Rufino, John Rev Y.

September 28, 2017

Yeban, Grant Y. English 27 H

Title: Common Activities of Internet Users Which Risk their Privacy

I. Introduction

The Internet is a vast growing interconnected computing platform which provides

information, communication, business and entertainment services to people anywhere around

the world (Alpcan & Basar, 2011). It is one of the essential and versatile products of science

and technology in which the transmitted or received information between linked devices can

be represented in many forms like text, image, audio, or video. Alpcan & Basar continues that

the devices connected in this network of networks may vary from small sensor motes to

smartphones, laptops, desktops, and servers. As years go by, more and more people are being

accustomed with the Internet due to its convenience and accessibility. Also, almost every kind

of human activity is linked with the usage of Internet in our present generation. Unfortunately,

countless sharing of information on the Internet risks the privacy of each computer user since

anyone can easily access the Internet. Personal information of Internet users can be stolen or

traced by anyone when left unguarded. Moreover, providing information to a website,

mismanaging web caches and cookies, and posting information publicly on social networking

websites are some of the common activities of Internet users that risk their own privacy.

The study aims to educate the public especially the internet users of all ages about

internet privacy. It aims to inform the public specifically about the three common activities of

internet users that can cause invasion of their privacy. It helps internet users to be vigilant when

sharing any information on websites especially in the field of social media.

The study covers the common activities of Internet users around the world which risk

their privacy. It considers how and why these activities affect the privacy of Internet users. It
briefly tackles the basic solutions to counter the privacy risks of Internet users. It also considers

simple technical terms used when one is using the Internet.

Therefore, the researchers seek to answer the following questions:

1. How can providing information to a website risk the privacy of internet users?

2.. How can posting information on social networking websites risk the privacy of internet

users?

3. How can mismanaging web caches and cookies risk the privacy of internet users?

II. Uploading credentials online risks the privacy of internet users.

As mentioned, the Internet nowadays provides a lot of services for its users. Popular

services include the use of social media, vast sources of information like books and journals,

and limitless access to products in the online market. According to Donselar, Kleef, and

Smaling (2016), majority of these web services the internet offers that we use require full

identification. This consists of creating a personal account and providing more privacy-

sensitive. Usually these processes can be divided into two parts, the first one is the

identification stage and the second is the authentication stage. The identification stage may

consist mainly of your name, address and other personal information. On the other hand, the

authentication stage may consist of requiring you to upload any legal ID Card, input credit card

details or connect your social media account. The magnitude of our identification and

authentication depends on the security level of the service provider or application. The methods

being used varies from just username and password, through a secret PIN code, to a generated

PIN by an external device or a smart card using cryptography (ex. Credit Cards and biometrics).

Online shopping became a trend in the 21st Century since it provides a convenient and faster

way to purchase products across the globe. It has the advantage of giving us a nearly hassle-

free way of doing comparison shopping among numerous vendors. It can also offer an

adventurous shopping experience. You can shop online, find good deal, and save money while
browsing stores in locations you will never go to or visit physically in anytime you want, 24

hours a day, seven days a week (Wilson, B., 2008). Moreover, in purchasing products online,

customers need to input their personal information and bank details thus requiring them to

upload their credit card or smart card information. This information is needed to authenticate

orders and make the delivery faster.

Online job applications on the other hand have also become prominent in the 21st century

with the advancement of the Internet. People started to offer online jobs in order to grow and

expand their businesses. People became interested with online jobs as the population increased

along with the increase in demand of employment. Same with online shopping, online job

applicants also need to send their personal information for authentication. Some other online

job websites require the bank information of the application for faster transactions of the salary

and payments.

Although providing personal information online would make transactions faster, easier,

and convenient, these processes carries risks or threats to the internet users. Personal

information provided over the Internet can be retrieved by crooks if the vendor's website is not

a secure site. Scams and other corrupt financial tricks can result internet users from uploading

credit or debit card information, or any other method of payment that is required for online

shopping that uses personal information (Wilson, 2008). This would result not just with identity

theft but also money and other monetary value loss of the user's account. Wilson (2008) added

that in 2007 the average loss per person for Internet scams was $1,507.62 which was nearly

consistent with 2006's average of $1,512 based on the National Consumers League report.

Another way Internet user’s credentials be at risk is through “phishing-attacks”. As

described by Wilson (2008),

Phishing is a fraud that happens through the use of e-mail. It closely resembles an

authentic and legitimate looking message sent for the purpose of getting your personal
 and financial information. The intent of this message is to commit identity theft and

make bogus purchases in your name. Most often such e-mail resembles legitimate

banks, businesses, or government agencies. The e-mail asks you to confirm personal

information as well as account number and password. There are also links to bogus

websites. You are asked to click these sites and to provide requested information. Know

that legitimate companies do not ask for personal and financial information via e-mail.

Most of the time these emails being sent looks real and alluring. They present bargains that

will capture the user’s attention and collect personal information for criminal purposes, such

as stealing money from individuals, hijacking their Internet accounts or otherwise misusing

their personal information.

To avoid such risk or fraud, Wilson (2008) suggested few tips such as Internet users

must: keep their personal information private; shop with businesses and people they know and

trust; not share their password; keep a record of their transaction for their protection; if they

pay bills online, they must not give out any personal information unless they know the business

or company collecting the information; check to see if the company has an online privacy

policy. This policy should tell them what kind of information is being collected on the website

and how such information will be used.

Furthermore, internet users should also check the SSL of the website they are

transacting with. SSL or Secure Sockets Layer is the technology that protects much of the

internet and the whole e-commerce. It is the one that “lights up” the padlock in a browser to

tell the consumer they are safe to send their credit card information to the vendor in an

encrypted manner that no one can decipher except the recipient’s site (Symantec, 2014).

Without this technology, internet users would be sending their credentials in the public internet

in a plain text.
III. Posting personal information publicly on social networking websites risks the

privacy of internet users.

Online social networking became one of the most popular way of communication and

sharing information via electronic and digital means. These websites focus on building and/or

reflecting social relations among people. Some concentrate on allowing people to make new

friends, often with a particular focus such as work relations or music tastes (Mendel,

Puddephatt, Wagner, Hawtin, & Torres, 2012). According to Butchman (2013), websites such

as Facebook, Twitter, Google+ and others are experiencing enormous growth with millions of

active users every single day.

People of all ages can freely use the Internet and create online accounts as many as they

want. Almost all social-networking accounts requires standard format which allows users to

create their own web page containing various pieces of personal information (Mendel et al.,

2012) like age, birthday, email address, home address, schools enrolled in, people associated

with, and special events. Through this way, users sharing the same interests or social

relationships in the physical world can build communities in the cyberworld (Buchmann,

2013). Users can then link to friends who will be able to see their personal information and

updates and vice versa.

Currently, Facebook, YouTube, Twitter, and Instagram are the common and popular

social-networking sites in which millions of people have invested their time and money because

of the innovative way of delivering communication and sharing services they offer. According

to Mendel et al (2012), whenever internet users participate in online social networking

websites, they disclose a variety of personal data. These data includes: identity data which

describes who the user is; content data which consist of all generated/uploaded messages,

photos, videos, posts, and comments; Social-graph data which contains tracks which user

knows which other users to which degree and how they are linked in the social network; history
and traffic data which refers to what the operator may collect about users’ interactions and

activities relating to their use of the website, which also they include the user's browsing

histories along with other details such as commented topics, visited profiles, location (e.g., IP

address or GPS data), frequency and duration of use of certain services; and inferred data which

contains recommendations e.g., for contacts, services, games, music) and statistical

information collected from the social network operator or third party. Although most of the

online social networking websites are free, their system takes our data in exchange for their

services.

As Schneier (2015) said ““Free” is a special price … it warps our normal sense of cost

vs. benefit, and people end up trading their personal data for less than it’s worth”. This personal

data are then being then marketed in three variants: as direct advertising where the information

will be sold to advertisers, as skimming consumer surplus where it is the tailoring of offerings

by the provider based upon an understanding of the price a consumer is willing to pay for a

given product; and lastly as inferences which are drawn from collected data about behaviour

and usage patterns (Buchmann, 2013). With that, internet user’s informations are no longer

really private at all.

Furthermore, internet user’s personal information is also in risk from being hacked.

Since millions of people are willing to interact with others through online social networks, it is

also a new ground for malware authors (Wuest, 2010). This is where they spread malicious

code and send spam messages by taking advantage of the users’ inherent trust in their

relationship network.

As spam is common in e-mails, it is also common in the online social networking sites.

Since creation of social networking account is free, it is also very easy for hackers to send and

spread spam messages. Wuest (2010) warns that it contains script that will collect the users’

data and automatically sends the spam message to all user’s connected contacts. Other
variations like commenting other people’s pictures or sending invitations to bogus events are

other ways of sending spams to a larger audience by the hacker.

Placing baits is another method of the hackers. The attacker will post or send the user

a benign fake hot news with a shortened link to lure users to click and open it. Once opened, it

will lead to a malicious site and re-send the message (Wuest, 2010). Most of the messages

looks real and very enticing as hackers will use naked photos of celebrities.

Another method is the koobface. It is a malware that sends direct messages from

infected users to all their friends in Facebook and other networks, but it is also capable of

updating status messages or adding text to profile pages (Wuest, 2010). Most of the time the

message it conveys will state something funny or interesting about an alleged video which

contains a link to fake Youtube site. When clicking on the spoofed youtube site the user is

prompted to install an update for the latest video player which is of course a trojan that will

infect the user’s computer and collect personal information/credentials of the user stored in the

computer.

One new feature Facebook has added to its system is the embedded applications &

widgets. This feature can then interact with the user and his group of friends like posting

something every day or even complex ones like multiplayer games (Wuest, 2010). This feature

again is being taken advantage of the hackers. More often facebook users encounter quizzes

posted on their newsfeed. As Wuest (2010) said that typically it’s a quiz with a several multiple-

choice questions where it finds out which movie character the user would be, what his or her

dream vacation would be like or something like that. However, unfortunately the quiz requests

privileged access like after the user completes it, it asks him to send a link to a few friends

before giving the results. Through this, it will spread faster and the original creator gets

information links from all users who used it.

 According to Wuest (2010), the possible solutions for this kind of problem are the

following: being skeptical, checking the website’s privacy policies and settings, having good

passwords, protecting the password, being thoughtful, being wary, ang using security softwares

which are up-to-date. One should be skeptical since not everything posted in social networking

sites is legitimate. Check the post’s descriptions for any suspicious information and make

assumptions to decide is the post fake or not. Wuest (2010) added that some examples include

financial devices, breaking news, or useful tips on free giveaways – especially if it involves

clicking a link or installing an application or asking for money which is a scam. Always

checking privacy settings is a good solution since there are some options which allows a user

to configure his/her privacy especially restricting a post to a specific group of people only.

Using good passwords means having complex, lengthy, and strong combination of letters,

numbers and some special characters. Wuest (2010) also stated that if you can’t remember

complex passwords, use either a passphrase as hint or any of the available password

management utilities which can securely store them for you. Protection of password implies

that one should not share it to websites you think are suspicious and fake. Some services of

these websites will lead you to being scam and lose personal information. Wuest (2010)

suggests that one should use a clean computer to log into the original service and change the

password if ever one suspect he/she have fallen for a phishing attack and the account has been

compromised. Being thoughtful can help prevent the risk of privacy from posting something

in social networking sites because freedom of speech can endanger one’s life mentally or

physically. Wuest (2010) thinks that thinking twice before posting something, being nice and

respectful to others, and not posting hateful messages about others are some tips for not being

a target of privacy invasion. Being wary is preventing oneself from believing that a specific

individual on the Internet is not always the person they claim to be. They can be an entirely

new different individual in real life to compared to their online profile. Wuest (2010) cited
some examples such as a celebrity who you are following might just be another fan, a supposed

co-worker from another office might just be someone doing reconnaissance on your enterprise.

He also mentions that not everyone that claims to be your friend is your friend. Utilizing

software applications which strengthens security contributes highly to privacy protection. As

noted by Wuest (2010), some of the newer generations of threats are sophisticated and

advanced which are hard to spot with an untrained eye. He further suggested that the softwares

used should always be updated with the latest patches and hot fixes coming from the official

site and automatically check for any newer available versions through the software. These

softwares are your biggest allies which can be your last line of defense against these kinds of

threats.

IV. Failing to manage a web browser’s cookies, caches, and history risks the privacy

of Internet users.

There are two common ways of storing data or information from using a web browser:

cookies and caches. A browser or web cookie is a small amount of information stored in a

computer, which is used whenever you visit the webpage to track and load the user’s activities

and preferences into the webpage. In essence, web cookies only contain bits of text, and not

anything else. The text can be a user ID, session ID, or any other kind of text (Hoffman, 2016).

Furthermore, a web server can keep arbitrary amounts of information about the user like what

pages the user has viewed, what advertisements the user has shown, and what the user has

purchased during each visit to the webpage through the use of cookies (Comer, 2007). The

cookie is created by the webpage and is sent to the web browser and it can be access either by

the web server or the user’s computer.

On the other hand, the web cache is also an information but in the form of larger files

than cookies. Web caches can be in the form of images, videos, or audio stored in the computer.

Mills (2017) states that the web caches came from the term caching which is a technique that
stores a copy of a given resource and serves it back when requested. He explains that when a

web cache has a requested resource in its store, it intercepts the request and returns its copy

instead of re-downloading from the originating server. Moreover, he considers the web cache

as a major component for a website in achieving high performance since it makes certain

advantages: it eases the load of the server that doesn’t need to serve all clients itself; it improves

performance by being closer to the client which takes less time to transmit the resource back.

Although both are stored in a computer, the cookie has a lifespan while the cache is

kept permanent. The web cache can be manually removed by the user itself while the length of

the cookie’s lifespan is determined by its web creator. Both of these information technologies

have other several types and can be configure based on the user. Some example of cookies are

session-type cookies and third-party cookies. Session-type cookies are temporary and deleted

after you close down your web browser while third-party cookies can follow or track numerous

users from different types of websites for data gathering purposes, i.e. personal

interests (Khanse, 2013). As for caches, several types aside from web caches include data

caches, application or output caches, and distributed caches. They serve different functions but

all of them help in speeding up processes.

The third one, a browser’s history, is a form of list which shows the user’s visited web

pages along with a timeline. After some time, it will eventually expire and the data is gone just

like the cookies which are not permanent. One can easily find the browser’s history directly

from the application itself compared to finding cookies and caches. For example, the Google

web browser which is also a search engine has a browser history located in its settings at the

upper right corner of the webpage.

Since the data coming from these information technologies bear the various personal

information of Internet users via the web browser, the privacy of Internet users is inevitably at

risk. Computer-skilled people can easily obtain a user’s personal information just by gaining
access to their web browser’ cookies, caches and history through online or offline means.

Schneier (2015) states that as a user connects to the Internet, the data produced will multiply

e.g. records of websites you visit, ads you click on, words you type. He also mentions that your

computer, the sites you visit, and the computers in the network each produce data while your

browser sends data to websites about what software you have, when it was installed, what

features you have enabled, and so on. He finishes by noting that in many cases, this data is

enough to uniquely identify your computer.

In an online and digital environment, a web browser’s cookies and caches can be use

or configure as a spyware, adware or other means of surveillance by an individual or a

company. A spyware is a software which has the ability to obtain information about the user’s

activities from transmitting data to a computer’s hard drive. One reporter discovered that 105

different companies tracked his Internet use during a one 36-hour period and in the year 2010,

a seemingly innocuous site like Dictionary.com installed over 200 tracking cookies on your

browser when you visited (Schneier, 2015). Another company, Google, is also known for its

Google Maps which tracks your location with specific directions which can be shared with

other people just by finding the user’s browser cookies.

There is also a special type of cookie which is known to be used for surveillance and

they are called as “flash cookies”. They are files which are cookies in disguise which are stored

with Adobe’s flash player and remain even when the browser deletes these cookies. There is

also the possibility of adwares disguise as cookies but they differ in the way they attack their

victims, the Internet users compared to spywares. These are softwares which excel in disguising

such as imitating anti-virus programs, search tools, and other useful software applications and

they invade users by showing them unwanted advertisements while being able to track their

personal behaviors.
 Countermeasures or solutions proposed for preventing or reducing the risk of privacy

of Internet users are deleting and blocking the browser cookies, caches, and history. Higher

countermeasures include the use of paid and legal anti-tracking security softwares or using

one’s own skill in programming for creating software to conceal one’s privacy from these

information technologies. DoNotTrackMe, one of the most popular browser plug-ins, is know

for blocking certain types of cookies (Schneier, 2015). Although there are already software

plugins for browser to block or allow cookies for particular websites, deleting cookies is the

best way to prevent privacy risk.

V. Conclusion

In a world run by advanced technological applications, the risk of privacy invasion for

Internet users increases as new generations of computer technologies rises and develop further

into the horizon. We cannot help but admit that we rely heavily on numerous computer systems

and networks because they offer more than we can already imagine. The Internet is a very

broad space consisting of interconnected signals around the globe, sharing and retrieving

information from different kinds of people.

Almost all people have online accounts in conjunction with the need of authentic

identifications or credentials so as to allow the usage of Internet services or prerequisite of

being in a company or any business. This in return, sparks the risk of privacy for there are fake

websites taking advantage of using the user’s personal information for malicious intents. Along

with the creation of online accounts, also came the massive production of social media accounts

by the young generation. As social media becomes more popular, the social networking sites

gain large amounts of personal data from numerous people applying for using their
communication services. More or less, these social networking sites can gain economic

advantages by using these personal trends and showing more advertisements. Worse, the

personal data kept by these social networking sites can be stolen or copied by hackers and other

malicious people.

In connection with social media, the utilization of browser cookies, caches and history

further implies the significant increase in the risk of privacy for Internet users. These

information technologies contains the user’s personal preferences, interests,and habits and they

are already incorporated to various web servers to be sent to different kinds of web browsers.

Moreover, they are prone to be used as surveillance for Internet users by large corporations or

companies. However, the user can always manage these information technologies by deleting

them regularly or selecting only those important ones. These three common activities that risk

the privacy of Internet users: uploading credentials, posting personal information on social

networking websites, and failing to manage a web browser’s cookies, caches, and history; are

all dependent on the Internet user’s decision as he/she is the one taking the risk of privacy

invasion.
VI. BIBLIOGRAPHY

Alpcan, T., & Basar, T. (2011). Internet Security: A Decision and Game-Theoretic Approach.

United Kingdom: Cambridge University Press.

Comer, D. (2007). The Internet Book: Everything You Need to Know About Computer

Networking and How the Internet Works. NJ: Pearson Education Ltd.

Donselaar, J., Kleef, M., & Smaling, N. (2016). The Balance Between Identification

and Authentication: The Digital Identity Evolution. The Netherlands: Deloiite.

Hoffman, C. (2016). What Is a Browser Cookie? Retrieved from

https://www.howtogeek.com/119458/htg-explains-whats-a-browser-cookie/

Khanse, A. (2013). Different types of Internet Cookies. Retrieved from

http://www.thewindowsclub.com/types-of-internet-cookies

Mendel, T., Puddephatt, A., Wagner, B., Hawtin, D., & Torres, N. (2012). Global Survey on

Internet Privacy and Freedom of Expression. 2011. France: UNESCO.

Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and

Control Your World. New York: W. W. Norton & Company Ltd.

Symantec (2014). White Paper: Hidden Dangers Lurking in E-Commerce-Reducing Fraud

with the Right SSL Certificate. USA: Symantec.

Wilson, B. (2008). Fraud and the Internet: Online Shopping. Alabama: Alabama Cooperative

Extension System.

Wuest, C. (2010). The Risks of Social Networking. USA: Symantec Corporation.