Internet PrivacyJoin now to read essay Internet PrivacyPrivacy and the InternetThe Internet provides a wealth of sources for information, products, and services of all types, making it a convenient place for consumers to research topics and make purchases. Although Internet users know that some personal data will be required to make a purchase, they are often unaware of the personal data that can be collected without their knowledge by simply visiting a Web page or reading e-mail. This paper addresses some of the ways unauthorized personal information has been and is being collected and steps that can be taken to prevent or avoid this collection.
To make an online purchase, an Internet user must provide a certain amount of personal information to the vendor. This information usually includes the users name, address, telephone number, e-mail address, and credit card data. There have been many reported cases of security failures at online vendors of products and services. Because of this publicity, most Internet users are aware that there is a potential for the information they provide to be exposed to the world whether by human error, careless security practices by a vendor, or a successful attack by a hacker. However, most users are not aware of the amount of personal information that can be collected without their consent when they do such ordinary things as visiting a Web page, opening a document, or reading an e-mail message.
How can personal information be collected without the users knowledge? Information about an Internet user can be collected in many ways, including the underlying protocol of the Web, cookies? banner advertisements,” Web bugs”, and hi-tech “toys”. A user may also provide information to an online vendor to reduce annoyances. Almost every user has seen a popup ad for the X10 wireless video cameras and some of the ads are almost full-screen in size. The X10 company is aware that people can become annoyed when the same popup ad keeps appearing. Some of the ads have a “Click here to disable this ad” button that takes the user to an X10 page and promises not to show the ad again for 30 days. (X10 popup, October 2001.) This requires that a cookie? (a small text file recognized by a Web server) be installed on the users computer. A small piece of information has been collected about the user: this computer has seen an X10 ad because the usual link to the popup inhibitor page is via an ad for some X10 product. The X10 site also knows the IP address, operating system, and browser version of that computer. If a user visits the popup inhibitor page directly by using the URL in the bibliography, the same information will be collected. This is covert data collection because the user did not intend to give information but simply wanted to suppress an annoyance.
How does a server know so much about a user’s computer? The protocol of the Web requires that a certain amount of information be exchanged between a users Web browser and the Web server with which it is communicating. The server needs to know the type and version of the browser because different versions have different capabilities, such as support for Java or on-line forms. The Web server knows the page from which the user came and the page to which the user goes because that information is part of the environment shared by the Web server and the users Web browser. This information is intended to provide the Web site with? How did they find us? Where did they leave us?
The Web is an inherently stateless environment, with no record of previous interactions between a Web server and a Web browser. The connection between Web browser and Web server is repeatedly made and dropped as items of data are transferred. This requires that some method be used to track the status of Web browsers interactions with a Web server. This was the initial purpose of cookies.
Cookies are created by Web browser commands sent from a Web server. The browser responds to the command by creating a text file containing one or more NAME=VALUE pairs. A typical command would be in the format:
Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secureThe only required attribute is the initial NAME=VALUE which identifies the cookie. The attribute expires=DATE defines the lifetime of the cookie. In the case of the X10 ad disabler, the date would be expected to be 30 days from the date the user visited the ad disabler page. The PATH attribute specifies a subset of URLs in the domain that set the cookie. A value of “/foo” matches “/foobar” and “/foo/bar.html.” The default is “/” which gives access from any location on the server. The default DOMAIN_NAME is the name of the host that originated the cookie. Cookies can only be retrieved by a server