COAP:Privacy: Difference between revisions

The educational technology and digital learning wiki
Jump to navigation Jump to search
 
(154 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Introduction ==
== Introduction ==


This page includes the program and the resources for the module on privacy  
This page includes the program and the resources for a two lesson module on '''digital (or Internet) privacy'''.


== Day one ==
Massive use of ICT in business and private life has led to [http://en.wikipedia.org/wiki/Personally_identifiable_information personally identifiable information] ('''PII'''), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of [[social software]] and in particular [[social networking]] applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.


=== Let's see how you are tracked ===
Program
* Lesson 1 - This page
* Lesson 2 - [[COAP:Privacy - part 2]]


Install the Lightbeam and Ghostery extensions according to instructions
== A look at tracking ==


* [https://www.mozilla.org/en-US/lightbeam/ Lightbeam]. Will tell you who is spying on you. When you start it, it will track and visualize all websites that interact with your page and your browser.
=== Let's see how you are tracked on the web ===


* [http://www.ghostery.com/ Ghostery] is a browser plugin that {{quotation|sees the invisible web - tags, web bugs, pixels and beacons. Ghostery tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.}}
For starters, let's look at the [http://analyze.privacy.net/ simple footprint] of your browser.


See what Google knows about you:
Two  interesting extensions for the Firefox web browser allow understanding some of the tracking
 
# Launch the Firefox web browser (recent version required !)
# Install the Lightbeam and Ghostery navigator extensions by clicking on the links below
#* [https://www.mozilla.org/en-US/lightbeam/ Lightbeam] is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.
#* [https://addons.mozilla.org/en-US/firefox/addon/ghostery/ Ghostery] ([http://www.ghostery.com/ home page]) is another Firefox/Chrome browser plugin that sees the invisible web - tags, web bugs, pixels and beacons. [https://extension.ghostery.com/intro Introduction] (tutorial)
# Then interact with two tools, (use the icons top right)
## Go to your facebook page
## Search something in google
## Open http://www.webster.ch
 
Notice: Such web browser plugins cannot track every tracking ! E.g. they will not show in which ways you are tracked on a facebook page.
 
=== What do search engines know about you ? ===
 
If you do have a Google account (Gmail), see what Google knows about you and how you set your privacy settings:
* https://myaccount.google.com/
Have a look at:
* [https://www.google.com/settings/u/0/ads?hl=en Ads settings]
* [https://www.google.com/settings/u/0/ads?hl=en Ads settings]
* [https://history.google.com/ History of your search]
Engines like ''google web analytics'' do not provide individual data to customers since it is (a) not needed for advertising and (b) not allowed in some countries. However, one still can know quite a lot about a cohort of users
* https://analytics.google.com/
** Audience -> User explorer
=== What does your teacher know about you ? ===
Worldclassroom demo:
* People -> Select a person -> Access report or Analytics
=== Other forms of tracking ===
'''Email tracking''' (less known)
* An email may include customized pictures or just a little pixel image that will uniquely identify you. E.g. employers can know whether you did open an email (not very harmful) or forwarded and email (harmful)
* [https://en.wikipedia.org/wiki/Email_tracking#Opt-out E-mail tracing] (Wikipedia article)
'''Data can be aggregated from various resources and then sold'''
Such information must be paid, freely available information is not very interesting.
* In Europe, most services (e.g. [http://www.123peoplesearch.com/ 123people] or [https://www.intelius.com/ Intelius], [https://www.spokeo.com/ Spokeo]) are now disabled. However, online private investigation services do exist.
* Few people aggregation services like the following ones offer some data: [https://pipl.com/ Pipl.com], (international),  (USA only)
=== Predictive modeling ===
* Statistical "big data" models allow inferring things about you.
Try this! Predicting personality traits and behavior from text and Facebook 'likes'
* https://applymagicsauce.com/demo
** If your are a Facebook and or Twitter user, try ! (Notice: As of Summer 2018, the FaceBook component is down, as of Sept. 2018 the Twitter interface did work).
Facebook "likes" allow inferring political orientation, sexual preferences and more. Also read [https://sites.google.com/michalkosinski.com/mypersonality Michal Kosinski]'s ending notes about the related [https://sites.google.com/michalkosinski.com/mypersonality mypersonality.org] project. Basically, both documents show that Kosinki et al. are ahead of [https://en.wikipedia.org/wiki/Cambridge_Analytica Cambridge Analytica] and its most well known data scientist, [https://en.wikipedia.org/wiki/Aleksandr_Kogan Alksandr Kogan]. They were warning about various dangers to privacy well before the "[https://en.wikipedia.org/wiki/Cambridge_Analytica Facebook" Scandal] in spring 2018.
== What do you know about the legal aspects of privacy issues ? ==
Most people don't seem to informed about the situation. See for yourself:
==== Santa Clara University quiz ====
* Hoofnagle, Chris Jay, King, Jennifer, Li, Su and Turow, Joseph, "How Different are Young Adults from Older Adults when It Comes to Information Privacy Attitudes and Policies?" (April 14, 2010).  Available at SSRN: http://ssrn.com/abstract=1589864 or http://dx.doi.org/10.2139/ssrn.1589864
* [http://www.scu.edu/ethics-center/privacy/quiz/ Santa Clara University] (web page with the quiz)


=== Quiz on privacy ===
; Online Privacy Questions concerning US law (Hoofnagle et al., 2014, p. 17)
* Santa Clara University
:1. If a website has a privacy policy, it means that the site cannot share information about you with other companies, unless you give the website your permission.
:: True / False
:2. If a website has a privacy policy, it means that the site cannot give your address and purchase history to the government
:: True / False
:3. If a website has a privacy policy, it means that the website must delete information it has about you, such as name and address, if you request them to do so.
:: True / False
: 4. If a website violates its privacy policy, it means that you have the right to sue the website for violating it.
:: True / False
: 5. If a company wants to follow your internet use across multiple sites on the internet, it must first obtain your permission.
:: True / False
 
; Offline Privacy Questions
: 6. When you subscribe to a newspaper or magazine by mail or phone, the publisher is not allowed to sell your address and phone number to other companies without your permission.
:: True / False
: 7. When you order a pizza by phone for home delivery, the pizza company is not allowed to sell your address and phone number to other companies without your permission.
:: True / False
: 8. When you enter a sweepstakes contest, the sweepstakes company is not allowed to sell your address or phone number to other companies without your permission.
:: True / False
: 9. When you give your phone number to a store cashier, the store is not allowed to sell your address or phone number to other companies without your permission.
:: True / False
 
=== Other privacy quizzes ===
 
Each student should take one and write down 1-2 surprising things.
 
* [https://www.priv.gc.ca/youth-jeunes/quiz/index_e.asp Privacy 001]. From the canadian government, to sensitize people about the use of social sharing and networking sites.
* [http://privacyquiz.aclu.org/ ACLU privacy quiz] from the American Civil Liberties Union
** see also their files on [https://www.aclu.org/issues/privacy-technology/internet-privacy Internet Privacy]
* [https://blog.avast.com/2014/01/27/what-is-your-privacy-iq-take-our-quiz-and-find-out-2/ Privacy IQ] (from Awast)
* [http://www.proprofs.com/quiz-school/story.php?title=consumer-online-privacy-quiz Consumer online privacy quiz] (California)
* [http://www.proprofs.com/quiz-school/story.php?title=facebook-privacy-lets-see-what-you-know Facebook privacy]


=== Presentation of 1 or 2 cases ===
=== Presentation of 1 or 2 cases ===
* ... to do
 
* [http://www.scu.edu/ethics-center/privacy/case/ Girls around me] (Santa Clara Univ.)
* [http://www.cnet.com/news/how-hp-bugged-e-mail/?page=2 Commercial online service was used to track e-mail sent to a reporter in Hewlett-Packard's leak probe]


=== Discussion ===
=== Discussion ===
Line 26: Line 118:
* Why does privacy matter ?
* Why does privacy matter ?


=== Regulations ===
== Regulations ==
* [http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm OECD recommendations] - (summarized [[Data_protection_and_privacy_rules_for_research#OECD_Recommendations_for_protection_of_personal_data|here]])
 
'''Major data projection laws in Switzerland, The UK, the EU and the US'''
 
* [http://www.admin.ch/ch/e/rs/2/235.1.en.pdf Federal Act on Data Protection], cornerstone of the [http://www.edoeb.admin.ch/org/00129/index.html?lang=en Swiss legal framework.]
 
* EU [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC Regulation (EU) 2016/679] and [http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0089.01.ENG&toc=OJ:L:2016:119:TOC Directive (EU) 2016/680] (2016). Read the European Commission - Fact Sheet [http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm Questions and Answers - Data protection reform] (December 2015).
 
* OLD EU legislation: [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:EN:HTML Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002] and [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML Directive 95/46/EC on the processing of personal data and on the free movement of such data]
 
* [http://www.legislation.gov.uk/ukpga/1998/29/contents Data Protection Act 1998] (UK)
 
* None (USA). However there are other laws that partially address the issue, plus "case law" derived from other acts, plus local regulations.
 
'''Summaries, including information from government agencies'''
 
* [http://ec.europa.eu/justice/data-protection/index_en.htm Protection of personal data] (EU landing page for data protection)
* [https://ico.org.uk/for-organisations/guide-to-data-protection/ Guide to data protection] (UK)
* [http://en.wikipedia.org/wiki/Data_Protection_Directive EU Data Protection Directive] (Wikipedia)
 
== Protection strategies ==
 
What can a user do ?
 
'''Navigators'''
* Use "private browsing features" when searching for sensitive data
* Use ad blocking software if you want more privacy
* Erase cookies when closing the browser (you can change that in the browser settings).
* Erase/inhibit [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Flash cookies] and more recent JavaScript/HTML5 based tricks.
* Log out of Google, Yahoo etc. when you conduct search
* Customize privacy settings, e.g. in Google, examine options in http://myaccount.google.com or directly do the [https://myaccount.google.com/intro/privacycheckup privacy checkup]
* Use proxies or specialized safe browsers like [https://www.torproject.org/ Tor]
 
'''Email tracking'''
* Disable pictures


* Privacy and data projection laws in Europe, Switzerland and the EU
'''Social networks'''
* Never post sensitive data, anywhere.
* Think, before you post anything publicly (or privately).
* Remove sensitive data, then ask search engines to remove old information, e.g. using [https://www.google.com/webmasters/tools/removals?pli=1 Google's remove tool]. Changes must be made "at the source". ([http://www.cnet.com/how-to/how-to-delete-yourself-from-the-internet/ How to delete yourself from the Internet], by Seth Rosenblatt, April 2012, C|Net.
* If online data about you violates laws, you can try to act. (e.g. Google's [https://support.google.com/legal/answer/3110420?rd=1 Legal Removal Requests]). However, it will not be easy ...
* Develop your Internet strategy, i.e. plan ahead.
* Use a privacy check application.


=== Protection strategies ===
== Links ==


* What can a user do ?
'''Further (optional) Reading'''


== Day two ==
* [http://www.scu.edu/ethics-center/privacy/protecting/ How to Protect Your Online Privacy], by Irina Raicu, Santa Clara University, 2014.
* [http://www.lifehacker.com.au/2014/03/how-you-leak-your-privacy-every-day-and-how-to-stop/ How You Ruin Your Privacy Online Every Day (And How To Stop)], by Thorin Klosowski, 2014.
* [http://spectrum.ieee.org/telecom/internet/protecting-online-privacy Protecting Online Privacy], We do care about our privacy online, and we can protect it from surveillance, By Siva Vaidhyanathan, May 2011, [http://spectrum.ieee.org/static/special-report-the-social-web IEEE Spectrum special report on the battle for the future of the social Web]
* [http://www.gcflearnfree.org/internetsafety/7 Internet Safety]. Smart Social Networking and Communication Tips, GCFLearnFree.org
* [http://blog.hide-my-ip.com/a-crash-course-on-cookies-ip-mac-tp-advertisers/ A Crash-Course on Cookies, IP, MAC & TP Advertisers] by J. Leger
* [http://www.scu.edu/ethics-center/privacy/ Privacy online], Santa Clara University
* [http://en.wikipedia.org/wiki/Internet_privacy Internet Privacy] (Wikipedia)
* [https://www.privacybydesign.ca/ Privacy by Design], A Canadian-based NGO with worldwide impact.
* [http://www.epic.org/privacy/privacy_resources_faq.html Online Guide to Privacy Resources] (EPIC.org)
* [https://ico.org.uk/for-organisations/education/ Information rights video for schools] (ICO, UK)
* [https://www.openrightsgroup.org/ OpenRightsGroup], NGO, UK
* [https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-sold  Iasked Tinder for my data. It sent me 800 pages of my deepest, darkest secrets]


=== Presentations / discussion ===
; Classes
* Short presentations of readings
* You can find various MOOCs on privacy, e.g. [https://www.coursera.org/learn/digital-footprint Digital Footprint] (University of Edinburg) on Coursera
* [http://www.cyberwisecert.com/how-to-protect-your-online-privacy How to Protect Your Online Privacy] (Cyberwise) - $9


=== A common text ===
; Classes (recent past)
* Summary of issues
* [http://cyber.law.harvard.edu/privacy/ Privacy in Cyberspace] Archived class, Berkman Center for Internet & Society, Spring of 2002.
* Minimal ethical guidelines
* [http://www.cs.virginia.edu/~evans/cs551/ CS551: Security and Privacy on the Internet], University of Virginia, 2000.
* Advice for protection


== Reading list ==
[[category: courses and workshops]]
* Sources: ACM/IEEE and classes on compute ethics, e.g. [http://www.scu.edu/ethics-center/privacy/ Privacy online]
[[category: Privacy]]

Latest revision as of 11:10, 25 September 2018

Introduction

This page includes the program and the resources for a two lesson module on digital (or Internet) privacy.

Massive use of ICT in business and private life has led to personally identifiable information (PII), i.e. information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual (Wikipedia). In addition, the use of social software and in particular social networking applications like Facebook allows to draw quite extensive digital profiles of many people. This situation requires - at least in principle - that persons adopt some kind of strategy to manage this information (Jones, 2008). In addition, there should be appropriate legal frameworks to protect the citizens.

Program

A look at tracking

Let's see how you are tracked on the web

For starters, let's look at the simple footprint of your browser.

Two interesting extensions for the Firefox web browser allow understanding some of the tracking

  1. Launch the Firefox web browser (recent version required !)
  2. Install the Lightbeam and Ghostery navigator extensions by clicking on the links below
    • Lightbeam is a Firefox extension that will tell you who is spying on you. When you start it, it will track and visualize all third party websites that interact with your page and your browser.
    • Ghostery (home page) is another Firefox/Chrome browser plugin that sees the invisible web - tags, web bugs, pixels and beacons. Introduction (tutorial)
  3. Then interact with two tools, (use the icons top right)
    1. Go to your facebook page
    2. Search something in google
    3. Open http://www.webster.ch

Notice: Such web browser plugins cannot track every tracking ! E.g. they will not show in which ways you are tracked on a facebook page.

What do search engines know about you ?

If you do have a Google account (Gmail), see what Google knows about you and how you set your privacy settings:

Have a look at:

Engines like google web analytics do not provide individual data to customers since it is (a) not needed for advertising and (b) not allowed in some countries. However, one still can know quite a lot about a cohort of users

What does your teacher know about you ?

Worldclassroom demo:

  • People -> Select a person -> Access report or Analytics

Other forms of tracking

Email tracking (less known)

  • An email may include customized pictures or just a little pixel image that will uniquely identify you. E.g. employers can know whether you did open an email (not very harmful) or forwarded and email (harmful)
  • E-mail tracing (Wikipedia article)

Data can be aggregated from various resources and then sold

Such information must be paid, freely available information is not very interesting.

  • In Europe, most services (e.g. 123people or Intelius, Spokeo) are now disabled. However, online private investigation services do exist.
  • Few people aggregation services like the following ones offer some data: Pipl.com, (international), (USA only)

Predictive modeling

  • Statistical "big data" models allow inferring things about you.

Try this! Predicting personality traits and behavior from text and Facebook 'likes'

  • https://applymagicsauce.com/demo
    • If your are a Facebook and or Twitter user, try ! (Notice: As of Summer 2018, the FaceBook component is down, as of Sept. 2018 the Twitter interface did work).

Facebook "likes" allow inferring political orientation, sexual preferences and more. Also read Michal Kosinski's ending notes about the related mypersonality.org project. Basically, both documents show that Kosinki et al. are ahead of Cambridge Analytica and its most well known data scientist, Alksandr Kogan. They were warning about various dangers to privacy well before the "Facebook" Scandal in spring 2018.

What do you know about the legal aspects of privacy issues ?

Most people don't seem to informed about the situation. See for yourself:

Santa Clara University quiz

Online Privacy Questions concerning US law (Hoofnagle et al., 2014, p. 17)
1. If a website has a privacy policy, it means that the site cannot share information about you with other companies, unless you give the website your permission.
True / False
2. If a website has a privacy policy, it means that the site cannot give your address and purchase history to the government
True / False
3. If a website has a privacy policy, it means that the website must delete information it has about you, such as name and address, if you request them to do so.
True / False
4. If a website violates its privacy policy, it means that you have the right to sue the website for violating it.
True / False
5. If a company wants to follow your internet use across multiple sites on the internet, it must first obtain your permission.
True / False
Offline Privacy Questions
6. When you subscribe to a newspaper or magazine by mail or phone, the publisher is not allowed to sell your address and phone number to other companies without your permission.
True / False
7. When you order a pizza by phone for home delivery, the pizza company is not allowed to sell your address and phone number to other companies without your permission.
True / False
8. When you enter a sweepstakes contest, the sweepstakes company is not allowed to sell your address or phone number to other companies without your permission.
True / False
9. When you give your phone number to a store cashier, the store is not allowed to sell your address or phone number to other companies without your permission.
True / False

Other privacy quizzes

Each student should take one and write down 1-2 surprising things.

Presentation of 1 or 2 cases

Discussion

  • Why does privacy matter ?

Regulations

Major data projection laws in Switzerland, The UK, the EU and the US

  • None (USA). However there are other laws that partially address the issue, plus "case law" derived from other acts, plus local regulations.

Summaries, including information from government agencies

Protection strategies

What can a user do ?

Navigators

  • Use "private browsing features" when searching for sensitive data
  • Use ad blocking software if you want more privacy
  • Erase cookies when closing the browser (you can change that in the browser settings).
  • Erase/inhibit Flash cookies and more recent JavaScript/HTML5 based tricks.
  • Log out of Google, Yahoo etc. when you conduct search
  • Customize privacy settings, e.g. in Google, examine options in http://myaccount.google.com or directly do the privacy checkup
  • Use proxies or specialized safe browsers like Tor

Email tracking

  • Disable pictures

Social networks

  • Never post sensitive data, anywhere.
  • Think, before you post anything publicly (or privately).
  • Remove sensitive data, then ask search engines to remove old information, e.g. using Google's remove tool. Changes must be made "at the source". (How to delete yourself from the Internet, by Seth Rosenblatt, April 2012, C|Net.
  • If online data about you violates laws, you can try to act. (e.g. Google's Legal Removal Requests). However, it will not be easy ...
  • Develop your Internet strategy, i.e. plan ahead.
  • Use a privacy check application.

Links

Further (optional) Reading

Classes
Classes (recent past)