Internet privacy |
Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. Many people use the term to mean universal Internet privacy: every user of the Internet possessing Internet privacy.
Internet privacy forms a subset of data privacy. Experts in the field of Internet privacy have a general consensus that Internet privacy does not really exist. Privacy advocates believe that it should exist.
=Scope of this article=
This article discusses Internet privacy. Readers should understand the general topics of privacy and personally-identifiable information.
This article does not directly address the related topics of anonymity or pseudonymity; nor the separate topics of security or information security.
=Levels of privacy=
People with only a casual interest in Internet privacy need not achieve total anonymity. Regular Internet users with an eye to privacy may succeed in achieving a desirable level of privacy through careful disclosure of personal information and by avoiding Spyware. The revelation of IP addresses, non-personally-identifiable profiling, and so on might become acceptable trade-offs for the convenience that such users would otherwise lose in using the workarounds needed to suppress such details rigorously.
On the other hand, some people desire much stronger privacy. In that case, they may use Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user.
=Risks to Internet privacy=
Those concerned about Internet privacy often cite a number of privacy risks— events that can compromise privacy — which one may encounter through Internet use. Unfortunately, given the complexity of Internet privacy, many people do not understand the issues. Therefore this section covers not only real privacy risks, but also risks perceived as overemphasized.
==Cookies==
: See main article, HTTP cookie
HTTP cookies have become perhaps the most widely-recognized privacy risk, receiving a great deal of attention. Although HTML-writers most commonly use cookies for legitimate, desirable purposes, cases of abuse can and do occur.
A HTTP cookie consists of a piece of information stored on a user s computer to add statefulness to World Wide Web-browsing. Systems do not generally make the user explicitly aware of the storing of a cookie. (Although some users object to that, it does not properly relate to Internet privacy, although it does have implications for computer privacy, and specifically for computer forensics).
The original developers of cookies intended that only by the website that originally sent them would retrieve them, therefore giving back only data already possessed by the website. However, in actual practice programmers can circumvent this intended restriction. Possible consequences include:
Many users choose to disable cookies in their web browsers. This eliminates the potential privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this ability built-in; no external program is required. An alternative is to frequently delete any present cookies. Some browsers (for example, device. This prevents all browsing information from being stored on the resident computer as the information is removed when the USB flash memory device is removed from the computer.
==Browsing profiles==
Profiling (also known as tracking ) is a process whereby several events, each attributable to a single originating entity, are assembled and analysed in order to gain information, especially patterns of activity, about the originating entity. On the Internet, certain organizations employ profiling of people s web browsing, collecting the URLs of sites visited. The resulting profiles may or may not link with information that personally identifies the people who did the browsing.
This practice is legitimately used, for example, by some web marketing organizations in order to create profiles of typical Internet users . Such profiles, which describe average trends of large groups of Internet users rather than actual individuals, can then be used for market analysis. Although the aggregate data is not a privacy violation, some people believe that the initial profiling is.
Profiling becomes a more contentious privacy issue, on the other hand, when data-matching associates the profile of an individual with personally-identifiable information of the individual.
Governments and organizations may set up honeypot websites - featuring controversial topics - with the purpose of attracting and tracking unwary people. This consitiutes a potential danger for individuals.
==IP addresses==
: See main article IP address
Every device on the Internet (including each online computer) has an IP address, an identifying number used to route data. This number is assigned by the device s Internet Service Provider (ISP), and may be semi-permanent (for example, assigned for the duration of an account) or temporary (many dial-up connections, for example, get assigned new IP addresses each time they connect).
Every packet (piece of data) moving through the Internet is tagged with the IP addresses of its source and of its intended destination. The proper working of the Internet depends on such routing information. Consequently, any direct connection between two devices on the Internet (such as when a personal computer reads a website) reveals both IP addresses to both parties.
An IP address sometimes becomes a personally-identifiable datum, and therefore potentially subject to privacy concerns. An IP address identifies its user s ISP, and often identifies its user s (or the ISP s) nation, region/province/state, and sometimes even city. The amount of information that may be found from an IP address is determined by the ISP s policies. See also: DNS, Whois.
Any web site can track the movements of users through its pages by their IP addresses. This can serve for profiling within a single site.
An IP address is the minimum amount of information needed to attack a computer over the Internet.
People seeking Internet anonymity are usually interested in hiding their IP address from third parties. The only way to do this (without loss of Internet use) is to connect through one or more anonymous proxy. An anonymous proxy is a special Internet server that connects to remote hosts (a web site, for example) on behalf of the user. The remote host communicates with the proxy, and receives the proxy s IP address rather than the real user s. The proxy, however, knows the IP address of the user, and sees all data passing between the user and the website; therefore the anonymous proxy has the opportunity for abuse of the user s privacy, whether intentional or accidental. Onion routing is one method intended to address this problem; it is used in such systems as Tor, I2P and Freenet.
==Photos on the Internet==
Today many people have digital cameras and post their photos online. The people in these photos might not want to have them appear on the Internet.
Some organizations attempt to be considerate of this privacy concern. For example. the recent Wikimania conference required that photographers have the prior permission of the people in their pictures. Some people wore a no photos tag to indicate they would prefer not to have their photo taken.
==ISPs==
Consumers obtain Internet access through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer s ISP. Since this is the case, any ISP is capable of observing anything and everything about the consumer s (unencrypted) Internet activities; however, ISPs presumably do not do this, at least fully, due to legal, ethical, business, and technical cosiderations.
ISPs do, however, collect at least some information about the consumers using their services. From a privacy standpoint, the ideal ISP would collect only as much information as is needed for the ISP to provide Internet connectivity (ie, IP address, billing information if applicable, etc). It is commonly believed that most ISPs collect additional information, such as aggregate browsing habits or even personally-identifiable Uniform Resource Locator histories.
What information an ISP collects, what it does with that information, and whether it informs its consumers, are significant privacy issues. Beyond usages of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. Often, such a request need not involve a warrant.
An ISP cannot know the contents of properly-encrypted data passing between its consumers and the Internet. For encrypting World Wide Web traffic, https is the most popular and best-supported standard. However, it is important to note that even if the data is encrypted the ISP still knows the IP addresses of the sender and recipient. (However, see the #IP addresses section for workarounds.)
==Other potential Internet privacy risks==
=Anonymous Internet usage=
: See main article, Internet anonymity
For anonymous browsing of websites, see anonymous proxy. For anonymous email, see anonymous remailer.
= See also=
= External links=
==World Wide Web links==
===Advocacy groups===
===Free services===
===Commercial services===
===Resources and information===
==Freenet links==
|
|