PRIVACY

Privacy is the ability of an individual or group to stop information about themselves from becoming known to people other than those they choose to give the information to.

Privacy may be voluntarily sacrificed, normally in exchange for perceived benefits, but often with little benefit and very often with specific dangers and losses.

INTERNET PRIVACY
Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. every user of the Internet possessing Internet privacy.

RISKS TO INTERNET PRIVACY

Cookies
Browsing profiles IP addresses ISPs Phishing Web Beacon

COOKIES
A cookie is a small piece of data which is sent from a web server to a web browser and stored locally on the user's machine. The cookie is stored on the user's machine but is not an executable program and cannot do anything to the machine. Whenever a web browser requests a file from the same web server that sent the cookie, the browser sends a copy of that cookie back to the server.

small text file of information that certain Web sites attach to a user's hard drive while the user is browsing the Web site. A Cookie can contain information such as user ID, user preferences, archive shopping cart information, etc.
Lou Montulli, a former employee of Netscape Communications, was the first to apply the cookie technique in web communications.

Persistent cookies
A persistent cookie is one stored as a file on your computer, and it remains there when you close Internet Explorer. The cookie can be read by the Web site that created it when you visit that site again.

Temporary cookies
A temporary or session cookie is stored only for your current browsing session, and is deleted from your computer when you close Internet Explorer.

BROWSING PROFILES
The process of profiling (also known as "tracking") assembles and analyses several events, each attributable to a single originating entity, in order to gain information relating to the originating entity.

On the Internet, certain organizations employ profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles may or may not link with information that personally identifies the people who did the browsing.

IP ADDRESSES
Every device on the Internet (including each online computer) has an IP address, an identifying numeric code used to route data. The Internet Service Provider (ISP) through which the device connects may assign this address semi-permanently (for example, for the duration of the lifetime of an account) or temporarily (many dial-up connections, for example, get assigned new IP addresses each time they connect).
Every packet (piece of data) moving through the Internet gets tagged with the IP addresses of its source and of its intended destination. The proper working of the Internet depends on such routing information. Consequently, any direct connection between two devices on the Internet (such as when a personal computer reads a website) reveals both IP addresses to both parties.

ISPs
Consumers obtain Internet access through an Internet Service Provider (ISP). All Internet data to and from the consumer must pass through the consumer's ISP. Given this, any ISP has the capability of observing anything and everything about the consumer's (unencrypted) Internet activities; however, ISPs presumably do not do this (or at least not fully) due to legal, ethical, business, and technical considerations.

ISPs do, however, collect at least some information about the consumers using their services. From a privacy standpoint, the ideal ISP would collect only as much information as it requires in order to provide Internet connectivity (IP address, billing information if applicable, etc). A common belief exists that most ISPs collect additional information, such as aggregate browsing habits or even personallyidentifiable URL histories.
What information an ISP collects, what it does with that information, and whether it informs its consumers, can pose significant privacy issues. Beyond usages of collected information typical of third parties, ISPs sometimes state that they will make their information available to government authorities upon request. Often, such a request need not involve a warrant.

PHISHING

In computing, phishing is characterized by attempts to illegally acquire sensitive information, such as passwords and credit card details, by hidden as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message.

WEB BEACON

A Web beacon is an object that is embedded in a Web page or email and is usually invisible to the user but allows tracing the browsing behavior of the user. Alternative names are Web bug, tracking bug, pixel tag, and clear gif.

SECURITY
Security is often cited as a major barrier to electronic commerce. Prospective buyers are leery of sending credit card information over the web. Prospective sellers worry that hackers will damage their systems.

SECURITY INCIDENTS
A security incident is any network-related activity with negative security intentions. This usually means that the activity violates security policy.

Incidents come in all shapes and sizes. They can come from anywhere on the Internet, although some attacks must be launched from specific systems or networks and some require access to special accounts. An intrusion may be a comparatively minor event involving a single site or a major event in which tens of thousands of sites are compromised.

TYPES OF INCIDENTS
Incidents can be broadly classified into several kinds:
1. 2. 3. 4. 5. 6. 7. PROBE ACCOUNT COMPROMISE ROOT COMPROMISE PACKET SNIFFER DANIEL OF SERVICE INTERNET INFRASTRUCTURE ATTACKS MALICIOUS CODE

PROBE
A probe is characterized by unusual attempts to gain access to a system or to discover information about the system.

ACCOUNT COMPROMISE
An account compromise is the unauthorized use of a computer account by someone other than the account owner, without involving system-level or root-level privileges. An account compromise might expose the victim to serious data loss, data theft, or theft of services.

ROOT COMPROMISE
A root compromise is similar to an account compromise, except that the account that has been compromised has special privileges on the system. The term root is derived from an account on UNIX systems that typically has unlimited, or "superuser", privileges. PACKET SNIFFER A packet sniffer is a program that captures data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information that travels over the network in clear text.

DENIAL-OF-SERVICE
The goal of denial-of-service attacks is not to gain unauthorized access to machines or data, but to prevent legitimate users of a service from using it

INTERNET INFRASTRUCTURE ATTACKS

These rare but serious attacks involve key components of the Internet infrastructure rather than specific systems on the Internet. Examples are network servers, network access providers, and large archive sites on which many users depend.

MALICIOUS CODE
Malicious code is a general term for programs that, when executed, would cause undesired results on a system. Users of the system usually are not aware of the program until they discover the damage. Malicious code includes Trojan horses, viruses, and worms.

FIREWALL
Firewalls can limit and stop access to computers by unauthorized people or systems. A personal firewall is installed on a local computer and is used to protect personal computers from intruders on the Internet. A network firewall can be a combination of computer software and hardware installed on a computer network to manage usage for the network. Firewalls can be used to stop the spread of viruses and Spam and can be a valuable tool in protecting children online.