Since personalised advertisements are more efficient, and thus more profitable, than non-personalised ones,
online advertising providers often collect (or facilitate the collection of) user data such as browsing and search history, shopping patterns and
social media behaviour. This data can then be automatically processed to display ads more likely to be successful with the particular user they are being displayed to, as well as to
personalise content displayed to the user on social media sites. In 1998, the
Federal Trade Commission considered the lack of privacy for children on the Internet and created the
Children's Online Privacy Protection Act (COPPA), limiting options obtaining personal information of children and stipulating requirement for
privacy policies. Apart from corporate data collection, on-line privacy threats also include
criminal and fraudulent activity. This category includes shortened links on many social media platforms leading to potentially harmful websites,
scam e-mails and e-mail attachments that persuade users to install malware or disclose personal information. On online piracy sites, threats include malicious software that is presented as legitimate content. When using a smartphone,
geolocation data may be compromised. In late 2007, Facebook launched the
Beacon program in which user commercial activity was released to the public for friends to see. Beacon created considerable controversy soon after it was launched due to privacy concerns, and the
Lane v. Facebook, Inc. case ensued.
Internet protocol (IP) addresses The architecture of the Internet Protocol necessitates that a website receive
IP addresses of its visitors, which can be tracked through time. Companies match data over time to associate the name, address, and other information to the IP address. There are opposing views in different jurisdiction on whether an IP address is personal information. The
Court of Justice of the European Union has ruled they need to be treated as personally identifiable information if the website tracking them, or a third party like a service provider, knows the name or street address of the IP address holder, which would be true for static IP addresses, not for dynamic addresses. California regulations say IP addresses need to be treated as personal information if the business itself, not a third party, can link them to a name and street address. An Alberta court ruled that police can obtain the IP addresses and the names and addresses associated with them without a search warrant; the Calgary, Alberta police found IP addresses that initiated online crimes. The service provider gave police the names and addresses associated with those IP addresses.
HTTP cookies An
HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other
state information required in complex websites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies—for example, those used by
Google Analytics — are called
tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits. In the past, websites have not generally made the user explicitly aware of the storing of cookies, however, tracking cookies and especially
third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US lawmakers to take action in 2011. Cookies can also have implications for
computer forensics. In past years, most computer users were not completely aware of cookies, but users have become conscious of the possible detrimental effects of Internet cookies: a recent study has shown that 58% of users have deleted cookies from their computer at least once, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent
Flash cookies and
zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies. The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice, programmers can circumvent this restriction. Possible consequences include: • the placing of a personally identifiable tag in a browser to facilitate
web profiling , or • use of
cross-site scripting or other techniques to steal information from a user's cookies. Cookies do have benefits. One is that for websites that one frequently visits that require a password, cookies may allow a user to not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's username and password that a cookie saves. While many sites are free, they sell their space to advertisers. These ads, which are personalized to one's likes, can sometimes freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies. These cookies are not made by the website itself but by web banner advertising companies. These third-party cookies are dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they share this information with other companies. Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person's preferences. These windows are an irritation because the close button may be strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while one tries to close them, they can take one to another unwanted website. Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched would frighten most users. Some users choose to disable cookies in their web browsers. Such an action can reduce some privacy risks but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as
Mozilla Firefox and
Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general but preventing their abuse. There is also a host of wrapper applications that will redirect cookies and
cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated. The process of
profiling (also known as "tracking") assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the
URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing. Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of "typical Internet users". Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for
market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does. Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. This is why Google, the dominant ad platform, that uses cookies to allow marketers to track people has announced plans to "kill the cookie." Governments and organizations may set up
honeypot websites – featuring controversial topics – to attract and track unwary people. This constitutes a potential danger for individuals.
Flash cookies When some users choose to disable
HTTP cookies to reduce privacy risks as noted, new types of client-side storage were invented: since cookies are advertisers' main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and
zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites. Another 2011 study of social media found that, "Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies." However, modern browsers and anti-malware software can now block or detect and remove such cookies. Flash cookies, also known as
local shared objects, work the same way as normal cookies and are used by the
Adobe Flash Player to store information on the user's computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in the sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage. Although browsers such as Internet Explorer 8 and Firefox 3 have added a "Privacy Browsing" setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled or uninstalled, and
Flash cookies can be disabled on a per-site or global basis. Adobe's Flash and (PDF) Reader are not the only browser plugins whose past
security defects have allowed
spyware or
malware to be installed: there have also been problems with Oracle's
Java.
Evercookies Evercookie, created by
Samy Kamkar, is a
JavaScript-based application which produces cookies in a web browser that actively "resist" deletion by redundantly copying themselves in different forms on the user's machine (e.g., Flash Local Shared Objects, various
HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one's computer they will never be gone. Additionally, if Evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available. Evercookies are a type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.
Anti-fraud uses Some
anti-fraud companies have realized the potential of Evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator's computer but hackers can usually easily get rid of these. The advantage to Evercookies is that they resist deletion and can rebuild themselves.
Advertising uses There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person's computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. This is known as online
behavioural advertising which allows advertisers to keep track of the consumer's website visits to personalize and target advertisements. Ever-cookies enable advertisers to continue to track a customer regardless of whether their cookies are deleted or not. Some companies are already using this technology but the ethics are still being widely debated.
Criticism Anonymizer "nevercookies" are part of a free
Firefox plugin that protects against Evercookies. This plugin extends Firefox's
private browsing mode so that users will be completely protected from ever-cookies. Never-cookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.
Other Web tracking risks Device fingerprinting A
device fingerprint is information collected about the software and hardware of a remote computing device to identify individual devices even when
persistent cookies (and also
zombie cookies) cannot be read or stored in the browser, the client
IP address is hidden, and even if one switches to another browser on the same device. This may allow a service provider to detect and prevent
identity theft and
credit card fraud, but also to compile long-term records of individuals' browsing histories even when they're attempting to
avoid tracking, raising a major concern for Internet privacy advocates.
Third-Party Requests Third-Party Requests are HTTP data connections from client devices to addresses on the web which are different from the website the user is currently surfing. Many alternative tracking technologies to cookies are based on third-party requests. Their importance has increased during the last few years and even accelerated after
Mozilla (2019),
Apple (2020), and
Google (2022) have announced to block third-party cookies by default. Third requests may be used for embedding external content (e.g.
advertisements) or for loading external resources and functions (e.g. images, icons, fonts, captchas,
JQuery resources and many others). Depending on the type of resource loaded, such requests may enable third parties to execute a device fingerprint or place any other kind of
marketing tag. Irrespective of the intention, such requests do often disclose information that may be sensitive, and they can be used for tracking either directly or in combination with other
personally identifiable information. Most of the requests disclose referrer details that reveal the full URL of the actually visited website. In addition to the referrer URL, further information may be transmitted by the use of other
request methods such as
HTTP POST. Since 2018 Mozilla partially mitigates the risk of third-party requests by cutting the referrer information when using the private browsing mode. However, personal information may still be revealed to the requested address in other areas of the
HTTP-header.
Photographs on the Internet Today, many people have
digital cameras and post their photographs online. For example,
street photography practitioners do so for artistic purposes and
social documentary photography practitioners do so to document people in everyday life. The people depicted in these photos might not want them to appear on the Internet. Police arrest photos, considered public record in many jurisdictions, are often posted on the Internet by
online mug shot publishing sites. Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wiki mania conference required that photographers have the prior permission of the people in their pictures, albeit this made it impossible for photographers to practice
candid photography, and doing the same in a public place would violate the photographers'
free speech rights. Some people wore a "no photos" tag to indicate they would prefer not to have their photo taken . The
Harvard Law Review published a short piece called "In The Face of Danger: Facial Recognition and Privacy Law", much of it explaining how "privacy law, in its current form, is of no help to those unwillingly tagged." Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it is absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other. However, these, as well as other pictures, can allow other people to invade a person's privacy by finding out information that can be used to track and locate a certain individual. In an article featured in
ABC News, it was stated that two teams of scientists found out that
Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the Internet. Moreover, it was found that pictures taken by some phones and tablets, including
iPhones, automatically attach the
latitude and
longitude of the picture taken through
metadata unless this function is manually disabled.
Face recognition technology can be used to gain access to a person's private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social networking sites to identify individuals in the offline world. Data captured even included a user's social security number. Experts have warned of the privacy risks faced by the increased merging of online and offline identities. The researchers have also developed an 'augmented reality' mobile app that can display personal data over a person's image captured on a smartphone screen. Since these technologies are widely available, users' future identities may become exposed to anyone with a smartphone and an Internet connection. Researchers believe this could force a reconsideration of future attitudes to privacy.
Google Street View Google Street View, released in the U.S. in the 2000s, is currently the subject of
an ongoing debate about possible infringement on individual privacy. Researchers have argued that Google Street View "facilitate[s] identification and disclosure with more immediacy and less abstraction." The medium through which
Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a person's whereabouts, activities, and private property. Moreover, the technology's disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a person's appearance or that of his or her personal belongings – there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and people's faces in 2008, A search engine takes all of its users and assigns each one a specific ID number. Search engines often keep records of users' Internet activity and sites visited.
AOL's system is one example. AOL has a database of 21 million members, each with their own specific ID number. The way that AOL's search engine is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user is not known, a full profile of a member can be made just by using the information stored by from search history. By keeping records of what people query through AOL Search, the company is able to learn a great deal about them without knowing their names. Search engines also are able to retain user information, such as location and time spent using the search engine, for up to ninety days. Most search engine operators use the data to get a sense of which needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The
Google search engine is given as an example of a search engine that retains the information entered for a period of three-fourths of a year before it becomes obsolete for public usage.
Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine have promoted a tool of "AskEraser" which essentially takes away personal information when requested. Some changes made to Internet search engines included that of Google's search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remember previous information that pertains to the individual. Google search engine not only seeks what is searched but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising. A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that includes observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where one's location is currently by locating IP Addresses and geographical locations. Google had publicly stated on January 24, 2012, that its privacy policy would once again be altered. This new policy would change the following for its users: (1) the privacy policy would become shorter and easier to comprehend and (2) the information that users provide would be used in more ways than it is presently being used. The goal of Google is to make users' experiences better than they currently are. This new privacy policy came into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Google's new privacy policy will combine all data used on Google's search engines (i.e.,
YouTube and
Gmail) in order to work along the lines of a person's interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results. Google's privacy policy explains what information they collect and why they collect it, how they use the information, and how to access and update information. Google will collect information to better service its users such as their language, which ads they find useful, or people that are important to them online. Google announces they will use this information to provide, maintain and protect Google and its users. The information Google uses will give users more relevant search results and advertisements. The new privacy policy explains that Google can use shared information on one service in other Google services from people who have a Google account and are logged in. Google will treat a user as a single user across all of their products. Google claims the new privacy policy will benefit its users by being simpler. Google will, for example, be able to correct the spelling of a user's friend's name in a Google search or notify a user they are late based on their calendar and current location. Even though Google updated its privacy policy, its core privacy guidelines did not change. For example, Google still does not sell personal information or share it externally. Users and public officials have raised many concerns regarding Google's new privacy policy. The main concern/issue involves the sharing of data from multiple sources. Because this policy gathers all information and data searched from multiple engines when logged into Google, and uses it to help assist users, privacy becomes an important element. Public officials and Google account users are worried about online safety because of all this information being gathered from multiple sources. Some users do not like the overlapping privacy policy, wishing to keep the service of Google separate. The update to Google's privacy policy has alarmed both public and private sectors. The
European Union has asked Google to delay the onset of the new privacy policy in order to ensure that it does not violate E.U. law. This move is in accordance with objections to decreasing online privacy raised in other foreign nations where surveillance is more heavily scrutinized. Canada and Germany have both held investigations into the legality of both Facebook, against respective privacy acts, in 2010. The new privacy policy only heightens unresolved concerns regarding user privacy. An additional feature of concern to the new Google privacy policy is the nature of the policy. One must accept the policy or delete existing Google accounts. Customizing the privacy settings of a social network is a key tactic that many feel is necessary for social networking sites. Additionally, some fear the sharing of data amongst Google services could lead to revelations of identities. Many using pseudonyms are concerned about this possibility, and defend the role of pseudonyms in literature and history. Some solutions to being able to protect user privacy on the Internet can include programs such as "Rapleaf" which is a website that has a search engine that allows users to make all of one's search information and personal information private. Other websites that also give this option to their users are Facebook and
Amazon.
Privacy-focused search engines/browsers Search engines such as
Startpage.com,
Disconnect.me and
Scroogle (defunct since 2012) anonymize Google searches. The following are some of the more notable privacy-focused search engines: ;
Brave: A free software that reports to be a privacy-first website browsing service, blocking online trackers and ads, and not tracking users' browsing data. ;
DuckDuckGo: A meta-search engine that combines the search results from various search engines (excluding Google) and provides some unique services like using search boxes on various websites and providing instant answers out of the box. ;
Qwant: An EU-based web-search engine that is focusing on privacy. It has its own index and has servers hosted in the European Union. ;
Searx (Discontinued since September 7, 2023 and replaced by
SearXNG): A free and open-source privacy-oriented meta-search engine which is based on a number of decentralized instances. There are a number of existing public instances, but any user can create their own if they desire.
SearXNG free and open-source internet metasearch engine which aggregates results from up to 243 search services. Users are neither tracked nor profiled. Additionally, it can be used over Tor for online anonymity. ;
Fireball: Germany's first search engine that obtains web results from various sources (mainly
Bing). Fireball is not collecting any user information. All servers are stationed in Germany, a plus considering the German legislation tends to respect privacy rights better than many other European countries. ;
MetaGer: A meta-search engine (obtains results from various sources) and in Germany by far the most popular safe search engine. MetaGer uses similar safety features as Fireball. ;
Ixquick: A Dutch-based meta-search engine (obtains results from various sources). It commits also to the protection of the privacy of its users. Ixquick uses similar safety features as Fireball. ;
Yacy: A decentralized search engine developed on the basis of a community project, which started in 2005. The search engine follows a slightly different approach to the two previous ones, using a peer-to-peer principle that does not require any stationary and centralized servers. This has its disadvantages but also the simple advantage of greater privacy when surfing due to basically no possibility of hacking. ;Search Encrypt: An Internet
search engine that prioritizes maintaining user privacy and avoiding the
filter bubble of personalized search results. It differentiates itself from other search engines by using local
encryption on searches and delayed history expiration. ;
Tor Browser: A free software that provides access to an anonymized network that enables anonymous communication. It directs the Internet traffic through multiple relays. This encryption method prevents others from tracking a certain user, thus allowing the user's IP address and other personal information to be concealed.
Privacy issues of social networking sites The advent of the
Web 2.0 has caused social profiling and is a growing concern for Internet privacy. Web 2.0 is the system that facilitates participatory information sharing and collaboration on the Internet, in
social networking media websites like
Facebook,
Instagram,
X (formerly Twitter), and
MySpace. These social networking sites have seen a boom in their popularity starting from the late 2000s. Through these websites, many people are giving their personal information out on the Internet. Accountability for the collection and distribution of personal information has been a subject of ongoing discussion. Social networks have been held responsible for storing the
information and data, while users who provide their information on these sites are also seen as liable by some. This relates to the ever-present issue of how society regards social media sites. An increasing number of individuals are becoming aware of the potential risks associated with sharing personal information online and placing trust in websites to maintain privacy. In a 2012 study, researchers found that young people are taking measures to keep their posted information on Facebook private to some degree. Examples of such actions include managing their privacy settings so that certain content can be visible to "Only Friends" and ignoring Facebook friend requests from strangers. In 2013 a class action lawsuit was filed against Facebook alleging the company scanned user messages for web links, translating them to “likes” on the user's Facebook profile. Data lifted from the private messages was then used for
targeted advertising, the plaintiffs claimed. ''"Facebook's practice of scanning the content of these messages violates the federal
Electronic Communications Privacy Act (ECPA also referred to as the Wiretap Act), as well as California's Invasion of Privacy Act (CIPA), and section 17200 of California's Business and Professions Code,''" the plaintiffs said. This shows that once information is online it is no longer completely private. It is an increasing risk because younger people have easier Internet access than ever before, therefore they put themselves in a position where it is all too easy for them to upload information, but they may not have the caution to consider how difficult it can be to take that information down once it has been out in the open. This is becoming a bigger issue now that so much of society interacts online which was not the case fifteen years ago. In addition, because of the quickly evolving digital media arena, people's interpretation of privacy is evolving as well, and it is important to consider that when interacting online. New forms of social networking and digital media such as
Instagram and
Snapchat may call for new guidelines regarding privacy. What makes this difficult is the wide range of opinions surrounding the topic, so it is left mainly up to individual judgment to respect other people's online privacy in some circumstances.
Privacy issues of medical applications With the rise of technology-focused applications, there has been a rise of medical apps available to users on smart devices. In a survey of 29 migraine-management-specific applications, researcher Mia T. Minen (et al.) discovered 76% had clear privacy policies, with 55% of the apps stated using the user data from these giving data to third parties for the use of advertising. The concerns raised discusses the applications without accessible privacy policies, and even more so - applications that are not properly adhering to the
Health Insurance Portability and Accountability Act (HIPAA) are in need of proper regulation, as these apps store medical data with identifiable information on a user.
Internet service providers Internet users obtain Internet access through an
Internet service provider (ISP). All data transmitted to and from users must pass through the ISP. Thus, an ISP has the potential to observe users' activities on the Internet. ISPs can breach personal information such as transaction history, search history, and social media profiles of users. Hackers could use this opportunity to hack ISPs and obtain sensitive information of victims. However, ISPs are usually prohibited from participating in such activities due to legal, ethical, business, or technical reasons. Normally ISPs do collect at least
some information about the consumers using their services. From a privacy standpoint, ISPs would ideally collect only as much information as they require in order to provide Internet connectivity (IP address, billing information if applicable, etc.). Which information an ISP collects, what it does with that information, and whether it informs its consumers, pose significant privacy issues. Beyond the usage of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. In the US and other countries, such a request does not necessarily require a warrant. An ISP cannot know the contents of properly encrypted data passing between its consumers and the Internet.
HTTPS has become the most popular and most supported standard for encrypting
web traffic. Even if the data is encrypted, the ISP still knows the
IP addresses of the sender and the recipient. An
anonymizer such as
I2P – The Anonymous Network or
Tor can be used for accessing web services without them knowing one's IP address and without one's ISP knowing what the services are that one accesses. Additional software has been developed that may provide more secure and anonymous alternatives to other applications. For example,
Bitmessage can be used as an alternative for email and
Cryptocat as an alternative for online chat. On the other hand, in addition to End-to-End encryption software, there are web services such as Qlink which provide privacy through a novel security protocol which does not require installing any software. While signing up for Internet services, each computer contains a unique IP and Internet Protocol address. This particular address will not give away private or personal information, however, a weak link could potentially reveal information from one's ISP. General concerns regarding Internet user privacy have become enough of a concern for a UN agency to issue a report on the dangers of identity fraud. In 2007, the
Council of Europe held its first annual Data Protection Day on January 28, which has since evolved into the annual
Data Privacy Day.
HTML5 HTML5 is the latest version of
Hypertext Markup Language specification. HTML defines how user agents, such as web browsers, are to present websites based on their underlying code. This new web standard changes the way that users are affected by the Internet and their privacy on the Internet. HTML5 expands the number of methods given to a website to store information locally on a client as well as the amount of data that can be stored. As such, privacy risks are increased. For instance, merely erasing cookies may not be enough to remove potential tracking methods since data could be mirrored in
web storage, another means of keeping information in a user's web browser. There are so many sources of data storage that it is challenging for web browsers to present sensible privacy settings. As the power of web standards increases, so do potential misuses. HTML5 also expands access to user media, potentially granting
access to a computer's microphone or webcam, a capability previously only possible through the use of plug-ins like
Flash. It is also possible to find a user's geographical location using the
geolocation API. With this expanded access comes increased potential for abuse as well as more vectors for attackers. If a malicious site was able to gain access to a user's media, it could potentially use recordings to uncover sensitive information thought to be unexposed. However, the
World Wide Web Consortium, responsible for many web standards, feels that the increased capabilities of the web platform outweigh potential privacy concerns. They state that by documenting new capabilities in an open standardization process, rather than through closed source plug-ins made by companies, it is easier to spot flaws in specifications and cultivate expert advice. Besides elevating privacy concerns, HTML5 also adds a few tools to enhance user privacy. A mechanism is defined whereby user agents can share blacklists of domains that should not be allowed to access web storage.
Uploaded file metadata Embedded
metadata in files uploaded to the internet can divulge privacy compromising data. For example, most digital cameras and smartphones automatically embed image metadata, such as
Exif, which includes the geographical location where the photo has been taken. If the photo has been taken at the photographer's house, his address and identity could be revealed. This problem can be mitigated by removing metadata from files before uploading them to the internet using a
metadata removal tool.
Big data Big data is generally defined as the rapid accumulation and compiling of massive amounts of information that is being exchanged over digital communication systems. The volume of data is large (often exceeding
exabytes), cannot be handled by conventional computer processors, and is instead stored on large server-system databases. This information is assessed by analytic scientists using software programs, which paraphrase this information into multi-layered user trends and demographics. This information is collected from all around the Internet, such as by popular services like Facebook,
Google,
Apple,
Spotify or
GPS systems. Big data provides companies with the ability to: • Infer detailed psycho-demographic profiles of Internet users, even if they were not directly expressed or indicated by users. • Inspect product availability and optimize prices for maximum profit while clearing inventory. • Swiftly reconfigure risk portfolios in minutes and understand future opportunities to mitigate risk. •
Mine customer data for insight and create advertising strategies for customer acquisition and retention. • Identify customers who matter the most. • Create retail coupons based on a proportional scale to how much the customer has spent, to ensure a higher redemption rate. • Send tailored recommendations to mobile devices at just the right time, while customers are in the right location to take advantage of offers. • Analyze data from social media to detect new market trends and changes in demand. • Use clickstream analysis and data mining to detect fraudulent behavior. • Determine root causes of failures, issues and defects by investigating user sessions, network logs and machine sensors.
Other potential Internet privacy risks •
Cross-device tracking identifies users' activity across multiple devices. • Massive personal data extraction through mobile device apps that receive carte-blanche-permissions for data access upon installation. •
Malware is a term short for "malicious software" and is used to describe software that is used to cause damage to a single computer, server, or computer network whether that is through the use of a
virus,
trojan horse, spyware, etc. •
Spyware is a piece of software that obtains information from a user's computer without that user's consent. •
Malicious proxy server (or other "anonymity" services). • Use of
weak passwords that are short, consist of all numbers, all lowercase or all uppercase letters, or that can be easily guessed such as single words, common phrases, a person's name, a pet's name, the name of a place, an address, a phone number, a social security number, or a birth date. • Use of recycled passwords or the same password across multiple platforms which have become exposed from a data breach. • Using the same login name and/or password for multiple accounts where one compromised account leads to other accounts being compromised. • Allowing unused or little-used accounts, where unauthorized use is likely to go unnoticed, to remain active. • Using out-of-date software that may contain vulnerabilities that have been fixed in newer, more up-to-date versions.
Reduction of risks to Internet privacy Journalists have reported that the Internet's biggest corporations have hoarded Internet users' personal data to use it and sell it for large financial profits at the users' expense. Academics have called this practice informational exploitation.
Private mobile messaging The magazine reports on a band of startup companies that are demanding privacy and aiming to overhaul the social media business. Popular privacy-focused mobile messaging apps include
Wickr,
Wire, and
Signal, which provide
peer-to-peer encryption and give the user the capacity to control what message information is retained on the other end.
Web tracking prevention Protection through information overflow According to Nicklas Lundblad, another perspective on privacy protection is the assumption that the quickly growing amount of information produced will be beneficial. The reasons for this are that the costs for the surveillance will rise and that there is more noise, noise being understood as anything that interferes with the process of a receiver trying to extract private data from a sender. In this noise society, the collective expectation of privacy will increase, but the individual expectation of privacy will decrease. In other words, not everyone can be analyzed in detail, but one individual can be. Also, in order to stay unobserved, it can hence be better to blend in with the others than trying to use for example encryption technologies and similar methods. Technologies for this can be called Jante-technologies after the
Law of Jante, which states that you are nobody special. This view offers new challenges and perspectives for the privacy discussion. ==Public views==