Introduction

It is a common assumption by Internet users that their online activities are private and, to an extent, anonymous. This is not the case. A user's Internet Service Provider (ISP) has the power to monitor and log all traffic; including the websites that they access, the emails that they send, the newsgroups that they read, and even the search terms that they type into Google. To a lesser extent, even the websites that a user visits have access to a surprising amount of information regarding their browsing habits. Technology being introduced by the top three UK Broadband providers (Phorm & Webwise) under the guise of targeted advertising, with the side benefit of 'Phishing Protection', extends this ability to machine reading of all unencrypted traffic sent or received by a web browser. The technology involved, if reconfigured, has the ability to machine read all unencrypted data, including email and documents, passing over a Broadband subscribers connection to the Internet.

Problem Areas

The major obstacles to online privacy, and some methods to overcome them, are summarised in the following sections.

Search Engine history
Sale of personal contact information
Workplace monitoring
Spyware

Search Engine history

There have been numerous examples of search engines disclosing records of users' searches. Google, by far the most popular search engine today, maintains both records of IP addresses and a long-term "cookie" that records an individual's searches for up to several years[1]. Although this data is not immediately associated with a user's name, the information stored by ISP's and websites allows for easy linking of an individual to their stored search records, with potentially serious consequences. The most famous example of such a case was the detention of Shi Tao[2], a Chinese journalist, who was imprisoned for 10 years due to email logs disclosed by Yahoo!.

Google's Chinese launch [3]
ZDnet FAQ: When Google is not your friend [4]
Open Democracy: Some Grown-up Questions for Google [5]
BBC: Google defies US over search data [6]

Sale of personal contact information

Many websites require registration before they grant access to their full range of services. For some websites, the stored and collated information of their users is a valuable source of income. Advertising firms purchase databases of valid email addresses in order to target their advertising most efficiently; the agreement for users' data to be used in this way is often included in the extensive small print that users must click through when registering with a website.

User information from websites may also leak into the "black market" of email databases that are bought and sold by spammers, who are willing to pay for guaranteed valid email addresses as a target for unsolicited advertising. Due to the nature of email address databases, and the low likelihood of the dishonest website owner being caught, it is almost impossible to guarantee that email addresses given to a website will not be used for such purposes.

Workplace Monitoring

Workplaces are increasingly monitoring the online activity of employees. Management Issues report that more than a third of large companies in the US and the UK have gone as far as to hire staff to snoop on outbound emails for leaks of confidential information or content that can pose real legal, financial and regulatory risks. Such companies face legal danger for breaching privacy laws says IT Week. "Legal experts warned that failure to ensure employees are aware of email checks could risk breaching a number of laws, including Lawful Business Practice Regulations, the Data Protection Act and the Human Rights Act."

Spyware

Increasingly, software is being deployed that installs itself on users' systems in order to report on their online activities. Such software may be designed by large companies in order to gather information for the purposes of advertising, or may be spread by malicious hackers in order to sniff users' passwords and other data. These programs are sometimes installed via illegal "trojan horse" programs that spread by email or instant messages, or may be silently included alongside otherwise legitimate software.

Even in the absence of such programs, websites often use long term "tracking cookies" in order to maintain profiles of users. (Cookies are small files downloaded onto the users' computer via the web browser that provide a website with a unique identifier for each user. These files are read each time a user accesses the website, and are used to maintain login details or history information.)

Spyware can often be detected and removed by one of the increasing number of anti-spyware tools, such as the free Spybot.

What can I do to protect my privacy on the internet?

There are several ways to protect your privacy online. We will look at the following:

Browser Choice
Registration Awareness
Cookie Awareness
Social Networking Sites
Anonymising Proxies

Browser Choice

The majority of users access the web using Microsoft's Internet Explorer, which has been criticized in the past for its poor security and privacy record. Although the latest version of Internet Explorer has made improvements in these areas, many users advocate the usage of free alternative browsers such as Firefox or Opera, which are often considered to be superior in protecting users' security and privacy.

Firefox

Firefox is developed through the collaboration of hundreds of volunteer programmers across the Internet, and has become a popular alternative to Internet Explorer. Another advantage of Firefox is its extensive library of "add-ons" that improve and extend the browser's functionality, of which there are several privacy orientated extensions.

Opera

Opera is a closed source browser predating Firefox, and aims to support strict web standards. Although Opera does not support "add-ons" like Firefox, it tries to pack as many necessary features out of the box, but does support "Widgits" and UserJS scripts. Opera's standards support is often seen to be higher than Firefox, and patches issued routinely, however Firefox contains the larger community and market-share.

Registration Awareness

Many websites now require users to register before being granted full access to the site. This typically involves supplying a name, email address and password. For such sites it is advisable to maintain a secondary email account that is used solely for web site registrations. As an email address used for website registrations inevitably attracts spam emails, this approach allows for a measure of protection for a primary, personal account. Free services, such as Google's [mail.google.com GMail] and Microsoft's [mail.live.com Hotmail] allow easy registration of such throwaway accounts.

It goes without saying that users should be careful what information is given out to websites. Many registration forms encourage users to fill in as much information as possible, but will have a smaller amount of "required" information. Filling in only the required fields in registration forms is advisable for preserving privacy.

Cookie Awareness

Cookies are unique identifiers that web sites place on a user's computer, and are used to maintain persistent information regarding that user's activities on the site. Cookies are kept in a file accessible to your browser, and may be accessed by websites in order to preserve login information and a history of activities.

For privacy, a major concern is that websites often maintain "persistent cookies" that may last for years. If such a cookie is stored on a user's computer, they will be preserved even if that user changes their ISP or upgrades their browser. Whilst cookies have valid uses, such as maintaining login information for sites that require registration, other websites make use of them to profile users.

Learn more about disabling cookies.

Social Networking Sites

One of the most widespread trends on the Web is the rise of social networking sites such as MySpace and FaceBook. These sites allow registered users to maintain social contacts with their friends, to communicate, to arrange events and to share photographs. From the point of view of privacy, such sites are clearly a grave concern. Many users are surprised to learn that the details of their lives that they upload are easily viewed by others, including those for whom the information may not have been intended.

It is already the case that employers are beginning to research their future employees online, and University students are finding that their actions are subject to the scrutiny of their institution [7]. Of concern is the fact that a user may find their activities recorded not by themselves, but by their acquaintances. The increasing adoption of social networking sites means that this trend is set to become of greater importance in the future.

For such sites it is necessary to consider the nature of all potential viewers. Users will increasingly come to learn that very little information uploaded to the Internet, even when behind nominally "private" account restrictions, remains inaccessible.

Anonymising Proxies

Web browsers communicate with websites through a protocol known as HTTP. This protocol was designed for the efficient transfer of text data, without initial concerns as to security or privacy. As such, web browsing can reveal a wide range of information about a user's computer, the previous websites that they have visited and even their location: there exist databases that map computers' unique IP addresses to geographical locations, albeit with a relatively low accuracy.

A simple way to decrease this leakage of information is by passing all connections through a second computer: a proxy. In this scenario, all requests from a user's computer are passed through another computer running special software; this prevents websites from learning the location of the user.

Standard proxies obscure only the address of the user's computer and cannot prevent the sending of cookies or registration details. Additionally, a skilled attacker can "see around" the proxy. For this reason, a number of anonymising proxies have been developed in order to provide concerned users with higher levels of both anonymity and privacy.

The most widespread anonymising tool is Tor, funded by the Electronic Frontier Foundation. This makes use of a volunteer-run network of specially designed proxies that prevent a user's computer being traced. Tor is typically used in combination with Privoxy, a special piece of software that ensures that cookies and other identifying information are automatically stripped from all web traffic. This technical solution is the current "state of the art" in maintaining online privacy.

Links

Software

Yauba Privacy Safe Search Engine - A free alternative search engine focused on Internet privacy.
Get Firefox! - An alternative browser, open source
Opera Software - Another alternative browser, closed source
The Tor Project - An anonymising proxy for Internet traffic.
Privoxy - Proxy software to strip identifying information from web traffic.
SpyBot - Free software to detect and remove spyware.

Documents

Workplace monitoring

Fact Sheet on employee monitoring Privacy Rights Clearinghouse
responsible information-handling practices Privacy Rights Clearinghouse

Press

2008-02-10 - The Financial Times - EU to act over online privacy: Author: Maija Palmer; Summary: European privacy regulators are set to impose tighter restrictions on the way search engines such as those of Yahoo and Microsoft keep customer data. Peter Schaar, Germany's federal data protection commissioner and chairman of the Article 29 working party that advises the European Union on privacy policy, told the Financial Times that the search engines were keeping data too long.

2008-02-04 - BBC News / Technolgy - Are the watchers being watched?: Author: Bill Thompson; Summary: MPs can't complain that they are being watched on the internet, as there is no obvious way to screen their communications out from those of everyone else. Almost 800 bodies are allowed to access communication traffic data in the UK, and in the first nine months of 2007 over 250,000 requests were made for such data.

2007-09-14 - ZDNet - Google proposes global privacy standard: Author: Elinor Mills; Summary: While Google is leading a charge to create a global privacy standard for how companies protect consumer data, the search giant is recommending that remedies focus on whether a person was harmed by having the information exposed. Google's proposal is scheduled to be presented by Peter Fleischer, Google's global privacy counsel in a speech on Friday in Strasbourg, France, at Unesco's meeting on ethics and human rights. He briefed reporters on Thursday.

2007-09-14 - Guardian - Google urges UN to set global internet privacy rules: Author: Bobbie Johnson; Summary: Google, the world's leading search engine, is calling on the United Nations to help protect the privacy of web surfers around the world before the internet faces a crisis of confidence. The dotcom company's privacy chief, Peter Fleischer, will address a conference in Strasbourg of the UN Educational, Scientific and Cultural Organisation (Unesco) today and ask for governments and businesses to agree on international privacy standards. Mr Fleischer said the rise of the internet meant that vast amounts of information were being shipped around the globe, often to countries with no official data protection. Without a new set of rules to apply worldwide, surfers could lose confidence in the internet and hamper its development, he told the Guardian.

2007-03-15 - Wired - Yahoo Betrayed My Husband: Author: Luke O'Brien; Summary: The story of Wang Xiaoning, an internet writer who was jailed partly due to information Yahoo passed on to the Chinese government, and the story of his wife, who now entered the US to hold Yahoo accountable for their complicity.

2007-03-15 - BBC - Privacy bodies back Google step: Summary: Privacy bodies have welcomed Google's decision to anonymise personal data it receives from users' web searches. The firm previously held information about searches for an indefinite period but will now anonymise it after 18 to 24 months.

2007-03-15 - ZDNet - Google tightens up search privacy: Author: Elinor Mills; Summary: Data-retention changes will make it harder to tie searches to individual computers, but privacy experts say more could be done

2007-03-15 - The Guardian - How long should Google spy on you?: Author: Jack Schofield; Summary: ... Google has now come to recognise that it isn't necessarily to keep all these records forever. ... Thankyou, Google: that represents a very welcome advance. ... Thankyou, Google: that represents a very welcome advance. However, 18-24 months still sounds far too long to me. Frankly I don't believe that two years' personal data delivers any significant benefit for users over three months.

2007-03-14 - The New York Times - Google Changes Policy on Search Records: Author: Miguel Helft; Summary: Web search companies collect records of the searches people conduct, a fact that has long sparked fears among privacy advocates and some Internet users that this valuable personal data could be misused. Now Google is taking a step to ease those concerns. The company keeps logs of all searches, along with digital identifiers linking them to specific computers and Internet browsers. It said on Wednesday that it would start to make those logs anonymous after 18 to 24 months. Under current practices, the company keeps the logs indefinitely.

2007-03-14 - Google Blog - Taking steps to further improve our privacy practices: Author: Peter Fleischer, Privacy Counsel-Europe, and Nicole Wong, Deputy General Counsel; Summary: When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we're pleased to report a change in our privacy policy: Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google's services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.

2006-11-09 - The Guardian - Google stands up to White House in row over privacy on web: Author: Bobbie Johnson; Summary: The head of the internet search engine Google has vowed to protect the privacy of web surfers against the US government.

2006-08-30 - The Register - Guidelines needed to protect anonymity: Author: Mark Rasch, SecurityFocus; Summary: In early August, officials at America Online released information about searches being conducted by AOL members and users of the AOL search tool. This historical data was released onto the internet by several AOL officials to demonstrate how useful such data could be for tracking patterns, uses and interest of AOL members.

2006-08-28 - The Guardian - They know all about you: Author: Andrew Brown; Summary: Every time you use an internet search engine, your inquiry is stored in a huge database. Would you like such personal information to become public knowledge? Yet for thousands of AOL customers, that nightmare has just become a reality.

2006-08-23 - The New York Times - Researchers Yearn to Use AOL Logs, but They Hesitate: Author: Katie Hafner; Summary: When AOL researchers released three months’ worth of users’ query logs to a publicly accessible Web site late last month, Jon Kleinberg, a professor of computer science at Cornell, downloaded the data right away. But when a firestorm over privacy breaches erupted, he decided against using it.

2006-08-22 - The New York Times - AOL Acts On Release Of Data: Author: Tom Zeller; Summary: AOL announced the resignation of its chief technology officer yesterday, two weeks after the company came under intense criticism from privacy advocates for releasing hundreds of thousands of its customers' Web search queries. An AOL researcher who put the queries online and a manager overseeing the project were dismissed

2006-08-22 - The Register - AOL CTO resigns over privacy 'screw-up': Author: John Oates; Summary: AOL's chief technology officer has resigned and two other staff members have been sacked following the release of half a million subscribers' search terms.

2006-08-22 - ZDNet - Qwest calls for mandatory data retention laws: Author: Declan McCullagh; Summary: Broadband company Qwest Communications International on Tuesday strongly endorsed federal legislation requiring Internet providers to keep records of their customers' behavior, a move that could accelerate efforts in Congress to enact new laws. Jennifer Mardosz, Qwest's corporate counsel and chief privacy officer, applauded efforts by politicians to force broadband providers to engage in so-called "data retention,"

2006-08-22 - ZDNet - AOL axes staff over privacy breach: Author: Elinor Mills and Anne Broache; Summary: Two AOL employees have been fired, and its chief technology officer is resigning, after the release of Web search data from thousands of AOL members prompted widespread criticism of the company.

2006-08-22 - PC World - The Elusive Search for Privacy: Author: Tom Spring; Summary: AOL's accidental release of the search queries of 650,000 subscribers underscores the growing stakes when it comes to digital privacy. ... On August 14, the Electronic Frontier Foundation filed a complaint against AOL with the Federal Trade Commission. The complaint alleges that AOL violated federal laws prohibiting "deceptive trade practices" when it released the search data.

2006-08-21 - Washington Times - Three leave in AOL breach: Summary: AOL's chief technology officer left the Sterling, Va., company and two other employees were fired in the aftermath of a privacy breach that involved the intentional release of more than 650,000 subscribers' Internet search terms.

2006-08-21 - New York Times - AOL Moves to Increase Privacy on Search Queries: Author: Tom Zeller; Summary: AOL announced the resignation of its chief technology officer yesterday, two weeks after the company came under intense criticism from privacy advocates for releasing hundreds of thousands of its customers' Web search queries. An AOL researcher who put the queries online and a manager overseeing the project were dismissed

2006-08-08 - The Register - AOL apologises over search data 'screw-up': Author: John Leyden; Summary: AOL regrets publishing the search logs of 658,000 US users on a research website. The data was anonymised and covered only around 20m search queries of users of its client software. But it set off an internet firestorm of criticism.

2006-06-07 - PC Pro - Third of UK companies snoop on employee email: Author: Steve Malone; Summary: Over a third of British companies regularly snoop on their employees' email fearing that it may contain inappropriate or confidential information. As a result a third of companies say they have fired an employee over email misuse and 70 per cent say they have disciplined staff members.

2006-06-06 - ars technica - Google: we compromised our principles: Author: Eric Bangeman; Summary: Although Google's informal corporate motto is "Don't be evil," the "different kind of company" has found itself the target of criticism for some of its actions. Most notable is its decision to capitulate to censorship demands made by the Chinese government in order to secure a google.cn web address and operate freely in the country. Google co-founder Sergey Brin says that the company may ultimately decide to bail out of the Chinese market if it becomes too uncomfortable with the way things are going there. Saying that the Chinese government insisted on "a set of rules that we weren't comfortable with," Brin described Google's decision to set up shop in China as a difficult one that "compromised its principles."

2006-04-20 - ars technica - Yahoo! implicated in a third Chinese dissident jailing: Author: Anders Bylund; Summary: Reporters sans frontières (Reporters Without Borders), a Paris-based organization defending freedom of the press worldwide, just released Chinese court documents translated to English (PDF), showing Yahoo! playing an instrumental part in the arrest of a Chinese dissident. It's the third case of this type RSF has been able to unearth, all pointing out Yahoo! Mail as the instrumental piece that led to the arrests.

2003-06-12 - The Guardian - Code on 'spying' on staff emails: Author: Clare Dyer; Summary: Employers must inform staff in advance if they plan to monitor their emails, phone calls and internet use, the information commissioner, Richard Thomas, warned yesterday.

2003-06-12 - The Guardian - New limits may allay fears on snooping: Author: David Pallister; Summary: The Home Office sought yesterday to allay fears of a Big Brother state with the publication of a consultation paper which proposes to restrict the number of officials who can access communication data.

Internet privacy

Contents