Technical methods

These methods are based predominantly on a form of physical tracking using algorithms or a program designed specifically to monitor privacy.

4.3.1.1 Cookies

Cookies can be a useful tool. A server logs the IP address or name of a user’s machine. In such a case, there is insufficient information being logged to trace the request back to a specific person. Individual server logs also do not provide sufficient information to trace the user’s path through the web. At most the site can look back one step only. Browser cookies change this so that the users can be tagged and their web surfing sessions monitored. Not only can they track movements, but they can also be used to identify a person when they return to a web site so that they do not have to remember a password. The final useful advantage of a cookie is that it can help web sites understand how people use

them [CRAN 00] [PFLE 97] [SCHN 00]. Used properly, cookies can actually protect an individual's privacy by storing personal information locally on the hard disk, rather than on a remote server. However, used improperly, cookies can threaten privacy. As cookies are generated by the web server, not by the browser, a cookie cannot hold any information that the individual has not voluntarily given to the remote site. For example, a cookie cannot hold a person's e-mail address unless that person gave the address to the remote site at some point. So what is the problem?

The downside of cookies is that they are often used to profile users and track their activities, especially across web sites. The diagram below depicts the possible privacy implications of enabling cookie use on a web browser.

Read cookie

Amazon.com Double Click obtains your

name and address from the ordering of the book and links them to your search on medical information

Double Click ad Set cookie

Search for medical information

Buy book

Yahoo.com Double Click ad

Figure 4.3 The problem with a cookie

Referring to the previous DoubleClick example, the above diagram will be explained with specific reference to the use of cookies [CRAN 00] [SCHN 00].

Web sites join DoubleClick for a fee and they enter their advertising banners into a pool of ads maintained at the DoubleClick web site. They then add an <IMG>

tag to their HTML pages that points to a URL on DoubleClicks' server. When a user browses a site and sees this tag, DoubleClicks' server is contacted to retrieve the graphic. DoubleClick then hands the browser a cookie containing a randomly generated customer ID. From then on, every time that person contacts a site that carries one of the advertisements, the browser will return that person's customer ID to DoubleClick, along with the URL of the page he or she is accessing in the referrer field. This allows them to record each of the member sites visited. Over time they can compile an accurate profile of which member sites the person visited and then use this information to tune the advertisements it displays [STEI 98]. The downside is that if the person enters private information that can identify him or her, the server can log this information and trace that person's movements.

Figure 4.3 above illustrates the need for an ethical awareness of the right to privacy of information within the information security field, with specific reference to cookies.

4.3.1.2 Web bugs

They are tiny graphic images that are hidden on a web site, in e-mail messages, Microsoft Word documents, Excel spreadsheets and PowerPoint documents or any other HTML-based word processing application. Web bugs are used mostly by advertising companies to track and monitor web site visitors that are identified by their IP addresses. They can be used in conjunction with cookies to profile Internet surfers. Richard M. Smith, a privacy advocate, has defined a web bug as a graphic on a web page or in an e-mail message that is designed to monitor who is reading the web page or e-mail message. Web bugs are often invisible as they are 1 x 1 pixel in size [RICH 02]. Web bugs can be found by looking at the HTML coding in that they are represented by HTML IMG tags. The following example was recently found on Quicken’s home page:

<img src = http://ad.doubleclick.net/at/pixel.quicken/NEW

width=1 height=1 border=0><IMG WIDTH=1 HEIGHT=1 border=0SRC=http://media.preferences.com/ping?

ML_SD=intuitTE_intuit_1x1RunOfSite_Any&db_afcr=4B31-C2FB-10E2C&event=reghome&group=register&time=1999.10.27.56.37>

These two web bugs were placed on the home page by Quicken to provide hit information about visitors to DoubleClick and MatchLogic. Ultimately the information that is sent to the server when a web bug is viewed is the IP address of the computer that fetched the web bug, the URL of the page on which the bug is located, the URL of the web bug image and the time that the web bug was viewed. Other information includes the type of browser that fetched the web bug image and details of any cookie information linked with this.

In order to identify a web bug, the source code must be viewed and a thorough search for IMG tags done [CRAN 00]. A web bug will have its height and width parameters in the IMG tag set to 1 and ultimately the image will be loaded from a different server from the rest of the web page.

Web bugs infringe the privacy rights of a person or an organisation in that they are relatively invisible and are embedded in web pages and other documents.

The infringement occurs in that this information can be linked to the person or organisation or even their e-mail address and disclosed without their consent.

4.3.1.3 Referrer logs

Much of the information that is recorded during a web browsing session ends up in the log files of the remote servers. Interesting server log information is found in the referrer field [STEI 98]. Many servers record this information in a separate log file or referrer log. The following example will be used to illustrate the use of a referrer log:

Suppose a user is viewing the hypothetical page located at URL http://www.xyz.com/animals.html. This page consists of numerous links to other pages, such as URL http://www.capricorn.org/zebras.html. When the user selects this link to jump to the zebras page, the sever at Capricorn logs the following information:

user1.abc.com http://www.xyz.com/animals.html -> /zebras.html

This indicates that the user from a computer located at user1.abc.com requested the document /zebras.html. via a link located at http://www.xyz.com/animals.html.

Browsers log this information when a user selects a link, an image or an applet on a site. These URLs are sent in the referrer header to the next host [CRAN 00].

The advantage of using referrer logs is that web site administrators can immediately see where the links are coming from and if there is any cause for concern. They can immediately tell if a link is from another web site, with a suspicious or perhaps malicious site name.

The disadvantage of referrer logs can best be illustrated with the following example [STEI 98]. A user browses a merchant’s web site and places an order.

She enters her credit card number into the fill-out form and submits it after examining the web page and confirming that its contents were protected by SSL.

The user receives confirmation of her order, which happens to contain an advertisement. She clicks this advertisement and is linked to another site. The following shows up in the referrer logs of the new site:

Pressrm.dp.com

http://www.merchant.com/cgi-bin/order?name=Colette+Trompeter&address=Johannesburg&item=came ra&quantity=1&credit+card=1123258915691256&-> /index.html

This information reveals much of her private information that was destined for another web site. She has no idea that this private property of hers has been revealed to another site unintentionally. The most disconcerting factor is that there is no guarantee that this site will promise to secure the credit card information from prying eyes and malicious intent.

4.3.1.4 Identity theft

Identity theft is another area of concern and it involves the abuse of the physical identity of the individual or even the organisation. Often hackers or attackers tend to monitor victims and eventually steal their name and identifying

information, such as an identity number [SCHN 00]. This information is then used to steal from merchants in the victim’s name. The actual theft of goods and the theft of the identification are not considered an invasion of privacy. However, the fact that the victims have been monitored and have had key identifying

information about themselves accessed means that their privacy has been invaded.

ID # Name

charged to John Doe

Web site 2: against John Doe with a credit bureau This area invades the

individual’s privacy

Figure 4.4 Identity theft

Figure 4.4 shows how easily organisations can reveal information that can be used against their customers. An identity should be kept secret and hidden from prying eyes that may use this information for illegal purposes.