Original Posted by Alejandro Martinez-Cabrera
Web users are vulnerable to being identified and profiled by Web sites they visit, even if they employ common measures to keep their browsing habits private, according to new research from the privacy advocacy group Electronic Frontier Foundation.
Most browsers today provide users with a number of options to personalize their privacy settings and control the information third parties learn about them. A common practice, for instance, is to configure browsers to notify users every time a site wishes to install a cookie — a bit of code that remembers a user’s interactions with a site for convenience and site personalization but that can be used to track the user’s Web surfing habits.
But in a recent experiment, the EFF found out that these measures might not be enough to remain anonymous on the Net.
The EFF collected information from hundreds of thousands of participants who visited the EFF site Panopticlick.eff.org to learn how much Web sites could learn about users from details like their time zone, browser’s version, browser plug-ins and operating system’s version — information that Web sites commonly receive from their visitors.
The EFF found out that Web sites can connect 84 percent of their visitors to unique computers. That number went up to 94 percent if visitors used common plug-ins like Flash or Java Script.
While connecting a Web site visit to a specific computer cannot pinpoint specific details about a user’s identity, the information can be cross-referenced to do so, said EFF senior staff technologist Peter Eckersley.
"The important thing is that these facts alone would not be uniquely identifying, but taken together, combine all this stuff and just about everyone is a beautiful snowflake. But that’s not a good thing. That means any Web site could track you by recognizing that combination of characteristics."
For example, a user’s actions in two separate Web sites that work with the same ad network — like logging into a social network in one site and buying a book in another — could be potentially cross-referenced by advertisers to learn more about the user and create a profile about his or her online habits.
Authoritarian governments that can monitor visits to any site within their country’s network could also cross-reference information in a similar way and identify dissidents and detractors, Eckersley said.
"Everything you search and look at is potentially connected to that one time you typed in your name. Suddenly everything you’re reading or searching for is one big file with your name on it," he said.
Eckersley said some Internet traffic analysis firms already use these fingerprinting methods to inform Web sites about their visitor’ demographics and habits. Financial institutions also use them for well-meaning purposes like trying to prevent fraudsters from accessing a person’s online bank account.
But the biggest concern is that most Web sites’ privacy policies do not explain if this kind of information is collected and, if so, how it’s used or shared.
Web surfers can use fingerprinting protections like the Firefox add-on Torbutton tool, but they are far from perfect, Eckersley said. And while disabling Java Script and Flash can reduce the risk of fingerprinting, doing so more than likely means trading Internet usability for higher privacy.
Eckersley said the EFF has brought up the issue with Web browser companies, which seem to have an interest in taking steps to address this problem, but didn’t commit to any specific actions.
He added government officials also needed to get involved and make sure privacy laws encompass this kind of information.
"Privacy regulations need to start treating this kind of data in the same way we think of a phone number or a social security number as personally identifying information," Eckersley said.
Privacy is a big concern today, make sure you read websites privacy statement to determine if your information will be kept as private as it can be on the Internet. If you have any concerns or questions about a site, most have a link to an email address where you can ask questions.
How do you feel about Internet privacy? Write about it on the CCS User Forum, registration is free!!!!!
If you have any questions feel free to email the CCS Retail Systems Support Department or call us @ 800-672-4806
Have a great week
-Bryan 