Cybersecurity, Web Searching, User Tracking, Social Media, and Cloud Computing (Week 13)

Question 1

What is Multi-Factor Authentication?

Answer 1

Authentication: to confirm the user’s identity

Typically with a password, but this is only one piece of evidence (a “knowledge factor”) that may be used to authenticate a user

Multi-factor Authentication uses other factors, such as Possession factor and Biometric factor.

Question 2

Safe Computing – Important (Part 2)

Answer 2

Create copies (backups) of your personal data or your whole system regularly (see info at www.worldbackupday.com)
* Physically detach backup media after the backup is finished and ideally store your backup media in a separate location.

For some data, you could use cloud storage providers that immediately synchronize every change of local data to the cloud
* Some of them allow you to restore older versions of the data up to a certain period. (e.g. www.dropbox.com, www.sync.com, OneDrive)
* Be careful: you want to avoid sending very sensitive data to the cloud unencrypted – sometimes this has also legal implications

Question 3

Safe Computing – Important (Part 3)

Answer 3

Run macros in Microsoft Office only if you really trust the source of a document

Make sure you use HTTPS for any sensitive communication, e.g. financial transactions, web shopping, hotel bookings, etc.

Question 4

What is HTTPS?

Answer 4

HTTPS, or Hypertext Transfer Protocol Secure, is a protocol used for secure communication over a computer network, commonly the internet.

It is an extension of HTTP, with the ‘S’ standing for ‘Secure.’ HTTPS ensures that the data exchanged between a user’s web browser and a website is encrypted, enhancing security and privacy.

Question 5

HTTPS - Encryption

Answer 5

HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt data during transmission.

This prevents eavesdropping and unauthorized access, making it difficult for attackers to intercept and manipulate the information.

Question 6

HTTPS - Authentication

Answer 6

HTTPS verifies the ID of the website through SSL certificates. These certificates are issued by Certificate Authorities (CAs) and serve as digital passports for a website.

Users can trust that they are connecting to the intended website and not a malicious entity posing as the legitimate site.

Question 7

Secure Web Communication

Answer 7

HTTPS-encrypted connections to servers with verified identity feature a “lock” or a similar symbol:

Question 8

What does Cybersecurity mean?

Answer 8

Cybersecurity refers to the comprehensive set of measures and practices implemented to safeguard digital systems, networks, and data from unauthorized access, attacks, damage, or exploitation.

It encompasses the protection of information technology assets, including computers, software, networks, and the data they handle, against a wide range of cyber threats and risks.

It is critical to ensuring the confidentiality, integrity, and availability of digital resources, preventing potential disruptions, and preserving the trustworthiness of technological systems in an increasingly interconnected and digitized world.

Question 9

Cybersecurity as a practice

Answer 9

Cybersecurity involves the development and implementation of strategies, technologies, and policies to detect, respond to, and mitigate cyber threats, thereby fortifying the resilience of engineering systems against evolving challenges in the digital landscape.

Question 10

Protection: Access Privileges

Answer 10

Reduce user access privileges on every computer to the minimum level necessary for each individual user:

You don ́t need administrator privileges on your computer for everyday work situations

Sometimes write access to files could be revoked

Be suspicious when Windows UAC (User Account Control) asks you to grant a program admin privileges

Question 11

Measures for Cautious Users

Answer 11

• Use “private” or “incognito” mode of your browser to reduce tracking
• Disable 3rd party cookies
• Turn off pop-ups in your browser (if not off by default)
• Use Ad-Blockers, e.g. https://ublock.org/
• Use Plug-ins or Browsers that block ads and prevent tracking
• Turn off unknown browser plug-ins as much as possible
• Disable HTML in your mail reader
• Turn off JavaScript in Adobe Reader
• Turn off all service on your machine you don ́t use, e.g. sharing of printers, remote access, etc.
• Check your “Firewall” settings
  ** For ordinary users, standard firewall settings should be sufficient (regardless of your OS)

Question 12

What is a Firewall?

Answer 12

A firewall controls incoming and outgoing traffic between two network nodes (could be between hosts or networks)

Unwanted or harmful packets can be discarded based on source or destination IP address or port (filtering)

More sophisticated firewalls also check contents of packets (inspection) to decide what to do

Windows has a configurable built-in firewall

Question 13

Measures of Paranoid Users (Cybersecurity)

Answer 13

• Turn off JavaScript and cookies in your browser
• Use text only email (disable HTML and JavaScript)
• Encrypt your computer and your phone
• Select less popular software because it is less likely to be exploited
  ** E.g. Opera browser, Linux OS, etc.
• Use software and services to avoid tracking, e.g.
  ** Tor (The Onion Router) for anonymous use of Internet https://www.torproject.org/
  ** And many others, e.g. https://www.techradar.com/best/best-free-privacy-software

Question 14

The Weakest Link (Cybersecurity)

Answer 14

Majority of security breaches are low tech

For users, the trade-off between security and ease of use is essential

The weakest link defines the overall level of security,
* e.g. what are strong passwords good for if users write them on post-it notes attached to the screen?

Users have the biggest impact on security
* and are usually the first choice to gain unauthorized access because other measures often require more effort

Question 15

Risk Assessment Matrix

Answer 15

Assess threats using a matrix which charts the probability that a particular situation will occur and what its impact (cost, loss of time, etc.) would be

Focus on orange and red areas: try to mitigate using measures that reduce impact, probability or both

E.g. if the impact of a ransomware attack would be catastrophic, introduce weekly or monthly automatic backups

Question 16

Data & Information - Web Search

Answer 16

Web searches started in 1994 (first graphic browser in 1993)

In 1997 – AltaVista: 20 million search queries per day
* “AltaVista was a Web Search Engine established in 1995. It became one of the most-used early search engines, but lost ground to Google and was purchased by Yahoo! in 2003” - Wikipedia

In 2000:
* Approx. 1 billion web pages existed
* Google: 33 million search queries per day

In 2016:
* Approx. 50 billion web pages existed
* Google: 3 billion search queries per day

In 2019 – Google: > 5.5 billion search queries per day (> 2 trillion queries per year)

In 2023 –Approximately 84 billion visits daily and roughly 2 trillion global searches annually.

Question 17

How do Search Engines work?

Answer 17

Search engines play a crucial role in helping users navigate the vast expanse of information on the internet. It is impossible to instantly access and search every web page to find pages with certain keywords. Search Engines perform the following:
- Crawling
- Indexing
- Ranking Algorithms

Question 18

What is Search Engine Crawling?

Answer 18

Programs (called “web crawlers” or “spiders”) continually crawl/browse through all the pages on the web.
* They systematically scan pages (old and new ones) and
* Analyze them to extract relevant contents and store the result in an index of search terms - in a page database

Question 19

What is Search Engine Indexing?

Answer 19

The Web Crawlers visit web pages, they collect info about the page’s content. This information is organized and stored in a database, creating an index of the web.

Question 20

What is a Search Engine Ranking Algorithm?

Answer 20

Search engines use complex algorithms to analyze the indexed information and determine the relevance of each page to specific search queries.

These algorithms take into account various factors, including keywords, content quality, page structure, and user engagement.

Question 21

What is Query Processing?

Answer 21

When a user enters a search query, the search engine processes the query against its index. It identifies pages that are most relevant to the search terms based on the ranking algorithms.

The search engine presents the user with a list of results, typically ranked by relevance.

The goal is to provide the user with the most useful and accurate information based on their search query.

Search engines continually update their indexes to reflect changes on existing pages and to incorporate new pages that have been added to the web.

Question 22

A typical search phrase might return thousands or even millions of pages. How are they prioritized?

Answer 22

Google ́s “PageRank” algorithm considers many attributes, e.g.

How many other sites link to this page? Popular is better!

Repetition of key words and phrases on the same page

HTML Metatags (are not visible but provide more info)
* Website Title, Content Description, Keywords, Robots on HOW to index a page etc.

Compatibility with mobile devices (Google announced their mobile-first strategy in 2016)

Question 23

What is SEO?

Answer 23

Search Engine Optimization (SEO) aims at improving the online visibility of a web site (and is part of any decent marketing strategy)

Question 24

Who pays for free services like search engines?

Answer 24

Search providers (and others) can offer their services free of charge for users because of advertising revenue

Users see targeted ads alongside search results; the selection of these ads is based on…

• your search phrase: your request may indicate an interest in a specific product or service
• your location revealed by your IP address => local businesses may target users residing in a specific area
• Everything else the search engine provider knows about you (search history, preferences, tracking information, assumed age group, estimated level of income, etc.)

Question 25

What advertisers pay for

Answer 25

Businesses pay for advertising based on intensity of user interaction

Impression – an ad appears on a page with search results (but without any further action by the user)

Click – a person clicks on the ad and is forwarded to another web page. Typically, the person who booked the ad is charged a fee.

Conversion – if the click leads to a purchase, the search provider might receive a commission for the referral

Prices for ads are set by auctions => the price per impression/click/conversion is higher for popular search terms

Question 26

Tracking users and their activities

Answer 26

Tracking refers to monitoring the online activities of a person. It reveals information about interests, financial status, locations, etc.

Best outcome: allows more personalized services e.g. “similar users also bought this item/watched this movie…”

Typical outcome: you see ads for a product you have already bought

Worst outcome: it can lead to all sorts of unwanted situations, e.g.
* Provides information for criminal activities: fraud, theft, identity theft, privacy invasion, e.g. your location may reveal that your home is unattended while you are away on vacation on a nice beach in a foreign country
* Reveals sensitive info like political preferences, health issues, etc.

Question 27

Information you give away with browsing

Answer 27

Every HTTP(s) request, e.g. by clicking on a link, reveals…

• Your IP address (and thus your approximate location)
• Sometimes the page you were viewing before (referrer)
• Type and version of the web browser you use
• Your Operating System and version
• Your language preferences
• Cookies from previous visits to this page

Question 28

User tracking with web beacons

Answer 28

Images on a page do not need to be clicked to be “loaded”!
* < img src=“http://trackserver…” width=1px height=1px>
* These are not meant to be seen and are called web beacons

Web Beacons are often used by tracking service providers
* It will allow them to learn which pages you visited
* It may allow them to set cookies (third party cookies)

As you go to other web sites that use the same tracking services, a pattern (history) is put together

Many web sites use multiple tracking services to improve their advertising revenue

Question 29

What is Aggregation of Information? (Part 1: what info is gathered)

Answer 29

Information from independent sources might also be aggregated (combined). Think of data sources like…

• Your interests and web activities collected by an online tracker
• Purchasing behavior derived from the customer loyalty card of your favorite supermarket or from coalition loyalty cards (for example Aeroplan.com) that pool data from several businesses
• Public records: birth, death & marriage records, etc.
• Your motion profile tracked by mobile network operators, smartphone operating systems or apps on your phone

Question 30

What is Aggregation of Information? (Part 2: combined records and common identifiers)

Answer 30

Records from several information sources may be combined using a common identifier, e.g. your
* name and birthday or address
* E-Mail address
* phone number
* social insurance number, etc.

Combined records in total might give away much more information than each single source on its own

Various private companies collect data about consumers and sell them to data aggregators (a.k.a. data brokers)

Data aggregators combine data points from multiple sources to create comprehensive profiles of consumers

Question 31

What is a Data Breach?

Answer 31

Private/confidential information is quite regularly stolen or made public (both intentional or unintentional)

Question 32

What is Device Fingerprinting?

Answer 32

The diversity of devices is used to a create digital “Fingerprint” of a device

Attributes like screen size, OS, hardware IDs like MAC address, etc.

This is used to identify the device and follow it ́s user around

Question 33

What is Social Media?

Answer 33

“Social media are…

• interactive computer-mediated technologies…
• …that facilitate the creation and sharing of information, ideas, (career) interests and other forms of expression…
• …via virtual communities and networks”

… taken from Wikipedia

Question 34

What is the Network Effect?

Answer 34

Social Media are subject to the network effect:

• The more people are connected, the more value a service has for an individual to join => this fosters monopolies
• It is a big effort to leave the service (and your data behind) and join another service => users experience a lock-in effect

Question 35

How does Social Media Earn money?

Answer 35

Social Media earn their money with advertising

• The more time people spend on the network, the better.
• Some networks have been accused of fostering “filter bubbles” where posts, that a user does not agree with, are likely not to be shown (to maximize screen time, engagement, ad profits)

Question 36

Social Media and Privacy

Answer 36

Many platforms collect very private information that may be used for purposes that you are not aware of.

Example: you post something on Facebook
* For this content,
* you grant Facebook a “non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license
* to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works”

You can delete your data, unless others have used it on the
platform

Question 37

What are Traditional Computing Models?

Answer 37

Personal computing: all used hardware and software is available locally

Client-Server computing: some resources are centralized on server machines, e.g. file server or printer in a LAN (Local Area Network)

Question 38

What is Cloud Computing?

Answer 38

Devices are always online or only temporarily offline (e.g. in between Wi-Fi networks), distant hard- and software is used over the Internet

Anything can be done with just a web browser, e.g. web-based mail, office

Typically, you do not know where your data is stored or which server provides a service => it is somewhere “in the cloud”

Question 39

What are some Advantages of Cloud Computing?

Answer 39

Services are available anywhere (globally) as long as you have Internet access

You do not have to care and pay for setting up infrastructure yourself (buying hardware, installing software, etc.)

High flexibility: if you need more/less, you just add/reduce services and change your monthly plan (or you pay per use)
* Ideal for start-ups and fast growing or volatile businesses

Some of the services are free to get to know them (basic features, for a limited time for new customers)

Question 40

What are some Disadvantages of Cloud Computing?

Answer 40

You have less control over your data/resources
* What if the provider goes bankrupt or is hacked?
Example: AWS outage on Nov 25, 2020 took out one of 23 AWS (Amazon Web Service) regions and dozens of services like Flickr, Roku, Glassdoor, etc.
* What if the government wants access to data?

Legal requirements: some types of data must not leave the country, e.g. medical information, student data, etc.

Costs: you pay for flexibility (and other features), even if you don ́t need them
* Sometimes it is cheaper to do it yourself

Question 41

What are the Types of Cloud Computing Services?

Answer 41

SaaS : For end users, e.g. Office 365

PaaS : For software or service developers, e.g. webspace with database

IaaS : For IT departments, e.g. virtual machines, storage