6. Tracking and Surveilance

Question 1

IP Address

Answer 1

The internet protocol address is a numerical identifier given to internet-connected devices. A major transition is currently occurring from IPv4 addresses, which have effectively been exhausted, to much larger IPv6 addresses. An IPv4 address is 32 bits (232 possible values), while IPv6 addresses are 128 bits (2128 possible values).

Question 2

IP Packets

Answer 2

Each IP packet consists of a header and the data payload. The exact format of the packet depends on the protocol, but includes the IP address of the data’s source and the address of its destination. It also includes a checksum over the header for error checking, as well as information about how the packet should be routed and the protocol that the packet is using.
In the typical case, the information included in an IP packet allows it to be transmitted across networks using packet routing. Using the information included in the header of the IP packet, each router passes a packet on to the next router closer to its final destination. Once packets reach their final destination, the contents are reassembled into their original form, such as an image or other user-friendly file.

Question 3

TCP/IP & UDP

Answer 3

Two of the most popular protocols that sit on top of IP are the transmission control protocol (TCP) and user datagram protocol (UDP). Whereas TCP guarantees delivery of a packet and encompasses mechanisms for verifying delivery and resending packets that did not make their way to the destination, UDP makes no such guarantees. As a result, TCP is generally used when it is important that data be delivered in its entirety, even if it takes longer. For instance, TCP would normally be used when downloading a photograph from a website. In contrast, by not making guarantees about the eventual delivery of data, UDP can operate more quickly and with less overhead. In cases where speed trumps reliability, such as in a video stream of a live sports event, UDP is generally used. If the data for a few seconds of this live video stream were to be lost in transit, it would not be useful to invoke a retransmission procedure and receive this data at a later point since the moment would have passed.

Question 4

Mail User Agent

Answer 4

A user creates an email message using a mail user agent (MUA) at the application level of their computer. A desktop email client like Microsoft Outlook is an example of a MUA. The email message is made up of a message header and a body. The body includes the email message. The header includes a variety of addressing fields, such as the sender’s and recipients’ email addresses, the subject, and cc’d recipients.

Question 5

SMTP

Answer 5

The email message is transmitted to the user’s outgoing mail server and then sent across the internet to its destination using the Simple Mail Transfer Protocol (SMTP).

Question 6

IMAP/POP/POP3

Answer 6

Once the email reaches its destination mail server, it is available for access either directly or by using a mail server protocol, such as the Internet Message Access Protocol (IMAP) or the Post Office Protocol (POP). When using IMAP, the emails remain on the server for access later or for access by multiple clients (e.g., a MUA on a desktop computer or a smartphone). In contrast, in POP, the MUA removes the emails from the server after storing them locally. In POP3, the email server can be configured to leave emails in the inbox.

Question 7

HTTP/HTTPS

Answer 7

Hypertext Transfer Protocol (Secure)
The service component of a URL specifies the protocol that will be used for the request. Most commonly, web pages use HTTP for communication between a web browser and the web server that hosts the page. Messages sent over HTTP are sent in plaintext, and thus are susceptible to monitoring and tampering by any of the intermediary nodes through which the HTTP packets are sent.
To prevent monitoring or tampering of data traveling over the internet, HTTPS (hypertext transfer protocol secure) can be used. This protocol is similar to HTTP except that data is encrypted using transport layer security (TLS).
Historically, many websites preferred to send traffic over HTTP, rather than HTTPS, for performance reasons. Unfortunately, this decision to use HTTP and therefore send web traffic in plaintext also meant that the bulk of web traffic could be monitored. However, the adoption of HTTPS greatly accelerated around 2017.6 A number of factors appear to have spurred HTTPS adoption, ranging from how web browsers began to flag the insecurity of sites served over HTTP to the nonprofit Let’s Encrypt certificate authority (CA) beginning to offer the X.509 certificates required for HTTPS deployment for free.
HTTPS DOES NOT PROVIDE ANONIMITY. Network observers still can see the source and destination of traffic, which are left unencrypted in the packet headers so that the request or response can be routed to the right destination. For instance, a user who visits example.com over HTTPS will reveal to network observers that their IP address is communicating with example.com’s IP address. While the body of the request or response, such as the precise page requested and delivered, is encrypted, the privacy provided can be imperfect. Which page is being viewed can sometimes be inferred simply based on the size and the timing of the encrypted data returned, even without observing the unencrypted data itself. Anonymizers can be used to mask the link between the source—the user—and the destination of the network traffic. Two major types of anonymizers are anonymous proxies and onion routers.

Question 8

X.509 Certificate

Answer 8

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
A public key is a large numerical value used to encrypt data or check the legitimacy of a digital signature. A PKI, moreover, is the underlying framework that enables entities like users and servers to securely exchange information using digital certificates.
The X.509 certificate is a safeguard against malicious network impersonators. When a certificate is signed by a trusted authority, or is otherwise validated, the device holding the certificate can validate documents. It can also use a public key certificate to secure communications with a second party.

Question 9

Port

Answer 9

Along with the host, a port can optionally be specified. Ports allow numerous programs and processes on one computer to communicate simultaneously with many other machines without accidentally jumbling the conversations, similar to the way mail can be correctly routed to a resident of a large apartment building that has a single street address by specifying an apartment number. Although a single computer has 65,535 ports for use by both TCP and UDP, there are default ports to which requests following particular protocols should be made. For instance, HTTP requests are sent to TCP port 80 by default, while HTTPS requests are sent to TCP port 443. Since no port was specified in the example URL above, the default port for the HTTPS protocol will be used.

Question 10

Host of URL/domain

Answer 10

The host portion of the URL specifies who will receive the request, most often a computer server owned or contracted by the group represented by the website. The host can also be referred to as the site’s domain.

Question 11

Resource of URL

Answer 11

Finally, the resource portion of the URL specifies exactly which page, image or other object should be returned.

Question 12

Deep Packet Inspection

Answer 12

“Only the IP header, the first part of a packet, is required for network hardware to accurately route a packet to its destination. It is possible for network hardware to examine header information for other protocols or the full body of the network packet for a variety of purposes. When nodes look at this additional data, it is called deep packet inspection.
Deep packet inspection serves multiple purposes. For example, the ability to examine additional information within packets before they pass into a local organizational network can help determine whether or not the packets contain malicious content, such as known viruses. Alternatively, examining packets before they leave a network can help prevent data leaks, assuming the organization can scan these packets to detect sensitive information that should not leave the organization.
Deep packet inspection is also used for a variety of nonorganizational purposes. It is used by advertisers to track users’ online behavior to better target ads and by government entities to censor or track citizens’ online behaviors; both of these activities raise privacy concerns.8 In China, deep packet inspection is used as part of the “Great Firewall,” which the government uses to perform large-scale censorship on potentially sensitive topics. Some opponents of deep packet inspection note that it can be used to violate the principle of net neutrality because it allows network traffic and bandwidth shaping based on the content of a packet.

Question 13

Wi-Fi eavesdropping, packet sniffing

Answer 13

Monitoring can also occur on Wi-Fi networks. It is possible to eavesdrop on or capture data being sent over a wireless network at the packet level. Several systems for Wi-Fi eavesdropping, including packet sniffing and analysis tools, are freely available.
Unsecured communications sent over an open, or shared, wireless network can be intercepted easily by others. This risk is often present in Wi-Fi hotspots in public spaces, such as hotels or coffee shops, where many users share a common Wi-Fi network that is either unprotected or protected with a password known to a large group of users.
Packet-sniffing systems capture packets sent over such networks. If the data is unencrypted, these packets can be examined and reassembled. These reassembled packets can then provide information about all the network user’s activities, including websites they visited, emails and files sent, and the data included in session cookies (such as website authentication information). Wireshark is one example of a packet sniffing and network analysis tool.11 It captures packet-level data on wired or wireless networks to which a user has access, allowing a user to examine and reassemble packet content. Other examples of packet sniffers include “Kismet for Unix and Eavesdrop for Mac.12
There are also more specialized Wi-Fi eavesdropping systems. One such tool enabled HTTP session hijacking, or “side-jacking,” attacks. When a user logs in to an internet site, the initial login process is usually encrypted. Sites often store a token on the user’s computer, and this token is sent along with future HTTP requests as proof that the user has logged in. However, some popular sites previously used HTTP, rather than HTTPS, to send this token, which means the token was sent unencrypted.

Question 14

Defenses against WiFi eavesdropping

Answer 14

There are several potential defenses against Wi-Fi eavesdropping. First, Wi-Fi eavesdropping requires that the eavesdropper have access to the Wi-Fi network and be able to read the packets that are sent. Ensuring that Wi-Fi networks are encrypted using strong passwords can limit the danger of Wi-Fi eavesdropping by preventing some adversaries from reading the traffic passing across the network. However, one Wi-Fi encryption scheme that is still in limited use, Wired Equivalent Privacy (WEP), has significant vulnerabilities and can often be broken within seconds.15 The Wi-Fi Protected Access (WPA) encryption scheme is also considered insecure and should not be used. At the time of press, however, its successor WPA2 was still considered secure even though its own successor, WPA3, had already been announced. Even the more recent security protocols for Wi-Fi routers can sometimes be defeated, which means that strong Wi-Fi passwords are often not sufficient to protect this communication channel. Virtual private networks (VPNs), which allow users to create secure, encrypted tunnels to send data through more trusted channels, offer a defense against interception on unsecured networks. Additionally, regardless of the security of the network itself, “ encrypting web requests using HTTPS can prevent eavesdroppers from intercepting sensitive or personally identifiable data.

Question 15

Spyware

Answer 15

Spyware is malicious software that is covertly installed on a user’s computer, often by tricking users through social engineering attacks. Spyware can then monitor the user’s activities through a variety of methods. It can track online activity in several ways, including capturing cookie data to determine browsing history or directly monitoring and reporting on browsing behavior. Spyware can also directly monitor what a user is doing on their computer, either by performing screen capture and transmitting an image of the user’s screen back to the attacker, or by performing keylogging. In keylogging, malware is installed that tracks all keystrokes performed by the user. This data is then sent back to the attacker, allowing them to capture sensitive information typed by the user, such as passwords.

Question 16

Anonymous proxy

Answer 16

Anonymous proxies allow users to anonymize their network traffic by forwarding the traffic through an intermediary. Thus, the user’s traffic appears to come from the proxy server’s IP address, rather than the original user’s IP address. JonDonym is a service that anonymizes traffic by routing packets through a mix of multiple user-chosen anonymous proxies.23 However, the use of an anonymous proxy requires that the user trust the anonymous proxy, and this approach runs the risk of presenting a single point of failure.

Question 17

Onion-routing system

Answer 17

Onion-routing systems, or mix networks, are an alternative to anonymous proxies. Similar to the layers of an onion, packets sent through an onion-routing system are encrypted in layers and then sent through a series of relays in a way that is very difficult to trace. At each stage of the circuit, a node receives a packet from the previous node, strips off a layer of encryption and sends it on to the next node. Because there are multiple nodes within the circuit, each internal node does not know anything beyond the node it received the packet from and the node to which it needs to forward the packet. This configuration allows a layer of anonymity to be inserted into network traffic. However, encryption is still required to keep the data itself anonymous once it leaves the virtual circuit. Tor (The Onion Router) is an implementation of the onion-routing protocol that uses a network of volunteer-run relay nodes to enable a variety of anonymous services.

Question 18

Cookies

Answer 18

“web browsers typically communicate with web servers using HTTP or HTTPS to access websites. Although these protocols are stateless, which means they are not expected to remember past transactions, it is useful for websites to be able to save state about a particular user.

Question 19

Single origin policy for cookies

Answer 19

Web domains can only read and write cookies that they themselves have set, a practice known generally as the single-origin policy.

Question 20

Third-party cookies

Answer 20

“it is often the case that visiting a single website will result in cookies from multiple companies being placed on a user’s computer because websites that appear as a single entity to the user may actually be cobbled together transparently from many different sources. For instance, a news website might load articles from its own internet domain (for instance, www.news-website.com). These sorts of cookies from the primary page that the user is visiting are known as first-party cookies. However, images on this page might be downloaded from another company (such as www.photojournalism-aggregator.com), while each advertisement on the page might be served by a different advertising network (such as www.xyz-advertising.com). Each of these domains can also set its own cookies. Cookies set from all companies other than the primary website whose URL is displayed in a browser are known as third-party cookies.

Question 21

Beacons or Web Bugs

Answer 21

Elements used for tracking that are not visible to the user in the rendered web page are known as beacons or web bugs. Beacons are loaded onto a page using elements of the HTML markup language, which is the most widely used language for specifying the layout of a web page. HTML allows text and multimedia from a variety of different sources to be brought together to form a web page.
The most canonical example of a beacon is a one-pixel image whose sole purpose is to generate an HTTP request. If a user visits website A and website A embeds third-party content, such as a beacon or an advertisement, the browser will visit the third-party site to get the content and will receive a cookie alongside the content. The third-party tracker receives the cookie with the user’s unique ID, as well as the referring URL, thereby concluding that this particular pseudonymous user visited this particular URL. When the user visits a completely different site, website B, that site might also reference content from the same third party. If it does, the browser again visits the third party to fetch that content, and the cookie received on the visit to website A is sent back to the third party. The third party then knows that the user has visited both website A and website B.
Although a company can only track a user’s visits to websites on which it serves content, widespread tracking is still possible since a small number of companies include their content and beacons on many popular websites across the internet.

Question 22

Behavioural / targeted advertising

Answer 22

Tracking across popular sites supports online behavioral advertising, also known as targeted advertising, which is the practice of targeting advertisements using a profile of a user based on the websites they visits. A common method of profiling involves having a list of interest categories, such as “home and garden.” These interest categories are either selected or unselected for a particular user based on inferences the company makes. As a basis for these inferences, the company can consider which web pages the user has visited. The company can also leverage information collected from other sources, both online and offline, that is funneled through data brokers.33 They might also misuse personal data provided to them for other purposes, such as security, for targeted advertising.34 Based on this data, advertisers can choose from among tens of thousands of different characteristics on which to target an advertisement.”

Excerpt From
IAPP_T_TB_Introduction-to-Privacy-for-Technology_1.1
This material may be protected by copyright.

Question 23

URL rewriting

Answer 23

URL rewriting is the process of modifying Uniform Resource Locators (URLs) for various purposes. Using a technique known as URL rewriting, a website can be crafted to determine whether or not a user has clicked on an individual link. Understanding how a user has navigated a page can be useful for analytics, such as helping a search engine determine which of the links it presented to a user were actually clicked on. For example, if a user goes to Google and searches for “privacy organizations,” the results would likely include a link to the IAPP. However, rather than presenting a direct link to the IAPP’s website at https//iapp.org, Google might instead present a link of the form:
http://www.google.com/url?query=privacy_organization&user=2fE65Da&url=iapp.org
Such a link would automatically redirect the user to the IAPP website. However, by first directing the user’s browser to Google’s own server, Google is able to learn which link a particular user clicked on from a particular set of results. The unique identifier for the user can be the same unique identifier contained in a cookie that Google stored on that user’s computer, allowing that action to be associated with that particular user. Furthermore, by analyzing the time and IP address associated with this redirection

Question 24

JavaScript Website Tracking

Answer 24

JavaScript, a programming language used to create dynamic and interactive websites, can be used to track how a user navigates a web page in even greater detail than simple URL rewriting. In order to enable web pages that dynamically change as a user interacts with the page, JavaScript has functions for determining where a user’s mouse cursor is placed on the page, when a user has placed the mouse cursor over a particular element of the page, what the user has typed and in what sequence. Of course, these functions can be used to capture navigation information in great detail and then to send it to a remote web server for analysis.

Question 25

Data Brokers

Answer 25

A data broker (also known as an information product company) is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes.
https://www.mcafee.com/blogs/tips-tricks/what-is-a-data-broker/

Question 26

Pixel hack

Answer 26

A pixel hack, in which a unique identifier is written into a minuscule image, generated on the fly, in the form of the color values for one or more pixels. Since images are often cached, or stored locally by the browser to avoid having to download the resource again in the future, these tracking values can often be retrieved later.

Question 27

ETags

Answer 27

Entity tags (ETags) are HTTP headers that allow a browser to permanently tag a previously viewed resource (a web page or an object contained in the page) with an identifier. They were originally designed to enhance performance when loading previously viewed websites. When a user views a website, browsers generally save a copy of objects viewed on the user’s hard drive so that identical content does not need to be downloaded multiple times. A site can tag content with an HTTP ETag identifier, which changes each time the content is updated on the server. As a result, a browser can request a resource from a website while specifying that the resource should be returned only if it has changed, based on the ETag. If the resource has not changed, the site only needs to confirm this fact so that the browser can use the local copy. To enable tracking, a web server need only change and track ETags during each transaction to reidentify a visitor across multiple transactions. ETags are generally not deleted when a user clears their cookies; rather, ETags may be deleted when a user clears the browser’s cache of previously viewed pages. Thus, ETags enable tracking even if cookies are deleted.

Question 28

Local Shared Objects / Flash Cookies

Answer 28

The Adobe Flash plug-in that is used to display videos and other interactive content on a number of sites has its own means of storing information, commonly called either local shared objects (LSOs) or “Flash cookies.” A particular plug-in will generally be configured to run in each web browser on a user’s computer. As a result, a website that utilizes that plug-in can access the same cookies regardless of which web browser is being used. Furthermore, LSOs are stored in a location on the hard drive separate from HTTP cookies, which means that hitting the “clear cookies” button in a web browser may not clear LSOs. While LSOs can be used for purposes such as remembering the volume setting for watching videos on a particular website, they can also be used for storing unique identifiers for users that may not be deleted when a user deletes their cookies.

Question 29

Browser history stealing / sniffing

Answer 29

Features of web browsers designed to enhance users’ experience on the web can also be misused for tracking purposes. By default, web browsers show links on a page that have already been visited in one color, while links that have not yet been visited are displayed in a different color. Although it cannot directly access a user’s browsing history, JavaScript can access the color of any element on a web page, including links. Therefore, in a technique known as browser history stealing or sniffing, an unscrupulous page can include thousands of invisible links to popular sites and then use JavaScript to query the color of those links and learn whether a particular page has been visited by the client browser.

Question 30

Browser fingerprinting

Answer 30

Another technique that misuses features of JavaScript and HTML for tracking purposes is browser fingerprinting, which has become widely used in recent years.49 So that websites can adjust their pages to match the configuration of a particular user’s computer, there are JavaScript functions that reveal the time zone and screen resolution, as well as fonts and plug-ins that have been installed on a particular computer. A 2010 study found that, even among a sample of potentially privacy-conscious users, 94.2 percent of browser configurations with Flash or Java installed could be uniquely fingerprinted.50 That same study also captured an array of browser fingerprinting techniques in use. These fingerprinting techniques leverage the unique characteristics of an individual user’s browser—the fonts installed, the particular version of the browser running, the idiosyncrasies of a particular graphics card—as a semi-stable, unique identifier in place of cookies, but for much the same purpose.51 Measurement studies conducted in 2014 and 2016 observed increasing use of browser fingerprinting in the wild, establishing browser fingerprinting as a major frontier in future tracking efforts.

Question 31

Tracking email recipients

Answer 31

Two common techniques for tracking email recipients are variants of the beacon and URL rewriting techniques used for web tracking.
Popular email programs, such as Microsoft Outlook and Gmail, can display emails containing HTML code, the markup language used to format many websites. HTML code enables emails to contain different colors, advanced formatting and images, just like websites. Images can be attached to the email, or they can be downloaded automatically from a remote server. To determine whether a particular recipient has opened an email, the HTML code sent in an email to that user can request that content uniquely tied to that user be downloaded automatically from a remote server when the message is opened by the recipient. As on web pages, links to websites that are included in an email can also be customized to track whether or not a user has clicked on them. An email might contain a link that will eventually bring the email recipient to a specific website, such as www.big-sale.com, if they click on the link. However, rather than containing a direct link to that page, the email might contain a link to www.big-sale.com/174cx3a, where 174cx3a is an identifier sent only to Bob. Therefore, if big-sale.com receives a request for the page 174cx3a, it knows this request originated from the email that it sent to Bob.
Alarmingly, a 2018 study found that personally identifiable information (PII), such as the recipient’s email address, is frequently leaked to these third-party email trackers.53 Unfortunately, the same study also observed that many existing defenses are insufficient for fully stopping email tracking. These defenses include filtering HTML, accessing content through a proxy, or blocking cookies or Referer headers.

Question 32

Cross-device tracking

Answer 32

Cross-device tracking is the process of tracking a user across multiple devices, such as computers, smartphones, tablets, and smart TVs. This can be useful to users when it allows them to suspend a video on one device and resume watching it on another or maintain state between other types of sessions across their devices. However, cross-device tracking can also be used to build rich user profiles across multiple devices, which companies may use for advertising or other purposes. Companies use both deterministic and probabilistic approaches to facilitate cross-device tracking. When users log in to a service on each of their devices, companies can use deterministic approaches to know that it is most likely the same user on each device. However, when users do not log in, companies can use probabilistic approaches, for example matching IP addresses, to determine, for example, that the same user is likely logged into two devices simultaneously. Cookies, location and behavioral data can also be used for probabilistic cross-device tracking. Companies build device graphs based on the inferences they have made about the devices used by a particular user. Users are largely unaware that this is occurring.

Question 33

P3P

Answer 33

Platform for Privacy Preferences Project (P3P) tokens. P3P is a machine-readable language with which websites can express their privacy practices, such as the information that they collect and how this information is used.

Question 34

Opt-out Cookies Mechanisms

Answer 34

A number of companies engaged in tracking also offer a system of opt-out cookies. Rather than being used for tracking, opt-out cookies are HTTP cookies indicating that a consumer has chosen to opt out of receiving targeted advertising. Although users who have opted out will not receive targeted ads from a particular company, some companies will still track those users’ online activities. Opt-out cookies are also problematic from a usability perspective since users who delete their cookies, as many privacy-conscious users might, also delete their opt-out cookies. Furthermore, setting opt-out cookies for each of the hundreds of tracking companies a user might encounter would take a long time. Centralized websites organized by industry groups offer a single place at which a user can opt out from many companies at once.85 However, research has identified major usability problems with these centralized websites.

Question 35

Ways to stop web tracking

Answer 35

A number of companies offer tools specifically designed to stop web tracking conducted by advertising networks, social networks and other companies interested in collecting what websites a user visits. For example, the partially open-source tool Disconnect is provided by a company of the same time. The company Cliqz offers Ghostery, which was formerly owned by Evidon. Similar tools include the open-source Privacy Badger from the nonprofit Electronic Frontier Foundation (EFF).
These tools generally work by blocking, to varying extents, the mechanisms used for tracking. While some tools completely prevent the user’s browser from communicating with those domains or trying to download those resources, others allow the request to go through, yet prevent the request from including cookies.87 Additional subtle modifications to requests, such as removing the HTTP Referer field, can also protect the user’s privacy in limited ways.
Some general-purpose browser add-ons can limit web tracking to an extent. For instance, the popular Firefox and Chrome extension Adblock Plus, designed to block large fractions of the advertising on the web, blocks requests to the domains of a number of advertisers and thereby limits the collection of tracking data by those particular advertisers. Similarly, NoScript, a Firefox add-on designed to prevent websites from executing JavaScript code and plug-ins like Flash, can prevent tracking that occurs using those plug-ins. Notably, HTTP cookies are sometimes created using JavaScript, and blocking the Flash plug-in can prevent LSOs from being set.

Question 36

Functional privacy

Answer 36

Term functional privacy means users’ willingness to aim for as much privacy as they can get without breaking the functionality of what they hope to accomplish on the web.

Question 37

Blocking web-search tracking

Answer 37

Search engines, such as DuckDuckGo, promise to neither collect nor share a user’s personal information. By default, DuckDuckGo does not use HTTP cookies except to save preferences about the page layout a user has chosen, nor does it allow the HTTP Referer field to contain information about the search query. However, users must trust DuckDuckGo and similar sites to fulfill their privacy promises.
Users who wish to hide their search history can also download a tool to assist them, although few tools exist for this purpose. TrackMeNot, an add-on for Firefox and Chrome, protects a user’s privacy by issuing decoy queries to major search engines.101 As such, it operates by achieving security through obscurity, creating ambiguity about whether a particular query was issued by a user, or whether it was issued automatically by the program. The plug-in’s behavior is meant to mimic that of a real user. For example, it sometimes performs a large number of queries in a short amount of time, and it selectively chooses whether or not to click through to a link.
For instance, a proxy or an anonymizing network such as Tor can strip some or all of the identifying information from web traffic, making a user’s searches more difficult or impossible to track. However, it is possible for private information to leak even when using techniques such as the TrackMeNot plug-in and anonymizing services.

Answer 38

“A number of modern email clients block beacons, images and other content loaded from external sites since this external content could be used for tracking. This behavior disables one of the most widespread techniques for determining whether or not an email has been read. Unfortunately, not all email clients block outgoing requests by default, nor implement related privacy-protective measure. “since tracking can still be accomplished through URL rewriting, it is important that a privacy-conscious user also not follow links contained in emails. If a user does not follow links contained in emails, tracking using URL rewriting cannot succeed. Furthermore, due to the threat of phishing attacks, it is generally considered good practice not to follow links in emails whenever the user must enter information at the destination. Even if a link in an email does not seem to contain any type of unique identifier, users who follow the link or otherwise access that information on a site are subject to web-tracking techniques.

Question 39

Wi-fi and cell tower triangulation

Answer 39

Wireless Triangulation is a method that measures the distance and angle from two or more known points as a cross reference to pinpoint a location. Wi-Fi and cellular signals can be used to allow a device that is enabled for Wi-Fi or cellular communications to determine its location.
Cellular phones communicate with cellular towers that receive their signal and connect phones to a global network. The time it takes messages from a particular cell phone tower to arrive to a phone, the strength of the signal from that tower and, most simply, which towers a phone can communicate with all reveal information about the phone’s location. After determining the phone’s position relative to a handful of towers whose locations are known by the cellular provider, the position of the phone can then be determined geometrically through triangulation.
In addition to signals from cell towers, the Wi-Fi signals a phone receives can help determine its location. Wi-Fi signals have a shorter range, allowing for more fine-grained location information. Cell towers provide a more permanent location marker but less granular location data.

Question 40

GPS

Answer 40

Global Positioning System
“Many consumer devices, including mobile phones, are equipped with GPS capabilities for location tracking. Cameras and similar devices can also include GPS capabilities for tagging the location of photographs taken, and automobile infotainment systems can include GPS capabilities to pull regional content, such as weather and news-related information, into the vehicle’s navigation system.
GPS calculates a device’s location using signals received from at least four of a set of dozens of geosynchronous satellites positioned in space and run by the U.S. government.105 Based on the differences in the time it takes messages from these different satellites to arrive to a receiver, a GPS receiver can determine its position relative to the satellites. Since these satellites’ positions are known and constant relative to the earth, the GPS receiver can determine its own position geometrically. Because devices receive and do not transmit any signals in the GPS process, devices do not automatically reveal their location by using GPS. However, devices with GPS can also include transmitters that can be used to reveal the device’s location to other parties and services. For example, a smartphone that determines its own location by receiving signals from GPS satellites might subsequently, and automatically , share that information with an app or the phone provider.

Question 41

GNSS

Answer 41

Global Navigation Satellite System (GNSS) refers to a constellation of satellites providing signals from space that transmit positioning and timing data to GNSS receivers. The receivers then use this data to determine location. By definition, GNSS provides global coverage.

Question 42

RFID

Answer 42

Radio Frequency Identification (RFID) refers to a wireless system comprised of two components: tags and readers. The reader is a device that has one or more antennas that emit radio waves and receive signals back from the RFID tag. “RFID chips are tiny microchips that can be as small as a fraction of a millimeter. Each microchip is identified by a unique serial number and contains an antenna with which it transmits information, such as its serial number, to an RFID reader.
RFID chips can be placed on products or cards or implanted in animals (such as household pets) for tracking purposes. They are commonly used in supply chain management to allow companies to track inventory. Passive RFID chips, which do not contain their own power source, are the most common. When power is applied by an RFID reader, these chips transmit a signal encoding their identifier. Active RFID chips contain their own power source, which allows them to transmit farther than passive chips. Depending on the type of chip and its power, particularly whether it contains its own power source, the signal can be picked up at varying distances. RFID chips transmitting at low frequencies have a range of about half a meter; those that transmit at ultrahigh frequencies can reach readers located dozens of meters away.106 The unique serial number associated with each RFID tag allows for location tracking. Tagged items are tracked as the Readers pick up the tag IDs at different locations. If additional information is stored on the tag, the reader is also able to pick up that information and associate it with the tag’s location.
Tracking through RFID chips can be physically blocked, or in some cases, the RFID chip can be physically removed. Because RFID chips rely on a radio wave signal for tracking, a protective sleeve can be placed over an item that contains an RFID chip to prevent the chip from being read until the user desires the chip to be readable. This is useful for items like passports, which include chips containing information that the user does not want to be accessible until a certain time. RFID chips can also be removed from items like clothing or other products to prevent tracking, although such techniques prevent the use of the information on the RFID chip at a later time.

Question 43

Phone tracking

Answer 43

The location of a mobile phone and the individual to whom the cell phone belongs can be tracked using receivers installed within a building complex. The FCC also requires that phone companies be able to track phones when an emergency (911) call is placed.

Question 44

Tracking through metadata

Answer 44

Location information can also be automatically stored in the metadata of content, like photos. Metadata is information that is automatically or manually added to content and that can be later accessed and used during processing or by applications. For photos taken with GPS-enabled devices, such as cell phones or GPS-capable cameras, location is often automatically stored in the camera metadata, sometimes without the user’s awareness. When the photos are loaded into photo-browsing or -editing applications, this information is then accessible to the user or application, potentially raising privacy concerns.

Question 45

Near-field communication (NFC)

Answer 45

Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1.57 in) or less.[1] NFC offers a low-speed connection through a simple setup that can be used to bootstrap more capable wireless connections.[2] Like other “proximity card” technologies, NFC is based on inductive coupling between two antennas present on NFC-enabled devices—for example a smartphone and a printer—communicating in one or both directions, using a frequency of 13.56 MHz in the globally available unlicensed radio frequency ISM band using the ISO/IEC 18000-3 air interface standard at data rates ranging from 106 to 848 kbit/s. Mobile devices equipped with near-field communication (NFC) are another technology that can support location-based advertising. NFC allows devices in close proximity, or that are touching, to transmit information via radio waves. This allows consumers to access content when at a specific location.

Question 46

Geographic Information System

Answer 46

A geographic information system (GIS), such as a computer database or imaging tool, is a technology used to view and manipulate stored geographic information. Such geographic content could relate to any quantities associated with a particular location, including maps, population or other census statistics, or data about a specific resource at a location.
Uses for GIS are wide ranging. They can include logistics systems used for businesses, such as airlines, that need to track passengers, and utility companies, which need to direct crews, as well as agricultural applications for planting decisions.

Question 47

Location tracking privacy considerations

Answer 47

Location tracking should be included in a system only if it provides a direct benefit, and, wherever possible, should be an opt-in rather than opt-out. Once data is collected, users should be able to easily see what has been stored about them and delete or update any past location data.
Collected location data should be considered privacy-sensitive. Users should be informed, through a privacy policy or other means, of how their location information will be used. If it is going to be used in an unexpected manner, it is effective practice to ensure that users know about this ahead of time. Additionally, before making location data more publicly available, it is effective practice to carefully consider how it might be reused or combined with other datasets. “When using location-based applications to track others, such as in a workplace setting, it is effective practice to limit such tracking to instances where there is a clear need and to inform employees about the tracking whenever possible. Additionally, tracking should take place only while the employee is working. If tracking is done through a mobile phone that an employee also carries during nonwork hours, tracking should be limited to the workday. Once tracking data is collected, it should be used only for necessary purposes and access should be minimized.

Question 48

Remote Access Trojans (RATs)

Answer 48

Malware can be uploaded onto a computer, take control of a user’s microphone for audio surveillance and simultaneously hide its own existence. These types of malware, often known as Remote Access Trojans (RATs), are controlled by a complex web of operators.

Question 49

Automated Content Recognition

Answer 49

Many smart televisions employ automated content recognition (ACR) to determine what the user is watching. Consumers may not be aware that their detailed viewing habits are being transmitted outside their homes, potentially to entities ranging from the device manufacturer to advertisers.

Question 50

VoIP & Surveilance

Answer 50

Voice over IP
Researchers have demonstrated that simply having access to the encrypted version of a message may be sufficient for using linguistic techniques to reconstruct the call if certain types of encryption are used.162
A number of intentional mechanisms can also be used to surveil VoIPcommunications. In the United States, the FCC has interpreted the 1994 Communications Assistance for Law Enforcement Act (CALEA), which requires companies to be able to intercept communications in response to authorized legal requests, to include VoIP services. Although Skype had made “affirmative promises to users about their inability to perform wiretaps,” Skype was among the services revealed to be accessible as part of the PRISM program in the United States.163
Even if the body of the communication is encrypted by the sender, the metadata about a communication can often leak a large amount of the communication. For example, a 2016 study empirically reidentified telephone metadata and used it to infer locations and relationships between individuals.

Question 51

Effective surveillance practices

Answer 51

When performing audio or video surveillance, especially within a work environment, it is effective practice to ensure that the minimal amount of surveillance is being performed for the necessary objective and that it is conducted in a legal manner.
Video and audio surveillance can be very privacy invasive and should not be performed unless a necessary objective (e.g., security, efficiency) outweighs the privacy drawbacks. Wherever possible, those under surveillance should be informed about the system to lower the impact of the privacy violation. Additionally, a group should check local privacy laws before putting surveillance in place. In the United States, a first step for employers is making sure that the surveillance is not taking place in an environment in which employees have an expectation of privacy (e.g., inside a bathroom).
Once audio and video surveillance data has been gathered, it is effective practice to take proper measures to maintain data security and limit exposure of the content. Whenever possible, use automated systems to analyze the data or employ a separation of duties, where the analyst examines the audio or video and only reports the finding to others; this avoids exposing the raw audio and video to unauthorized repurposing or snooping. In these situations, it is important to securely retain the raw audio or video in the event the finding is ever challenged. To ensure that the data is not misused, one should track access to the data and limit it to necessary personnel. A clear policy should be put in place for who has access to the data and under what circumstances, and for how long the data will be retained. Data should be purged when no longer needed for the intended purpose.

Question 52

Ubiquitous computing

Answer 52

Ubiquitous computing (also termed ubicomp) refers to the transition of computing from purpose-built, independent computing devices to computing that occurs at all times and in all places. As computing occurs ubiquitously, absent the visible boundaries present when interacting with a device like a traditional laptop computer, the types and amount of data that can be collected at scale raise important concerns about privacy, tracking and surveillance. Early research on ubiquitous computing highlighted important requirements for end-user acceptance of this paradigm from a privacy perspective: The system should have obvious value, the retention of data should be limited and users should be provided both feedback and control.175 While many of the domains discussed in the rest of this section arguably also fall under the umbrella of ubiquitous computing, in this subsection, we focus on two particular types of ubiquitous computing: smart cities and augmented reality”.

Question 53

Accelerometer

Answer 53

Accelerometers are one type of sensor frequently found on mobile devices, yet infrequently encountered on other computing devices. Accelerometers enable phones to know when to rotate the screen, measuring the speed of the device when it is in motion as the user walks or bikes, and permit physical interaction with smartphone games. However, the data from an accelerometer can also be used for surveillance. For example, researchers have shown how an accelerometer alone, even without persistent location awareness, can determine the distance traveled and therefore leak information about the user’s location relative to a previous position.190 It can also leak information about the passwords a user types into their phone.

Question 54

Electronic Control Unit in cars

Answer 54

“researchers systematically analyzed vehicles’ centralized control system, the Electronic Control Unit (ECU).217 Those researchers showed that controlling the ECU could lead to attacks that disable brakes, control acceleration and perform other nefarious acts. Over the last few years, car hacking has become even more sophisticated. Proof-of-concept exploits have taken over cars remotely, showing that attacks against cars are a threat on a large scale.

Question 55

Roving bug

Answer 55

This use of a remotely activated smartphone microphone is called a “roving bug.