Group 8: Lauren D and Caleb W

Private Information on the Internet

Return to ENC 3241 Student Articles Menu

twitter-bing-facebook-google2.png

Abstract

Private information is a valuable resource that everyone possesses. It is what links us to our identities, personalities and our assets. As a result, many companies, groups and individuals are focused around obtaining private information, especially from internet users. Controversy has sprung up surrounding these private information traders concerning exactly how they collect information, what information they hunt for and what they do with it. In this article we argue that, although private information may be used in ways the users don’t agree with, the security of private information is the obligation of the user.

Introduction

With websites like Facebook, Google and Twitter gaining prominence, a focus has shifted to private information on the internet. In particular, Facebook has been under some recent criticism due to relaxed security options for its users. The settings were relaxed, it turns out, to make it easier for third party application to gain access to this information, which would allow for a greater volume of companies producing applications for Facebook. In addition to this, sites like Facebook and Google store private information to be used in targeted ad campaigns. The goal of targeted ads is to advertise paintball guns only to people who paintball, to only advertise to people who would be interested in buying a certain product. As a consequence of this, private information has become a commodity that can be bought and sold. This leads us to ask the question “Who is responsible for the security of our private information?” and “What can we do to protect our private information?”

What is Private Information?

Just about anything can be done via the internet in today’s day and age. Every business, organization, or person for that matter can be found one way or another on the World Wide Web. 40 years ago, no one would have believed that come 2010, touch screen phones would be readily available, and people can start their cars and turn on their home lights and alarms with the touch of a button on their cellular phone (another mythical invention.) However, these things are provided to the world today and most people can hardly imagine their lives without having their BlackBerry permanently attached to their hand and their laptop stuffed in a briefcase strapped on their shoulder. The reason it is so crucial for these technology-obsessed individuals to be near their electronics at all times is because they are a product of the technologically advanced world that we live in today.
Public vs. Private
As was brought up earlier, every person, place, and thing can be searched on the internet today and by “every person” I mean just that, every person. Even the most seemingly uninteresting person around can more than likely be Googled and researched to some extent. This being said, people need to be more careful about what they allow to be put on the internet, intentionally or unintentionally. Of course intentionally is all up to the user. It’s hard to feel bad for the person that plasters their personal identification numbers and home address on their Facebook profile when their identity is stolen, but unfortunately it happens to even the most careful of people. Not surprisingly there is a lot more “private” information than “public” information that is considered acceptable for the internet. Some examples of the public are generally pretty obvious. Things such as one’s name, job title, work experience, email, etc., are seen as public information. It’s hard for someone to take advantage of someone’s private information with just their name and email address. What people may not know however is that by even supplying something as simple as their banking institution even without any account information, they have already given someone enough to find out a lot about them and their money or financial history. Some examples of what is considered private information would be,

  • Social Security Number
  • Address
  • Bank information

Another way to play it safe has to do with age and unfortunately, gender. One problem with the vast and limitless world of the internet is that there are some less than classy people that prowl the internet. People that need to really watch themselves would be young children, teenage to young girls, and anyone else who partakes in activities that result in online friendships should be very careful about the information that they give out.

Children on the Internet

Parents should also watch their children and pay attention to their actions online and who they are talking to or communicating with. From previous and sometimes unfortunate past events the internet is now more controllable in terms of what is allowed to be viewed or received. As long as people continue to keep their guard up and watch what they allow to be shared with the rest of the online world then that will greatly reduce their chances for identity theft, robbery, and other things that can happen do to carelessness of private information.

Private Information Availability

With Private Information being an important asset that links the individual to their legal and fiscal identity, a natural question to ask is “How does Private Information become available on the internet?” There are several answers to this question. One way this information can become available is, surprisingly, people giving their own information away. This happens quite frequently, generally when a form is being filled out for some service. Another method is malicious entities, either companies or individual hackers, steal it from more respectable entities. This article will focus on the ways private information becomes available on the internet and show that a sizeable portion of the fault lies with the users themselves.

The most common way private information is put online is by the users themselves. This happens because a user will want to use a service being offered, be it social networking, email or shopping, and to be able to use a service being offered, the user must surrender some kind of private information. This comes from a certain amount of trust that the user has with whoever is in charge of the site they are visiting. An important example of this trust is through Facebook. On Facebook, the user trusts the company to adhere to their own privacy policy and keep private information private. However, if information is posted then, unless privacy settings are adjusted, this information is displayed on the users page. So when a user posts information onto their page, the trust goes beyond the company, the users must trust everyone who has access to their page.

In a paper [3] regarding information put on Facebook, it was found that over 50% of Facebook users are aware of the privacy issues regarding Facebook. However, despite the awareness these users still upload information, pictures and posts without regard. This implies that trust is not the only key factor in determining what information goes online.
Private information can be spread throughout the internet from providers like Facebook and Google. This is because there is a market for private information; it can be bought and sold [5]. Particularly, advertisers are interested in this information because it allows them to target each user individually, so as to streamline the marketing process.

phishing-mobile-email.jpg

Another method that purposefully targets private information, that is a derivative of the previously stated reason, is called Phishing. Phishing is a method of prying information from users using a false image. These typically come in the forms of surveys or emails offering a too-good-to-be-true reward for completing a task. When the target becomes interested in the reward, it turns out that they must volunteer private information, ranging from name and address to credit card numbers or even social security numbers. Unlike companies such as Facebook or Google that store private information for some legal usage, many phishers are interested in identity theft. This can obviously lead to some negative consequences, so it is important to lookout for phishing.

Hackers also target private information. Their motivations differ, some hackers may use the information for identity theft while others may use it for their own gratification by using it for activities like cyber-bullying. Hackers usually gain access to someone’s computer by user carelessness. A good example of this is spyware. Spyware simulates a virus on a computer, then offers a solution: Download a certain program to fix it. This program is, in fact, a back door to the computer. When the program is installed it holds the door open for other computers to infect it and take it private information from it. Other times hackers can target an individual, when this happens there may be little that can be done. An individual was interviewed who has had a hacker tracking him since 2005. Whenever an online account is made, for any online service, within weeks the hacker becomes aware of its existence and he proceeds to hack it, just to toy with him [2].

Carelessness is the main factor in information leakage. Facebook is full of careless users who keep their privacy settings low and post every intimate detail of their lives online. If someone wanted to get access to any private information about these people, all they need to do is search for them and they will have access to everything from name and address to picture of them drunk at a party from the previous night. Web forums also attract careless users. As an example, the web group Anonymous used minute details carelessly posted by a pedophile to find out where he lived and to contact the authorities in the area with evidence. These details were small things like a school mascot that a girl was wearing in a photo and this, linked with a careless comment he made about his local environment, led them to his hometown, and eventually to his address. While with this example the access to private information led to a positive outcome, this is not always the case, it serves to prove that carelessness can lead to private information availability.

In conclusion, private information is leaked in many ways. In a good majority of these cases, the blame can be placed on the user. The main way that information becomes available is because of carelessness. Exceptions can be made in the case of a hacker who knows what they are doing and who can walk into a computer as simply as they walk into a library. These infesters should not be taken lightly and, where possible, legal actions should be taken. Whether it be by Facebook or phishing, it is the user’s responsibility to know exactly what they are giving away and who they are giving it away to.

What is done With the Private Information that is Available Online?

Private information on the internet is about as common as toothpaste nowadays. Wherever one goes and whomever they may meet, chances are it can be found on Facebook.com or Twitter. Just about everyone has some sort of profile page and many of those people have multiple outlets from which someone can access them via the World Wide Web. Sadly however, many people do not understand what they are getting themselves into when they sign up for these fun and popular social networking sites.

Who Really Cares About Your Privacy?

More times than not, some unlucky person will create their profile in the hopes of reaching that legendary “1000 friends” mark, and all the while they have no idea that hundreds of thousands of non-friends are also viewing their profile and doing their own light internet stalking. Reading this out loud, one would more than likely think something along the lines of “good grief, ‘light internet stalking’ is a little heavy, no one cares that much,” but surprisingly enough, someone really might. There are a lot of people, social network junkies essentially, that are well equipped to find out as much about someone as possible simply by clicking on their profile.

What Social Networks Don’t Tell You

Example of Targeted Advertising

Internet users have to be very careful what they put on their profile as well as what they allow to be viewed and by whom. Many social sites have the proverbial “fine print” that a social network subscriber really should pay attention to. One such example of personal and private information being distributed among the social network world is the agreement that a Facebook user automatically accepts when signing up for the popular networking site, Facebook.com. This certain agreement allows Facebook to use personal photos in ads that they display across the internet in advertising their site. For some people, they may not care one way or another which is fine, but a lot of people very much care and do not want their personal photos of their friends and family strewn about the Internet. Mind you, the user is not the one that picks which photos to display, Facebook does randomly. To fix this and stop Facebook from spreading the photos the subscriber would have to go through about a five step process in their account and turn it off. It is relatively simple once learned how to do it, however, if they are not the most computer savvy individual, or just blatantly have no clue where they are doing or where even go to fix a problem like that, they are pretty much out of luck and to top it off, there is nothing they can legally do about it [1].

Know What Information You Are Providing

It is a pretty scary thought knowing that sites like Facebook or Twitter have the power to do something like that. What I find to be even more disturbing is the alarming number of young social network users that know about these privacy risks, and choose to allow just about all of their personal information to be seen by anyone. According to a study conducted by two professors on college age students from Carnegie Mellon University, the majority of these students were “by large, quite oblivious, unconcerned, or just pragmatic about their personal privacy.” The author’s of the article Information Revelation and Privacy in Online Social Networks, which is based on the Carnegie Mellon study, state that “due to the variety and richness of personal information disclosed in [the student’s] Facebook profiles, their visibility, their public linkages to the members’ real identities, and the scope of the network, users may put themselves at risk for a variety of attacks on their physical and online persona” [5]. So not only are these young people allowing their information to be plastered all over the website, but they are also potentially setting themselves up for some serious danger. Of course, just because someone creates a Facebook profile does not automatically mean that they are going to have their identity stolen and lose all that they have worked for overnight, but users should become more aware of the hidden dangers of social networking sites, and the effect it has on their privacy, or lack thereof.
A study conducted on Facebook by two faculty members from the University of Western Ontario yielded some really interesting results on who and just how many people provide a lot of information on their Facebook profiles. Information such as full names, relationship status, current town, birth date, photos, etc, showed extremely high results as being viewable, usually in the low to high 90’s of percentage. As for the difference in Male and Female discretion in what they allow to be viewed, for the items that are listed they were very similar, usually just a percent or two different from one another, but women did not provide political, religious, or current address as much as the male population did.

Privacy Settings

Using a site such as Facebook, the user is afforded the option of just who is allowed to see their profile. A subscriber can choose, Only Friends, Some Networks and All Friends, All Networks and All Friends, or Anyone. In the same study aforementioned, 64% of the studied Facebook users had their profiles on “friends only,” and only 7.9% had their profile set to “anyone” [6]. It is better to have the profile set to the “friends only” setting if that is what is available because then that way at least the user will have a good idea of who can see their profile.

Protecting Private Information

We have seen that private information is valuable not us and others, which it is obtained in often shifty ways and that it can be used in ways that we may not agree with. Even though they cannot always be trusted, it is in the best interest of a company to protect its user’s private information; an information leak could lead to lawsuits and a negative public image, which would not be profitable. Unfortunately, there is not much of a genuine concern with private information security, and so it is up to the users to protect themselves. With this line of reasoning it is natural to ask “How can I protect my private information?”

The first, and most important, way to protect oneself is to be conscious and skeptical whenever someone is giving out private information. We have all heard of the scam when an estranged prince needs just a little bit of money to get home to his wealth, and if you help he will reward you with millions. The people who fell prey to this scam willingly gave their information to strangers based on a random email they obtained with promises of a quick buck. While the scammers are guilty of fraud, it is not their fault that people had their identity stolen by this scam. Theft like this can be prevented if whenever someone is giving out their information they ask “Is this person credible?”, “What is this person going to do with my information?” and “Do I want this person to have access to this sensitive information?” Each person is responsible for their own private information, so we must be careful about who we give it to.

Facebook-Security.gif

An important way to protect private information is simply by adjusting privacy settings on websites like Facebook and Google, when these settings are on lockdown very little can be scavenged from an unsuspecting Facebook page. When searching the name of someone with a relaxed page vital information like hometown, school, email address, age, family members and birthday is quickly available [1]. From this information, by using public domain resources like white pages, access can be gained to information like a home address, phone number or tax information. A name, face and hometown can go a long way to accessing other information. Along these lines, it is important to be aware of what information is available of Facebook. Even a seemingly small thing, like a profile picture of a user being drunk, can get into hands that the user did not intend for it to, like a future employer who looks down on public drunkenness. Little leaks like these can have overreaching consequences; pictures and comments can be used as fuel for bullying, posts and links can lead to negative consequences at home or work. It is important to be conscious of this information.

Be aware whenever you login to a website on a foreign computer. While typing this, a student in the UCF library needed to email some pages that were on the computer I was using. When he finished, he did not log out of his UCF email, I had access to not only his information but the information of all his email contacts. When using public or strange computers remember to log out, an open computer logged into a Facebook page is a treasure of private information.

Although it is important for each user to be aware of where their information goes, this subject has not escaped the eyes of academia. Currently, research is being done at the Max Planck institute on how to better protect users, while simultaneously granting access to online services [7]. This research program uses computer network theory and information coding to grand access to information only to those who have permission. Any intermediary that might gain access to the information will only have access to an undecipherable code. This will allow social networks and internet services like Facebook and Google to secure information much easier than what is available now, this would draw more people to trust theses online entities, and so it would be good for business.

In conclusions, we see that a conscious internet user can be relatively safe on the internet. People who are aware of phishing scams, like the Prince Scam, will be less likely to give away sensitive information to people who wish to perform identity theft. People who are aware of their Facebook security settings and aware of what is put on Facebook are more secure sharing with real friends or reconnecting with an old friend. People who are conscious whenever they use a strange computer are not opening themselves up to a stranger who might have a use for this information. Academic research will allow us to more securely use online services like Facebook or Google in the near future. Even with this added security a careless user is not a safe user. The biggest threat to the security of your private information is yourself.

Conclusion

In conclusion we can see that private information is an important and volatile resource. As such people are very keen on obtaining this information, which has led to methods such as phishing, hacking and trading of private information. The companies and individuals care about the security of private information when it gets them money or helps avoid lawsuits. Because of this, the best interests of the users is not the primary goal of the company. While the most secure course of action would be to introduce stricter regulations on companies that collect private information, the surest way to protect oneself is self regulation. While the companies are obligated to follow their own privacy terms, it is the obligation of the user to be aware of what is happening to their information when they give it away. In this way, the user can give their information up only when they feel secure with the person they are giving it to. Although trust in a company is something that must be earned and something that is easily lost, who to trust is up to the user and if the company breaks that trust any security leak of information is the user’s responsibility. The responsibility to protect private information is the user’s obligation.

Bibliography
1. (2011). Retrieved March 22, 2011, from Facebook
2. Edmiston, J. Personal Interview. 17 March 2011.
3. Gross, R., & Acquisti, A. (2005). Information Revelation and Privacy in Online Social Networks. WPES '05 , 71-80.
4. Gross, R., & Acquisti, A. (2006). Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook.
Lecture Notes in Computer Science, Vol 4258/2006, 36-58.
5. Kennan, J. & Wilson, R. (1993) Bargaining with Private Information. March 1993. In Journal of Economic Literature, Vol 31, No 1. AEA Pittsburgh, PA, 45-104.
6. Young, A. L., & Quan-Haase, A. (2009). Revelation and Internet Privacy Concerns on Social Network Sites: A Case Study of Facebook. C&T '09: Proceedings of the Fourth International Conference on Communities and Technologies , 265-274.
7. Guha, S. Tang, K. & Francis, P. (2008). NOYB: Privacy in online social networks. In Proceedings of the first workshop on Online social networks, 49-54