Privacy and the Internet
Essay by review • February 5, 2011 • Research Paper • 3,456 Words (14 Pages) • 1,574 Views
Privacy and the Internet
The Internet provides a wealth of sources for information, products, and services of all types, making it a convenient place for consumers to research topics and make purchases. Although Internet users know that some personal data will be required to make a purchase, they are often unaware of the personal data that can be collected without their knowledge by simply visiting a Web page or reading e-mail. This paper addresses some of the ways unauthorized personal information has been and is being collected and steps that can be taken to prevent or avoid this collection.
To make an online purchase, an Internet user must provide a certain amount of personal information to the vendor. This information usually includes the user's name, address, telephone number, e-mail address, and credit card data. There have been many reported cases of security failures at online vendors of products and services. Because of this publicity, most Internet users are aware that there is a potential for the information they provide to be exposed to the world whether by human error, careless security practices by a vendor, or a successful attack by a hacker. However, most users are not aware of the amount of personal information that can be collected without their consent when they do such ordinary things as visiting a Web page, opening a document, or reading an e-mail message.
How can personal information be collected without the user's knowledge? Information about an Internet user can be collected in many ways, including the underlying protocol of the Web, cookies? banner advertisements," Web bugs", and hi-tech "toys". A user may also provide information to an online vendor to reduce annoyances. Almost every user has seen a popup ad for the X10 wireless video cameras and some of the ads are almost full-screen in size. The X10 company is aware that people can become annoyed when the same popup ad keeps appearing. Some of the ads have a "Click here to disable this ad" button that takes the user to an X10 page and promises not to show the ad again for 30 days. (X10 popup, October 2001.) This requires that a cookie? (a small text file recognized by a Web server) be installed on the users computer. A small piece of information has been collected about the user: this computer has seen an X10 ad because the usual link to the popup inhibitor page is via an ad for some X10 product. The X10 site also knows the IP address, operating system, and browser version of that computer. If a user visits the popup inhibitor page directly by using the URL in the bibliography, the same information will be collected. This is covert data collection because the user did not intend to give information but simply wanted to suppress an annoyance.
How does a server know so much about a user's computer? The protocol of the Web requires that a certain amount of information be exchanged between a users Web browser and the Web server with which it is communicating. The server needs to know the type and version of the browser because different versions have different capabilities, such as support for Java or on-line forms. The Web server knows the page from which the user came and the page to which the user goes because that information is part of the environment shared by the Web server and the users Web browser. This information is intended to provide the Web site with? How did they find us? Where did they leave us?
The Web is an inherently stateless environment, with no record of previous interactions between a Web server and a Web browser. The connection between Web browser and Web server is repeatedly made and dropped as items of data are transferred. This requires that some method be used to track the status of Web browsers interactions with a Web server. This was the initial purpose of cookies.
Cookies are created by Web browser commands sent from a Web server. The browser responds to the command by creating a text file containing one or more NAME=VALUE pairs. A typical command would be in the format:
Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure
The only required attribute is the initial NAME=VALUE which identifies the cookie. The attribute expires=DATE defines the lifetime of the cookie. In the case of the X10 ad disabler, the date would be expected to be 30 days from the date the user visited the ad disabler page. The PATH attribute specifies a subset of URL's in the domain that set the cookie. A value of "/foo" matches "/foobar" and "/foo/bar.html." The default is "/" which gives access from any location on the server. The default DOMAIN_NAME is the name of the host that originated the cookie. Cookies can only be retrieved by a server in the same domain as the server that set the cookie (usually the same server). If "secure" is specified, the content of the cookie can only be retrieved over a secure connection (URL beginning https://). Cookies are based on several Request For Comments (RFC) documents. RFC's are the standard way of introducing new features to the Internet, with a proposal being made (the RFC) and interested parties responding to the proposal. The pertinent documents for cookies are RFC 822, RFC 850, RFC 1036, and RFC 1123. (Netscape, 1999)
Every person who has visited a Web portal or search engine has seen banner advertisements. Some of them are small and simple; others are large and complex. However, they all have the potential to collect information about the user. The process of loading an image (the banner ad) requires that the users Web browser contact the server that provides the image. In the case of banner ads, the link to that image also provides other information to the image server. (Smith, November 1999.) The image server logs all requests that it receives. These requests must include at least the IP address of the user's computer so that the image can be sent back to the requesting computer. Cookies are used to track the user's movements from page to page. The server can set a cookie on the user's computer that effectively contains the name of the server setting the cookie, and the date, time, and page on which the ad was viewed. As the user moves from page to page, the ads may be different but often are coming from the same image server or another image server from the same advertising company. The image server can read the cookies it has previously set to determine other pages the user has visited. Some cookies may be useful, such as retaining a users ID and preferences at a frequently visited site, but others are just for collecting marketing data.
There is obviously some cost involved in developing and maintaining
...
...