The Ins, Outs, and Nuances of Internet Privacy
-
Upload
eboost-consulting -
Category
Business
-
view
854 -
download
0
description
Transcript of The Ins, Outs, and Nuances of Internet Privacy
What data do they track?
What data do they track?
Can I anonymize my online activity?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity? What about
privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity?
What about privacy rights?
Does the web know who I am?
What data do they track?
Can I anonymize my online activity? What about
privacy rights?
This is me.
This is me.
This is me.
Voluntary.
Photos
build a life.
Photos
=
It’s automatic.: - 0
It’s automatic.: - 0
+
+
39%
+
39%rejected
49 Data Channels!
- Rubicon Project- AdSonar (AOL)- Advertising.com (AOL)- Tacoda.net (AOL)- Quantcast- Pulse 360- Undertone- AdBureau (Microsoft)- Traffic Marketplace- Doubleclick (Google)
- Rubicon Project- AdSonar (AOL)- Advertising.com (AOL)- Tacoda.net (AOL)- Quantcast- Pulse 360- Undertone- AdBureau (Microsoft)- Traffic Marketplace- Doubleclick (Google)
In-Voluntary?Voluntary?
- Rubicon Project- AdSonar (AOL)- Advertising.com (AOL)- Tacoda.net (AOL)- Quantcast- Pulse 360- Undertone- AdBureau (Microsoft)- Traffic Marketplace- Doubleclick (Google)
In-Voluntary?
- Rubicon Project- AdSonar (AOL)- Advertising.com (AOL)- Tacoda.net (AOL)- Quantcast- Pulse 360- Undertone- AdBureau (Microsoft)- Traffic Marketplace- Doubleclick (Google)
In-Voluntary?Voluntary.
test drive.
How does it happen?
How
How does it happen?
Where does it go?
How
Where
Traffic Analysis
Traffic Analysis
Audience Profiling
Log Files
Web Beacons
Cookies
Consider this.
Consider this.
Consider this.
PII
Risk / Reward
[+]
[-]
[+]
[-]
Risk / Reward
Badware
Badware
BadwareMalware
BadwareMalware
BadwareMalware
Spyware
BadwareMalwareSpyware
BadwareMalwareSpywareWeb Bug Phishing Rootkit Virus Worm Probe Keylogger Trojan Horse
…
Badware
MalwareSpyware
Web Bug Phishing Rootkit Virus Worm Probe Keylogger Trojan Horse Web Bug Phishing Rootkit Virus Worm Probe
…
What’s my defense?
Tell me,
what is privacy?
Tell me,
what is privacy?
Tell me,
what is privacy?
Tell me,
what is privacy?
Tell me,
what is privacy?
Tell me,
what is privacy?
Privacy
1 The quality or state of being apart from company or observation2 Freedom from unauthorized intrusion
Unlawful intrusion into private affairs, disclosure of private information, publication in a false light, or appropriation of a name for personal gain
Dictionary
Legal
Security
1 Freedom from danger, risk, etc.; safety2 Something that secures or makes safe; protection; defense
Internet security is a subset of actions aimed at securing information based on computers and in transit between them.
Dictionary
Legal
What you can doabout privacy and security.
Privacy From Two Perspectives
Tips For Consumers and Business Owners
Ask yourself are you trying to secure your information or your activities?
To Secure Activities on the internet consider Anonymity Tools The Onion Router (TOR) – Attempts to conceal your internet tracks by
bouncing you around several layers of proxy routers, hence the term onion in the name. Think WikiLeaks
To Secure information on your computer consider Privacy Tools
Firewalls Antivirus Software (Microsoft Security Essentials-Free) Antimalware Software (SpyBot, Malware Bytes) Always check for proper SSL (https://) encryption before submitting
any info to websites Change your Passwords!!!!!
Personal Privacy
Consumer Privacy Goals Maintain Secure Identity
Only give out personal information on a need to know basis
Check URL’s of websites to see that they match the SSL certificate before submitting personal info to sites
Computer Updates to OS Plug security holes
Data Backups Only as good as your last backup Backups can be infected as well if virus infections are not
caught early
URL SSL Encryption Example
Ever increasing customer privacy compliance requirements Data Breaches Hackers directly targeting individual companies
Sony PS network LulzSec / Anonymous Lockheed Martin (RSA)
Industrial Command And Control Virus Stuxnet (Iran)
A Business Owner’s Perspective (i)
LAN Security - Firewalls Wireless Security – Encryption (WPA2) Website Security – Encryption (SSL) PCI Compliance – External Network Probe For Security Database Security – Encryption of sensitive info on the DB Change Logs – Tracking all changes to sensitive information
storage and management Audit Yourself before “THEY” Do – Find issues and fix them,
its cheaper and easier….
A Business Owner’s Perspective (ii)
Email Filtering Spam Filtering Services – AppRiver, Postini Email Virus Filtering – AppRiver, AV on the email server
Daily Temp file deletion on workstations Clear Cookies, History from web browsers Daily AV Scans on all workstations Daily AV Scans on all servers before backups Cultivate a culture that allows staff to own up to virus
infections when they happen. Catching virus activity early is the best defense.
A Business Owner’s Perspective (iii)
All Websites and Apps must use SSL encryption when collecting user data.
Even something as simple as a email newsletter should be secured.
Opt-In on all data collection practices Clearly define what you will and won’t do with
client data in a Privacy Policy posted on your site Adhere to your policy or change it if you deem
necessary. Do not operate outside your stated policy
Define a Data Retention Policy (Usually 3 years) Secure Destruction of data after retention policy
A Business Owner’s Perspective (iv)Customer Data Collection
Know your countries privacy laws and adjust your internal collection practices to match.
Sometimes Opt-in is not enough US-EU Safe Harbor Framework COPPA – Under 13 in the US Going international opens up easier routes to
hacking corporate networks. Think China Hacking Google
A Business Owner’s Perspective (v)Going International
The Ins, Outs, and Nuances of Internet Privacy June 30, 2011
Greg HallOwner, 247 IT Outsourcing