Internet privacy

Internet privacy

Internet privacy
Click here for picture sources

Internet privacy involves the right or mandate of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to oneself via Internet.[1][2] Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing.[3]

Privacy can entail either personally identifiable information (PII) or non-PII information such as a site visitor’s behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two factors are unique enough to identify a specific person typically. Other forms of PII may soon include GPS tracking data used by apps, as the daily commute and routine information can be enough to identify an individual.[4]

It has been suggested that the “appeal of online services is to broadcast personal information on purpose.”[5] On the other hand, in his essay “The Value of Privacy”, security expert Bruce Schneier says, “Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.”[6][7]

Levels of privacy

Internet and digital privacy are viewed differently from traditional expectations of privacy. Internet privacy is primarily concerned with protecting user information. Law Professor Jerry Kang explains that the term privacy expresses space, decision, and information.[8] In terms of space, individuals have an expectation that their physical spaces (e.g. homes, cars) not be intruded. Privacy within the realm of decision is best illustrated by the landmark case Roe v. Wade. Lastly, information privacy is in regards to the collection of user information from a variety of sources, which produces great discussion.[8]

In the United States, the 1997 Information Infrastructure Task Force (IITF) created under President Clinton defined information privacy as “an individual’s claim to control the terms under which personal information — information identifiable to the individual — is acquired, disclosed, and used.”[9] At the end of the 1990s, with the rise of the internet, it became clear that governments, companies, and other organizations would need to abide by new rules to protect individuals’ privacy. With the rise of the internet and mobile networks internet privacy is a daily concern for users.

People with only a casual concern for Internet privacy need not achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link the Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit to and look at online. When filling out forms and buying merchandise, information is tracked and because it was not private, some companies send Internet users spam and advertising on similar products.

There are also several governmental organizations that protect an individual’s privacy and anonymity on the Internet, to a point. In an article presented by the FTC, in October 2011, a number of pointers were brought to attention that helps an individual internet user avoid possible identity theft and other cyber-attacks. Preventing or limiting the usage of Social Security numbers online, being wary and respectful of emails including spam messages, being mindful of personal financial details, creating and managing strong passwords, and intelligent web-browsing behaviors are recommended, among others.[10]

Posting things on the Internet can be harmful or expose people to malicious attacks. Some information posted on the Internet persists for decades, depending on the terms of service, and privacy policies of particular services offered online. This can include comments written on blogs, pictures, and websites, such as Facebook and Twitter. It is absorbed into cyberspace and once it is posted, anyone can potentially find it and access it. Some employers may research a potential employee by searching online for the details of their online behaviors, possibly affecting the outcome of the success of the candidate.[11]

Risks to Internet privacy

Internet privacy
Click here for picture credits

Companies are hired to track which websites people visit and then use the information, for instance by sending advertising based on one’s web browsing history. There are many ways in which people can divulge their personal information, for instance by use of “social media” and by sending bank and credit card information to various websites. Moreover, directly observed behavior, such as browsing logs, search queries, or contents of the Facebook profile can be automatically processed to infer potentially more intrusive details about an individual, such as sexual orientation, political and religious views, race, substance use, intelligence, and personality.[12]

Those concerned about Internet privacy often cite a number of privacy risks — events that can compromise privacy — which may be encountered through online activities.[13] These range from the gathering of statistics on users to more malicious acts such as the spreading of spyware and the exploitation of various forms of bugs (software faults).

Several social networking websites try to protect the personal information of their subscribers, as well as provide a warning through a privacy and terms agreement. On Facebook, for example, privacy settings are available to all registered users: they can block certain individuals from seeing their profile, they can choose their “friends”, and they can limit who has access to their pictures and videos. Privacy settings are also available on other social networking websites such as Google Plus and Twitter. The user can apply such settings when providing personal information on the Internet. The Electronic Frontier Foundation has created a set of guides so that users may more easily use these privacy settings[14] and Zebra Crossing: an easy-to-use digital safety checklist is a volunteer-maintained online resource.

In late 2007 Facebook launched the Beacon program in which user rental records were released to the public for friends to see. Many people were enraged by this breach of privacy, and the Lane v. Facebook, Inc. case ensued.[15]

Children and adolescents often use the Internet (including social media) in ways that risk their privacy: a cause for growing concern among parents. Young people also may not realize that all their information and browsing can and may be tracked while visiting a particular site and that it is up to them to protect their own privacy. They must be informed about all these risks. For example, on Twitter, threats include shortened links that may lead to potentially harmful websites or content. Email threats include email scams and attachments that persuade users to install malware and disclose personal information. On Torrent sites, threats include malware hiding in video, music, and software downloads. When using a smartphone, threats include geolocation, meaning that one’s phone can detect where one’s location and post it online for all to see. Users can protect themselves by updating virus protection, using security settings, downloading patches, installing a firewall, screening email, shutting down spyware, controlling cookies, using encryption, fending off browser hijackers, and blocking pop-ups.[16][17]

However most people have little idea how to go about doing these things. Many businesses hire professionals to take care of these issues, but most individuals can only do their best to educate themselves.[18]

In 1998, the Federal Trade Commission in the US considered the lack of privacy for children on the internet and created the Children Online Privacy Protection Act (COPPA). COPPA limits the options which gather information from children and created warning labels if potential harmful information or content was presented. In 2000, the Children’s Internet Protection Act (CIPA) was developed to implement Internet safety policies. Policies required taking technology protection measures that can filter or block children’s Internet access to pictures that are harmful to them. Schools and libraries need to follow these requirements in order to receive discounts from E-rate program.[19] These laws, awareness campaigns, parental and adult supervision strategies, and Internet filters can all help to make the Internet safer for children around the world.[20]

The privacy concerns of Internet users pose a serious challenge (Dunkan, 1996; Till, 1997). Due to the advancement in technology, access to the internet has become easier to use from any device at any time. However, the increase of access from multiple sources increases the amount of access points for an attack.[21] In an online survey, approximately seven out of ten individuals responded that what worries them most is their privacy over the Internet, rather than over the mail or phone. Internet privacy is slowly but surely becoming a threat, as a person’s personal data may slip into the wrong hands if passed around through the Web.[22]

Internet protocol (IP) addresses

All websites receive, and many track, which IP address is used by a visitor’s computer. Companies match data over time to associate name, address, and other information to the IP address.[23]

There is ambiguity about how private IP addresses are. The Court of Justice of the European Union has ruled they need to be treated as personally identifiable information if the website tracking them, or a third party like a service provider, knows the name or street address of the IP address holder, which would be true for static IP addresses, not for dynamic addresses.[24] California regulations say IP addresses need to be treated as personal information if the business itself, not a third party, can link them to name and street address.[24][25] An Alberta court ruled that police can obtain the IP addresses and the names and addresses associated with them, without a search warrant; the Calgary, Alberta, police found IP addresses which initiated online crimes, and the service provider gave police the names and addresses associated with those IP addresses.[26]

HTTP cookies

Internet privacy
Click here for picture credits

An HTTP cookie is data stored on a user’s computer that assists in automated access to websites or web features, or other state information required in complex web sites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies — for example, those used by Google Analytics — are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.[27]

In the past, websites have not generally made the user explicitly aware of the storing of cookies, however tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals’ browsing histories — a privacy concern that prompted European and US lawmakers to take action in 2011.[28][29] Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but users have become conscious of possible detrimental effects of Internet cookies: a recent study done has shown that 58% of users have deleted cookies from their computer at least once, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers’ main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.

The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice programmers can circumvent this restriction. Possible consequences include:

  • the placing of a personally-identifiable tag in a browser to facilitate web profiling (see below), or
  • use of cross-site scripting or other techniques to steal information from a user’s cookies.

Cookies do have benefits. One is that for websites that one frequently visits that require a password, cookies may allow a user to not have to sign in every time. A cookie can also track one’s preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one’s username and password that a cookie saves. While many sites are free, they sell their space to advertisers. These ads, which are personalized to one’s likes, can sometimes freeze one’s computer or cause annoyance. Cookies are mostly harmless except for third-party cookies. These cookies are not made by the website itself but by web banner advertising companies. These third-party cookies are dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they share this information with other companies.

Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person’s preferences. These windows are an irritation because the close button may be strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while one tries to close them, they can take one to another unwanted website.

Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the internet. The idea that every move one makes while on the internet is being watched, would frighten most users.

Some users choose to disable cookies in their web browsers.[30] Such an action can reduce some privacy risks, but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers (such as Mozilla Firefox and Opera) offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general, but preventing their abuse. There are also a host of wrapper applications that will redirect cookies and cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated.[31]

The process of profiling (also known as “tracking”) assembles and analyzes several events, each attributable to a single originating entity, in order to gain information (especially patterns of activity) relating to the originating entity. Some organizations engage in the profiling of people’s web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.

Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of “typical internet users”. Such profiles, which describe average trends of large groups of internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.

Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual.

Governments and organizations may set up honeypot websites – featuring controversial topics – with the purpose of attracting and tracking unwary people. This constitutes a potential danger for individuals.

Flash cookies

When some users choose to disable HTTP cookies to reduce privacy risks as noted, new types of cookies were invented: since cookies are advertisers’ main way of targeting potential customers, and some customers were deleting cookies, some advertisers started to use persistent Flash cookies and zombie cookies. In a 2009 study, Flash cookies were found to be a popular mechanism for storing data on the top 100 most visited sites.[32] Another 2011 study of social media found that, “Of the top 100 web sites, 31 had at least one overlap between HTTP and Flash cookies.”[33] However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Flash cookies, also known as local shared objects, work the same ways as normal cookies and are used by the Adobe Flash Player to store information at the user’s computer. They exhibit a similar privacy risk as normal cookies, but are not as easily blocked, meaning that the option in most browsers to not accept cookies does not affect Flash cookies. One way to view and control them is with browser extensions or add-ons. Flash cookies are unlike HTTP cookies in a sense that they are not transferred from the client back to the server. Web browsers read and write these cookies and can track any data by web usage.[34]

Although browsers such as Internet Explorer 8 and Firefox 3 have added a “Privacy Browsing” setting, they still allow Flash cookies to track the user and operate fully. However, the Flash player browser plugin can be disabled[35] or uninstalled,[36] and Flash cookies can be disabled on a per-site or global basis. Adobe’s Flash and (PDF) Reader are not the only browser plugins whose past security defects[37] have allowed spyware or malware to be installed: there have also been problems with Oracle’s Java.[38]

Ever cookies

Evercookies, created by Samy Kamkar,[39][40] are JavaScript-based applications which produce cookies in a web browser that actively “resist” deletion by redundantly copying themselves in different forms on the user’s machine (e.g., Flash Local Shared Objects, various HTML5 storage mechanisms, window.name caching, etc.), and resurrecting copies that are missing or expired. Evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. It has the ability to store cookies in over ten types of storage mechanisms so that once they are on one’s computer they will never be gone. Additionally, if ever cookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.[41] Evercookies are one type of zombie cookie. However, modern browsers and anti-malware software can now block or detect and remove such cookies.

Anti-fraud uses

Some anti-fraud companies have realized the potential of evercookies to protect against and catch cyber criminals. These companies already hide small files in several places on the perpetrator’s computer but hackers can usually easily get rid of these. The advantage to evercookies is that they resist deletion and can rebuild themselves.[42]

Advertising uses

There is controversy over where the line should be drawn on the use of this technology. Cookies store unique identifiers on a person’s computer that are used to predict what one wants. Many advertisement companies want to use this technology to track what their customers are looking at online. This is known as online behavioral advertising which allows advertisers to keep track of the consumer’s website visits to personalize and target advertisements.[43] Evercookies enable advertisers to continue to track a customer regardless of whether their cookies are deleted or not. Some companies are already using this technology but the ethics are still being widely debated.

Criticism

Anonymizer “nevercookies” are part of a free Firefox plugin that protects against evercookies. This plugin extends Firefox’s private browsing mode so that users will be completely protected from evercookies.[44] Nevercookies eliminate the entire manual deletion process while keeping the cookies users want like browsing history and saved account information.

Device fingerprinting

device fingerprint is information collected about the software and hardware of a remote computing device for the purpose of identifying individual devices even when persistent cookies (and also zombie cookies) can’t be read or stored in the browser, the client IP address is hidden, and even if one switches to another browser on the same device. This may allow a service provider to detect and prevent identity theft and credit card fraud, but also to compile long-term records of individuals’ browsing histories even when they’re attempting to avoid tracking, raising a major concern for internet privacy advocates.

Third Party Requests

Third Party Requests are HTTP data connections from client devices to addresses in the web which are different than the website the user is currently surfing on. Many alternative tracking technologies to cookies are based on third party requests. Their importance has increased during the last years and even accelerated after Mozilla (2019), Apple (2020), and google (2022) have announced to block third party cookies by default.[45] Third requests may be used for embedding external content (e.g. advertisements) or for loading external resources and functions (e.g. images, icons, fonts, captchas, JQuery resources and many others). Dependent on the type of resource loaded, such requests may enable third parties to execute a device fingerprint or place any other kind of marketing tag. Irrespective of the intention, such requests do often disclose information that may be sensitive, and they can be used for tracking either directly or in combination with other personally identifiable information . Most of the requests disclose referrer details that reveal the full URL of the actually visited website. In addition to the referrer URL further information may be transmitted by the use of other request methods such as HTTP POST. Since 2018 Mozilla partially mitigates the risk of third party requests by cutting the referrer information when using the private browsing mode.[46] However, personal information may still be revealed to the requested address in other areas of the HTTP-header.

Photographs on the Internet

Today many people have digital cameras and post their photographs online, for example street photography practitioners do so for artistic purposes and social documentary photography practitioners do so to document people in everyday life. The people depicted in these photos might not want them to appear on the Internet. Police arrest photos, considered public record in many jurisdictions, are often posted on the Internet by online mug shot publishing sites.

Some organizations attempt to respond to this privacy-related concern. For example, the 2005 Wikimania conference required that photographers have the prior permission of the people in their pictures, albeit this made it impossible for photographers to practice candid photography and doing the same in a public place would violate the photographers’ free speech rights. Some people wore a “no photos” tag to indicate they would prefer not to have their photo taken (see photo).[47]

The Harvard Law Review published a short piece called “In The Face of Danger: Facial Recognition and Privacy Law”, much of it explaining how “privacy law, in its current form, is of no help to those unwillingly tagged.”[48] Any individual can be unwillingly tagged in a photo and displayed in a manner that might violate them personally in some way, and by the time Facebook gets to taking down the photo, many people will have already had the chance to view, share, or distribute it. Furthermore, traditional tort law does not protect people who are captured by a photograph in public because this is not counted as an invasion of privacy. The extensive Facebook privacy policy covers these concerns and much more. For example, the policy states that they reserve the right to disclose member information or share photos with companies, lawyers, courts, government entities, etc. if they feel it absolutely necessary. The policy also informs users that profile pictures are mainly to help friends connect to each other.[49] However, these, as well as other pictures, can allow other people to invade a person’s privacy by finding out information that can be used to track and locate a certain individual. In an article featured in ABC News, it was stated that two teams of scientists found out that Hollywood stars could be giving up information about their private whereabouts very easily through pictures uploaded to the internet. Moreover, it was found that pictures taken by some phones and tablets including iPhones automatically attach the latitude and longitude of the picture taken through metadata unless this function is manually disabled.[50]

Face recognition technology can be used to gain access to a person’s private data, according to a new study. Researchers at Carnegie Mellon University combined image scanning, cloud computing and public profiles from social network sites to identify individuals in the offline world. Data captured even included a user’s social security number.[51] Experts have warned of the privacy risks faced by the increased merging of online and offline identities. The researchers have also developed an ‘augmented reality’ mobile app that can display personal data over a person’s image captured on a smartphone screen.[52] Since these technologies are widely available, users’ future identities may become exposed to anyone with a smartphone and an internet connection. Researchers believe this could force a reconsideration of future attitudes to privacy.

Google Street View

Google Street View, released in the U.S. in 2007, is currently the subject of an ongoing debate about possible infringement on individual privacy.[53][54] In an article entitled “Privacy, Reconsidered: New Representations, Data Practices, and the Geoweb”, Sarah Elwood and Agnieszka Leszczynski (2011) argue that Google Street View “facilitate[s] identification and disclosure with more immediacy and less abstraction.”[55] The medium through which Street View disseminates information, the photograph, is very immediate in the sense that it can potentially provide direct information and evidence about a person’s whereabouts, activities, and private property. Moreover, the technology’s disclosure of information about a person is less abstract in the sense that, if photographed, a person is represented on Street View in a virtual replication of his or her own real-life appearance. In other words, the technology removes abstractions of a person’s appearance or that of his or her personal belongings – there is an immediate disclosure of the person and object, as they visually exist in real life. Although Street View began to blur license plates and people’s faces in 2008,[53] the technology is faulty and does not entirely ensure against accidental disclosure of identity and private property.[54]

Elwood and Leszczynski note that “many of the concerns leveled at Street View stem from situations where its photograph-like images were treated as definitive evidence of an individual’s involvement in particular activities.”[55] In one instance, Ruedi Noser, a Swiss politician, barely avoided public scandal when he was photographed in 2009 on Google Street View walking with a woman who was not his wife – the woman was actually his secretary.[53] Similar situations occur when Street View provides high-resolution photographs – and photographs hypothetically offer compelling objective evidence.[55] But as the case of the Swiss politician illustrates, even supposedly compelling photographic evidence is sometimes subject to gross misinterpretation. This example further suggests that Google Street View may provide opportunities for privacy infringement and harassment through public dissemination of the photographs. Google Street View does, however, blur or remove photographs of individuals and private property from image frames if the individuals request further blurring and/or removal of the images. This request can be submitted, for review, through the “report a problem” button that is located on the bottom left-hand side of every image window on Google Street View, however, Google has made attempts to report a problem difficult by disabling the “Why are you reporting the street view” icon.

Search engines

internet privacy
Click here for picture credits

Search engines have the ability to track a user’s searches. Personal information can be revealed through searches by the user’s computer, account, or IP address being linked to the search terms used. Search engines have claimed a necessity to retain such information in order to provide better services, protect against security pressure, and protect against fraud.[56] A search engine takes all of its users and assigns each one a specific ID number. Those in control of the database often keep records of where on the internet each member has traveled to. AOL’s system is one example. AOL has a database 21 million members deep, each with their own specific ID number. The way that AOLSearch is set up, however, allows for AOL to keep records of all the websites visited by any given member. Even though the true identity of the user isn’t known, a full profile of a member can be made just by using the information stored by AOLSearch. By keeping records of what people query through AOLSearch, the company is able to learn a great deal about them without knowing their names.[57]

Search engines also are able to retain user information, such as location and time spent using the search engine, for up to ninety days. Most search engine operators use the data to get a sense of which needs must be met in certain areas of their field. People working in the legal field are also allowed to use information collected from these search engine websites. The Google search engine is given as an example of a search engine that retains the information entered for a period of three-fourths of a year before it becomes obsolete for public usage. Yahoo! follows in the footsteps of Google in the sense that it also deletes user information after a period of ninety days. Other search engines such as Ask! search engine has promoted a tool of “AskEraser” which essentially takes away personal information when requested.[58] Some changes made to internet search engines included that of Google’s search engine. Beginning in 2009, Google began to run a new system where the Google search became personalized. The item that is searched and the results that are shown remembers previous information that pertains to the individual.[59] Google search engine not only seeks what is searched but also strives to allow the user to feel like the search engine recognizes their interests. This is achieved by using online advertising.[60] A system that Google uses to filter advertisements and search results that might interest the user is by having a ranking system that tests relevancy that include observation of the behavior users exude while searching on Google. Another function of search engines is the predictability of location. Search engines are able to predict where one’s location is currently by locating IP Addresses and geographical locations.[61]

Google had publicly stated on January 24, 2012, that its privacy policy will once again be altered. This new policy will change the following for its users: (1) the privacy policy will become shorter and easier to comprehend and (2) the information that users provide will be used in more ways than it is presently being used. The goal of Google is to make users’ experiences better than they currently are.[62]

This new privacy policy is planned to come into effect on March 1, 2012. Peter Fleischer, the Global Privacy Counselor for Google, has explained that if a person is logged into his/her Google account, and only if he/she is logged in, information will be gathered from multiple Google services in which he/she has used in order to be more accommodating. Google’s new privacy policy will combine all data used on Google’s search engines (i.e., YouTube and Gmail) in order to work along the lines of a person’s interests. A person, in effect, will be able to find what he/she wants at a more efficient rate because all searched information during times of login will help to narrow down new search results.[63]

Google’s privacy policy explains what information they collect and why they collect it, how they use the information, and how to access and update information. Google will collect information to better service its users such as their language, which ads they find useful or people that are important to them online. Google announces they will use this information to provide, maintain, protect Google and its users. The information Google uses will give users more relevant search results and advertisements. The new privacy policy explains that Google can use shared information on one service in other Google services from people who have a Google account and are logged in. Google will treat a user as a single user across all of their products. Google claims the new privacy policy will benefit its users by being simpler. Google will, for example, be able to correct the spelling of a user’s friend’s name in a Google search or notify a user they are late based on their calendar and current location. Even though Google is updating their privacy policy, its core privacy guidelines will not change. For example, Google does not sell personal information or share it externally.[64]

Users and public officials have raised many concerns regarding Google’s new privacy policy. The main concern/issue involves the sharing of data from multiple sources. Because this policy gathers all information and data searched from multiple engines when logged into Google, and uses it to help assist users, privacy becomes an important element. Public officials and Google account users are worried about online safety because of all this information being gathered from multiple sources.[65]

Some users do not like the overlapping privacy policy, wishing to keep the service of Google separate. The update to Google’s privacy policy has alarmed both public and private sectors. The European Union has asked Google to delay the onset of the new privacy policy in order to ensure that it does not violate E.U. law. This move is in accordance with objections to decreasing online privacy raised in other foreign nations where surveillance is more heavily scrutinized.[66] Canada and Germany have both held investigations into the legality of both Facebook, against respective privacy acts, in 2010. The new privacy policy only heightens unresolved concerns regarding user privacy.[67][68]

An additional feature of concern to the new Google privacy policy is the nature of the policy. One must accept all features or delete existing Google accounts.[69] The update will affect the Google+ social network, therefore making Google+’s settings uncustomizable, unlike other customizable social networking sites. Customizing the privacy settings of a social network is a key tactic that many feel is necessary for social networking sites. This update in the system has some Google+ users wary of continuing service.[70] Additionally, some fear the sharing of data amongst Google services could lead to revelations of identities. Many using pseudonyms are concerned about this possibility, and defend the role of pseudonyms in literature and history.[71]


Some solutions to being able to protect user privacy on the internet can include programs such as “Rapleaf” which is a website that has a search engine that allows users to make all of one’s search information and personal information private. Other websites that also give this option to their users are Facebook and Amazon.[72]

Laws and regulations

Global privacy policies

Google has long been attacked for their lack of privacy in the U.S. as well as abroad. In 2007, however, the tables began to turn. Peter Fleischer, a Google representative, addressed the U.N. in France regarding privacy issues and expressed that the current international privacy policies were not adequately protecting consumers.[107] Instead of continuing to enforce broken and ineffective internet privacy laws, the Google representative proposed that the United Nations establish a global privacy policy that would efficiently protect consumers privacy while causing the least possible amount of negative impact on web browsers such as Google.[107] At that time, Google was under investigation by the European Union for violating the global privacy policies that were already in place.

The greatest issue related to internet privacy internationally is that of data collection. At the time, the US and the European Union had separate sets of privacy policies, making it increasingly difficult for companies such as Google to exist globally without violating such policies. Google is just one example of a large company whose primary goal is to make money by serving their product, web browsing, to consumers. Consumers, however, are concerned with the quality of that product and their privacy. Online data collection by search engines allows internet businesses to track consumer’s online roadmap, everything from the sites they visit to the purchases they make. This poses problems globally to those who are web users around the world, especially in a world where there is no overarching privacy policy. The general consensus of this issue regarding international privacy violations at the time of Fleischer’s U.N. address is that, since the internet is global, the privacy policies should also be global and unified.

European General Data protection regulation

In 2009 the European Union has for the first time created awareness on tracking practices when the ePrivacy-Directive (2009/136/EC[108]) was put in force. In order to comply with this directive, websites had to actively inform the visitor about the use of cookies. This disclosure has been typically implemented by showing small information banners. 9 years later, by 25 May 2018 the European General Data Protection Regulation (GDPR[109]) came in force, which targets to regulate and restrict the usage of personal data in general, irrespective of how the information is being processed. The regulation primarily applies to so-called “controllers”, which are (a) all organizations that process personal information within the European Union, and (b) all organizations which process personal information of EU-based persons outside the European Union. Article 4 (1) defines personal information as anything that may be used for identifying a “data subject” (eg. natural person) either directly or in combination with other personal information. In theory this even takes common internet identifiers such as cookies or IP-Addresses in scope of this regulation. Processing such personal information is restricted unless a “lawful reason” according to Article 6 (1) applies. The most important lawful reason for data processing on the internet is the explicit content given by the data subject. More strict requirements apply for sensitive personal information (Art 9), which may be used for revealing information about ethnic origin, political opinion, religion, trade union membership, biometrics, health or sexual orientation. However, explicit user content still is sufficient to process such sensitive personal information (Art 9 (2) lit a). “Explicit consent” requires an affirmative act (Art 4 (11)), which is given if the individual person is able to freely choose and does consequently actively opt in.

As per June 2020, typical cookie implementations are not compliant to this regulation, and other practices such as device fingerprinting, cross-website-logins [110] or 3rd party-requests are typically not disclosed, even though many opinions consider such methods in scope of the GDPR.[111] The reason for this controversary is the e Privacy-Directive 2009/136/EC[108] which is still unchanged in force. An updated version of this directive, formulated as ePrivacy Regulation, shall enlarge the scope from cookies only to any type of tracking method. It shall furthermore cover any kind of electronic communication channels such as Skype or WhatsApp. The new ePrivacy-Regulation was planned to come in force together with the GDPR, but as per July 2020 it was still under review. Some people assume that lobbying is the reason for this massive delay.[112]

Irrespective of the pending ePrivacy-Regulation, the European High Court has decided in October 2019 (case C-673/17[113]) that the current law is not fulfilled if the disclosed information in the cookie disclaimer is imprecise, or if the consent checkbox is pre-checked. Consequently, many cookie disclaimers that were in use at that time were confirmed to be incompliant to the current data protection laws. However, even this high court judgement only refers to cookies and not to other tracking methods.

References

  1.  The Editorial Boards (March 29, 2017). “Republicans Attack Internet Privacy”New York Times. Retrieved March 29, 2017.
  2. ^ Wheeler, Tom (March 29, 2017). “How the Republicans Sold Your Privacy to Internet Providers”New York Times. Retrieved March 29, 2017.
  3. ^ E. E. David; R. M. Fano (1965). “Some Thoughts About the Social Implications of Accessible Computing. Proceedings 1965 Fall Joint Computer Conference”. Retrieved 2012-06-07.
  4. ^ Valentino-DeVries, Jennifer; Singer, Natasha; Keller, Michael H.; Krolik, Aaron (2018-12-10). “Your Apps Know Where You Were Last Night, and They’re Not Keeping It Secret”The New York TimesISSN 0362-4331. Retrieved 2019-04-03.
  5. ^ Pogue, David (January 2011). “Don’t Worry about Who’s watching”. Scientific American304 (1): 32. Bibcode:2011SciAm.304a..32Pdoi:10.1038/scientificamerican0111-32PMID 21265322.
  6. ^ “The Value of Privacy by Bruce Schneier”. Schneier.com. Retrieved 2015-02-09.
  7. ^ Bruce Schneier (May 18, 2006). “The Eternal Value of Privacy by Bruce Schneier”. Wired.com. Retrieved 2016-07-19.
  8. Jump up to:a b Kang, Jerry (1998-01-01). “Information Privacy in Cyberspace Transactions”. Stanford Law Review50 (4): 1193–1294. doi:10.2307/1229286JSTOR 1229286.
  9. ^ Kang, Jerry (1998). “Information Privacy in Cyberspace Transactions”. Stanford Law Review50 (4): 1193–1294. doi:10.2307/1229286JSTOR 1229286.
  10. ^ “Preventing Identity Theft and Other Cyber Crimes”onguardonline.gov.
  11. ^ No Author. Washington State Office of the Attorney General. (2008). “Families and Educators: Information is Permanent”. Archived 2011-10-05 at the Wayback Machine
  12. Jump up to:a b Kosinski, Michal; Stillwell, D.; Graepel, T. (2013). “Private traits and attributes are predictable from digital records of human behavior”Proceedings of the National Academy of Sciences110 (15): 5802–5805. Bibcode:2013PNAS..110.5802Kdoi:10.1073/pnas.1218772110PMC 3625324PMID 23479631.
  13. ^ Matt Schafer (August 2, 2010). “Privacy, Privacy, Where for Art Thou Privacy?”. Lippmannwouldroll.com. Archived from the original on October 18, 2010. Retrieved October 17, 2010. As consumers have become wise to the use of cookies, however, the industry has begun using both normal cookies and local shared objects (a.k.a. flash cookies) in the event that users would delete the normal cookies.
  14. ^ “Protecting Yourself on Social Networks”Surveillance Self-Defense. 2014-09-29. Retrieved 2019-04-03.
  15. ^ Grimmelmann, James (2009). “Saving Facebook”Iowa Law Review. pp. 1137–1206.
  16. ^ Mediati, N. (2010). “The Most Dangerous Places on the Web”. PC World, 28(11), 72–80.
  17. ^ Youn, S. (2009). “Determinants of Online Privacy Concern and Its Influence on Privacy Protection Behaviors Among Young Adolescents”. Journal of Consumer Affairs43 (3): 389–418. doi:10.1111/j.1745-6606.2009.01146.x.
  18. ^ Larose, R.; Rifon, N. J. (2007). “Promoting i-Safety: Effects of Privacy Warnings and Privacy Seals on Risk Assessment and Online Privacy Behavior”. Journal of Consumer Affairs41 (1): 127–149. doi:10.1111/j.1745-6606.2006.00071.x.
  19. ^ “Children’s Internet Protection Act (CIPA)”Federal Communications Commission. December 30, 2019.
  20. ^ Valcke, M.; De Wever, B.; Van Keer, H.; Schellens, T. (2011). “Long-term study of safe Internet use of young children”. Computers & Education57 (1): 1292–1305. doi:10.1016/j.compedu.2011.01.010.
  21. ^ Maras, Marie-Helen (May 2015). “Internet of Things: security and privacy implications”International Data Privacy Law5 (2): 99–104. doi:10.1093/idpl/ipv004ProQuest 1704856770 – via ProQuest.
  22. ^ Larose, Robert; ChoI, Hyunyi (November 1, 1999). “Privacy Issues in Internet Surveys”. Social Science Computer Review17 (9): 421–434. doi:10.1177/089443939901700402S2CID 145589236.
  23. ^ Cyphers, Bennett (2019-12-02). “Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance”Electronic Frontier Foundation. Retrieved 2020-03-09.
  24. Jump up to:a b O’Connor, Cozen (2020-02-14). “What Is A “Reasonable Link” Under CCPA? | Lexology”www.lexology.com. Retrieved 2020-03-05.
  25. ^ Coleman, June (2020-02-20). “CCPA Clarity in California”ACA International. Retrieved 2020-03-05.
  26. ^ “IP Addresses No Longer Protected in Alberta”Canadian Lawyer Magazine. 2020-02-11. Retrieved 2020-03-05.
  27. ^ Krishnamurthy B, Wills CE. (2009). “On the Leakage of Personally Identifiable Information Via Online Social Networks”.
  28. ^ “New net rules set to make cookies crumble”BBC. 2011-03-08.
  29. ^ Edmond Lee (2011-05-06). “Sen. Rockefeller: Get Ready for a Real Do-Not-Track Bill for Online Advertising”Adage.com.
  30. ^ “Trust and Privacy Online: Why Americans Want to Rewrite the Rules”. Pew Internet & American Life Project. Released Aug. 20, 2000 Archived 2012-01-13 at the Wayback Machine
  31. ^ “Six Common Internet Privacy Myths”Daniel Dent. 2014-10-23.
  32. ^ Soltani, Ashkan. “Flash Cookies and Privacy”. University of California, Berkeley. Retrieved 3 February 2012.
  33. ^ Heyman, R.; Pierson, J. (2011). “Social media and cookies: challenges for online privacy”The Journal of Policy, Regulation and Strategy for Telecommunications, Information and Media13: 30–42.
  34. ^ Benninger, Corey. “A Look At Flash Cookies and Internet Explorer Persistence”(PDF). McAfee, Inc. Archived from the original (PDF) on 2012-06-17. Retrieved 3 February 2012.
  35. ^ “How to disable Flash in Firefox”electrictoolbox.com.
  36. ^ “Adobe – Web Players”adobe.com.
  37. ^ “Security Bulletins and Advisories”adobe.com.
  38. ^ “Alert for CVE-2012-4681”oracle.com.
  39. ^ Julia Angwin; Jennifer Valentino-DeVries (April 22, 2011). “Apple, Google Collect User Data”The Wall Street Journal. Retrieved 26 May 2014.
  40. ^ “‘Evercookie’ is one cookie you don’t want to bite”. September 20, 2010. Archived from the original on 2011-12-23.
  41. ^ Schneier
  42. ^ “Personal information gathering sites”GitBook. Archived from the original on 2018-03-21. Retrieved 2018-03-21.
  43. ^ Boerman, Sophie C.; Kruikemeier, Sanne; Zuiderveen Borgesius, Frederik J. (2017). “Online Behavioral Advertising: A Literature Review and Research Agenda”Journal of Advertising46 (3): 363–376. doi:10.1080/00913367.2017.1339368.
  44. ^ “Nevercookie Eats Evercookie With New Firefox Plugin”. SecurityWeek.Com (2010-11-10). Retrieved on 2013-08-16.
  45. ^ “Google to ‘phase out’ third-party cookies in Chrome”The Verge. 2020-01-14. Retrieved 2020-07-09.
  46. ^ “Preventing data leaks by stripping path information in HTTP Referrers”Mozilla Security Blog. 2018-01-31. Retrieved 2020-07-08.
  47. ^ Cackley, Alicia Puente (2019). “INTERNET PRIVACY: Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility”United States Government Accountability Office: 1–57.
  48. ^ In the Face of Danger: Facial Recognition and the Limits of Privacy Law. (2007). Retrieved from Harvard, Harvard Law Review Archived 2010-08-02 at the Wayback Machine
  49. ^ “Data Policy”facebook.com.
  50. ^ “Celebrities’ Photos, Videos May Reveal Location”. ABC. 16 July 2010. Retrieved 27 May 2014.
  51. ^ “Online photos can reveal our private data say, experts”BBC News. August 3, 2011.
  52. ^ “More Than Facial Recognition – Carnegie Mellon University”. Cmu.edu. Retrieved 2011-11-22.
  53. Jump up to:a b c Rodrigues, J. (November 29, 2009). Google Street View’s headaches around the world. The Guardian.
  54. Jump up to:a b Shankland, S. (2008, May 13). Google begins blurring faces in Street View.CNet News.
  55. Jump up to:a b c Elwood, S.; Leszczynski, A. (2011). “Privacy, reconsidered: New representations, data practices, and the geoweb”. Geoforum42: 6–15. doi:10.1016/j.geoforum.2010.08.003.
  56. ^ “Online Privacy: Using the Internet Safely – Privacy Rights Clearinghouse”privacyrights.org.
  57. ^ “AOL’s disturbing glimpse into users’ lives”CNET. CBS Interactive.
  58. ^ Dye, Jessica. “Consumer Privacy Advocates Seek Search Engine Solution”. EContent. Retrieved 2011-10-20.
  59. ^ Babic, Filip (2013). “Rethinking Online Privacy Litigation as Google Expands Use of Tracking: Giving Meaning to Our Online Browsing and the Federal Wiretap Act”Hastings Communications and Entertainment Law Journal36 (2): 471–488 – via BerkeleyLaw Library.
  60. ^ Pariser, Eli. “The Troubling Future of Internet Search”. The Free Library. Retrieved 2011-10-20.
  61. ^ Blakeman, Karen. “What Search Engines Know About You”. Online (Weston, Connecticut). Retrieved 2011-10-20.
  62. ^ Cain Miller, C. (2012, January 25). “A New Policy On Privacy From Google”. The New York Times, p. B3
  63. ^ Steinhauser, G. (2012, February 3). Google’s Privacy Policy Changes Prompt EU Probe. The Huffington Post
  64. ^ Miller, Claire (January 24, 2012). “Google To Update Privacy Policy to Cover Wider Data Use”New York Times. Retrieved Feb 6, 2012.
  65. ^ “Reuters. (2012, February 1). Google defends change to privacy policies. Chicago Tribune. Archived from the original on 2012-02-06. Retrieved 2012-02-05.
  66. ^ James Canter, “E.U. Presses Google to Delay Privacy Policy Changes” ‘The New York Times,’ February 3, 2012
  67. ^ Jay Perry, “Facebook vs. Canada. It’s about to get ugly.” ‘Techi,’ May 22, 2010
  68. ^ Robert McMillan, “Google Relents, Will Hand Over European Wi-Fi Data”‘PCWorld,’ June 3, 2010
  69. ^ “Google privacy policy is subject of backlash” ‘The Washington Post.’
  70. ^ EPIC – In re Facebook. (n.d.). EPIC – Electronic Privacy Information Center. Retrieved January 25, 2011/
  71. ^ Jillian York “A Case for Pseudonyms” EFF.org, July 29, 2011
  72. ^ World, PC. “People Search Engines: Limit the Information They Can Collect”. PC World. Retrieved 2011-10-20.
  73. ^
  74.  “Google urges UN to set global internet privacy rules”the Guardian. 2007-09-14. Retrieved 2020-10-09.
  75. Jump up to:a b “Directive 2009/136/EC”. 19 December 2009. ePrivacy-Directive
  76. ^ Regulation (EU) No 2016/679 of 25 May 2018 GDPR
  77. ^ “Security risks of logging in with facebook”Wired. 2 July 2020.
  78. ^ “The GDPR and Browser Fingerprinting: How It Changes the Game for the Sneakiest Web Trackers”European Frontier Foundation. 2 July 2020.
  79. ^ “e-Privacy Regulation victim of a “lobby onslaught””European Digital Rights. 2 July 2020.
  80. ^ “JUDGMENT OF THE COURT 1/10/2019”Court of Justice of the European Union. 2 July 2020.

Note: Every article published on this section is extracted from several most genuine authentic sources on our daily life who brings us qualitative LR&A honors the sprit of Journalism of these global giants of News Broadcasting across the globe and outer space, some of them Are, huppost, Aljazeera, New York Times, CNBC, wall street journals, Reuters, google news, Wikipedia, the Hindu, USA today, Financial times, Times Magazines, United Nation Journals, BBC, National Geographic, animal planet, History Tv, Fox network etc. Legal research & Analysis recommends all users kindly do read the original contents published by these main stream media giants, simply click the link of the head line of the post you want to read also share with your friends quality information do not pay attentions to unverified sources of News, fake news, news that can cause harm public at large are considered as fake news, LRA promotes the awareness regarding the spreading of fake news, or news without any genuine source of platform, kindly follow the instruction and help community flourished.