Privacy And Security
With the advent of the Internet, with search engines and the increased importance of WEB in banking, hacking and social networks, the terms privacy and security has been increasingly in the spotlight. To protect and control users and their use of the infrastructure has become an important issue.
Usually comfort, i.e. ease of use, and privacy are two opposites. We actually want to get perfect search results from Google, but on the other hand, we do not want Google to collect any information about us. We want to share private information with friends, but not with strangers. We want to have as much control as possible of information about ourselves, but on the other hand want to learn as much gossip about strangers as possible. Naturally, this dichotomy can not be resolved, so we have to live with a reasonable compromise.
Before thinking of counter measures of how to deal with the imminent dangers of the Net, it takes understanding, and, more importantly, awareness for the risks at hand. It’s imperative to avoid overacting, to refrain from seeing evil in each and every corner, but skepticism and caution, paired with a healthy gut feeling of when to spread personal information and when not to, can and will improve privacy and security.
A good place to start is to be aware of the fact that one is leaving traces all around the Net, and that others try to track these traces to make use of them. Contrary to popular belief (as it is unwittingly being conveyed by Hollywood movies), it’s not so much the governmental agencies that track individuals and groups, but people whose intend is to make profit based on the collected data. In theory, each click, each move, each action is of interest for these people, especially if it helps to deduce and create a profile of the person that is being examined. Willingly or not, the netizen leaves his traces, only to be followed and analyzed by those that serve the purpose of categorizing and structuring his habits and customs. By using the Web, and as a result of participating in its various services, netizens accumulate measurable digital footprints..
- First, read the article on how to protect your privacy in Facebook : ’So funktioniert das neue Facebook’ (www.spiegel.de/netzwelt/web/0,1518,811390,00.html)
- Then go to your Facebook account, and check if your privacy settings are sufficient for your needs.
- If you want to know why Google is collecting all this information, you may want to read ’Warum Googles Datensammeln gar nicht so böse ist’ (www.golem.de/news/imho-warum-googles-datensammeln-gar-nicht-so-boese-ist-1203-90241.html)
The opposite of privacy is personal marketing. When you start looking for a job, sites like Xing (https://www.xing.com/) and LinkedIn (http://www.linkedin.com/) become very important. Many jobs are no longer advertised, but instead head hunters use those sites for recruitment.
Use Google and look up your own name. Follow some of the sites, is that you? Would a possible employer like what he or she sees? Do an image search for your name. Is that really you?
In case you don’t like what you see, don’t despair, but take control. By consciously posting information about yourself, you can actually influence the noise.
The most secure computer is one that is locked in a safe, with no cables going in or out. Although very secure, such a computer is not very useful. Already a power cable going in, is for some experts enough to determine which keys you pressed.
The other opposite are Internet cafes. No matter if you use your own computer or someone else's, you should expect, that everything you enter (especially credentials) can be observed by others.
For your own computer viruses, trojans, root kits and the like are a primary security risk. Here some simple precautions can help, like the use of a secure operating system, a decent browser, and a little care with the installation of applications that come from trust worthy sources. The choice of good passwords, and a reasonable secure network environment are also important.
However, even the safest browsing environment does not help you much, if the provider screws up, like in the case of the PlayStation network outage .
- Read the article ’Tipps für mehr Sicherheit So schützen sich Profis vor Computer-Kriminellen’ (www.spiegel.de/netzwelt/web/0,1518,808814-2,00.html)
- Discuss means for increasing your security in the web (Incognito, Knoppix, ...)
Cryptography, Also called ciphering, encryption is about obfuscating the content of a message or data stream. Without secondary meta information, such as a decryption key or password, a third party that gains access to the encrypted information is (or should) not be able to extract or deduce its content.
Encrypting a message does not render the sender anonymous against an observing party. To achieve that kind of anonymity, the (logical) transmission channel, with all or some of its intermediate network entities, would have to be obfuscated as well. However, it guarantees not only the privacy of the transmission (see above), but also the integrity and authenticity of the message, and thus, its sender.
Symmetric ciphering is based on the fact that the same key is used for both, encryption and decryption of a message.
Compared to asymmetric encryption, symmetric key algorithms tend to be fast. Their major drawback is that both, sender and receiver, need access to the same key, which must somehow be shared over a secure communication channel in the first place.
The public key is transferred openly to the communication partner or party. Once used to encrypt a message, the resulting cipher text can only be decrypted by using the private key. That way, the public key can be used to send an encrypted message to the owner of the private key. Only the owner will be able to decrypt the message and read its content.
On the other hand, the private key can be used to prove authenticity. Once used to encrypt a message, any party in possession of the public key (virtually everyone) can validate the authenticity of the message, i. e. verify that the message has been encrypted by the owner of the private key. That way, a mechanism to “sign” a message is provided. In fact, public-key encryption provides the basis for digital signatures.
Being anonymous means not to expose distinguishing features that would permit an onlooker, casual as well as intentional, to identify the observed subject or party. As far as the internet is concerned, the anonymity of a netizen means that the person responsible for an action performed throughout the infrastructure of the net can not be identified, and thus can not be held accountable for what has been done. Anonymity differs from encryption in that it obscures a user’s identity rather than ciphering the channel of communication, though the latter is often a technical means to achieve the ends of the former.
The technical basis of anonymization networks is usually that of a proxy. Instead of connecting directly to a remote host, a participant of a anonymization network channels all communication through a local proxy, a piece of software that runs on the user’s computer. The proxy encrypts the outgoing message, picks a router of the (anonymization) network, and passes the packet on to it. From that point on, all messages passed between two subsequent routers are encrypted. An observer who extracts the contents of a packet routed through the anonymization network will see encrypted data instead of clear-text messages. Moreover, neither the identity (i. e. IP-address) of the original sender, nor that of the final destination is reveiled, since the entire routing information of the underlying packet is encrypted as well.
Examples of anonymization networks deployed throughout the internet:
Ex.1: Protect your Privacy
Read the following two articles:
- Googles Super-Profil Datenschützer empfiehlt Streubesitz www.spiegel.de/netzwelt/netzpolitik/0,1518,811359,00.html
- So löschen Sie Googles Erinnerung an Ihre Web-Suchen, www.spiegel.de/netzwelt/web/0,1518,818287,00.html
- Tipps für mehr Sicherheit So schützen sich Profis vor Computer-Kriminellen www.spiegel.de/netzwelt/web/0,1518,808814-2,00.html
Find similar articles or web sites. Decide for yourself what you consider useful/helpful, and write about it in your blog.
Ex.2: Xing or LinkedIn
If you have not signed up with one of the professional networks, you should do so. For Germany, Xing is very popular, for internationals, LinkedIn is the better choice. Try to connect to your friends, and teachers.
Ex.3: Yasni and 123people
You may have notices, when you did the search for your name on Google, that some web sites (like Yasni (http://www.yasni.de/) or 123people (http://www.123people.de/)) show up quite often and claim to know a whole lot about you. Actually, you can register with those sites, and influence what they show about you.
Ex.4: Social Engineering
Watch the interview with Sharon Conheady about Social Engineering (video.golem.de/internet/6440/interview-sharon-conheady.html). Try to find web sites related to social engineering, maybe you also stumble upon a certain Mr. Mitnick. Write about what you find in your blog.
- , Schmundt, Hilmar: Die Keks-Spione, Der Spiegel Ausgabe 13/2012
- , Bodhani, Aasha: Digital Footprints Step Up, E&T Magazine, Issue 02/2012, p. 82
- Fundamentals of Information Systems Security/Information Security and Risk Management
- PlayStation Network outage
- Knowing Knoppix
- , Schneier, Bruce: Applied Cryptography, ISBN 0-471-11709-9
- , Internet anonymity