Lecture 20: 26th November 2019 Flashcards Preview

CS4203 Computer Security > Lecture 20: 26th November 2019 > Flashcards

Flashcards in Lecture 20: 26th November 2019 Deck (13)
Loading flashcards...

What is privacy?

The degree to which people have control over who can see information about them and their activities on a computer system.


How do corporations regard privacy?

Ensuring that PII is managed and protected in a way and to an extent that is legally defendable.


What is PII?

Personally Identifiable Information = any data that could potentially be used to identify a specific individual, especially more so (i.e. "narrowing down" more) than other information. Any information that can be used to distinguish one person from another and can be used for de-anonymising anonymous data can be considered PII.


What issues affect privacy?

- identity theft
- surveillance
- information revelation (Facebook, emails etc)
- corporate subpoena
- cold calls
- post with personal info
- adverts based on computer activity such as search queries or email text
- intelligence services


What PII may people thoughtlessly give away online?

- An email association with our real name
- Our address when ordering goods on Amazon, eBay, etc.
- Our bank details: hopefully secure within each bank or shop
- Our habits – not just shopping but what we search online for may be stored away; health issues, dating agencies
- Our social groups, our blogs (e.g. the Sarah Palin Yahoo email hack where an attacker obtained access to Palin's account by looking up biographical details such as her high school and birthdate and using Yahoo!'s account recovery for forgotten passwords)
- Our Internet Service Provider and technical details about our network


What are some entities that store PII other than social media sites?

- census data or directories like 192.com
- (online) shops and stores keeping information on sale of goods and customer information.
- local press photographs and articles
- clubcards
- modern photocopiers
- old hard drives


What was the "right to be forgotten" case? What was its outcome?

The right to be forgotten is the right to have negative private information about a person to be removed from internet searches and other directories under some circumstances.

People challenged Google to remove data about them that was posted illegally on other websites from their search index. Google cannot be forced to remove "damaging" material from its search engine that was legally posted elsewhere and cannot be considered the "controller" of personal data from other Web sites and therefore should not be responsible for what appears on sites it links to.


How can you protect your privacy online?

- Pick a cookie policy for your browser such as “only keep cookies until I close the browser” Disable flash cookies
- Use Targeted Advertising Cookie Opt-outs (TACO) to opt you out of any 3rd party trackers Use Tor (TorButton) to hide your IP address.
- Use a variety of emails to hide your identity – 1 for friends, 1 or more for shopping, 1 for bank, 1 for dating, etc
- use extensions like HTTPS Everywhere, Ghostery, Collusion, Disconnect, etc
- Encryption and Filtering Tools (SPAM, Spywarem Cookie-Cutter), Anonymity Tools (iPrivacy, TORbutton, Anonymizer)


Which laws govern privacy rights in the UK?

- Data Protection Act 1998 and 2018
- Human Rights Act 1998
- General Data Protection Regulation (GDPR) (2018)


Which EU and UK institutions govern privacy?

- Information Commissioner's Office

- Data Protection Directive
- E-Privacy Directive

- Electronic Frontier Foundation
- Electronic Privacy Information Center


What is Ghostery?

A browser extension that finds third-party elements in web pages, including trackers, and can block them.


What is Disconnect?

A browser extensin that finds and blocks websites that track users' search and browsing history.


What is Collusion?

An add-on for Firefox that displays third party tracking cookies placed on the user's computer while visiting various websites. It displays a graph of the interactions and connections of sites visited and the tracking sites to which they provide information.