Why internet privacy is important and how we don’t notice that is is permanently being violated. A conclusion from my security seminar.
I will see all of you surprised when I show you how much data we have collected about you.Sunny Julien Divine
Privacy? What exactly does it mean?
In the world wide web, personal privacy means that you can visit almost any website without providing personal data. Most websites around the web are informing websites that require no data input.
What is tracking?
Some web providers (the number is increasing rapidly) use tracking techniques to follow your every footstep in the internet. They see from which site you’re coming, and to which site you’re leaving (link-tracker). The known technology includes cookies and LSO’s.
What is a cookie?
A cookie is a small text file in your browser’s directory. It usually has the name of the website and stores special information to (re-)identify you across the web. The most common use for cookies can be found in forums and boards where you have to be registered and logged in. Thanks to cookies, you don’t have to login every time you refresh the page or click a link.
Cookies can hold up to 4096 bytes of data.
What is an LSO?
A Local Shared Object (LSO) is a file that is placed on your computer by the flash player you’re using. It can store much more information as it’s file size is not limited. To make use of such LSO’s, the website must have a .swf application embedded.
Where are these files stored?
Cookies are small text files which are usually stored in your browsers’ cookie folder. When clearing the browser history, cookies are normally deleted as well. You can view the cookies by opening the options menu and then selecting privacy/cookies. These objects usually have a .txt extension.
Local Shared Objects are stored in a different folder, depending on what flash player you’re using. Normally the folder should be “\Macromedia\Flash Player\”. Due to the fact that LSO’s have nothing to do with the browser itself, they are not being deleted when you clear the browsing history. LSO’s are also called “Super Cookies” because they can remain on your computer for years, collecting more and more data about your surfing behavior, personal interests, etc.
These objects mostly have an .sol extension.
Why is my privacy in danger?
As I said before, cookies and Super Cookies can collect personal data about you. Normal cookies get cleared off your computer every once in a while as they have a so called lifetime span which means that they expire after some time. Data stored in such cookies are read every time you visit the related website(s), and so the collected data get uploaded and saved in a user profile. Helping your privacy, you can disable special cookies or deny specific information the website wants to collect. For the most common browsers, there are lots of addons available to protect your privacy and keep critial website modules off your computer.
LSO are commonly unknown, so they’re not target of privacy keepers. That is one reason why they can grow larger and larger without being noticed.
What is a glass user?
A so called “glass user” is an internet user who roams around the net without checking privacy settings. Personal and sensitive data can (and will) be collected to put that user into a category. Then, after cross-checking the collected data with several existing databases, the user will be bombed with personalized advertisements to every interest he had shown around on the internet. What books did you order? What did you buy in online shops? What keywords did you search? What interest did you check on social networks? There are many more possibilities to categorize a user into unbelievable exact interests.
Being clever and cleaning your browser history and cookies doesn’t help much. Users that are once indexed will be recognized from their tracking ID or the edge data of browser and ISP hostname. When the recognizing is done, a new cookie with your id or tracking number will be placed on your computer and the procedure of spying on you is continued. All of that activity is mostly not noticed by the user as it happens in the background without needing the users agreement. That way companies and providers can exactly figure out who you are and what you do.