Never confuse education with intelligence, you can have a PhD and still be an idiot.
- Richard Feynman -

ITIC:Privacy on the web - Exercises

From Juneday education
Revision as of 10:07, 16 August 2019 by Rikard (Talk | contribs) (Whistleblowers and activists)

Jump to: navigation, search

What service has the following as part of their terms and conditions?

Use a search engine to figure out (examples of) what services have the following quotes (some quotes are used in more than one service) as part of their services:

If you use our services to make and receive calls or send and receive messages, we may collect telephony log information such as your phone number, calling-party number, receiving-party number, forwarding numbers, time and date of calls and messages, duration of calls, routing information and types of calls.

Expand using link to the right to see some suggested solutions or hints.

For instance, Google

You grant XXX a non-exclusive, transferable, sub-licensable, royalty-free, perpetual, irrevocable, fully paid, worldwide license to use, reproduce, make available to the public (e.g. perform or display), publish, translate, modify, create derivative works from, and distribute any of your User Content in connection with the Service through any medium, whether alone or in combination with other Content or materials, in any manner and by any means, method or technology, whether now known or hereafter created. Aside from the rights specifically granted herein, you retain ownership of all rights, including intellectual property rights, in the User Content. Where applicable and permitted under applicable law, you also agree to waive and not enforce any “moral rights” or equivalent rights, such as your right to be identified as the author of any User Content, including Feedback, and your right to object to derogatory treatment of such User Content.

Expand using link to the right to see some suggested solutions or hints.

For instance, Spotify

You give us permission to use your name and profile picture and information about actions you have taken on XXX next to or in connection with ads, offers, and other sponsored content that we display across our Products, without any compensation to you.

Expand using link to the right to see some suggested solutions or hints.

For instance, Facebook

You also agree that you will not use these products for any purposes prohibited by United States law, including, without limitation, the development, design, manufacture, or production of nuclear, missile, or chemical or biological weapons.

Expand using link to the right to see some suggested solutions or hints.

For instance, iTunes

Acceptable Use; Safety-Critical Systems. Your use of the Lumberyard Materials must comply with the XXX Acceptable Use Policy. The Lumberyard Materials are not intended for use with life-critical or safety-critical systems, such as use in operation of medical equipment, automated transportation systems, autonomous vehicles, aircraft or air traffic control, nuclear facilities, manned spacecraft, or military use in connection with live combat. However, this restriction will not apply in the event of the occurrence (certified by the United States Centers for Disease Control or successor body) of a widespread viral infection transmitted via bites or contact with bodily fluids that causes human corpses to reanimate and seek to consume living human flesh, blood, brain or nerve tissue and is likely to result in the fall of organized civilization. (emphasis added by Juneday authors)

Expand using link to the right to see some suggested solutions or hints.

For instance, AWS(Amazon Web Services)

Does Facebook know your network, even if you don't have a Facebook account?

Read the following two articles:

Do you think the information in the articles are true? Why/Why not?

Do you use any apps owned by Facebook? Here's a list of apps/services owned by Facebook(May 2019). Do you know if those apps uploads your phone's contact list to Facebook (directly or indirectly)? How could you find out?

Here's an excellent article on the subject, if you want to learn more: Investigating sources of PII used in Facebook’s targeted advertising (Giridhari Venkatadri, Elena Lucherini, Piotr Sapiezynski, and Alan Mislove, Proceedings on Privacy Enhancing Technologies 2019).

How unique is your browser?

Even if you don't have accounts on social media (or make sure you are not logged on) companies and others can still track you online activities, such as what pages you visit online. This is made possible due to the fact that you may not be so anonymous as you think, because your browser might actually have a unique "fingerprint". Companies may, using e.g. advertisement systems, build a profile of your online activities, by noticing that your browser has distinct features, which then in turn, might get linked to your person when you state your personal information (making an order, creating an account etc).

One simple (and common) technology for tracking (following) people online is to use a cookie. Use a search engine to find out what a cookie is and how it works.

You can turn cookies off (completely or by blocking at least third-party cookies). But since your browser might be unique, there are other ways to track your online activities. Investigate the terms "super cookie", "zombie cookie" and "HTML5 Cookie".

Did you know about these things? What did you think? Discuss with a class mate or friend. How can you protect yourself against various kinds of cookies (if you are worried that they are used to track or even profile you)?

As mentioned above, your browser might also be uniquely identifiable, which allows for recognizing if not your person, but that you are returning to a site you've visited before, and also cross-site visiting patterns (if your fingerprint is shared among services tracking you). Next, we'll investigate just how unique various browsers are.

Install some additional browsers

It's always good to have a few different browsers available. If not for security or privacy reasons, it's good to try out different browsers, because you might find one that better suits your needs. We therefore like you to install a few new browsers on your system (and phone if you feel like it). You can always remove the browsers you don't like afterwards.

Here's a list of (more or less) popular browsers. Install a few or all of them for the next part of this exercise. Use a search engine to find out how to install them.

  • Mozilla Firefox
  • Google Chrome
  • Chromium
  • Opera
  • Iridium
  • Tor Browser
  • Brave Browser
  • Midori
  • Dillo
  • w3m
  • Lynx

What is the most popular/most used browser?

If you want, you can check out this Wikipedia article on browser usage share. Make sure you also read the sections on accuracy, to be aware of possible errors in the statistics. It's good to know that user-agent headers (a text-part of your requests to a web server) can be spoofed.

Check uniqueness of your browsers

Use a search engine to find some online tools for fingerprinting your browser. Suggested keywords for the search:

  • browser fingerprinting
  • browser sniffing
  • browser fingerprinting test

Run the test and make a note of what browser you were using and what the test result reported. Compare your standard browser with the newly installed. Which one was better? Run the test on your mobile phone browser(s). What was the result there?

If you are aware of the vulnerabilities and careful about your privacy, you might consider changing browser (or alternate between a few to create noise in the tracking systems). There are also plugins that help protect you against fingerprinting and other tracking schemes. Here's a list of useful sites for the careful (paranoid?):

Please also note that there are more ways to fingerprint users, than just looking at the browsers (even if browsers are a great help in this kind of fingerprinting). Some ISPs even insert headers identifying a device (or range of devices) so that every request you do online contains this inserted information. And, of course, your IP number is another way of tracking you (but you can use a VPN or TOR or both to help mitigate this kind of tracking). The point of this exercise, however, is not to make you paranoid or worried. We think that knowing about the risks online and how to protect against most of them are things every modern person should know.

Miscellaneous questions on privacy and security

Sites that give access to private information

Visit and read the information there.

  • Is this site for real?
    • Why do you think it is or isn't for real?
    • If it is not for real, what do you think the purpose of this site is/was?
    • If it is for real, what do you think the purpose of this site is/was?
  • Who is behind it (use some network tools to figure out)?
    • Try to figure out what the organization behind the site has done or said about privacy online.

Visit and search for yourself or someone else

  • Were you successful in finding the person?
    • If you found more than one person with the same name, what extra information did you have to give to find the person you were looking for?
    • If you had to provide extra information, like postal code etc, did you know that or could you find that information out somehow?
  • Think about ethical problems with this service (if any)
  • Think about advantages or upsides of this service (if any)
  • Look up at least ten newspaper articles about ratsit and try to see if most are positive or negative about the service
  • What person or organization is behind

Whistleblowers, activists and advocates

Use a search engine to find out some basic facts about the following persons, and write down who they are/were, and what they are famous (or infamous depending who you ask) for having done in relation to privacy/surveillance, human rights, internet, intellectual property laws (e.g. copyright and software patents) and information:

  • Rebecca MacKinnon
  • Caspar Bowden
  • Edward Snowden
  • Mona Seif
  • Chelsea Manning
  • Aaron Swartz
  • Lawrence Lessig
  • Heather Marsh
  • Jonas Bosson
  • Eva Galperin
  • Richard Stallman
  • Lina Ben Mhenni
  • Julian Assange
  • Suw Charman-Anderson
  • Cory Doctorow
  • Yasodara Córdova
  • Erik Josefsson
  • Malkia Cyril
  • Jacob Appelbaum
  • John Gilmore
  • John Perry Barlow

Note that, of course, you don't have to agree with anything the above mentioned persons have done or said, the purpose is only to give you a sample of people with (often strong) opinions on privacy, surveillance, freedom of information, intellectual property laws (in relation to software and the Internet) etc.

Digital rights, freedom of information, digital freedom, free software, free culture etc - advocacy

Visit and get a basic idea of what the following organizations do and what issues they are addressing:


Further reading

Terms of service

Privacy while surfing the web

Social media related

Mobile phone related privacy stuff

General privacy stuff

Privacy and security

Where to go next

This is the last module and page for the Introduction to IT and computing book.

We have material on Bash and Bash programming here, if you really want more:

And we have an introduction to Java programming (if you want to try that) here:

And we have an introduction to databases here:

« PreviousBook TOCNext »