Monday, 23 July 2012

internet activity is revealing your personal information

Introduction
The Internet enables us to improve communication, erase physical barriers, and expand our education. Its absorption into our society has been extraordinary.  It touches nearly every part of our lives from how we apply for jobs and where we get our news, to how we find friends.  A few Web sites have virtually replaced some things, like the encyclopedia and the phone book. 
But with acceptance comes a decrease in skepticism.  You may assume that the same laws or societal rules that protect your privacy in the physical world apply to the digital world as well.  But the Internet remains largely unregulated and the policies governing it underdeveloped.  Laws concerning online privacy are still being developed.
To date, the U.S. Supreme Court largely has taken a hands-off approach to regulating the Internet and online privacy in favor of free speech.  However, the federal government is increasingly interested in regulating the Internet, for example through child pornography and gambling laws.  One important thing to keep in mind when relying on the law to protect you is that if U.S. law is broken in another country, prosecuting the criminal may prove difficult or impossible.

Knowing how to navigate the Internet safely is essential to maintaining your privacy online.
1: What Internet Activities Reveal My Personal Information?
When you are online, you provide information to others at almost every step of the way.  Often this information is like a puzzle that needs to be connected before your picture is revealed.  Information you provide to one person or company may not make sense unless it is combined with information you provide to another person or company.  Below is a summary of the more common ways you give information to others when using the Internet.
Signing up for Internet service
If you pay for the Internet yourself, you signed up with an Internet Service Provider (ISP). Your ISP provides the mechanism for connecting your computer to the Internet. There are thousands of ISPs around the world offering a variety of services.
Each computer connected to the Internet, including yours, has a unique address, known as an IP address (Internet Protocol address). It takes the form of four sets of numbers separated by dots, for example: 123.45.67.890. It’s that number that actually allows you to send and receive information over the Internet.  Depending upon your type of service, your IP address may be "dynamic", that is, one that changes periodically, or "static", one that is permanently assigned to you for as long as you maintain your service.
Your IP address by itself doesn’t provide personally identifiable information. However, because your ISP knows your IP address, it is a possible weak link when it comes to protecting your privacy.  ISPs have widely varying policies for how long they store IP addresses.  Unfortunately, many ISPs do not disclose their data retention policies.  This can make it difficult to shop for a “privacy-friendly” ISP.
E-mail and list-serves
E-mail. When you correspond through e-mail you are no doubt aware that you are giving information to the recipient. You might also be giving information to any number of people, including your employer, the government, your e-mail provider, and anybody that the recipient passes your message to.  The federal Electronic Communications Privacy Act (ECPA) makes it unlawful under certain circumstances for someone to read or disclose the contents of an electronic communication (18 USC § 2511).
But, the ECPA is a complicated law and contains many exceptions.  ECPA  makes a distinction between messages in transit and those stored on computers. Stored messages are generally given less protection than those intercepted during transmission. Here are some exceptions to the ECPA:
  • The ISP may view private e-mail if it suspects the sender is attempting to damage the system or harm another user. However, random monitoring of e-mail is generally prohibited.
  • The ISP may legally view and disclose private e-mail if either the sender or the recipient of the message consents to the inspection or disclosure. Many ISPs require a consent agreement from new members when signing up for the service.
  • If the e-mail system is owned by an employer, the employer may inspect the contents of employee e-mail on the system. Therefore, any e-mail sent from a business location is probably not private. Several court cases have determined that employers have a right to monitor e-mail messages of their employees. (See PRC Fact Sheet 7 on employee monitoring, www.privacyrights.org/fs/fs7-work.htm.)
  • Services may be required to disclose personal information in response to a court order or subpoena.  A subpoena may be obtained by law enforcement or as part of a civil lawsuit.  The government can only get basic subscriber information with a subpoena.  The government needs a search warrant to get further records.  A subpoena as part of a private civil lawsuit may disclose more personal information. 
  • The USA PATRIOT Act, passed by Congress after the terrorist attacks of September 11, 2001, and amended in 2006, makes it easier for the government to access records about online activity.  In an effort to increase the speed in which records are acquired, the Act eliminates much of the oversight provided by other branches of the government.  And it expands the types of records that can be sought without a court order.   For additional information about the USA PATRIOT Act, visit the Web sites of the American Civil Liberties Union, www.aclu.org, the Center for Democracy and Technology, www.cdt.org, the Electronic Frontier Foundation, www.eff.org, and the Electronic Privacy Information Center, www.epic.org
In U.S. v Warshak (decided December 14, 2010), the Sixth Circuit Court of Appeals ruled that although an ISP has access to private e-mail, the government must obtain a search warrant before seizing such e-mail. The issue that the court dealt with in this case was the expectation of privacy that is afforded to e-mail hosted on a remote server.  The court stated:
Given the fundamental similarities between email and traditional forms of communication [like postal mail and telephone calls], it would defy common sense to afford emails lesser Fourth Amendment protection.... It follows that email requires strong protection under the Fourth Amendment; otherwise the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve....
The decision is particularly important to the extent that it could spur Congress to update the federal statutes that, in some cases, do allow warrantless searches of e-mail. 
E-mail discussion lists and list-serves. When participating in online discussion groups, which are sometimes called "list-serves," remember that either the sender or the recipient can consent to the inspection or disclosure of the e-mail.  Additionally, if you are concerned about junk e-mail, forwarded messages, or other unsolicited mail, you should note that you are giving your e-mail address to numerous people.
On many of these discussion lists, the e-mail address of members is readily available, sometimes on the e-mails sent and often through the group’s Web site. Although a subscription and sometimes a password is required to use the list, there’s nothing to prevent another member of the list to collect and distribute your e-mail address and any other information you post. In addition, some message boards and list-serves may be archived. 
Browsing the Internet
Browsers.  Although it may not seem like you are giving very much information, when you browse the Internet you are relaying personal information to Web sites.  Your browser likely provides your IP address and information about which sites you have visited to Web site operators.  As you move from site to site online, numerous companies utilize sophisticated methods to track and identify you.  The Web Privacy Census measures trends in internet tracking at the 25,000 most popular websites. 
Almost all browsers give you some control over how much information is kept and stored. Generally, you can change the settings to restrict cookies and enhance your privacy. Note that if you choose a high privacy setting, you may not be able to use online banking or shopping services.  Most major browsers now offer a "Private Browsing" tool to increase your privacy.  However, researchers have found that "Private Browsing" may fail to purge all traces of online  activity.  Many popular browser extensions and plugins undermine the security of "Private Browsing".  http://crypto.stanford.edu/~dabo/pubs/abstracts/privatebrowsing.html.
Search engines. Most of us navigate the Internet by using search engines. Search engines have and use the ability to track each one of your searches. They can record your IP address, the search terms you used, the time of your search, and other information.  We encourage you to closely review your search engine's privacy policy.
You may also inadvertently reveal information through your search strings.  For example, you might do a search to determine if your Social Security number appears on any Web sites.  You might enter the search terms " Jane Doe 123-45-6789."   The Google search string might look like this: http://www.google.com/#hl=en&source=hp&q=Jane+Roe+123-45-6789&btnG=Googl... Retention of that search string would mean that your search engine has a record of your name and Social Security number.

Major search engines have said they need to retain personal data, in part, to provide better services, to thwart security threats, to keep people from gaming search ranking results, and to combat click fraud scammers. However, major search engines often have retained this data for over a year, seemingly well beyond the time frame necessary to address these concerns. Some search engines have reduced the time that they retain users' IP addresses. Major search engines delete or anonymize IP addresses according to the following schedule:
  • Yahoo-18 months
  • Bing (formerly MSN/Windows Live)-6 months
  • Google-9 months
Startpage (www.startpage.com), a search engine operated by Ixquick, based in The Netherlands, does not record users’ IP addresses at all.  The privacy policy was created partially in response to fears that if the company retained the information, it would eventually be misused. The company concluded, “If the data is not stored, users privacy can't be breached.”  Startpage will remove all identifying information from your query and submit it anonymously to Google.
Online Privacy Tip:  It's a good idea to avoid using the same web site for both your web-based email and as your search engine.  Web email accounts will always require some type of a login, so if you use the same site as your search engine, your searches can be connected to your email account.  By using different web sites for different needs -- perhaps Yahoo for your email and Google for your searches -- you can help limit the total amount of information retained by any one site.  Alternatively, log out of your email and clear your browser's cookies (see Cookies below) before going to other sites, so that your searches and browsing are not connected to your email address.
Online Privacy Tip:  Avoid downloading search engine toolbars (for example, the Google toolbar or Yahoo toolbar). Toolbars may permit the collection of information about your web surfing habits.  Watch out that you do not inadvertently download a toolbar when downloading software, particularly free software.
Online Privacy Tip:  Google combines information about you from most of its services, including its search engine, Gmail, and YouTube.  Be sure to disable automatic sign-ins by following the instructions at http://support.google.com/accounts/bin/answer.py?hl=en&answer=39273.  Also be sure to clear your browser's cache and cookies by following the instructions at http://support.google.com/accounts/bin/answer.py?hl=en&answer=32050.  While you must be signed in to access Gmail, most Google services can be used without being signed in to your account.
For more information on search engines you can read:
Cookies. When you visit different Web sites, many of the sites deposit data about your visit, called "cookies," on your hard drive. Cookies are pieces of information sent by a Web server to a user's browser. Cookies may include information such as login or registration identification, user preferences, online "shopping cart" information, and so on. The browser saves the information, and sends it back to the Web server whenever the browser returns to the Web site. The Web server may use the cookie to customize the display it sends to the user, or it may keep track of the different pages within the site that the user accesses.
For example, if you use the Internet to complete the registration card for a product, such as a computer or television, you generally provide your name and address, which then may be stored in a cookie.  Legitimate Web sites use cookies to make special offers to returning users and to track the results of their advertising. These cookies are called first-party cookies.
However, there are some cookies, called third-party cookies, that communicate data about you to an advertising clearinghouse which in turn shares that data with other online marketers. These third-party cookies include "tracking cookies" which use your online history to deliver other ads.  Read more about tracking cookies at http://www.pcworld.com/printable/article/id,257603/printable.html.
Your Web browser and some software products enable you to detect and delete cookies, including third-party cookies. For illustrated instructions on how to delete cookies in popular web browsers, read http://www.pcworld.com/article/242939/how_to_delete_cookies.html.  You can also download a Windows PC cleaning tool such as CCleaner at http://www.piriform.com/ccleaner.
You can also opt-out of the sharing of cookie data with members of the Network Advertising Initiative by going to www.networkadvertising.org/consumer/opt_out.asp.
Flash cookies. Many websites have begun to utilize a new type of cookie called a "flash cookie" (sometimes also called a "supercookie") that is more persistent than a regular cookie.  Normal procedures for erasing standard cookies, clearing history, erasing the cache, or choosing a delete private data option within the browser will not affect flash cookies.  Flash cookies thus may persist despite user efforts to delete all cookies.  They cannot be deleted by any commercially available anti-spyware or adware removal program.  However, if you use the Firefox browser, there is an add-on called "BetterPrivacy" that can assist in deleting flash cookies: https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/.
During July and August 2010, three class action lawsuits were filed against several companies for their use of flash cookies.  These companies are alleged to have knowingly tracked users in a way that was not adequately disclosed in their privacy policies.  Defendants include major media companies (MySpace, ABC, ESPN, Hulu, MTV, and NBC Universal Disney, and Warner Brothers) and online advertising companies (Quantcast, Specificmedia, and Clearspring).  http://www.zdnet.com/blog/btl/ad-network-at-center-of-third-flash-cookie-lawsuit/38346.  The lawsuits were settled in June 2011.  Under the terms of the settlement, the defendants will cease  respawning cookies and amend their privacy policies.  They also paid a $3.2 million monetary settlement.  http://www.privacyandsecuritymatters.com/2011/06/court-approves-settlement-of-flash-cookie-class-action/.
source;privacyrights.org
Print Page

No comments:

Post a Comment