Web Privacy: I Know What You Clicked Last Summer

You might want to be careful the next time you “like” or comment on a post on Facebook, because you never know who is going to see that information.

With the advent of the web, privacy concerns have taken on new dimensions. Your personal information is no longer confined to the four walls of your home or your network of friends. In the age of the internet, such information can be made available to a much wider audience than you think, and this has gotten privacy advocates riled up about the places that it can potentially go[1].

How and where this information becomes commercially valuable is in the intersection between internet companies such as Facebook and Google and advertisers. Whereas marketing in the past took place through traditional mediums of communication such as television and radio that carried advertisements to a mass audience, the internet now allows advertisers to refine this technique by targeting only users that are most suited for their products or services, in a process known as targeted advertising.[2]

For instance, anything that you post on Facebook, any “likes” that you give, comments that you make, photos that you post, doesn’t end at your newsfeed; that information is analysed by Facebook employees who will then match you with marketers that have paid huge sums of cash to reach specific individuals like yourself with their advertisements.

Just how far targeted advertising can go can occasionally be unsettling. In 2010, The Wall Street Journal reported that internet companies such as Facebook and MySpace were sending advertisers information that could be used to track down a user’s profile, including their real name, age, address and occupation.[3] More recently in 2013, it was found that even private messages on Facebook were being scanned for keywords for advertising purposes, a revelation that earned the social networking giant its share of controversy.[4]

It’s in instances such as these that have gotten consumers worried. What part of our personal information can internet companies use for their own commercial purposes and what should be kept from them? At what point does it become necessary to draw the line?

In 2012, that line became apparent when Facebook proposed $20 million to settle a class action lawsuit, accusing it of violating the rights of its users through an advertising initiative known as “Sponsored Program”.[5]  Under this initiative, advertisers are allowed to advertise your “likes” of their posts to your friends, in the belief that peer influence can induce your friends to take a similar interest in their products. Imagine if your “like” of some potentially embarrassing product or service (everybody has them) is broadcast to your closest friends or family. Not everyone relishes the idea of such blatant and open disclosure.

The war between privacy advocates and internet companies is far from over. Targeted advertising shows no signs of abating due to its demonstrated effectiveness.[6] And as online privacy regulations evolve to keep up with the concerns of consumers, advertisers and internet companies are similarly coming up with new and more innovative ways to get their advertisements to the right audiences.[7]

One example of targeted advertising by Facebook: Analysing your pictures to match you with similar products.
One example of targeted advertising: Analysing your pictures to match you with similar products. Source: http://mashable.com/2014/08/13/passive-hashtags/

References:

[1] http://news.yahoo.com/study-finds-online-privacy-concerns-rise-040211677.html

[2] http://en.wikipedia.org/wiki/Targeted_advertising

[3] http://www.wsj.com/articles/SB10001424052748704513104575256701215465596

[4] http://www.ibtimes.com/judge-facebook-scan-users-private-messages-targeted-advertising-prepare-class-action-1767234

[5] http://www.huffingtonpost.com/2012/10/08/facebook-sponsored-stories-settlement_n_1949307.html

[6] http://hiplab.mc.vanderbilt.edu/~zhangw/p261.pdf

[7] http://www.wsj.com/articles/facebook-to-give-advertisers-data-about-users-web-browsing-1402561120

Advertisements

Gamergate and Web Privacy

What is Gamergate?

Gamergate is an online controversy about various problems in the gaming industry. It began as a protest against the perceived falling standards of video game journalism. As Gamergate grew in popularity amongst online communities and mainstream media, issues such as sexism in gaming communities, and censorship, were associated with the movement.

Origins of Gamergate – The Quinnspiracy

Gamergate’s origins are linked to an indie video game developer, Zoe Quinn. Quinn is best known for her award-winning game; “Depression Quest”. In August 2014, Quinn’s ex-boyfriend, Eron Gjoni, blogged about, and posted on various forums accusations of Quinn cheating on him with various men in the gaming industry (the alleged acts were committed prior to their breakup). One of these men was Nathan Grayson, a part-time writer for the gaming news site, Kotaku.

Anonymous bodies (e.g. 4chan) interpreted the accusations as falling standards of video game journalism. The Quinnspiracy movement was born, containing speculations about how Quinn had slept with various persons in the gaming industry to manipulate reviews and distribution of awards to her favour. The Gamergate hashtag emerged when actor Adam Baldwin tweeted videos which criticised Quinn under Gamergate hashtag. Since then, Gamergate has been used to encapsulate all sorts of grievances online communities have with the video game industry (for a full list, visit: http://knowyourmeme.com/memes/events/gamergate/).

Gamergate and Web Privacy

In the early days of Gamergate, Zoe Quinn was constantly harassed by Anonymous bodies. She had her personal information sprawled all over the net (doxxing), her personal accounts were hacked, and was constantly bombarded with death and rape threats.

Doxxing

Doxxing involves revealing and spreading the personal information of a person online. A local example would be how the errant retailer, Jover Chew, had his address, photos, and NRIC sprawled all over Facebook and alternative media sites (e.g. The Real Singapore).

In Gamergate, Quinn, and anyone suspected to be connected to her, had their addresses, phone numbers, and other personal information sprawled over the net. Anonymous users on forums, such as 4chan and 8chan, created threads sharing information on Quinn as well as tips on how to dig up more dirt on her. Anonymous combed through Quinn’s social media pages, looking for possible family and friends whom they could harass and any information they could dredge up. According to Quinn, her Tumblr account was hacked and personal information was stolen from it (a claim which some have refuted).

The ability for other online users to dox a person is dependent on the amount of information which he or she consciously and unconsciously leaves online. Setting one’s privacy settings to the maximum is a modest attempt, but only shields information from those not on our friends list. Friends (on Facebook) and mutual friends can easily access photos and posts. In addition, a person might have information online which he or she is unaware of. Data brokers, such as Spokeo, collate information from online and offline records. Anyone who is willing to pay a fee for the information can access it. Other sites, such as Whois.net, allow anyone to identify information used to sign up for domain names (addresses are easily found through such sites). Finally, a person might have signed up for sites which he or she has accessed only once. He or she might have left personal information on the account and forgotten all about it.

Have one’s personal information made public is bad enough, but there are other consequences to doxxing.

Prank Calls, Swatting, Threats, & Real Life

Doxxing tends to lead to other acts of harassment which have a profound impact on the target’s life. In Quinn’s case, she was constantly bombarded with death threats online and as a result, she did not dare to return home.

Quinn was not the only one to suffer from the fallout of Gamergate. Her father was bombarded with calls during the saga, informing him that his daughter was a whore. Friends and anyone who expressed support for her soon found themselves doxxed. For example, former indie game developer, Phil Fish, had his company’s website hacked and personal documents leaked online. Because of Gamergate, Fish was forced to wind up his company and leave the industry.

Doxxing can even lead to even more severe consequences, such as swatting. Swatting occurs when emergency services are dialed up and false reports are made to frame a target for being involved in an emergency. For example, Twitch streamer Joshua Peters’s home was stormed by SWAT members in February this year after his personal details had been posted online.

In a Nutshell

Unfortunately, Doxxing and hacking campaigns in Gamergate are not particularly rare. Online communities have launched campaigns in the past in the name of social justice. For example, in 2010, an 11-year-old Jessica Leonhardt and her family were doxxed, hacked, and harassed, and threatened after she had posted Youtube videos critical of 4chan.

Gamergate is an example of how a breach of privacy online can easily spill over into real life. The wealth of information Anonymous was capable of getting their hands on was partially due to Qinn’s the size of the digital footprint she left online (however this by no means justifies the attacks made on her). The lesson here is to be cautious about the information we divulge online. Such personal information could return and bite us in the behind.

References

Quinn, Z. (2014, September 16). 5 Things I Learned as the Internet’s Most Hated Person. Retrieved March 5, 2015, from http://www.cracked.com/blog/5-things-i-learned-as-internets-most-hated-person/

Hathaway, J. (2014, October 10). What is Gamergate, and Why? An Explainer for Non-Geeks. Retrieved March 5, 2015, from http://gawker.com/what-is-gamergate-and-why-an-explainer-for-non-geeks-1642909080/

Preventing Doxxing. (n.d.). Retrieved March 5, 2015, from http://crashoverridenetwork.tumblr.com/post/108387569412/preventing-doxing/

Gamergate. (2014, October). Retrieved March 5, 2015, from http://knowyourmeme.com/memes/events/gamergate/

Quinnspiracy. (2014, October). Retrieved March 5, 2015, from http://knowyourmeme.com/memes/events/gamergate/

Stuart, K. Zoe Quinn: ‘All Gamergate has done is ruin people’s lives’. (2014, December 3). Retrieved March 5, 2015, from http://www.theguardian.com/technology/2014/dec/03/zoe-quinn-gamergate-interview/

Hudson, L. Gamergate Target Zoe Quinn Launches Anti-Harassment Support Network. (2015, January 1). Retrieved March 5, 2015, from http://www.wired.com/2015/01/gamergate-anti-harassment-network/

Takahasi, D. Zoe Quinn and other female game developers speak out against harassment. (2015, March 4). Retrieved March 5, 2015, from http://venturebeat.com/2015/03/04/zoe-quinn-and-other-female-game-developers-speak-out-against-harassment/

Fire my Wall

When discussing web security and privacy, an important aspect to consider would be the systems in place to protect users from security breaches. One of the key components to safety today would be firewalls.

Firewalls are used to protected a trusted network from an untrusted one, regulating the transmission of information between the two.

Despite the fact that there are many anti-virus softwares, thee are limitations. A safer way to ensure protection would be to include a firewall in the setting up of the network. This could be in the form of your own personal network at home, or an organization network like local area network, like Local Area Networks (LAN).

Firewalls are thus important to help prevent the intrusion of unwanted or malicious software into your system. At the same time, it prevents the transmission of confidential information.

Types of Firewall
Firewalls can be a hardware, or software. Both of them work on filters based on IP Addresses, Domain Names and Ports.

Hardwares are devices like routers. Using packet filtering, the firewall will screen all data (that are transmitted in packets) with preset rules determined by the administrator. During which, it will decide if it will drop or forward the packet to the user.

Softwares are common network protection tools. These softwares usually have defined controls to allow for safe file sharing and block unsafe applications from running.

Firewall application methods
There are different operation mechanisms for firewalls – packet filtering, proxy servers and stageful inspection.

Packet Filtering is one of the earlier forms of firewall, which has explicit rules on what to do with the packets of information that passes through it, based on a list of acceptable or blocked sources and destinations, also known as an Access Control List (ACL).

Network protocols like TCP, IP and UDP carry control information which can be used to restrict access to host within the organisational network. For example, the IP packet header contains network addresses of both sender and recipient of the information packet. Rules could therefore be set to block access to particular ports from IP addresses.

However, packet filtering offers an issue, as hackers could craft packets and disguise them under well-known or established port numbers, that could fit under the ACL rules.

Proxy Service is available when devices act like the proxy, becoming the intermediary between the user and the source. Requests for information are therefore sent to the proxy firewall, which then establishes a connection with the source content, which is then transmitted to the user. The proxy acts as a buffer between the two, which also causes it to be slower than packet filtering. Proxies prevents the remote computer hosting the web page from coming into direct contact with the private networks.

Operation Mechanism of Proxy Servers. Image Source: http://dirtcheapproxies.com/Bypass_proxy.jpg

Stateful inspection does not analyse the contents in each packet. It compares key aspects of each packet to a list of trusted sources. If the content and the sources yield a reasonable match, it is transmitted to the user or host.

Operation Mechanism of Stageful Inspection & Packet Filtering. Image Source:https://cs2024.files.wordpress.com/2015/03/992d3-8-6firewall1.gif

Developments in Firewall
The current developments mostly look at next-generation firewalls(NGFW), which is able to detect and block viruses with security at application, port and protocol level. These applications will feature intrusion prevention system and application control. Using Packet Filtering, Network Address Translation, URL Blocking and VPN. Other than the intrusion prevention ability, the firewall also has increased application awareness, controlling the content flow even in web-based applications.

The ability to have application, port and protocol level control is significant for NGFW, due to the prevalence of web based applications as well as mobile phone

Other uses
Of course, other than the usual protection and regulation, firewall has also been used for other purposes, most notably, the Great Firewall of China.

References

Beal, V. (2010, June 24). The Differences and Features of Hardware and Software Firewalls. Retrieved February 27, 2015, from http://www.webopedia.com/DidYouKnow/Hardware_Software/firewall_types.asp

Blair, R., & Durai, A. (2009, May 21). Chapter 1: Types of Firewalls. Retrieved February 27, 2015, from http://www.networkworld.com/article/2255950/lan-wan/chapter-1–types-of-firewalls.html

Tyson, J. (n.d.). How Firewalls Work: Lots More Information – HowStuffWorks. Retrieved February 26, 2015, from http://computer.howstuffworks.com/firewall5.htm

Rouse, M. (n.d.). What is next-generation firewall (NGFW)? – Definition from WhatIs.com. Retrieved February 26, 2015, from http://searchsecurity.techtarget.com/definition/next-generation-firewall-NGFW