Data Privacy Day, which happens every year on January 28, commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. It also kicks off Data Privacy Month, an effort to empower and educate people to protect their privacy, control their digital footprint, and make the protection of privacy and data a greater priority in their lives.
When Online Privacy Got Personal
“The original purpose of the Internet was to permit computers to exchange information,” says Jeff Schiller, a network security technologist who has worked at MIT for more than 20 years. “Computers and the Internet were not personal. You used the Internet from a school’s or an employer’s computer to do official work. The only vaguely personal service was e-mail, and its use for personal communication was frowned on.”
In other words, protecting personal information online was not an issue in the early days. The Internet became less secure after personal computers went mainstream. Once individuals began to use the Internet for commercial transactions and personal correspondence, fraud, harassment, and other threats increased dramatically.
Sharing: How Much Is Too Much?
For most of us, feeling we control some of our privacy is enough. For example, you might want to hide where you live, where you bank, your habits, and your traveling logistics, but you willingly put your real name on comments or blog posts. You have a Facebook page, and you purchase your vacation packages through an online company. After you return from vacation, you tell your Facebook friends about it and post your pictures.
There are certainly risks associated with revealing too much personal information online: stalking, bullying, or slander, among others. And there’s the very real risk of identity theft.
“At the end of the day, it’s all about risk,” Schiller says. “Certainly, you shouldn’t put anything on the Internet that if it were found out would result in you going to jail. Similarly, don’t put anything out there that if found out would cause you major life headaches such as loss of employment or domestic issues.”
Google, Facebook, and other for-profit companies gather data for marketing reasons and ultimately to make money. They collect information about us online, both as segments of the population and as individuals, without using any noticeably invasive techniques.
By tracking search terms and visited websites, a company can send consumers targeted ads for specific services or products. Direct-marketing companies can purchase collected data from aggregators. If you bought an item or even searched for an item online, you may receive flyers in the mail from companies who offer similar products.
Government agencies can also obtain information about you from your online activities; they can issue subpoenas to data collectors and employ forensics-trained law-enforcement teams.
Anonymous Was Here
Anonymity on the Internet is possible, but it isn’t guaranteed. To do it right, a person needs to know what pieces of information are used to track a user. Cookies, IP addresses, and media access control (MAC) addresses are some of the bits of information to mask, because they can point back to a real person.
Tor provides anonymity for the source of the communication (your computer or network) and the destination (a website or server). Dissidents in countries where Internet access is curtailed use Tor for their online communications. If you are interested in the basics of Tor, see How to browse with Tor.
Schiller warns, however, that “Tor doesn’t protect unencrypted traffic once it gets to an exit node. A person running a Tor exit node can sniff any traffic that goes through it. Some people run Tor exit nodes to launch attacks on those who are using them.”
Blocking the Trackers
There are two types of browser cookies: those that help sites to function, and those that enable ad tracking and monetization. When you browse the Internet normally, the first type of cookie is retained on websites so that when you visit the same website again, it remembers your preferences. The second type of cookie tells advertisers and other companies about your online behavior, what links you clicked on, which sites you visited, how you got there, and where you went next.
To disarm this second type of cookie, you can use “incognito mode” or Privacy Mode. Cookies work as expected throughout your web-browsing activity but then are deleted as soon as you end your browsing session.
Another option is to use a private search engine such as DuckDuckGo or StartPage. The browser does not track or retain logs of the pages you visit through these search engines. An explanation of their features can be found at securityspread.com, and both search engines come bundled with Tor.
A third way to prevent tracking of your online movements is by using a plug-in such as Ghostery or Disconnect. To learn more about browser extensions that protect against tracking, see “Are we private yet?” by Ghostery. You may also want to learn more about cookies and privacy concerns at All About Cookies.
All of these options require a certain level of technical know-how. Information Systems & Technology does not support any of these third-party tools, but IT support staff can walk you through best practices for security and privacy while browsing. In conclusion, Schiller offers this advice: “If you don’t want to see it in the New York Times, don’t put it on the Internet, anywhere.”