Web & Mobile Privacy

Web & Mobile Privacy

Adam Cox

University of Massachusetts Lowell

Lowell, MA 01854

Adam.Cox9@gmail.com

Abstract

Privacy on the web and on mobile devices is a growing concern. More people are sharing more aspects of their lives on their mobile device and the web without knowing exactly what can happen. This paper will identify the problem in general, provide some specific examples, and attempt to identify some potential solutions.

Introduction

“Privacy is considered a core value in democratic societies and is recognized either explicitly or implicitly as a fundamental human right by most constitutions of democratic societies. [2]” There is no clear definition of privacy. It is typically viewed by some researchers [7] as either “the right to be left alone” or “the right to control what information is known about them.” Further, other scholars [2] define privacy in two aspects, “informational privacy” and “spatial privacy”. One really good question was asked [7]: “Is privacy one of the unalienable rights to all citizens?” If it is, then there are mobile & internet privacy related issues that need to be resolved. It is implied [2] that privacy is a core value in democratic societies.

There has been research [7] into the foundation of privacy rights. As suggested, US laws are built upon the principles stated in the Constitution & Declaration of Independence. However, there was no direct mention of the term privacy in either of them [13]. The laws that do exist are considered a patchwork and some are not fit for the internet and mobile devices [7]. The laws will become too complex and possibly ineffective, but further, research suggests that a general law will not be effective either [7]. Breaking laws up into realm levels with guidelines in each realm would be more effective [7]. The US Bill of Rights [16] states that “private property [should not] be taken for public use, without just compensation” in Amendment V. Google’s new privacy policy has a one size fits all solution and a sub-privacy policy for specific services that either extend or overwrite the general policy [17]. Google’s method appears to be appropriate and the US in its’ entirety should make a general privacy policy with some policies that override it for specific situations.

“New users of the Internet generally do not realize that every post they make to a newsgroup, every piece of email they send, every [WWW] page they access, and every item they purchase online could be monitored or logged by some unseen third party. [1]” Whether it will be from their mobile device or their desktop computer, it is evident that users are at risk.

Current Privacy Laws

Most states have enacted laws to require companies to notify customers that their personal information has been breached. According to Anton, Earp, & Young [10], they concluded that it is plausible that these laws made it so more breaches were reported. This data can be visualized in [10].

The US has some privacy related laws [7]:

• The US Constitution (Amendment IV) secures the right of the people to be secure against unreasonable search and seizures
• Privacy Act of 1974
• Computer Security Act of 1988

In 1998, the FTC recommends five Fair Information Principles [6]:

• Notice/Awareness
• Choice/Consent
• Access/Participation
• Integrity/Security
• Enforcement/Redress

The EU has privacy protection laws [2]:

• EU Data Protection Directive 95/46/EC - codifies general privacy principles
• EU Directive 2002/58/EC - sets out specific rules for privacy protection in the electronic and mobile communications sector.

Security freeze laws were put into place allowing users to prevent any accounts being opened in their name. According to [11], Alabama, Michigan, and Missouri have not yet adapted a security freeze law, but since this paper was published, Missouri has passed such a law. However, the consumer agencies allow anybody from any state to set a security freeze on their account [10].

Common Threats

“Long-term databases threaten your ability to choose what you would like to disclose from your past. [1]” A post that you made after a few drinks when you were 21, could come back to haunt you at your job when you are 30. Further, advanced search technology could turn up a post or picture of you that maybe a family member or friend posted in the past without your knowledge or permission. This may cause harm at your place of work or in a relationship. Other problems include sites that allow anybody to locate another person’s address online. This could allow stalkers or an ex to identify and locate their victims.

There have been many specific examples of government employees abusing government databases of information [1]:

1. · IRS employees making illegal queries
2. · SSA employees making illegal queries
3. · AIDS patients records have been leaked
4. · The FBI has been known to spy on politicians
5. · The NSA has been known to spy on other domestic targets
6. · Bill Clinton’s Democratic administration was found to have unauthorized secret dossiers on Republican opponents

The HIPAA Privacy rule establishes national standards to protect individuals’ medical records and other personal health information [12]. There is no general law that forces companies to notify its’ customers of their privacy practices other than medical related information. There are many federal and state laws that are related to the privacy of users’ data [13].

Tools & Solutions

The Platform for Privacy Preferences (P3P) [3] protocol would allow websites to publish their privacy policies in a machine readable format. The browser of the visitor could then read this and compare it to the user’s settings. The drawback to this method is that there are no laws or regulations forcing websites to adhere to this policy if they use it [2].

Other tools, such as PiML would control the dissemination of a User Agent profile. The User Agent profile includes information such as location. PiML could be run as a proxy-based solution or browser built-in solution [2].

There is also a PRIME project, which is working on solutions that will provide users control over their personal data. It will also allow users to trace where the data about them is being sent [2].

Vulnerabilities

Mulliner [9] found that private information would be sent to the websites that the user visited through the HTTP proxy headers. They concluded that the mobile network carriers appended this information instead of it getting sent directly from the phone. They showed a detailed example of how the MSISDN number is getting sent out which contains the user’s phone number. They showed that a website could collect this information and, in some cases, perform a reverse phone number look up. The “reverse phone number look up” reveals information such as first & last name and sometime the user’s address.

The solution presented [9] is for the mobile network operators to not inject this data into the headers. Alternatively, the data would only be included in the mobile carrier network and only be sent to currently authorized third parties. The user has no way to prevent this from happening.

Some security vulnerabilities were presented [8] in accessing social networks from mobile phones in which private information can be accessed by a third party. Three classes of privacy and security problems associated with mobile social networks were identified:

1. Direct anonymity issues

2. Indirect or k-anonymity issues

3. Eavesdropping, spoofing, replay, and wormhole attacks.

Further, [2] stated that “the current development of technologies has neglected to maintain the protection of individuals’ sovereignty over his/her private sphere and particularly individuals control over personal data that the real non-electronic world naturally and culturally provides.”

User Concerns

A study performed [10] revealed issues in the following classifications - personalization, notice/awareness, information transfer, information collection, information storage, and access/participation.

The top concern was information transfer, followed by notice/awareness, then information storage and access/participation; the fifth top concern is information collection and finally the least concern is personalization [10].

Personalization is when a website changes based on the users behavior. Even though this is the least of users’ concerns, users were concerned about personalization in 2002 and even more in 2008 [10]. This could be from the users’ perceived feeling of being a victim of the websites targeting.

It was stated [2] that “privacy can only be effectively protected by a holistic approach comprising both legal and technical means of protection.”

Conclusion

Through the research presented in this paper, it is shown that privacy threats exist on the Web and on Mobile Devices. These threats were identified and a summary of them was presented. It was also shown that there are some ways to potentially prevent some of these threats either through individual or collective means.

References

[1] I. Goldberg, D. Wagner, E. Brewer. “Privacy-enhancing technologies for the Internet” http://www.cs.berkeley.edu/~daw/papers/privacy-compcon97-www/privacy-html.html

[2] S. Fischer-Huebner. “Privacy Risks and Challenges for the Mobile Internet”

[3] W3C, Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/

[4] The Privacy Act of 1974 http://www.justice.gov/opcl/privstat.htm

[5] The Computer Security Act of 1987 http://www.cio.gov/documents/computer_security_act_jan_1998.html

[6] FTC, Fair Information Practice Principles http://www.ftc.gov/reports/privacy3/fairinfo.shtm

[7] C. Purchell, J. Zhan. “Adapting US Privacy Laws to the Internet: Is Patching Enough?”

[8] A. Beach, M Gartrell, R. Han. “Solutions to Security and Privacy Issues in Mobile Social Networking”

[9] C. Mulliner. “Privacy Leaks in Mobile Phone Internet Access”

[10] A. I. Anton, J. B. Earp, J. D. Young. “How Internet Users’ Privacy Concerns Have Evolved since 2002”

[11] Missouri Attorney General. http://ago.mo.gov/ConsumerCorner/blog/10407/Credit_freeze_may_become_law_and_cheaper_in_Missouri/

[12] US Department of Health & Human Services, HIPAA Privacy Rule. http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html

[13] Information Shield, United States privacy Laws. http://www.informationshield.com/usprivacylaws.html

[14] US Constitution, http://www.house.gov/house/Constitution/Constitution.html

[15] Declaration of Independence, http://www.archives.gov/exhibits/charters/declaration_transcript.html

[16] Bill of Rights, http://www.archives.gov/exhibits/charters/bill_of_rights_transcript.html

[17] Google, Policies & Principles. http://www.google.com/policies/privacy/preview/

8D8 Apps Blog

Check out the new 8D8 Apps Blog!

Sony mylo COM-2 Internet Device (Black)

Sony mylo COM-2 Internet Device (Black)

(Personal Computers)

Color: Black

• Pocket size communicator that uses Wi-Fi (IEEE 802.11b/g)
• Send instant messages, Skype phone calls, and e-mail via web mail
• Music player (MP3, WMA, ATRAC and AAC codecs), MPEG-4, AVC(baseline) video playback
• 1 GB internal memory, plus Memory Stick Duo media slot
• 3.5-inch high resolution (800 x 480) color LCD Touchscreen, 1.3 megapixel built-in camera

Retail Value: $299.99
Best Price: click for price

more details>>>

Click Here to Buy!

See All Offers | Technical Details | Customer Reviews

The 802.11b/g WiFi Sony mylo personal communicator gives you what you need to stay connected. Mylo uses wireless LAN technology so there are no monthly bills or long-term contracts. Call your friends on Skype for free or IM them on AIM, Google Talk, or Yahoo! Messenger using the back-lit slide-out keyboard. You can also browse the Web, take photos and then share/view them on the 3.5-inch LCD touch screen. All this on a device small enough to take virtually anywhere. Sony mylo, the fun of your PC in your pocket.
The redesigned Sony Mylo COM-2 (which stands for "my life online") enables you to stay in touch with all your IM and e-mail contacts without having to lug around a laptop. While still curvy along the sides for a comfortable feel in the palms of your hand, the top and bottom of the Mylo COM-2 have been given a sleeker straight edge. Other improvements include a larger 3.5-inch LCD (800 x 480-pixel resolution), a bump in Wi-Fi speed to 802.11g (in addition to 802.11b), and a built-in 1.3-megapixel camera. Other features include an easy-to-operate back-lit, slide-out QWERTY keyboard, an embedded microphone and speaker, multi-format digital audio player, and integrated Skype VoiP capabilities.

The redesigned Mylo COM-2 now includes faster Wi-Fi connectivity (802.11b/g), a 1.3-megapixel camera, and upload/download capabilities so you can share photos on the Web.

With the integrated wireless LAN, you won't have to worry about monthly bills or long-term contracts--just connect to any open Wi-Fi network and start chatting with friends using AIM, Google Talk, or Yahoo! Messenger. You can also browse the Web as well as send and receive email. Enjoy free Internet phone calls to and from any Skype enabled device and PC anywhere in the world, or Skype-Out to any phone number for a nominal fee.

The built in 1.3-megapixel camera lets you capture photos, edit them on the built in photo editor and--because the COM-2 features upload and download capability--post them directly to your blog or even to your Facebook page.

Through its hi-resolution touch-screen, enhanced Web Browsing combined with Adobe Flash Lite 3 support means you now have access to websites like YouTube and others. Flash Lite support also means you can play compatible casual Flash games.

In addition to powerful communication features, the Mylo COM-2 also provides a wide variety of digital audio, video, and photo playback. Like it's predecessor, the COM-2 is compatible with MP3, ATRAC, WMA (including secure Windows Media DRM 10 tracks you've purchased from online music stores or downloaded from subscription services), and it now can also play un-secured AAC tracks. The improved video player supports both MPEG4 simple/advanced along with the improved video quality of MPEG4 AVC. And the Mylo COM-2 is all about multi-tasking: listen to music while you IM or surf the Web.

The rechargeable lithium-ion battery provides up to 20 hours of continuous music playback, up to 7 hours of video playback, and up to 6 hours of Internet calling. It comes with 1 GB of internal memory, which can be expanded via Memory Stick Duo media, and it offers USB 2.0 high-speed connectivity to your PC.

Mylo Widgets
The Mylo COM-2 comes with several pre-installed widgets that range from a Google search widget and the Facebook Notifier (tracking activity on your Facebook page) to more advanced apps like the My Contacts widget, which works as a consolidated buddy list for all the IM applications on the Mylo. In addition to the preinstalled widgets, you'll be able to download new widgets from the Mylo web site as well as register as a developer if you want to build your own widgets.

Note About Connectivity
The mylo Personal Communicator COM-1 requires a compatible wireless LAN access point to use the interactive IM, email, and Web features. It generally requires no additional monthly service charges as long as you are connected to free access points found in homes, cafes, businesses, and campuses. However, some access points and features may rely on Internet services which may require a fee.

Sony

Accessories:

• Norton 360 4.0 1 User (3 PC)
• Kaspersky Internet Security 2010 3-User [OLD VERSION]
• Microsoft Windows 7 Anytime Upgrade [Home Premium to Professional]
• AmazonBasics RJ45 Cat5e Ethernet Patch Cable (14 Feet/4.2 Meters)

Similar Products:

• Sony COM2 LCD Screen Protector (COMP-FLS1)
• Sony MSXM8GS 8 GB Memory Stick PRO Duo (Retail Package)
• Sony COM2 Faceplate (COMP-JK11)
• Sony Mylo COM-1 Personal Communicator, MP3/MP4/Audio/Video Player, Wi-Fi Pocket Portable PC
• Sony 4 GB Walkman Video MP3 Player NWZ-E436F (Black)

Model: (COM2BLACK)

UPC: (027242720817)

EAN: (0027242720817)

->Electronics->Categories->Computers & Accessories

Hot Technology

Netbooks. In a weak economy, these small and cheap laptops will continue to be popular. Already loaded with Wi-fi, webcams and other features, these ultra-portable computers will soon come with GPS and touch screens as well -- all for prices under $500. Look for a new wave of them at CES.

Thin OLED TVs. You've heard of LCD and LED -- now meet OLED, which stands for organic light-emitting diode and creates a gorgeous picture. For now, they're also way too expensive -- Sony's XEL-1, the world's first OLED TV, costs $2,500 for an 11-inch screen -- but they're cool to look at. The screen panel on the Sony model is only 3 millimeters thick.

Mobile devices. Touch screens, once limited to high-end smartphones such as Apple's iPhone, are filtering down to mid-range devices as well. Cell phone manufacturers also are increasingly building phones that shoot sharper photos and better video.

Wireless home electronics. Will this mark the year we can finally say goodbye to that cumbersome tangle of wires behind our TVs and stereos? Probably not, but we're getting there.

More "green" products. Motorola is rumored to be launching a phone made from recycled tech waste. And at least several manufacturers are promising to unveil pioneering, environmentally safe batteries -- including one made without lithium or lithium ion.

Downloadable video players. "We're going to see a lot of devices that offer downloadable video, be they Blu-Ray players [or video game consoles]," said Costa of PC magazine, who believes prices of Blu-ray players will keep dropping. "All these devices can download video over the Internet, some of it in HD quality. That's the type of device we're going to see a lot more of, and it makes perfect sense when people are looking to nest [at home]."