You Might be Interested In

On April 20^th, 2011, our Office is holding the third Insights on Privacy armchair discussion. We heard in February about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

To complement this talk, we’ve invited tech innovators Adam Greenfield (@agpublic) and Aza Raskin (@azaaza) to explore opportunities for privacy in the design of intimate devices, like smart phones, that we share our lives with every day, to the sensor-rich landscape that’s upon us. We’ll discuss opportunities for companies to empower individuals with greater choice and control over how their data are used and for greater collaboration within and across industry sectors.

In his 2006 book Everyware, Adam Greenfield argued that we were headed for a world in which keeping the boundaries between different roles in our lives was going to prove untenable. That notion is coming to pass with the current debate over the public/private divide and the blurring of our various roles and reputations online. Adam was Nokia‘s head of design direction for user interface and services from 2008 to 2010 and Lead Information Architect at Razorfish Tokyo. His current projects through Urbanscale focus on improving how users experience technology, such as stored-value cards for public transit and many other “smart-city” initiatives.

Aza Raskin’s passion for improving the way we experience technology recently had him heading up user experience for Mozilla, developer of the popular Firefox browser, where he rethought and simplified conventional approaches to privacy policies. Raskin left Mozilla in late 2010 to launch the start-up Massive Health, with the goal of helping people improve control of their health through innovatively designed technology and the ways we interact with it.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian and for the February 28, 2011 event with Christena Nippert-Eng and Alessandro Acquisti.

Space is limited and is available on a first-come, first-served basis. Please RSVP before April 15, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Wednesday, April 20, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

Last month, we held our second Insights on Privacy armchair event, with Alessandro Acquisti and Christena Nippert-Eng as our guests. Much of the discussion revolved around the challenges of negotiating privacy in an online environment, and we heard many interesting observations about how human nature gets in the way of good online privacy decisions. Dr. Acquisti’s research shows that the more in control people feel over their personal information, the more sensitive information they tend to disclose. Granular controls in privacy settings give people a sense of power over their information that may be more illusion than reality. When deciding how much information to reveal, people also become confused in online environments because they cannot rely on the physical cues that guide them in their off-line interactions. Without physically seeing our audience, it’s easy to misjudge or disregard those who can see us.

What can be done to bring more reality to our online experience? With technology companies pushing disclosure, innovative solutions need to be developed to help individuals better adapt to the online world. Perhaps we should be presented with personalized visual cues, like a picture of a disapproving grandmother, to make us think twice before posting. According to Dr. Nippert-Eng, personalization is important because the reactions of those we know are much more influential than those of strangers. Dr. Acquisti believes, like many privacy advocates, that more privacy protections need to be built into technology, like seatbelts for the internet. This would go far in addressing the problem of perceived control over information, and make individuals less susceptible to making mistakes with their privacy.

As Dr. Nippert-Eng describes in her book “Islands of Privacy: Selective Concealment and Disclosure in Everyday Life”, we make dozens of privacy decisions on a daily basis. It would be nice if online that process became a little bit easier.

The next event in the Insights on Privacy series will take place on April 20^th with Aza Raskin and Adam Greenfield , who will talk about privacy, design and innovation. Stay tuned to our blog for details.

While there are always advance warnings about the potential privacy risks of emerging technologies, it usually takes a “killer app” for people to take notice of the real dangers. For geotagging, that app is the rather aptly named creepy.

Photo geotagging — the embedding of geographical location information within digital photos — is becoming increasingly common as a side effect of regulation by the US Federal Communications Commission.  By September 11, 2012, American mobile wireless service providers are required to provide precise location data to improve 911 emergency service. To meet this directive, more and more mobile phones sold in North America now have built-in GPS chips.

Often times, the embedding is automatic. If consumers take a picture with their GPS-enabled phone and haven’t specifically disabled geotagging, the coordinates where the photograph was taken become a digital record contained within the picture file. If enough of these location-tagged photographs are taken and uploaded to on-line sharing services, the aggregated GPS information can indicate a pattern of behaviour. If your picture gallery also contains a self-portrait, it becomes possible for strangers to track you down in person.

Creepy can harvest data from a dozen of the most popular photo hosts, including flickr, twitpic and yfrog, then illustrate any found location data with Google Maps. The result is a visual cluster of your usual whereabouts: your favourite park, your place of employment, or your home.

Have you checked your mobile’s camera settings for mention of geotagging or EXIF data embedding? If not, now is a good time to familiarize yourself with the configuration screen. Consider turning those “features” off, unless you have reason to do otherwise.

There have been recent reports about security vulnerabilities arising from the reuse of passwords on different web sites. What about the reuse of usernames? Can identities established on multiple web sites be linked together based on the usernames, and what are the implications for privacy?

A recent research paper from INRIA in France described an experiment that looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames.

The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. This was true for a variety of web services, including a corporate network, Finnish web forums, and MySpace.

Second, the researchers found that when people used different usernames for different services, many of the usernames were constructed by making very small changes to existing usernames (e.g., sarah, sarah2).

Third, the study demonstrated that more than 50% of the usernames created for different services could be linked to one another because the username was identical, or very similar, and unique from other usernames.

The results are important for privacy protection. Although you may limit the amount of personal information you reveal when using a particular service, if your profile can be linked to other services than a detailed personal profile can be constructed from the various bits of partial information. This could lead to embarrassment if a supposedly anonymous profile is linked to a real-world identity. Spammers and fraudsters could also gather information from multiple services to target their messages or launch phishing and social engineering attacks.

In a demonstration of the risks involved, a quick examination of people using anonymous file sharing services (private BitTorrent trackers) found that 13 out of the 20 usernames examined could be linked to other web services (e.g., YouTube, eBay) and 4 usernames could be linked to real-world identities.

The lesson is similar to the warning about passwords – make sure that you choose a truly unique username (and password) for each service that you do not want linked together.

There truly is an app for everything.

Recently, the digital world has been aflutter with news of the first-ever app approved by the Catholic Church – Confession, an app that helps Catholics prepare for the sacrament of confession by guiding the user through “a personalized examination of conscience”:

“To help those that are feeling guilty ready themselves for the sacrament of confession, the app provides a checklist of the Ten Commandments — along with mini-questions based on each — to help in compiling an inventory of malfeasance. The app even lets one add in non-traditional transgressions not already listed.”

One of the selling points of the app appears to be the password-protection feature, enabling you to lock out anyone who may try to find out about your sinnin’ ways. But what seems to be missing is what Little iApps, the developer of Confession, will do with the data they collect. According to reports, the app asks users to also provide information on their age, sex and marital status – paired with detailed information on the user’s transgressions, that’s a potentially detailed profile that would be quite attractive to marketers and others.

Details on the collection and use of the user-provided data wasn’t available on Little iApps’ site…so if the developer is collecting and using information without the user knowing, does that mean they’ve broken one of the commandments themselves – “Thou shalt not steal”?

Many people will be getting shiny, new wireless gadgets this holiday season. This might be a new smart phone, a laptop or netbook computer, or a tablet such as the iPad. One of the most attractive features of these devices is that they can connect to the Internet wirelessly, using Wi-Fi networks found in homes, offices, and many public locations (hotspots). This is a great feature, but it does come with risks.

Many wireless networks offer no data protection, so people nearby can eavesdrop on the wireless signals and monitor what you are doing online. Even more frightening, new tools such as Firesheep allow other people to easily hijack wireless Internet connections, take over sessions with various online services (email, Facebook), and impersonate you online.

There are some ways that you can reduce these risks.

If you set up a wireless network at home or in the office, make sure that you enable the security features that are included with your wireless router. It should only take a couple of minutes. At a minimum, you should:

1. Change the default administrator password, since these passwords are shared by all devices made by the same manufacturer and they are well known.
2. Change the wireless network name (known as the SSID) to something that is unique, but not related to your real identity (e.g., “mynewnetwork” instead of “TheSmithNetwork”).
3. Turn on wireless encryption (preferably WPA2 or WPA) and choose a long, complicated password. You don’t need to memorize it and you can write it down. You will have to enter it once in each new device that joins the wireless network.

The exact steps that you follow to change these settings depends on the type of router you are using, so read your instructions.

But you don’t just want to use your new gadget at home or work, you want to take it with you. Most public wireless services, such as the ones you find in coffee shops, don’t turn on wireless encryption. So you need to find other ways to protect your data from eavesdroppers. There are a number of ways to do this:

• Find another way to connect to the Internet when away from the home or office. Your wireless device may also have a cell phone feature, and connecting to the Internet over the cell networks can be more secure than public hotspots, but it does cost money. You can even connect some laptops and notebooks to cell networks using a feature called “tethering”, but make sure that your cell plan allows it and you have a large enough data plan.
• When connecting to a website (like an email service), choose sites that offer secure connections (ones that have “https” in the address instead of “http”). Some services are now offering secure connections by default (e.g., Google Mail) and other services often have a secure connection available. Try changing the address in your browser from “http” to “https”, but make sure that the site doesn’t just turn back to “http” once you’ve logged in. For Firefox (an alternative web browser you can download), there are helpful plug-ins, such as HTTPS Everywhere and Force-TLS, which try to ensure you are using an “https” connection wherever it is supported. There are no equivalent tools for Internet Explorer.  (In fact, you should be looking for web services that offer secure connections regardless of what kind of Internet connection you are using. It is just good practice, and more websites should be using “https” by default. If a service you use does not offer secure “https” connections, ask them to start.)
• Make your own secure connection by using a Virtual Private Network (VPN). VPNs protect your network traffic starting at your computer and ending at a remote VPN server. If you don’t already have access to a VPN (often provided by workplaces for their employees), low-cost and advertising-supported VPN services are available. VPNs do take a bit of work to set up, but they are worth it. Tech-savvy people can set up their own secure connection back to their home using an SSH tunnel.

So, enjoy your new wireless device, but be careful when using unprotected connections to the Internet. Set up a secure wireless network at home or work; look for services that offer secure “https” connections; and protect yourself using a VPN.

Some of our public education efforts at the OPC focus on talking to young people about online privacy. How they face the challenges of controlling their information online and protecting their privacy is an important skill to surviving – and thriving- in a digital environment. Increasingly, we see it as part of a suite of skills necessary for digital citizenship.

Through our presentations to young people, their teachers and parents, we’ve gained some wonderful insight into how kids use these tools to not only connect and share with other people, but also restrict access to their information and manage their identities online. We’re also learning a lot about what they already know, what they’d like to know, and what they don’t care to know when it comes to online privacy. These firsthand observations, paired with a growing body of work done by researchers like Valerie Steeves, danah boyd, Sara Grimes, the Pew Research Center and others, are helping us shape our public education and outreach efforts for young people.

Recently at the annual International Conference of Data Protection and Privacy Commissioners, danah boyd gave a talk entitled “The Future of Privacy: How Social Norms Can Inform Regulation”.  The entire talk is worth reading for her observations on how young Americans navigate the public/private divide in ingenious ways.  But among the things that struck me most, was this:

Participation in a networked era means that people are exposed in entirely new ways.  Interactions are increasingly public-by-default, private-through-effort.  People will make an effort to keep personal and intimate information private so as to not be embarrassed or vulnerable in front of people that they care about.  But we are not yet at a point where people have any model for thinking through what an algorithmic society looks like.  People don’t know how data about them and their interactions with others is being used to build data portraits.  They don’t know how algorithms are judging them.

How is our data collected? How are algorithms swallowing up this information and spitting out fairly accurate profiles of ourselves? These are some of the questions we need to be able to answer in order to fully navigate that public/private divide.

Often, “digital literacy” skill sets focus on the soft skills required to navigate in a digital world. But in doing so, perhaps we’re neglecting something quite fundamental to digital literacy – knowledge of the language(s) of computers themselves.

As Douglas Rushkoff recently wrote:

When human beings acquired language, we learned not just how to listen but how to speak. When we gained literacy, we learned not just how to read but how to write. And as we move into an increasingly digital reality, we must learn not just how to use programs but how to make them….

At the very least we must come to recognize the biases – the tendencies- of the technologies we are using, and encourage our young people to do the same.

Basic programming  could be the piece of the puzzle that young people need to fully understand how the digital world works, and how they can change it.

Last week, you may have heard about Firesheep, a plug-in for the Firefox web browser that lets an eavesdropper take over another user’s session—such as a login to Twitter or Facebook—by intercepting packets on a local network and copying the victim’s cookie.  What Firesheep does is to take advantage of a known security flaw and make it easy to exploit, by carrying out sidejacking (or session hijacking). There are two main parts to this exploit:

1.       The attacker needs to be able to “sniff” the network packets, in order to grab the cookie. Firesheep doesn’t do that by itself, but works with packet capture software that comes standard on many computers (or can be freely downloaded). The attacker places himself on the same network as the victim – such as a wireless hotspot in a coffee shop – and if the network is unencrypted, the attacker can eavesdrop on all traffic that flows over the wireless link.
2.       Firesheep then monitors the network traffic, looking for a “cookie” to be sent. When you log in to certain websites, you first provide a username and password, which are often sent encrypted. (You’ll see “https:” in the URL of encrypted pages.)  However, after you log in successfully, some sites use a session cookie that stays active during your login: anyone who captures and sends that cookie to the originating website can mimic you. If you log in to Twitter, for example, session cookies are then sent between your computer and Twitter, which the attacker can then exploit to send tweets under your name.

The attacker doesn’t need to know your password: the website will simply believe the attacker is you, because they have your cookie. Many websites only protect the login page (encrypting your username and password), but turn off the encryption on the rest of the website. Result? Cookies are sent in the clear (unencrypted), attackers can intercept them, then hijack your session and gain access to your account. There is no way to detect that someone else on your Wi-Fi connection is using Firesheep. This vulnerability has been noted on a number of websites, including Flickr, Tumblr, and WordPress.

Although Firesheep garnered a lot of coverage, this is not a new problem. Its author points out that sidejacking tools already existed, and that Firesheep is simply a more user-friendly tool. However, Firesheep’s ease of use and its subsequent publicity shone a spotlight on a persistent security problem, making more people aware of this vulnerability and highlighting the need to address it.

Preventing the transmission of unencrypted cookies

Website operators can deploy encryption to protect their session cookies.

• For website operators:  Wherever possible, websites should ensure that cookies are not sent in the clear, by using encryption (SSL/TLS/HTTPS) on more than just the login page. Some sites provide this feature by default, and others as an option—by default is definitely preferable. At a minimum, if you provide HTTPS as an option, then publicize it so your users know about it.  (You can also set the HTTP Strict-Transport-Security header and turn on the Secure option for session cookies so that browsers send them only over SSL connections.)

There has been some resistance to deploying SSL, due to fears that the performance hit is too high. However, this is an outdated idea in most cases: the overhead is minimal, and services like Google’s Gmail have successfully deployed SSL for entire sessions (not just for the login portion). SSL has low costs and provides huge gains for protecting your users.

• For website users: if you have an account on a website (like a social networking site), check for an “https://” version of that site – making sure that the site doesn’t just turn back to “http:” once you’ve logged in. For Firefox users, there are helpful plug-ins, such as HTTPS Everywhere and Force-TLS, that try to ensure you are using an https:// connection wherever it is supported. (Note that sometimes a site just doesn’t make https:// available – in which case these plug-ins can’t provide you with extra protection, unfortunately.)

Protecting cookies that are being sent unencrypted by a website

If https:// is not provided on a site, then users can take steps to put encryption in place.

• You can use a virtual private network (VPN), which acts like a middleman to provide encryption for you. VPNs encrypt and transmit your network traffic from your computer to a remote server, which then connects to the actual website. If you don’t already have access to a VPN (often provided by workplaces for their employees), low-cost and adware-based VPN services are available. (Those with the technical ability and interest to try a free/alternative solution can set up an SSH tunnel.)

This solution does have some drawbacks. You can only guarantee encryption over part of the network—and the final connection to the destination site may be unencrypted—but it is likely that your traffic is much harder to intercept if you use a VPN. Another downside is that a VPN does require some effort (and possibly cost) to set up, and may sometimes not work reliably. However, this may be users’ only real option, while the website operators roll out their own sidejacking solutions.

Just don’t go there?

One simple solution that has been suggested is to stop using open Wi-Fi networks: lock down your own Wi-Fi, and don’t use public open Wi-Fi networks. As with many simple solutions, this is a stopgap measure that only partially addresses the problem. Fundamentally, the problem is not about wireless. It’s about the dangers of transmitting sensitive information— unprotected—over any kind of network, wired or wireless. It’s unwise to assume the network will protect you: consider secured Wi-Fi as a bonus, not a guarantee.  So, while there are some benefits to limiting access to a wireless network and turning on encryption, this is not a “silver bullet” to stop Firesheep: end-to-end encryption is required for a truly effective security solution. Wireless security, where provided, should be in addition to https://—not instead of it.

Steel wool: armouring yourself

The takeaway message is that both websites and users have a role to play in dealing with sidejacking. While the ultimate solution requires websites to roll out SSL, the steps you can take as a user are:

• If you do use open Wi-Fi, without the additional protection of a VPN, limit your activities to low-risk ones, like reading the news. If you must log in to an account, like a social networking site, then try to ensure you’re on a site that uses “https://” throughout – which protects your cookies — not just on the login page. (Firefox users can try the plug-ins listed above to help them.) If https:// is not provided, and you have no VPN, then you have no protection – bad idea.

• For better security, use a VPN, which provides another layer of protection through encryption. This will help you whenever you use untrustworthy networks. You can subscribe to a VPN service, in order to make this task easier.

• Let website operators know that you want them to provide more secure connections for your accounts: ask them to deploy https:// throughout their sites to protect your information.

Have you ever looked yourself up online and wondered how companies you have never heard of know your name? Where did they get your information and what are they using it for?

Data brokers were the subject of a recent article in The Wall Street Journal’s “What they Know” series on online privacy. Data brokers collect personal information from various sources such as public registries, telephone listings, product registration cards, and, notably, online social network sites and blogs.  The information is then compiled into profiles and sold – to marketing companies, to individuals through “people finder” websites, to fundraisers.

In the past, data brokers relied primarily on organizations like retailers, subscription services, payment processing companies and charitable organizations to share their customer information by renting or selling customer lists. The lists would typically include names and contact information together with attributes like income, age group, number of children, purchase history, and interests. Data brokers would combine these lists with information from other sources, like survey and census data, to generate specialized lists they would then sell to marketers.

Now that we spend more and more time in a digital world, data brokers are able to tap into a wealth of rich new data sources.  Vast amounts of customer information is being stored online. Public records, like court decisions, no longer live in musty filing cabinets but can be accessed by anyone anywhere with the click of a mouse.  Our actions online – where we go, what we do – are tracked and recorded.

And then there is the information that we voluntarily share on social networking sites, blogs, chats and other social media services. Data brokers say this information has been made public and therefore should be free for the taking. Privacy advocates argue that combining and repurposing data exposes individuals in ways they may not have anticipated or consented to. Why do Canadians chose to reveal personal information online? Privacy by obscurity is a theme we at OPC often hear when we ask that question. “I’m not a celebrity so why would anyone be interested in what I post?” Data brokers are interested because collecting and selling your information is how they generate revenue.

The implications of having so much of our personal information out in the ether are only beginning to be understood. Industry practices are not transparent and the average person knows little about companies that routinely harvest online information.  We have seen reports of information gathered from blogs and chats being used to help determine creditworthiness. But would we even know if that happened to us? And would we know how to stop it?

Many of these companies are based in the U.S., where consumers have to navigate a patchwork of laws and regulations that for some will mean being able to opt out of tracking or having information removed from brokers’ databases.  Here in Canada, we are more fortunate.  Canadian private sector privacy law gives individuals the right to see what information data brokers have about them, ask them to correct inaccurate information, and request that the information be deleted.  The only exception is contact information that appears in a public directory such as a telephone book.  American companies which operate in Canada are also subject to our privacy law. If, after contacting a data broker, you are not satisfied with the response, you can file a complaint with us.

You can also try to limit what information you willingly give away.  Be more selective when posting online, restrict your privacy settings, and think twice about filling out that customer satisfaction survey or warranty card. Stay vigilant and let us know if you come across practices that cause you concern.

With new technologies emerging all the time, it can be hard to stay in the loop in terms of privacy. Many applications and websites have privacy settings, but using them might not always be straightforward or obvious (or even seem to matter), especially to youth. That’s why the Office of the Privacy Commissioner of Canada is proud to be a sponsor of the Youth Privacy Online Conference in Toronto, held on Wednesday, December 1^st.

Social networking websites, as well as a variety of interactive applications on the internet, are a facet of daily life for today’s youth. Along with these new technologies comes the risk that many people using and interacting with the platforms do not understand how to ensure the safety of their personal information, or even of their person. This can result in such things such as identity theft, luring, and loss of employment, among a range of other consequences.  

The conference will feature speakers from Canada, the US, and the UK. It will be a forum for discussion, debate and inquiry that will focus on different approaches to protecting children’s privacy online. With the amount of time they spend on the web, youth privacy is a very prevalent subject in the media. This conference will be useful for people working with youth and give them a general idea of how to protect their privacy.

Click here for more information.