Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

More documents

Recommendations

Info

2. Privacy Threats Privacy is the “claim of individuals to determine for themselves, when, how and to what extent information about them is communicated to others” (Westin 1967 cited in [Oli04]). When it comes to privacy on the Internet, there are a lot of threats which menace this claim and they can be categorized in different ways. According to [Sar03] there are general threats which menace financial, medical or political privacy. Then there are common privacy sensitive applications which are used by Internet users quite frequently such as search engines, social network platforms, e-commerce applications or personalized web-services. All these applications have one thing in common: they use sensitive user-data to deliver their services. That is why common privacy threats and privacy sensitive applications are going to be introduced in this chapter. Additionally, some background information will also be provided on how technical issues play an important role in privacy on the Internet. 2.1. Individual privacy attitudes When discussing privacy threats on the Internet, the biggest threat is sometimes forgotten: the person in front of the computer. All kinds of technical solutions can be implemented and enforced but will not make a difference if users in front of the computer do not reflect about their actions. This topic was already an issue when the World Wide Web was becoming more popular. In 1998, Alan Westin published a categorization of users and their individual attitudes to privacy as also described in [Kob07]. These three different attitudes can also be applied to the Internet and are described as the “privacy fundamentalists”, the “privacy pragmatists” and the “privacy unconcerned”: • Privacy fundamentalists can be characterized by their “extreme concern about any use of their data and an unwillingness to disclose information, even when privacy protection mechanisms would be in place” [Kob07]. • Privacy pragmatists on the other hand are generally concerned about their privacy, but not as much as the fundamentalists. If they can see a certain reason for disclosing private data, they are willing to do so. • The exact opposite of the privacy fundamentalists are privacy unconcerned which are not as distressed by the thought of disclose their private data and how it may be used by third parties. Despite individual privacy attitudes there are other circumstances where privacy may be threatened. That is why in the following two sections, general privacy issues on the 6
Internet and areas of common Internet applications which use (sensitive) personal data will be introduced. 2.2. General privacy on the Internet This section will deal with general privacy issues on the Internet. For that reason a common approach to categorize personal data as described in [Sar03] will be used. The three main categories are financial, medical and political privacy. Although all categories are generic, they are restricted to the World Wide Web and should introduce these issues based on examples. Therefore, financial privacy will be discussed on the examples of fraud and identity theft, medical privacy by discussing the transfer of patient records over the Internet and seeking medical help online and political privacy will be discussed by highlighting privacy issues in e-government and free speech on the Internet. 2.2.1. Financial privacy When it comes to financial privacy, two threats are very common on the Internet: fraud (such as in online banking and phishing 1 ) and identity theft. According to [Sin07] a huge rise in online banking fraud could be identified in the last years which mainly is due to two reasons: first of all, Internet access has become very cheap in most industrialized countries and banks try to get their customers to use online banking for obvious reasons: for clients, it is a very convenient way to conduct banking business. For banks, it is a way to cut costs on a double-digit scale [Tan00]. That means that there are a lot of online banking accounts which can be attacked. The second reason is the growing number of phishing mails because there are more and more users with e-mail addresses available. In most cases, these e-mails look like official e-mails, for example from the customers’ bank, asking them to update their contact details. By including a link which leads to a fake website (very often a copy of the original website) it is made sure that users send their sensitive data to the “right” party. In the best case this data (such as address-data) is sold, more often account data is requested and used to debit money from a banking account. However, nowadays banks are aware of this problem and try to inform their customers as much as possible about such phishing mails. Additionally, new security features are being introduced to make phishing harder and therewith protect customer data [Hil06]. Identity theft is closely connected to online fraud whereas [Kah08] defines it as “the malicious use of personal identifying data” and provides several types of identity theft: new account fraud, existing account fraud and friendly fraud. According to [Kah08] new account fraud is characterized by the use of personal data such as the social insurance number, date of birth and address to open a new account. By existing account fraud the theft of credit cards or other transactional account data is described whereas the 1 “Phishing” describes a methodology to acquire sensitive information such as credit card numbers by sending users fake e-mails with links to fake websites which try to bring users to enter their sensitive data 7
Page 1: Wirtschaftsuniversität Wien Magist
Page 4 and 5: Contents Abbreviations vii Listings
Page 6 and 7: II. Applied part 53 6. Development
Page 8 and 9: Listings viii 3.1. HTTP response he
Page 10 and 11: List of Tables x 3.1. PURPOSE sub-e
Page 12 and 13: 1. Introduction This thesis address
Page 14 and 15: In addition, the applied part of th
Page 18 and 19: term friendly fraud relates to legi
Page 20 and 21: over iGoogle, search Wikipedia via
Page 22 and 23: collect a lot of personal data abou
Page 24 and 25: 2.4. Privacy sensitive technologies
Page 26 and 27: • Data necessary to identify the
Page 28 and 29: 3. Privacy Standards The following
Page 30 and 31: The well-known location method (whi
Page 32 and 33: • User Preferences: User-agents m
Page 34 and 35: Another important issue for policy
Page 36 and 37: 1 M i c r o s o f t Way< /DATA> Red
Page 38 and 39: 28 PURPOSE Plain Language Translati
Page 40 and 41: Finally, an example should be provi
Page 42 and 43: • There is a commercial P3P polic
Page 44 and 45: Element Value ruling allow user cat
Page 46 and 47: 3.3.1. XACML - an introduction Simi
Page 48 and 49: 3.3.3. Summary The introduced priva
Page 50 and 51: specified conditions” [ISO01a]. T
Page 52 and 53: applied to this characteristic too,
Page 54 and 55: Figure 5.1.: Microsoft Internet Exp
Page 56 and 57: 5.1.2. Firefox The Mozilla Foundati
Page 58 and 59: shortcuts and context-menu, users s
Page 60 and 61: 5.3. Proxies In this section, proxi
Page 62 and 63: 52 Figure 5.10.: The settings dialo
Page 64 and 65: 6. Development of a Privacy Plug-In
Page 66 and 67:
• components directory: this dire
Page 68 and 69:
Speaking of information it has to b
Page 70 and 71:
Figure 6.2.: Displaying the P3P pol
Page 72 and 73:
matches the users preferences befor
Page 74 and 75:
Figure 6.4.: The privacy policy of
Page 76 and 77:
is different from the one available
Page 78 and 79:
access elements in a policy which i
Page 80 and 81:
implementation available although t
Page 82 and 83:
[Dro06] Dennis Drotar, Rachel Green
Page 84 and 85:
[Kob07] Alfred Kobsa. Privacy-enhan
Page 86 and 87:
[Oli04] Nadia Olivero and Peter Lun
Page 88 and 89:
[Woo06] Jisuk Woo. The right not to
Page 90 and 91:
M i c r o s o f t i s a premier spo
Page 92 and 93:
82
Page 94 and 95:
B. E-Mail correspondence Subject :
Page 96:
the Thank you , Renukesh M i c r o
show all

Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?