FIT 100

LAB 18:  Privacy in the Internet Age

Do you really have any?

 

Spring 2001

 

Optional Reading for Lab 18:

 

How information is gathered about your Internet connection:

http://www.privacy.net/analyze/analyzehow.asp

 

Introduction:

Privacy has always been a fairly complex issue, even before the advent of the Internet and the World Wide Web.  Let’s think about the issue of student information that is maintained by schools and universities.  Arguments about the legality and ethics of revealing certain student information or even how to protect that information from unauthorized access went on long before the connectivity revolution.  Now the complexity of the issues surrounding privacy increases at the same rate as the advent of new technologies.  A person no longer has to reply to a “prize letter” to reveal personal information about themselves and their buying habits.  All they need to do is visit a web site on line. 

 

Information about what and where a person searches is gathered when they visits various sites on the web, especially e-commerce sites.  The information gathered about you is most often stored in a text file known as a cookie, and it is placed on your own computer and then accessed every time you return to the web site that created it.  There are also many other ways of gathering personal information about you, about where you search on the Internet and about your various buying habits. 

 

This lab will look at a web site that offers simple demonstrations of how information is gathered about individuals and stored for use at a later time.

 

Objectives:

·         To look at the issues surrounding privacy and online gathering of personal information.

·         To understand the concept of cookies as they relate to gathering information about a user.

·         To understand that “surfing” the web is not, and never has been, an anonymous activity by the user.

 

Some recent news about online privacy in Washington State:

 

An excerpt from EPIC Alert, the newsletter of the Electronic Privacy Information Center of Washington, D.C.:

 

“A Washington State Court has found a compelling interest in protecting

Social Security numbers (SSNs) from public dissemination, and has

ordered a website operator to remove lawfully obtained SSNs from an

Internet site.  In City of Kirkland v. Sheehan, a website operator

posted police officers' personal information on Justicefiles.org, an

Internet site critical of law enforcement.  The personal information

included names, addresses, phone numbers, and Social Security numbers.

The court found that the site operator posted the information "to

cause at least some degree of fear and apprehension in the minds of

law enforcement personnel."  The website operator promised to remove

the personal information if the officers' departments would adopt

civilian police oversight boards.

  

The City of Kirkland brought suit to enjoin the website operator from

posting the officers' personal information, alleging that the activity

invaded the officers' privacy interests.  The web site operator

claimed a First Amendment right to post the personal information,

which apparently had been culled from public records.

  

The King County Superior Court allowed the website operator to

continue posting the names, addresses, and other information relating

to the police officers.  The court held that the First Amendment

protected the publication of lawfully obtained personal information

for political purposes, absent a credible specific threat of harm.

  

However, the court enjoined the site operator from publishing the

officers' Social Security numbers.  The court reasoned that SSNs,

unlike names and addresses, do not "facilitate or promote substantive

communication."  Further, access to Social Security numbers allows

others to "obtain access to and to control, manipulate or alter other

personal information."  Accordingly, the court held that the

government has a compelling interest in preventing the dissemination

of SSNs that overrides the operator's right to publish.

  

The decision in City of Kirkland v. Sheehan is available at:

  

     http://www.politechbot.com/docs/justicefiles.opinion.051001.html

 

 ****************************************************************

 

For this lab we will visit two areas at the Privacy.Net web site, a consumer information organization. Each of these pages will give you some insight on the information that can be gathered about you simply based on your IP address. 

 

http://www.privacy.net/analyze/

This page does an analysis of your Internet connection and displays basic information that can be gathered about you (and the computer you use) with nothing more than an IP address.

 

http://www.privacy.net/track/

How do companies track you as you visit various sites on the Internet?  The demonstration here gives you and idea of how your movements are tracked as you surf the Net.

 

http://www.privacy.net/cookies/

A demonstration of how text files called “cookies” are created to hold information about user preferences and time of visit, among other things.

 

To Do:

(Work in pairs to answer the questions of this exercise-turn in one sheet of paper with both names on it)

 

Analysis of an Internet connection

 

1.      Link to http://www.privacy.net/analyze/ and take a look at the information that is pulled from about the computer in front of you.

 

·         Using the information given, what is the Screen Width and Height?



 

·         What is the viewable width and height? 



2.      Who (what entity) registered the domain of the computers in this lab?

 

 

 

3.      Who owns the network?

 

 

 

4.      What other information has been gathered about you, the current user?

 

 

 

5.      Has Privacy.Net been visited by this computer before?  When?

 

 

 

6.      Link to the related page called “How this analysis works”. 

 

********************************************

 

Read the first couple paragraphs there.  When you are done, link back to the analysis page by clicking the “Click here to take the analysis”.  What information has changed on the page?

 

 

 

7.      Now, go to the following page:

 

http://faculty.washington.edu/gbwhit23/100Labs/Lab18.html

and click on the Privacy.Net link.  This will take you back the analysis page.  Note that there has been a change of information.  The URL above that linked you back to Privacy.Net is now listed as the page visited just previous to this one.  What if this analysis page had the information about the last 50 sites you visited?

 

 

 

Creating Internet Cookies

 

8.      Visit the following site: http://www.privacy.net/cookies/.  Read through the directions and create a cookie that will hold information about you.  When you are done, close the browser.  Open a new browser and enter the site again.
 

·         Is the cookie information correct? (does it display the proper “cookie” that you selected?)

 

 

 

·         Go to C:\Windows\Cookies on your computer.  Look at the cookie files placed there.  Notice they are just text files.  Go the most recently placed cookie and open it.  Can you decipher the information that has been placed there?  Close the file when you are done.

 

 

 

·         Change your cookie information on the browser and then go look and the text file again.  What has changed?

 

 

 

 

Tracking on the Internet

 

9.      Go to http://www.privacy.net/track/.  Follow the steps provided to get a demonstration of how companies place advertising on a web page that can track users across multiple sites.  You will visit several fake sites during this demonstration.  Link to four or five sites and then back to the demo.

 

10.  At each point in the demonstration, you should be able to link to your profile as it is being built.  After you finish, and have done all 5 steps, including giving your email address, your profile will look something like this:

 

 

 

This information has been gathered, but an actual cookie was not placed on your machine for it.

 

11.  What other information could be gathered about you just from a visit to an online shopping site?  Or a site that requires registration just to view its contents?

 

 

 

 

12.  What are some ethical issues surrounding the ability of companies and organizations to gather data about you simply by your passage through their virtual doorways?

 

 

 

13.  How would you feel if the same data could be gathered about you when you walked into a shopping mall or restaurant?

 

 

 

 

 

14.  Turn in your comments to your TA before you leave the lab today.