Digital privacy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Digital Privacy is a collective definition that encompasses three sub-related categories; information privacy, communication privacy, and individual privacy.[1] It is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in digital spheres, and is typically used in opposition to the business practices of many e-marketers/businesses/companies to collect and use such information and data.[2]

Privacy Types[edit]

Information Privacy[edit]

Main article: Information Privacy

In the context of digital privacy, information privacy is the notion that individuals should have the freedom, or right, to determine how their digital information, mainly that pertaining to personally identifiable information, is collected and used. The EU has various laws that dictate how information may be collected and used by companies. Some of those laws are written to give agency to the preferences of individuals/consumers in how their data is used. In other places, like in the United States, privacy law is argued by some to be less developed in this regard.[3] By example, some legislation, or lack of, allows companies to self-regulate their collection and dissemination practices of consumer information.

Communication Privacy[edit]

In the context of digital privacy, communication privacy is the notion that individuals should have the freedom, or right, to communicate information digitally with the expectation that their communications are secure; meaning that messages and communications will only be accessible to the sender's original intended recipient.[4] However, communications can be intercepted or delivered to other recipients without the sender's knowledge, in a multitude of ways. Communications can be intercepted directly through various hacking methods,[5] this is expanded upon further below. Communications can also be delivered to recipients unbeknownst to the sender due to false assumptions made regarding the platform or medium which was used to send information. An example of this is failure to read a company's privacy policy regarding communications on their platform could lead one to assume their communication is protected when it is in fact not.[6] Additionally, companies frequently have been known to lack transparency in how they use information, this can be both intentional and unintentional.[7] Discussion of communication privacy necessarily requires consideration of technological methods of protecting information/communication in digital mediums, the effectiveness and ineffectiveness of such methods/systems, and the development/advancement of new and current technologies.

Individual Privacy[edit]

In the context of digital privacy, individual privacy is the notion that individuals have a right to exist freely on the internet, in that they can choose what types of information they are exposed to, and more importantly that unwanted information should not interrupt them.[8] An example of a digital breach of individual privacy would be an internet user receiving unwanted ads and emails/spam, or a computer virus that forces the user to take actions they otherwise wouldn't. In such cases the individual, during that moment, doesn't exist digitally without interruption from unwanted information; thus their individual privacy has been infringed upon.

Individual Privacy[edit]

Some internet users proactively work to ensure that their information can not be collected, this is the practice of attempting to remain anonymous.

Information Anonymity[edit]

The following examples are systems that allow a user to remain anonymous when accessing the web, and by extension the use of which better ensures the protection of their personally identifiable information.

Onion Routing was originally developed by the U.S. Naval Research Lab and was intended to anonymize web traffic.[9] The system created a path to any TCP/IP server by creating a pathway of onion routers. Once a pathway has been established, all information that is sent through it is anonymously delivered[10]. When the user has finished utilizing the pathway it was essentially deleted which freed the resources to be used for a new pathway within Onion Routing. The Onion Routing project developed into what is today known as TOR, a completely open-sourced and free software. Unlike its predecessor, Onion Routing, Tor is able to protect both the anonymity of individuals as well as web providers. This allows people to set up anonymous web servers which in effect provides a censorship-resistant publishing service.[9]

Communication Anonymity[edit]

The previously mentioned information anonymity systems can also potentially protect the contents of communications between two people, but there are other systems that directly function to guarantee a communication remains between only two people; they function to accomplish that only the intended recipient of a communication will receive it.[11]

One of these systems, PGP (which is an acronym for Pretty Good Privacy), has existed in various forms for many years. It functions to protect email messages by encrypting and decrypting them. It originally existed as a command-line-only program, but in recent years it has evolved to have its own full interface and a multitude of email providers offer built-in PGP support. Users can also install PGP-compatible software and manually configure it to encrypt emails on nearly any platform.[12]

SSL (acronym for Secure Sockets Layer) and TLS (acronym for Transport Layer Security) are measures to secure payments online. While these systems are not immune from breaches or failure, many users benefit greatly from their use as every major browser program has support for it built in.[9]

Additional Services[edit]

There are additional methods that work to provide anonymity and by extension protect their data. Amongst these include services like IP address changers, in which an internet user typically pays a fee to utilize. Since IP addresses can frequently be traced back to a specific physical location[13], and likewise by extension can identify someone, the service helps users remain anonymous by providing access to a multitude of servers in various geographic locations around the world which allows the user to appear as if they are physically located in a selected area, even when they are not. This is an example of a method/service that works to allow for information and communication anonymity.[14]

Privacy and Information Breaches[edit]

Methods can be purposely crafted to obtain one's personal information illegally. These directed attacks are commonly referred to as hacking, though that term refers to the general practice and doesn't address specific hacking methods and implementation. Various hacking methods as it pertains to the invasion of one's digital privacy are outlined below. As it pertains to intent, within hacking there are two categories of invasion: 1) Directed attacks against someone individually, and 2) Directed attacks against groups.[15] With the latter category, however, a hacker could effectively obtain a specified/particular individual's information through first targeting a larger group.[16] An example of this possibility could be as follows: If a hacker, named individual-A, wishes to obtain a particular person's information, individual-B, he/she could first target a platform or group that has individual-B's information already, such as a credit agency, or they could likewise target a group that individual-B has previously relinquished/provided their data to, like a social media network or a cloud based data service. Through targeting one of those groups, individual-A could effectively obtain individual-B's information by first hacking all data the group has, including the data of other individuals. Once obtained, the hacker could simply identify individual-B's information within the data and disregard the rest.

Example of an Individual Attack: Phishing[edit]

Main article: Phishing

Phishing is a common method of obtaining someone's private information.[17] This generally consists of an individual (often referred in this context as a hacker), developing a website that looks similar to other major websites that a target person commonly uses. The phishing website may look identical to the legitimate site, but its URL could be a variation in spelling or a different domain such as .org instead of .com.[18] The target person can be directed to the site through a link in a 'fake' email that is designed to look like it came from the website he/she commonly uses. The user then clicks on the URL, proceeds to sign in, or provide other personal information, and as opposed to the information being submitted to the website that the user thought they were on, it is actually sent directly to the hacker.[19] Phishing attacks commonly obtain bank and financial data as well as social networking website information.[18]

There are tools that can help users protect their information from phishing attacks and these include the Web browser extensions, which are capable of flagging suspicious websites and links.[20]

Development and Controversy[edit]

Digital privacy is a trending social concern. For example, the TED talk by Eric Berlow and Sean Gourley subsequent to the 2013 mass surveillance disclosures cast a shadow over the privacy of cloud storage and social media.[21] While digital privacy is concerned with the privacy of digital information in general, in many contexts it specifically refers to information concerning personal identity shared over public networks.[22]

Before the Edward Snowden disclosures concerning the extent of the NSA PRISM program were revealed in 2013, the public debate on digital privacy mainly centered on privacy concerns with social networking services, as viewed from within these services.

As the secrecy of the American Foreign Intelligence Surveillance Act becomes widely disclosed[23], digital privacy is increasingly recognized as an issue in the context of mass surveillance.

The use of cryptographic software to evade prosecution and harassment while sending and receiving information over computer networks is associated with crypto-anarchism, a movement intending to protect individuals from mass surveillance by the government.


See also[edit]

References[edit]

  1. ^ Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e‐services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. ISSN 0887-6045.
  2. ^ TEDx Talks (2016-01-21), Privacy in the Digital Age | Nicholas Martino | TEDxFSCJ, retrieved 2018-11-28
  3. ^ "Privacy Law in the United States, the EU and Canada: The Allure of the Middle Ground 2 University of Ottawa Law & Technology Journal 2005". heinonline.org. Retrieved 2018-11-28.
  4. ^ Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e‐services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. ISSN 0887-6045.
  5. ^ Sushmitha, R. "HACKING METHODS, TECHNIQUES AND THEIR PREVENTION". International Journal of Computer SCience and INformation Technology Research. Vol. 2, Issue 2: 183–189.
  6. ^ Kemp, Katharine. "94% of Australians do not read all privacy policies that apply to them – and that's rational behaviour". The Conversation. Retrieved 2018-11-28.
  7. ^ Meijer, Ronald; Conradie, Peter; Choenni, Sunil (2014). "Reconciling Contradictions of Open Data Regarding Transparency, Privacy, Security and Trust". Journal of theoretical and applied electronic commerce research. 9 (3): 32–44. doi:10.4067/S0718-18762014000300004. ISSN 0718-1876.
  8. ^ Hung, Humphry; Wong, Y.H. (2009-05-22). "Information transparency and digital privacy protection: are they mutually exclusive in the provision of e‐services?". Journal of Services Marketing. 23 (3): 154–164. doi:10.1108/08876040910955161. ISSN 0887-6045.
  9. ^ a b c Acquisti, Alessandro; Gritzalis, Stefanos; Lambrinoudakis, Costos; Vimercati, Sabrina di (2007-12-22). Digital Privacy: Theory, Technologies, and Practices. CRC Press. ISBN 9781420052183.
  10. ^ "Anonymous connections and onion routing - IEEE Journals & Magazine". ieeexplore.ieee.org. Retrieved 2018-12-12.
  11. ^ Edman, M. and Yener, B. 2009. On anonymity in an electronic society: A survey of anonymous communication systems. ACM Comput. Surv. 42, 1, Article 5 (December 2009), 35 pages. DOI = 10.1145/1592451.1592456, http://doi.acm.org/10.1145/1592451.1592456
  12. ^ Zimmermann, Philip R. (1999). "Why I Wrote PGP". Essays on PGP. Philip Zimmermann.
  13. ^ "Survey and taxonomy of IP address lookup algorithms - IEEE Journals & Magazine". ieeexplore.ieee.org. Retrieved 2018-12-12.
  14. ^ Office Privacy Commisioner of Canada, Technology Analysis Branch (May 2013). "What an IP Address Can Reveal About You" (PDF). Annual Reports.
  15. ^ Koumourou, Xenophon. Hacking analysis and protection: Hacking analysis and protection methods. CreateSpace Independent Publishing Platform. ISBN 1463764944.
  16. ^ Dubovitskaya, Maria, Take back control of your personal data, retrieved 2018-12-12
  17. ^ "A survey of phishing attacks: Their types, vectors and technical approaches". Expert Systems with Applications. 106: 1–20. 2018-09-15. doi:10.1016/j.eswa.2018.03.050. ISSN 0957-4174.
  18. ^ a b Hassan, Nihad; Hijazi, Rami (2017). Digital Privacy and Security Using Windows: A Practical Guide. New York: Apress. p. 69. ISBN 9781484227985.
  19. ^ "Taking the Bait: A Systems Analysis of Phishing Attacks". Procedia Manufacturing. 3: 1109–1116. 2015-01-01. doi:10.1016/j.promfg.2015.07.185. ISSN 2351-9789.
  20. ^ Acquisti, Alessandro; Gritzalis, Stefano; Lambrinoudakis, Costos; di Vimercati, Sabrina (2007). Digital Privacy: Theory, Technologies, and Practices. Boca Raton, FL: Auerbach Publications. p. 14. ISBN 9781420052176.
  21. ^ Gourley, Eric Berlow and Sean, Mapping ideas worth spreading, retrieved 2018-11-27
  22. ^ "Privacy". Electronic Frontier Foundation (in Spanish). Retrieved 2018-11-27.
  23. ^ Roberts, Jeff (2013-08-22). "Google and Microsoft's plea on NSA requests moves slowly in secret court". gigaom.com. Retrieved 2018-11-27.