You Might be Interested In

The Office of the Privacy Commissioner of Canada is launching a new youth privacy tool that will help teachers and community leaders talk with younger Canadians about their privacy online.

The tool launched today is called Protecting Your Online Rep and comes right in time for back-to-school. It offers people who work with youth all the information necessary to provide an engaging and effective presentation in their own school or community.

The package includes a PowerPoint presentation with detailed speaking notes for each slide, along with class discussion topics, for Grades 9 to 12 (Secondary III to V in Quebec). Educators and others interested in delivering the presentation can find the package here.

The goal of the new tool is to teach young people that technology can affect their privacy, and to show them how to build a secure online identity and keep their personal information safe.

Link to news release

Do youth care about privacy? We will explore this question on September 8, 2011, when our Office holds its next Insights on Privacy armchair discussion.  We have invited two experts on young people’s use of social media, Kate Raynes-Goldie (@oceanpark) and Matthew Johnson (@MFJ72) to talk about what privacy means to youth and how we can help youth preserve their privacy by promoting digital literacy skills.

Kate Raynes-Goldie is completing her PhD in the Department of Internet Studies at Curtin University of Technology. Her current research explores Facebook privacy issues by combining a study of the ideologies that drive the site’s privacy architecture with a nuanced look at user understandings and practices. Kate is also a Research Associate at Ryerson University’s EDGE Lab, where she is researching privacy, autonomy and social media for children.  She is the founder of PrivacyCampTO, Canada’s first privacy unconference. 

As Director of Education with Media Awareness Network, Matthew Johnson creates resources for educators, parents and community groups. He is the designer of MNet’s comprehensive digital literacy tutorials Passport to the Internet (Grades 4-8) and MyWorld (Grades 9-12). Matthew also writes the Talk Media blog, one of the most popular sections of the MNet Web site.  He has given presentations and interviews to parents, school, community and industry groups on topics such as the effect of media violence on children, video game addiction, alcohol advertising, children’s use of new media and the moral dimensions of computer games.

This event is the fifth in a series hosted by the OPC to shed light on experts doing new and thought-provoking work in the field of privacy.

To participate:

We are inviting full participation in this discussion. For those of you who attend the session in person, we will be asking for questions from the audience as well as inviting you to tweet the content using the #privtalks hashtag.

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by September 2^nd and we will try to incorporate it in the issues we cover.

The video of this event will be made available after the presentation, as we’ve done for previous Speakers Series events.

Space is limited and is available on a first-come, first-served basis. Please RSVP before September 6^th, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Thursday, September 8, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

The Media Awareness Network, benefactor of the Office of the Privacy Commissioner’s Contributions Program, has launched the third Phase (Phase III) of its ongoing study, Young Canadians in a Wired World (YCWW). This third phase is a crucial element to the project, as it will shed a more distinct light on the need for online education resources in classrooms and communities.

The study is the most comprehensive and wide-ranging study of youth internet use in Canada. The project tracks and investigates the behaviours, attitudes, and opinions of Canadian children and youth with respect to their use of the Internet. There have been two previous phases over seven years. The first comprised of telephone interviews with parents, focus groups with parents and children and quantitative research findings from a national school-based survey of 5,682 students in grades 4 – 11. The second stage includes qualitative research findings from focus groups with parents and young people aged 11 – 17, and quantitative research findings from a national school-based survey of 5,272 students from grades 4 – 11. You can find more information on these first two phases here.

MNet’s research has gathered a wealth of information about the online activities of Canadian youth, and has raised a number of privacy issues that require society’s attention. Perhaps most importantly, the research has highlighted the importance of education as a key response in helping young people make smart and informed online decisions, as well as stay safe online.

The third phase in MNet’s research will help inform public policy and support the development of relevant digital literacy resources for Canadian homes, schools, and communities. MNet has already begun implementing the new research through various interviews and focus groups. Phase III of the research project is scheduled to be completed in 2012, finishing with a nation-wide field study of a representative sample of Canadian students and teachers.

Stay tuned for more updates about this exciting endeavour.

For more information, please contact Francois Cadieux at Francois.Cadieux@priv.gc.ca.

On April 20^th, 2011, our Office is holding the third Insights on Privacy armchair discussion. We heard in February about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

To complement this talk, we’ve invited tech innovators Adam Greenfield (@agpublic) and Aza Raskin (@azaaza) to explore opportunities for privacy in the design of intimate devices, like smart phones, that we share our lives with every day, to the sensor-rich landscape that’s upon us. We’ll discuss opportunities for companies to empower individuals with greater choice and control over how their data are used and for greater collaboration within and across industry sectors.

In his 2006 book Everyware, Adam Greenfield argued that we were headed for a world in which keeping the boundaries between different roles in our lives was going to prove untenable. That notion is coming to pass with the current debate over the public/private divide and the blurring of our various roles and reputations online. Adam was Nokia‘s head of design direction for user interface and services from 2008 to 2010 and Lead Information Architect at Razorfish Tokyo. His current projects through Urbanscale focus on improving how users experience technology, such as stored-value cards for public transit and many other “smart-city” initiatives.

Aza Raskin’s passion for improving the way we experience technology recently had him heading up user experience for Mozilla, developer of the popular Firefox browser, where he rethought and simplified conventional approaches to privacy policies. Raskin left Mozilla in late 2010 to launch the start-up Massive Health, with the goal of helping people improve control of their health through innovatively designed technology and the ways we interact with it.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian and for the February 28, 2011 event with Christena Nippert-Eng and Alessandro Acquisti.

Space is limited and is available on a first-come, first-served basis. Please RSVP before April 15, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Wednesday, April 20, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

There have been recent reports about security vulnerabilities arising from the reuse of passwords on different web sites. What about the reuse of usernames? Can identities established on multiple web sites be linked together based on the usernames, and what are the implications for privacy?

A recent research paper from INRIA in France described an experiment that looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames.

The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. This was true for a variety of web services, including a corporate network, Finnish web forums, and MySpace.

Second, the researchers found that when people used different usernames for different services, many of the usernames were constructed by making very small changes to existing usernames (e.g., sarah, sarah2).

Third, the study demonstrated that more than 50% of the usernames created for different services could be linked to one another because the username was identical, or very similar, and unique from other usernames.

The results are important for privacy protection. Although you may limit the amount of personal information you reveal when using a particular service, if your profile can be linked to other services than a detailed personal profile can be constructed from the various bits of partial information. This could lead to embarrassment if a supposedly anonymous profile is linked to a real-world identity. Spammers and fraudsters could also gather information from multiple services to target their messages or launch phishing and social engineering attacks.

In a demonstration of the risks involved, a quick examination of people using anonymous file sharing services (private BitTorrent trackers) found that 13 out of the 20 usernames examined could be linked to other web services (e.g., YouTube, eBay) and 4 usernames could be linked to real-world identities.

The lesson is similar to the warning about passwords – make sure that you choose a truly unique username (and password) for each service that you do not want linked together.

On February 28, 2011, our Office is holding its second Insights on Privacy armchair discussion. We’ve invited behavioural economist Alessandro Acquisti and sociologist Christena Nippert-Eng to talk about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

In the context of their fields of privacy expertise, we will discuss how we represent ourselves both online and off and the implications of changing perceptions of public and private spaces. The discussion will extend to the challenges of maintaining a professional and personal presence online.

The Insights on Privacy Speakers’ Series is a series of armchair discussions hosted by the Office of the Privacy Commissioner to shed light on new and provocative voices doing interesting work in the field of privacy.

Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University. He is the co-director of the CMU Center for Behavioral Decision Research (CBDR), a member of Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work investigates the economic and social impact of information technology, and in particular the economics and behavioural economics of privacy and information security, as well as privacy in online social networks.  He is co-editor the book Digital Privacy: Theory, Technologies, and Practices (2007), an analysis of state-of-the-art technologies, best practices, and research results, as well as legal, regulatory, and ethical issues.

Christena Nippert-Eng is Associate Professor of Sociology in the College of Science and Letters at the Illinois Institute of Technology. Her most recent book, Islands of Privacy: Selective Concealment and Disclosure in Everyday Life (2010) is an exploration of the ways we think about privacy on a daily basis – how we try to achieve it for ourselves and enable it for others. In addition to her work as the National Chair of the Communication and Information Technologies Section of the American Sociological Association (2010-2011), Dr. Nippert-Eng conducts industrial research on people’s behaviour and relationships with objects and spaces, including information and communication technologies. She is currently at work on a second book on privacy and socialization.

To participate:

We are inviting full participation in this discussion. For those of you who attend the session in person, we will be inviting questions from the audience as well as inviting you to tweet the content using the #privtalks hashtag.

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by February 24th and we will try to incorporate it in the issues we cover.

We will also be offering the audience members the opportunity to complete a voluntary survey to provide us with their views on some of the key questions in the discussion.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian.

Space is limited and is available on a first-come, first-served basis. Please RSVP before February 25, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Monday, February 28, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

By now, many of you have heard of the information that is “leaking” from Facebook applications, and how this wide-ranging problem might affect your personal privacy.

On Monday, the Wall Street Journal continued its online privacy series by reporting that many popular Facebook applications leak personal information – in the form of Facebook user IDs – to online advertisers.  A Facebook user ID is a unique number issued to every user of the site, and is part of a person’s public profile: you cannot restrict access to your user ID simply by modifying your account’s privacy settings.

When you visit a web page, browsers typically report the URL of the page you were viewing before you clicked over to the current page: this is known as the “referrer” URL.  A Facebook app is often loaded on the same web page as third-party ads. When these ads are fetched (to be loaded onto the page), the application tells the advertising network the URL of the current page that is loading their ad. In the case of many Facebook apps, this URL contains the unique user ID of the person who loaded the page. This ID can then be used to identify that specific user – it is linked to public profile information like their full name.  The URL (with the ID) is sent even if the user does not click on any ads.

This is not the first time it has been the subject of discussion. It was raised in a research paper in August 2009 and – in a similar context – described in an earlier WSJ article about Facebook ads. A lawsuit has been filed in California that alleges that Facebook has shared personal data with advertisers.

Current debate around the privacy implications of referrer information has also included criticism of the statements made in the WSJ article. Some commentators found the article alarmist, and others pointed out that these issues are not specific to Facebook, but are a wider web privacy concern. Indeed, the broader privacy implications of referrer data have also been recently raised as part of a complaint to the Federal Trade Commission about Google’s use of referrer headers.

It is important to note that using referrer data is, by itself, a legitimate practice. The web standards that underpin how information and instructions are communicated across the internet allow browsers to send the referrer field as an optional part of a request to a web server. However, there is flexibility as to exactly what information is included in the referrer header, and also whether users allow their browsers to send referrer data in the first place. Harlan Yu outlined a number of solutions in a timely blog post; these include omitting IDs from the web request, using placeholder IDs instead of real Facebook IDs, and improving browsers to give people better control over the transmission of referrer data.

One prominent member of the web community co-wrote an Internet standard document that pointed out privacy concerns of referrer data:

Note: Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer…information.

The co-author? Tim-Berners Lee (considered the father of the web), in 1996. The privacy debate continues…

Understanding how we construct and manage our online reputations is crucial in our understanding of how people determine what to make public and what to keep private in online environments. The interview below, with Firefox’s Creative Director Aza Raskin, has some interesting observations on what the construction of identity and memories could look like in the future. Also, around 4:35, he talks about the work Mozilla has been doing to create a set of privacy icons in the style of Creative Commons licences to help people understand how their data is being collected and used.

We’re launching our 2010 My Privacy & Me Video Contest for 12-18-year-olds – and the first-place winners will win an iPad!

It’s the same thing this year – but a little different, too! Again, we’re asking them to create their own public service announcements about privacy. But this year, we’d like the videos to fall into one of four categories: Surveillance; Reputation Management; Targeted Advertising; or Online Scams. You can find all contest details here.

This year, teams can consist of one to three people. First-place winners in each category will win an iPad. Second-place winners will win a $200 gift card; and third-place winners will win a $100 gift card. We’ve recognized top-participating schools and teachers in the past, and we have something in store for them in 2010! The deadline is December 10, 2010.

For inspiration, sit down with your young ones and watch the 2009 winning videos. Then, have them start exercising their video-making muscles – we can’t wait to see what they’ve got!

The intersection of geolocational apps and social media has produced…virtual graffiti.

At several American universities, students with cellphones are tagging campus landmarks with comments and labels using location-aware apps like Foursquare. Some universities have found ways to teach through tagging:

“At North Carolina State University, meanwhile, a new library service shows smartphone users historical pictures of campus buildings based on where users are standing, including a snapshot of the first freshman class, from 1890, when the agricultural college’s hot mobile technology was horses.”

And students have found, er, innovative ways to tag spots around campus – one of the deans at the University as at Dallas discovered his office had been tagged in Foursquare with the comment “Watch out for lame jokes!”

The ability to virtually tag places, things and people isn’t new, but it does create challenges when it comes to managing our identities online – who owns that material? Foursquare? The tagger? The person tagged? Right now, the responsibility is in the hands of the tagged – for instance, look at the care university students take in reviewing, and untagging when necessary, photos of themselves that get posted to Facebook after a particularly spectacular weekend.

Is this likely to change? Probably not – online as in offline, we should all know what face we’re putting forward.