Cybersecurity, Web Searching, User Tracking, Social Media, and Cloud Computing (Week 13) Flashcards
What is Multi-Factor Authentication?
Authentication: to confirm the user’s identity
Typically with a password, but this is only one piece of evidence (a “knowledge factor”) that may be used to authenticate a user
Multi-factor Authentication uses other factors, such as Possession factor and Biometric factor.
Safe Computing – Important (Part 2)
Create copies (backups) of your personal data or your whole system regularly (see info at www.worldbackupday.com)
* Physically detach backup media after the backup is finished and ideally store your backup media in a separate location.
For some data, you could use cloud storage providers that immediately synchronize every change of local data to the cloud
* Some of them allow you to restore older versions of the data up to a certain period. (e.g. www.dropbox.com, www.sync.com, OneDrive)
* Be careful: you want to avoid sending very sensitive data to the cloud unencrypted – sometimes this has also legal implications
Safe Computing – Important (Part 3)
Run macros in Microsoft Office only if you really trust the source of a document
Make sure you use HTTPS for any sensitive communication, e.g. financial transactions, web shopping, hotel bookings, etc.
What is HTTPS?
HTTPS, or Hypertext Transfer Protocol Secure, is a protocol used for secure communication over a computer network, commonly the internet.
It is an extension of HTTP, with the ‘S’ standing for ‘Secure.’ HTTPS ensures that the data exchanged between a user’s web browser and a website is encrypted, enhancing security and privacy.
HTTPS - Encryption
HTTPS uses SSL/TLS (Secure Sockets Layer/Transport Layer Security) protocols to encrypt data during transmission.
This prevents eavesdropping and unauthorized access, making it difficult for attackers to intercept and manipulate the information.
HTTPS - Authentication
HTTPS verifies the ID of the website through SSL certificates. These certificates are issued by Certificate Authorities (CAs) and serve as digital passports for a website.
Users can trust that they are connecting to the intended website and not a malicious entity posing as the legitimate site.
Secure Web Communication
HTTPS-encrypted connections to servers with verified identity feature a “lock” or a similar symbol:
What does Cybersecurity mean?
Cybersecurity refers to the comprehensive set of measures and practices implemented to safeguard digital systems, networks, and data from unauthorized access, attacks, damage, or exploitation.
It encompasses the protection of information technology assets, including computers, software, networks, and the data they handle, against a wide range of cyber threats and risks.
It is critical to ensuring the confidentiality, integrity, and availability of digital resources, preventing potential disruptions, and preserving the trustworthiness of technological systems in an increasingly interconnected and digitized world.
Cybersecurity as a practice
Cybersecurity involves the development and implementation of strategies, technologies, and policies to detect, respond to, and mitigate cyber threats, thereby fortifying the resilience of engineering systems against evolving challenges in the digital landscape.
Protection: Access Privileges
Reduce user access privileges on every computer to the minimum level necessary for each individual user:
You don ́t need administrator privileges on your computer for everyday work situations
Sometimes write access to files could be revoked
Be suspicious when Windows UAC (User Account Control) asks you to grant a program admin privileges
Measures for Cautious Users
- Use “private” or “incognito” mode of your browser to reduce tracking
- Disable 3rd party cookies
- Turn off pop-ups in your browser (if not off by default)
- Use Ad-Blockers, e.g. https://ublock.org/
- Use Plug-ins or Browsers that block ads and prevent tracking
- Turn off unknown browser plug-ins as much as possible
- Disable HTML in your mail reader
- Turn off JavaScript in Adobe Reader
- Turn off all service on your machine you don ́t use, e.g. sharing of printers, remote access, etc.
- Check your “Firewall” settings
** For ordinary users, standard firewall settings should be sufficient (regardless of your OS)
What is a Firewall?
A firewall controls incoming and outgoing traffic between two network nodes (could be between hosts or networks)
Unwanted or harmful packets can be discarded based on source or destination IP address or port (filtering)
More sophisticated firewalls also check contents of packets (inspection) to decide what to do
Windows has a configurable built-in firewall
Measures of Paranoid Users (Cybersecurity)
- Turn off JavaScript and cookies in your browser
- Use text only email (disable HTML and JavaScript)
- Encrypt your computer and your phone
- Select less popular software because it is less likely to be exploited
** E.g. Opera browser, Linux OS, etc. - Use software and services to avoid tracking, e.g.
** Tor (The Onion Router) for anonymous use of Internet https://www.torproject.org/
** And many others, e.g. https://www.techradar.com/best/best-free-privacy-software
The Weakest Link (Cybersecurity)
Majority of security breaches are low tech
For users, the trade-off between security and ease of use is essential
The weakest link defines the overall level of security,
* e.g. what are strong passwords good for if users write them on post-it notes attached to the screen?
Users have the biggest impact on security
* and are usually the first choice to gain unauthorized access because other measures often require more effort
Risk Assessment Matrix
Assess threats using a matrix which charts the probability that a particular situation will occur and what its impact (cost, loss of time, etc.) would be
Focus on orange and red areas: try to mitigate using measures that reduce impact, probability or both
E.g. if the impact of a ransomware attack would be catastrophic, introduce weekly or monthly automatic backups
Data & Information - Web Search
Web searches started in 1994 (first graphic browser in 1993)
In 1997 – AltaVista: 20 million search queries per day
* “AltaVista was a Web Search Engine established in 1995. It became one of the most-used early search engines, but lost ground to Google and was purchased by Yahoo! in 2003” - Wikipedia
In 2000:
* Approx. 1 billion web pages existed
* Google: 33 million search queries per day
In 2016:
* Approx. 50 billion web pages existed
* Google: 3 billion search queries per day
In 2019 – Google: > 5.5 billion search queries per day (> 2 trillion queries per year)
In 2023 –Approximately 84 billion visits daily and roughly 2 trillion global searches annually.
How do Search Engines work?
Search engines play a crucial role in helping users navigate the vast expanse of information on the internet. It is impossible to instantly access and search every web page to find pages with certain keywords. Search Engines perform the following:
- Crawling
- Indexing
- Ranking Algorithms
What is Search Engine Crawling?
Programs (called “web crawlers” or “spiders”) continually crawl/browse through all the pages on the web.
* They systematically scan pages (old and new ones) and
* Analyze them to extract relevant contents and store the result in an index of search terms - in a page database
What is Search Engine Indexing?
The Web Crawlers visit web pages, they collect info about the page’s content. This information is organized and stored in a database, creating an index of the web.
What is a Search Engine Ranking Algorithm?
Search engines use complex algorithms to analyze the indexed information and determine the relevance of each page to specific search queries.
These algorithms take into account various factors, including keywords, content quality, page structure, and user engagement.
What is Query Processing?
When a user enters a search query, the search engine processes the query against its index. It identifies pages that are most relevant to the search terms based on the ranking algorithms.
The search engine presents the user with a list of results, typically ranked by relevance.
The goal is to provide the user with the most useful and accurate information based on their search query.
Search engines continually update their indexes to reflect changes on existing pages and to incorporate new pages that have been added to the web.
A typical search phrase might return thousands or even millions of pages. How are they prioritized?
Google ́s “PageRank” algorithm considers many attributes, e.g.
How many other sites link to this page? Popular is better!
Repetition of key words and phrases on the same page
HTML Metatags (are not visible but provide more info)
* Website Title, Content Description, Keywords, Robots on HOW to index a page etc.
Compatibility with mobile devices (Google announced their mobile-first strategy in 2016)
What is SEO?
Search Engine Optimization (SEO) aims at improving the online visibility of a web site (and is part of any decent marketing strategy)
Who pays for free services like search engines?
Search providers (and others) can offer their services free of charge for users because of advertising revenue
Users see targeted ads alongside search results; the selection of these ads is based on…
- your search phrase: your request may indicate an interest in a specific product or service
- your location revealed by your IP address => local businesses may target users residing in a specific area
- Everything else the search engine provider knows about you (search history, preferences, tracking information, assumed age group, estimated level of income, etc.)
What advertisers pay for
Businesses pay for advertising based on intensity of user interaction
Impression – an ad appears on a page with search results (but without any further action by the user)
Click – a person clicks on the ad and is forwarded to another web page. Typically, the person who booked the ad is charged a fee.
Conversion – if the click leads to a purchase, the search provider might receive a commission for the referral
Prices for ads are set by auctions => the price per impression/click/conversion is higher for popular search terms
Tracking users and their activities
Tracking refers to monitoring the online activities of a person. It reveals information about interests, financial status, locations, etc.
Best outcome: allows more personalized services e.g. “similar users also bought this item/watched this movie…”
Typical outcome: you see ads for a product you have already bought
Worst outcome: it can lead to all sorts of unwanted situations, e.g.
* Provides information for criminal activities: fraud, theft, identity theft, privacy invasion, e.g. your location may reveal that your home is unattended while you are away on vacation on a nice beach in a foreign country
* Reveals sensitive info like political preferences, health issues, etc.
Information you give away with browsing
Every HTTP(s) request, e.g. by clicking on a link, reveals…
- Your IP address (and thus your approximate location)
- Sometimes the page you were viewing before (referrer)
- Type and version of the web browser you use
- Your Operating System and version
- Your language preferences
- Cookies from previous visits to this page
User tracking with web beacons
Images on a page do not need to be clicked to be “loaded”!
* < img src=“http://trackserver…” width=1px height=1px>
* These are not meant to be seen and are called web beacons
Web Beacons are often used by tracking service providers
* It will allow them to learn which pages you visited
* It may allow them to set cookies (third party cookies)
As you go to other web sites that use the same tracking services, a pattern (history) is put together
Many web sites use multiple tracking services to improve their advertising revenue
What is Aggregation of Information? (Part 1: what info is gathered)
Information from independent sources might also be aggregated (combined). Think of data sources like…
- Your interests and web activities collected by an online tracker
- Purchasing behavior derived from the customer loyalty card of your favorite supermarket or from coalition loyalty cards (for example Aeroplan.com) that pool data from several businesses
- Public records: birth, death & marriage records, etc.
- Your motion profile tracked by mobile network operators, smartphone operating systems or apps on your phone
What is Aggregation of Information? (Part 2: combined records and common identifiers)
Records from several information sources may be combined using a common identifier, e.g. your
* name and birthday or address
* E-Mail address
* phone number
* social insurance number, etc.
Combined records in total might give away much more information than each single source on its own
Various private companies collect data about consumers and sell them to data aggregators (a.k.a. data brokers)
Data aggregators combine data points from multiple sources to create comprehensive profiles of consumers
What is a Data Breach?
Private/confidential information is quite regularly stolen or made public (both intentional or unintentional)
What is Device Fingerprinting?
The diversity of devices is used to a create digital “Fingerprint” of a device
Attributes like screen size, OS, hardware IDs like MAC address, etc.
This is used to identify the device and follow it ́s user around
What is Social Media?
“Social media are…
- interactive computer-mediated technologies…
- …that facilitate the creation and sharing of information, ideas, (career) interests and other forms of expression…
- …via virtual communities and networks”
… taken from Wikipedia
What is the Network Effect?
Social Media are subject to the network effect:
- The more people are connected, the more value a service has for an individual to join => this fosters monopolies
- It is a big effort to leave the service (and your data behind) and join another service => users experience a lock-in effect
How does Social Media Earn money?
Social Media earn their money with advertising
- The more time people spend on the network, the better.
- Some networks have been accused of fostering “filter bubbles” where posts, that a user does not agree with, are likely not to be shown (to maximize screen time, engagement, ad profits)
Social Media and Privacy
Many platforms collect very private information that may be used for purposes that you are not aware of.
Example: you post something on Facebook
* For this content,
* you grant Facebook a “non-exclusive, transferable, sub-licensable, royalty-free, and worldwide license
* to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works”
You can delete your data, unless others have used it on the
platform
What are Traditional Computing Models?
Personal computing: all used hardware and software is available locally
Client-Server computing: some resources are centralized on server machines, e.g. file server or printer in a LAN (Local Area Network)
What is Cloud Computing?
Devices are always online or only temporarily offline (e.g. in between Wi-Fi networks), distant hard- and software is used over the Internet
Anything can be done with just a web browser, e.g. web-based mail, office
Typically, you do not know where your data is stored or which server provides a service => it is somewhere “in the cloud”
What are some Advantages of Cloud Computing?
Services are available anywhere (globally) as long as you have Internet access
You do not have to care and pay for setting up infrastructure yourself (buying hardware, installing software, etc.)
High flexibility: if you need more/less, you just add/reduce services and change your monthly plan (or you pay per use)
* Ideal for start-ups and fast growing or volatile businesses
Some of the services are free to get to know them (basic features, for a limited time for new customers)
What are some Disadvantages of Cloud Computing?
You have less control over your data/resources
* What if the provider goes bankrupt or is hacked?
Example: AWS outage on Nov 25, 2020 took out one of 23 AWS (Amazon Web Service) regions and dozens of services like Flickr, Roku, Glassdoor, etc.
* What if the government wants access to data?
Legal requirements: some types of data must not leave the country, e.g. medical information, student data, etc.
Costs: you pay for flexibility (and other features), even if you don ́t need them
* Sometimes it is cheaper to do it yourself
What are the Types of Cloud Computing Services?
SaaS : For end users, e.g. Office 365
PaaS : For software or service developers, e.g. webspace with database
IaaS : For IT departments, e.g. virtual machines, storage
