cookies in their web browsers. Such an action can reduce some privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated.
The process of profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.
Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of 'typical Internet users'. Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.
Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.
Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.
Main article: Local shared object
When some users choose to disable HTTP cookie to reduce privacy risks as noted, new types of cookies were invented: since cookies are advertisers' main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites. Another 2011 study of social media found that, “Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies.” However, modern browsers and anti-malware software can now block or detect and remove such cookies.
Flash cookies, also known as Local Shared Objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage.
Although browsers such as Internet Explorer 8 and Firefox 3 have added a ‘Privacy Browsing’ setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled or uninstalled, and Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past security defects have allowed spyware or malware to be installed: there have also been problems with Oracle's Java.
Main articles: Zombie cookie and Evercookie
Some anti-fraud companies have realized the potential of evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator's computer but hackers can usually easily get rid of these. The advantage to evercookies is that they resist deletion and can rebuild themselves.
There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. Evercookies enable advertisers to continue to track a customer regardless of if one deletes their cookies or not. Some companies are already using this technology but the ethics are still being widely debated.
Anonymizer nevercookies are part of a free Firefox plugin that protects against evercookies. This plugin extends Firefox's private browsing mode so that users will be completely protected from evercookies. Nevercookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.
Device fingerprinting is a fairly new technology that is useful in fraud prevention and safeguarding any information from one's computer. Device fingerprinting uses data from the device and browser sessions to determine the risk of conducting business with the person using the device. This technology allows companies to better assess the risks when business is conducted through sites that include, e-commerce sites, social networking and online dating sites and banks and other financial institutions. ThreatMetrix is one of the leading vendors of device fingerprinting. This company employs a number of techniques to prevent fraud. For example, ThreatMetrix will pierce the proxy to determine the true location of a device. Due to the growing number of hackers and fraudsters using 'botnets' of millions of computers that are being unknowingly controlled, this technology will help not only the companies at risk but the people who are unaware their computers are being used.
Sentinel Advanced Detection Analysis and Predator Tracking (A.D.A.P.T.)
Canvas fingerprinting is one of a number of browser fingerprinting techniques of tracking online users that allow websites to uniquely identify and track visitors using HTML5 canvas element instead of browser cookies or other similar means.
Photographs on the Internet
Today many people have digital cameras and post their photographs online, for example street photography practitioners do so for artistic purposes and social documentary photography practitioners do so to document the common people in everyday life. The people depicted in these photos might not want to have them appear on the Internet. Police arrest photos, considered public record in many jurisdictions, are often posted on the internet by numerous online mug shot publishing sites.
Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures, albeit this made it impossible for photographers to practice candid photography and doing the same in a public place would violate the photographers' free speech rights. Some people wore a 'no photos' tag to indicate they would prefer not to have their photo taken.Template:See above photo
Face recognition technology can be used to gain access to a person's private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social network sites to identify individuals in the offline world. Data captured even included a user's social security number. Experts have warned of the privacy risks faced by the increased merging of our online and offline identities. The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a smartphone screen. Since these technologies are widely available, our future identities may become exposed to anyone with a smartphone and an Internet connection. Researchers believe this could force us to reconsider our future attitudes to privacy.
Google Street View
Google Street View, released in the U.S. in 2007, is currently the subject of an ongoing debate about possible infringement on individual privacy. In an article entitled “Privacy, Reconsidered: New Representations, Data Practices, and the Geoweb”, Sarah Elwood and Agnieszka Leszczynski (2011) argue that Google Street View “facilitate[s] identification and disclosure with more immediacy and less abstraction.” The medium through which Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a person’s whereabouts, activities, and private property. Moreover, the technology’s disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a person’s appearance or that of his or her personal belongings – there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and people’s faces in 2008, the technology is faulty and does not entirely ensure against accidental disclosure of identity and private property. Elwood and Leszczynski note that “many of the concerns leveled at Street View stem from situations where its photograph-like images were treated as definitive evidence of an individual’s involvement in particular activities.” In one instance, Ruedi Noser, a Swiss politician, barely avoided public scandal when he was photographed in 2009 on Google Street View walking with a woman who was not his wife – the woman was actually his secretary. Similar situations occur when Street View provides high-resolution photographs – and photographs hypothetically offer compelling objective evidence. But as the case of the Swiss politician illustrates, even supposedly compelling photographic evidence is sometimes subject to gross misinterpretation. This example further suggests that Google Street View may provide opportunities for privacy infringement and harassment through public dissemination of the photographs. Google Street View does, however, blur or remove photographs of individuals and private property from image frames if the individuals request further blurring and/or removal of the images. This request can be submitted, for review, through the “report a problem” button that is located on the bottom left-hand side of every image window on Google Street View, however, Google has made attempts to report a problem difficult by disabling the "Why are you reporting the street view" icon.
Search engines have the ability to track a user’s searches. Personal information can be revealed through searches by the user's computer, account, or IP address being linked to the search terms used. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud. A search engine takes all of its users and assigns each one a specific ID number. Those in control of the database often keep records of where on the Internet each member has traveled to. AOL’s system is one example. AOL has a database 21 million members deep, each with their own specific ID number. The way that AOLSearch is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user isn’t known, a full profile of a member can be made just by using the information stored by AOLSearch. By keeping records of what people query through AOLSearch, the company is able to learn a great deal about them without knowing their names.
Search engines also are able to retain user information, such as location and time spent using the search engine, for up to ninety days. Most search engine operators use the data to get a sense of which needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The Google search engine is given as an example of a search engine that retains the information entered for a period of three-fourths of a year before it becomes obsolete for public usage. Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine has promoted a tool of "AskEraser" which essentially takes away personal information when requested. Some changes made to Internet search engines included that of Google's search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remembers previous information that pertains to the individual. Google search engine not only seeks what is searched, but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising. A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that include observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where one's location is currently by locating IP Addresses and geographical locations.
Some solutions to being able to protect user privacy on the Internet can include programs such as "Rapleaf" which is a website that has a search engine that allows users to make all of one's search information and personal information private. Other websites that also give this option to their users are Facebook and Amazon.
Privacy focused search engines/browsers
Search engines such as Startpage.com, Disconnect.me and Scroogle (defunct since 2012) anonymize Google searches. Some of the most notable Privacy-focused search-engines are:
- DuckDuckGo: DuckDuckGo is a meta-search engine that combines the search results from various search engines (excluding Google) and providing some unique services like using search boxes on various websites and providing instant answers out of the box.
- MetaGer: MetaGer is a meta-search engine (obtains results from various sources) and in Germany by far the most popular safe search engine. All servers are stationed in Germany, a plus considering that the German legislation tends to respect privacy rights better than many other European countries.
- Ixquick: IxQuick is a Dutch-based meta-search engine (obtains results from various sources). It commits also to the protection of the privacy of its users. Ixquick uses similar safety features as MetaGer.
- Yacy: Yacy is a decentralized-search engine developed on the basis of a community project, which started in 2005. The search engine follows a slightly different approach to the two previous ones, using a peer-to-peer principle that does not require any stationary and centralized servers. This has its disadvantages but also the simple advantage of greater privacy when surfing due to basically no possibility of hacking.
- Search Encrypt: Search Encrypt is an Internet search engine that prioritizes maintaining user privacy and avoiding the filter bubble of personalized search results. It differentiates itself from other search engines by using local encryption on searches and delayed history expiration.
- Tor Browser (The Onion Router): Tor Browser is a free software that provides access to anonymised network that enables anonymous communication. It directs the internet traffic through multiple relays. This encryption method prevents others from tracking a certain user, thus allowing user's IP address and other personal information to be concealed. 
Privacy issues of social networking sites
Main article: Privacy issues of social networking sites
The advent of the Web 2.0 has caused social profiling and is a growing concern for Internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in social networking media websites like Facebook, Instagram, Twitter, and MySpace. These social networking sites have seen a boom in their popularity starting from the late 2000s. Through these websites many people are giving their personal information out on the internet.
It has been a topic of discussion of who is held accountable for the collection and distribution of personal information. Some will say that it is the fault of the social networks because they are the ones who are storing the vast amounts of information and data, but others claim that it is the users who are responsible for the issue because it is the users themselves that provide the information in the first place. This relates to the ever-present issue of how society regards social media sites. There is a growing number of people that are discovering the risks of putting their personal information online and trusting a website to keep it private. Yet in a recent study, researchers found that young people are taking measures to keep their posted information on Facebook private to some degree. Examples of such actions include managing their privacy settings so that certain content can be visible to "Only Friends" and ignoring Facebook friend requests from strangers.
Dave Eggers's book "The Circle" showcases a possible future where the demand for transparency and accountability for social networking becomes impossible for any users to maintain any sense of privacy. In the book, Eggers created a fictional company where no personal information is hidden and everyone's life experiences are shared with everyone else.This is justified in the book by promoting total transparency for both regular users and government officials alike, however anything deemed private by the user is accessible by anyone in the name of transparency. This fictional concept may seem far fetched, but currently it's already happening with massive technology companies such as Microsoft and Google. There has been many reports regarding recent breaches of privacy for Google's search engine and Microsoft's newest operation system Windows 10. Users have reported that both services has been collecting data without the user's consent or knowledge, and this has led to large-scale outcries and lawsuits.
In 2013 a class action lawsuit was filed against Facebook alleging the company scanned user messages for web links, translating them to “likes” on the user’s Facebook profile. Data lifted from the private messages was then used for targeted advertising, the plaintiffs claimed. "Facebook's practice of scanning the content of these messages violates the federal Electronic Communications Privacy Act (ECPA also referred to as the Wiretap Act), as well as California's Invasion of Privacy Act (CIPA), and section 17200 of California's Business and Professions Code," the plaintiffs said. This shows that once information is online it is no longer completely private. It is an increasing risk because younger people are having easier internet access than ever before, therefore they put themselves in a position where it is all too easy for them to upload information, but they may not have the caution to consider how difficult it can be to take that information down once it is out in the open. This is becoming a bigger issue now that so much of society interacts online which was not the case fifteen years ago. In addition, because of the quickly evolving digital media arena, people's interpretation of privacy is evolving as well, and it is important to consider that when interacting online. New forms of social networking and digital media such as Instagram and Snapchat may call for new guidelines regarding privacy. What makes this difficult is the wide range of opinions surrounding the topic, so it is left mainly up to our judgement to respect other people's online privacy in some circumstances. Sometimes it may be necessary to take extra precautions in situations where somebody else may have a tighter view on privacy ethics. No matter the situation it is beneficial to know about the potential consequences and issues that can come from careless activity on social networks.
Internet service providers
Internet users obtain Internet access through an Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet.
However, ISPs are usually prohibited from participating in such activities due to legal, ethical, business, or technical reasons.
Normally ISPs do collect at least some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.).
Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant.
An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting web traffic, https has become the most popular and best-supported standard. Even if users encrypt the data, the ISP still knows the IP addresses of the sender and of the recipient. (However, see the IP addresses section for workarounds.)
An Anonymizer such as I2P – The Anonymous Network or Tor can be used for accessing web services without them knowing one's IP address and without one's ISP knowing what the services are that one accesses. Additional software has been developed that may provide more secure and anonymous alternatives to other applications. For example, Bitmessage can be used as an alternative for email and Cryptocat as an alternative for online chat. On the other hand, in addition to End-to-End encryption software, there are web services such as Qlink which provide privacy through a novel security protocol which does not require installing any software.
While signing up for internet services, each computer contains a unique IP, Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from one's ISP.
General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud. In 2007, the Council of Europe held its first annual Data Protection Day on January 28, which has since evolved into the annual Data Privacy Day.
T-Mobile USA doesn't store any information on web browsing. Verizon Wireless keeps a record of the websites a subscriber visits for up to a year. Virgin Mobile keeps text messages for three months. Verizon keeps text messages for three to five days. None of the other carriers keep texts of messages at all, but they keep a record of who texted who for over a year. AT&T Mobility keeps for five to seven years a record of who text messages who and the date and time, but not the content of the messages. Virgin Mobile keeps that data for two to three months.[needs update]
HTML5 is the latest version of Hypertext Markup Language specification. HTML defines how user agents, such as web browsers, are to present websites based upon their underlying code. This new web standard changes the way that users are affected by the internet and their privacy on the internet. HTML5 expands the number of methods given to a website to store information locally on a client as well as the amount of data that can be stored. As such, privacy risks are increased. For instance, merely erasing cookies may not be enough to remove potential tracking methods since data could be mirrored in web storage, another means of keeping information in a user's web browser. There are so many sources of data storage that it is challenging for web browsers to present sensible privacy settings. As the power of web standards increases, so do potential misuses.
HTML5 also expands access to user media, potentially granting access to a computer's microphone or webcam, a capability previously only possible through the use of plug-ins like Flash. It is also possible to find a user's geographical location using the geolocation API. With this expanded access comes increased potential for abuse as well as more vectors for attackers. If a malicious site was able to gain access to a user's media, it could potentially use recordings to uncover sensitive information thought to be unexposed. However, the World Wide Web Consortium, responsible for many web standards, feels that the increased capabilities of the web platform outweigh potential privacy concerns. They state that by documenting new capabilities in an open standardization process, rather than through closed source plug-ins made by companies, it is easier to spot flaws in specifications and cultivate expert advice.
Big Data is generally defined as the rapid accumulation and compiling of massive amounts of information that is being exchanged over digital communication systems. The data is large (often exceeding exabytes) and cannot be handled by conventional computer processors, and are instead stored on large server-system databases. This information is assessed by analytic scientists using software programs; which paraphrase this information into multi-layered user trends and demographics. This information is collected from all around the Internet, such as by popular services like Facebook, Google, Apple, Spotify or GPS systems. Big Data provides companies with the ability to:
- Infer detailed psycho-demographic profiles of internet users, even if they were not directly expressed or indicated by users.
- Inspect product availability and optimize prices for maximum profit while clearing inventory.
- Swiftly reconfigure risk portfolios in minutes and understand future opportunities to mitigate risk.
- Mine customer data for insight, and create advertising strategies for customer acquisition and retention.
- Identify customers who matter the most.
- Create retail coupons based on a proportional scale to how much the customer has spent, to ensure a higher redemption rate.
- Send tailored recommendations to mobile devices at just the right time, while customers are in the right location to take advantage of offers.
- Analyze data from social media to detect new market trends and changes in demand.
- Use clickstream analysis and data mining to detect fraudulent behavior.
- Determine root causes of failures, issues and defects by investigating user sessions, network logs and machine sensors.
Other potential Internet privacy risks
- Malware is a term short for "malicious software" and is used to describe software to cause damage to a single computer, server, or computer network whether that is through the use of a virus, trojan horse, spyware, etc.
- Spyware is a piece of software that obtains information from a user's computer without that user's consent.
- A web bug is an object embedded into a web page or email and is usually invisible to the user of the website or reader of the email. It allows checking to see if a person has looked at a particular website or read a specific email message.
- Phishing is a criminally fraudulent process of trying to obtain sensitive information such as user names, passwords, credit card or bank information. Phishing is an internet crime in which someone masquerades as a trustworthy entity in some form of electronic communication.
- Pharming is a hacker's attempt to redirect traffic from a legitimate website to a completely different internet address. Pharming can be conducted by changing the hosts file on a victim’s computer or by exploiting a vulnerability on the DNS server.
- Social engineering where people are manipulated or tricked into performing actions or divulging confidential information.
- Malicious proxy server (or other "anonymity" services).
- Use of weak passwords that are short, consist of all numbers, all lowercase or all uppercase letters, or that can be easily guessed such as single words, common phrases, a person's name, a pet's name, the name of a place, an address, a phone number, a social security number, or a birth date.
- Using the same login name and/or password for multiple accounts where one compromised account leads to other accounts being compromised.
- Allowing unused or little used accounts, where unauthorized use is likely to go unnoticed, to remain active.
- Using out-of-date software that may contain vulnerabilities that have been fixed in newer more up-to-date versions.
- WebRTC is a protocol which suffers from a serious security flaw that compromises the privacy of VPN-tunnels, by allowing the true IP address of the user to be read. It is enabled by default in major browsers such as Firefox and Google Chrome.
Reduction of risks to Internet privacy
Inc. magazine reports that the Internet's biggest corporations have hoarded Internet users' personal data and sold it for large financial profits. The magazine reports on a band of startup companies that are demanding privacy and aiming to overhaul the social-media business, such as Wickr, a mobile messaging app, described as using peer-to-peer encryption and giving the user the capacity to control what information is retained on the other end; Ansa, an ephemeral chat application, also described as employing peer-to-peer encryption; and Omlet, an open mobile social network, described as giving the user control over their data so that if a user does not want their data saved, they are able to delete it from the data repository.
Noise Society – Protection through Information Overflow
According to Nicklas Lundblad, another perspective on privacy protection is the assumption that the quickly growing amount of information produced will be beneficial. The reasons for this are that the costs for the surveillance will raise and that there is more noise, noise being understood as anything that interferes the process of a receiver trying to extract private data from a sender.
In this noise society, the collective expectation of privacy will increase, but the individual expectation of privacy will decrease. In other words, not everyone can be analyzed in detail, but one individual can be. Also, in order to stay unobserved, it can hence be better to blend in with the others than trying to use for example encryption technologies and similar methods. Technologies for this can be called Jante-technologies after the Law of Jante, which states that you are nobody special. This view offers new challenges and perspectives for the privacy discussion.
While internet privacy is widely acknowledged as the top consideration in any online interaction,