Online Privacy

Question 1

World Wide Web

Answer 1

collection of information that is accessed via the internet

is system most people use to access the internet

Question 2

clients/servers

Answer 2

computers connected to internet

Question 3

web client

Answer 3

device or software used to connect an individual to the internet

refers both to the internet connected device as well as the software used to connect to the internet(ex. Google Chrome, FireFox, Safari)

Question 4

web browser

Answer 4

software that is used to connect to the internet and interpret files in order to present them to a user(ex. Chrome, Safari)

Question 5

web server

Answer 5

computer that stores files that may be accessed via the internet (form the basis for website and applications)

Question 6

packets

Answer 6

transmission of small chunks of data over internet

Question 7

protocols

Answer 7

ground rules for transferring data over the internet

ex. TCP/IP, HTTPS, SMTP

Question 8

hypertext transfer protocol (HTTP)

Answer 8

simple application level protocol

language by which a web client can communicate with WWW (interfaces with the internet, or the network and transport layers of the internet)

Question 9

hypertext transfer protocol server (HTPPS)

Answer 9

predominate application- level protocol

transfers data over an encrypted connection

Question 10

Transmission Control Protocol and internet protocol (TCP/IP)

Answer 10

main communication protocols of internet that sets forth system of rules that facilitate communication and information sharing

allows 2 devices to establish reliable data connection which allows steaming of data

process
1. TCP protocol breaks down info into packets and addresses them to appropriate location
2. packets travel across internet form router to router under IP protocol
3. TCP protocol is used to reassemble the packets of data before being received by client or server

Question 11

transport layer security

Answer 11

provides communication security by allowing web user (client) to remain private from web server or vice versa

3rd parties can’t intercept or interfere with connection

when client contacts server “handshake” occurs where client and server authenticate each other and select encryption algorithm

Question 12

internet protocol address (IP address)

Answer 12

unique number assigned to each device connected to internet, including web servers

IPv6- most recent version of IP protocol

Question 13

dynamic IP address

Answer 13

created when internet service provider assigns a new IP address upon the beginning of each new web session

Question 14

static IP address

Answer 14

more likely to be considered personal information because it is more easily associated with specific individual

Question 15

uniform resource locator (URL)

Answer 15

domain name and web address of files and other materials located on web server

each URL is associated with IP address that points to specific web server

http://instagram.com

Question 16

domain name server (DNS)

Answer 16

converts domain name (URL) to IP address associated with domain name

aka telephone book of internet

Question 17

proxy server

Answer 17

intermediary web server that provides gateway to web

can mask what occurs behind firewall, be used to log each users interaction, serve as added security measure

used in large organizations

Question 18

virtual private network (VPN)

Answer 18

established encrypted connection known as tunnel through which data can travel between user and proxy server

Question 19

server log (web log/web server log)

Answer 19

record of visitors to requested web page

includes information regarding
- visitors IP address
-data and time of page request
-URL of requested file
- visitors browser type
- URL visited immediately prior to accessing the URL (referring page)

Question 20

cache

Answer 20

copy of downloaded content that is stored locally on web client

this allows web client to eliminate need to download same content again from web server (don’t need to download next time user visits website)

Question 21

programming languages

Answer 21

used to create list of commands to be executed by specific server or client

Question 22

scripts

Answer 22

where list of commands or file commands are saved for programming languages

Question 23

browser side- programming language

Answer 23

aka front side

contained in scripts run by web client after script has been downloaded off of the web server

include:
- HTML
- CSS
- javascript

Question 24

hypertext markup language (HTML)

Answer 24

used to create structure of webpages

HTML 5 is newest version

Question 25

cascading style sheets (CSS)

Answer 25

used to dictate presentation of webpage

ex. color background, size of text etc

Question 26

javascript

Answer 26

allows for interactive websites

dictates how a website responds to user interactions

ex. box you can click on

Question 27

server side- programming languages

Answer 27

aka back end

run by an interact directly with web servers- web server will run server side script before sending any browser side script to web client

used when dynamic content is needed for webpage (ex. latest real estate listing

includes PHP

Question 28

PHP

Answer 28

general purpose programming language originally designed for web development

relies on both HTML and CSS + structured query language

Question 29

passive data collection

Answer 29

automatic data collection of user data

no express consent

Question 30

active data collection

Answer 30

collected with users knowledge- generally through use of web forms

Question 31

web form

Answer 31

part of webpage that allows user to input data in text field, drop down menu, radio buttons, or other means then submit info to web server to process info or store info in database

issue: potential to create security vulnerabilities since user can submit data directly to server or data base (ex. text box)

solution: place limits on text fields to ensure they are used as intended

Question 32

syndicated content

Answer 32

content developed by 3rd parties and purchased or licensed for presentation directly by host site

possible for it to contain malicious code that collects data in different ways than set forth in host site’s privacy notice

Question 33

co-branded website

Answer 33

partnership between 2 organizations where both provide content or services on single website

have own privacy notices so it is clear to users that content belongs to and users are interacting with both partner entities

Question 34

web services

Answer 34

program contained within website that allows 2 organizations to directly communicate between their computers or servers

application program interface- set of protocols routines functions and or commands that programmers use to develop software or facilitate interactions between distinct systems

Question 35

web widget

Answer 35

graphical interface on website that is controlled by 3rd party

ex. tweet displayed on different website- if tweet was deleted on twitter it would no longer appear on 3rd party website

Question 36

iframe

Answer 36

HTML element that permits an external webpage to be directly embedded into a website

website doesn’t control content of 3rd party website only where on website iframe is located

Question 37

3rd party marketing

Answer 37

ads that appear on webpages

usually controlled by online advertising networks- connect online advertisers with website owners who host ads on their websites

Question 38

cyber threats

Answer 38

1. spam
2. malware
3. phishing
4. structured query language injection
5. cross site scripting (XSS)
6. cookie poisoning
7. unauthorized access

Question 39

spam

Answer 39

unsolicited commercial emails or messages

often contain viruses and other malware or direct a user to a website containing such malware

Question 40

malware

Answer 40

software designed for malicious purposes

2 types
1. spyware
2. ransomware

Question 41

spyware

Answer 41

specific form of malware downloaded covertly and without the consent or understanding of the user

Question 42

ransomware

Answer 42

permits malicious actor to loc a users operating system or encrypt data on a device, preventing access by the user to his/her files

then malicious actor demands ransom to allow user to access data

Question 43

phishing

Answer 43

communications that are designed to trick users to believe that they should provide information to the sender

usually send through email and targeted

types
1. spear phishing- targeted at 1 person
2. whaling- targeted at important individuals (ex. politician)

Question 44

structured query language injection

Answer 44

malicious actor attempts to provide a database command to a web server through input fields contained in web form on website

Question 45

cross site scripting (XSS)

Answer 45

malicious code is injected into a webpage

results in unauthorized content appearing on webpage or tricks user into thinking that the site is corruptedc

Question 46

cookie poisoning

Answer 46

cookie is modified in order to gain unauthorized access to information about user or towards some other nefarious end

Question 47

ways to avoid cyber threats

Answer 47

1. two factor authentication
   - user required to provide more than one form of authentication
2. data validation
   - ensuring data conforms to identified requirements and quality benchmarks
   - ex. if inputing email then must verify there is @ with words before and after it
3. data sanitization
   - takes data input by user and modifies it by removing potentially harmful input characters

Question 48

steps to minimize possibility of human error

Answer 48

1. passwords are unique, not shared across users, and regularly changed
2. antivirus/firewall systems are updated regularly
3. employees training should include instruction on not using public computers or public charging stations and only using secure and familiar private wi-fi networks

Question 49

behavior advertising

Answer 49

targeted ads based on info associated with an individual

government entities that address concerns about such advertising include
1. FTC do not track
- consumers can make single choice to opt out of such ads

2. digital advertising aliance- ad choices
   - icon that permits consumers the ability to exercise choice with respect to behavior advertising
3. EU- directive 2009/136/EC- EU cookie directive
   - requires users to give consent before having cookie placed on their computers
   - prevents cookie tracking without consent

Question 50

consumer tracking - cross device tracking

Answer 50

mapping user as he moved between devices

accomplished through deterministic tracking or probabilistic tracking

Question 51

deterministic tracking

Answer 51

allows organizations to track users device based upon where he logs into services

ex. log into on computer to purchase product from company and later logs into another computer to purchase product from same company- can tell both computers associated with same person

Question 52

probabilistic tracking

Answer 52

connects users devices based upon assessment of probabilities and proprietary algorithms drawn from info collected on multiple devices

Question 53

consumer tracking- cross site tracking through tracking cookies

Answer 53

small text file placed on hard drive of device by web server

3rd parties can link device to prior activity through tracking cookies

may be considered as personal information

best practices for using cookies:
- never be used to store unencrypted personal info
- provide notice when cookies are being used
- should disclose 3rd party cookies providers
- opt-out function where practicalt

Question 54

session cookie

Answer 54

stored only while user is connected to specific web server and is deleted when user closes his web browser

Question 55

persistent cookie

Answer 55

set to expire at some point in future according to predefined time

identifies particular device for user authentication

persistent cookies should be only used where necessary and are set to expire after reasonable length of time

Question 56

1st party cookie

Answer 56

set and read by web server that is hosting the website being visited

Question 57

3rd party cookie

Answer 57

set and read by party other than web server hosting the visited website

Question 58

flash cookies

Answer 58

stored outside of internet browsers control and is controlled and accessed by adobe flash

difficult for users to delete, do not expire, users not provided notice of their use

may be used to respawn a deleted HTML cookie (ex. zombie cookie)

Question 59

consumer tracking- cross site tracking through web beacons

Answer 59

dear one pixel by one pixel graphic image delivered by web server

purpose is to record consumers visit to web page and measure digital advertising performance

notice to users is important to provide

bluetooth beaconing is where low energy bluetooth signal is sent from beaconing device and picked up by mobile device setting in motion process that displays ad to owner of mobile device

Question 60

consumer tracking- cross site tracking- adware

Answer 60

software that monitors end users behavior so that advertisers can better target advertisements toward a user

location based advertisements- rely on mobile device GPS receiver, Wi-fi, and bluetooth

Question 61

consumer tracking- cross site tracking- digital fingerprinting

Answer 61

uses IP address, referring URL page, and browser type being used to identify user

can be used to increase security (ex. require additional authentication if user logs in from device organization doesn’t recognize based on fingerprint)

Question 62

children’s online privacy laws/regulations

Answer 62

1. COPPA (federal, protects children under 13)
2. GDPR (orgs that collect info on EU residents must not process data of children under 16 unless parental consent)
3. Digital World Act (CA state, under 18 have right to request removal of info posted by them online, and no online advertising of products children are not legally permitted to purchase)
4. Delaware online and personal privacy protection act (DOPPA) (state, similar to digital world act)
5. California consumer privacy act (no sale of PI of CA consumers under 16 without appropriate consent)
   - 13-15 consent must may be obtained directly from child through opt in
   - 13 and under- consent must be obtained by parent or guardian