27. Total Information Awareness
Post 9/11 project to:
[Create] enormous computer databases to gather and store
the personal information in the United States, including
personal emails, social network analysis, credit card records,
phone calls, medical records, and numerous other sources,
without any requirement for a search warrant. Additionally,
the program included funding for a biometric surveillance
technologies that could identify and track individuals using
surveillance cameras and other methods.
28. Television & Privacy
1992 brought the launch of Reality Television where
everyone’s lives became public consumption
This brought about shows about people:
Living together in homes and islands
Families struggling with personal issues
Celebrities private issues made public
People showing off their stupidity to win money and fame
In short, Reality TV took the privacy discussion to a new
level
33. Private Info Monetized
Acxiom – 750 billion pieces of information or 1,500 facts on ½
billion people
Correlate “consumer” info from signups, surveys, magazine
subscriptions
USD 1. 38 billion turnover for FY2008
Colligent – Actionable consumer research derived from social
networks
Rapleaf – 450 million social network profiles
Submit request and aggregated social network profiles returned
within a day
Phorm
Uses “behavioral keywords” – keywords derived from a combination
of search terms, URLs and even contextual page analysis over time –
to find the right users
36. Taxonomy – Web Request
A single web request
An image on a website
One webpage is made up of
multiple requests
What They Can Find Out
Web
Location (Latitude, Longitude, Request
City, Country)
Language
Operating System & Browser
What site you came from
ISP
Have you been here before?
37. Taxonomy – Cross Site Tracking
Using cookies to track
across computers and
affiliated sites
Cookie is stored on your
computer and sent with
every request Cross Site Tracking
Cookies usually associated
with login details
What They Can Find Out
Who you are
What sites you visit
Behavioral profiles
38. Taxonomy – Rich Browser Environments
Rich Web 2.0 Technologies
JavaScript/AJAX
Flash/Silverlight
What They Can Find Out
Browser history Rich Browser
Clipboard data Environments
Key presses
Visual stimulus
Browser plugins
Desktop display
preferences
40. Taxonomy – Aggregation, Correlation & Meta Data
Combining the previous levels
Meta‐Data – Include
interactions with applications
Aggregation – combining the
information from various
sources
Correlation – normalizing Aggregation,
entities across sources Correlation &
Provides information you may Meta‐Data
not be aware of
What they can find out
Social networks
Behavioral profiles
Psychological profiles
Deep databases
42. By ISPs
ISPs always know your IP address and the IP address to
which you are communicating
ISPs are capable of observing unencrypted data passing
between you and the Internet but not properly‐
encrypted data
They are usually prevented to do so due to social
pressure and law
47. How Do We Know ‐ AOL
Aug 7, 06 ‐ AOL apologized for releasing search log data
on subscribers that had been intended for use with the
company's newly launched research site.
Almost two weeks before that, AOL had quietly released
roughly twenty million search record from 658,000 users
on their new AOL Research site.
The data includes a number assigned to the anonymous
user, the search term, the date and time of the search,
and the website(s) visited as a result of the search.
NY Times was able to identify several users by cross‐
referencing with phonebooks/public records
48. How Do We Know – Department of Justice
Jan 06, the US Dept of Justice issued a subpoena asking
popular search engines to provide a "random sampling"
of 1 million IP addresses that used the search engine, and
a random sampling of 1 million search queries submitted
over a one‐week period.
The government wanted the information to defend a
child pornography law.
Microsoft, Yahoo and AOL complied with the request,
while Google fought the subpoena.
50. By Indirect Marketing
Web bugs ‐ a graphic (in a website or a graphic enabled
email) that can confirm when the message or web page
is viewed and record the IP address of the viewer
Third party cookies ‐ a web page may contain images or
other components stored on servers in other domains.
Cookies that are set during retrieval of these
components are called third‐party cookies.
51. What Are Cookies?
Cookies are data packets sent by a server to a web client
and then sent back unchanged by the client each time it
accesses that server
Cookies are used for authenticating, session tracking and
maintaining specific information about users, such as site
preferences or the contents of their electronic shopping
carts
Cookies are only data, not programs or viruses
There are two types of cookies ‐ persistent and non‐
persistent
57. By Cybercrime
Spyware takes advantage of security holes to attack the
browser and force it to be downloaded and installed to
gather information without your knowledge
Phishing occurs when criminals lure the victim into
providing financial data to an unsecure website
Pharming occurs when criminals plant programs in the
victim's computer which redirect the victim from
legitimate websites to scam look‐alike sites