Privacy Preservation in Technology

Aug 18, 2024

Review flashcards

CS50's Introduction to Cybersecurity

Instructor

  • David J. Malan

Lecture Focus: Preserving Privacy

  • Main Topic: How to preserve privacy in everyday technology use.

Overview

  • Previous weeks focused on securing accounts, data, systems, and software.
  • Focus on keeping communications secure between points A and B.
  • Today’s focus: technologies underlying software, apps, and more for future use.
  • Aim: Empower with mechanisms to restrict information sharing.

Topics Covered

Web Browsing History

  • Browsers track web history for features like autocomplete and finding past pages.
  • Privacy concern: others can access browsing history.
  • Options: clear browser history, but this can be heavy-handed (logs you out of accounts).

Server Logs and Tracking

  • Websites typically log visits for diagnostics, auditing, advertising, analytics.
  • Information logged: IP address, timestamp, requested resource, referrer, user agent.
  • Users can’t control server-side logs.

HTTP Headers

  • Referrer Header: Reveals the previous page visited.
    • Useful for analytics but invasive.
    • Can be moderated by websites using meta tags or headers.
  • User Agent Header: Identifies browser, version, OS.
    • Contributes to user fingerprinting.

Fingerprinting

  • Technique to create a user profile based on browser characteristics.
  • Factors: IP address, user agent, screen resolution, installed fonts, time zone, plugins/extensions.
  • Even if not logged in, fingerprinting can track users across sessions.

Cookies

  • Session Cookies: Maintain session state, expire when browser closes.
  • Tracking Cookies: Used for persistent tracking (e.g., Google Analytics).
  • Third-Party Cookies: Allow companies to track users across multiple sites.

Tracking Parameters

  • Parameters in URL used to track users (e.g., click_id).
  • Browsers and software starting to strip such parameters.

Solutions and Mitigation Techniques

Private Browsing
  • Incognito mode to prevent local history accumulation.
  • Doesn’t prevent all server-side tracking.
Super Cookies
  • Injected by ISPs for tracking, not visible client-side.
  • Solution: Always use HTTPS.
DNS and Privacy
  • DNS requests are typically unencrypted and reveal the domain accessed.
  • Solutions: DNS over HTTPS (DoH) or DNS over TLS (DoT).
VPNs (Virtual Private Networks)
  • Encrypts data between user and VPN server.
  • Changes perceived IP address.
  • Doesn’t prevent all tracking (e.g., fingerprinting).
Tor (The Onion Router)
  • Provides privacy by routing traffic through multiple nodes with layered encryption.
  • Increases difficulty of tracking, doesn’t guarantee anonymity.
Permissions
  • Increasingly fine-grained controls in OSes for app permissions (e.g., camera, location).
  • Important to manage for privacy preservation.

Summary

  • Discussed securing accounts, data, systems, software, and preserving privacy.
  • Emphasis on understanding and using technologies for security and privacy.
  • Encouragement to be proactive about privacy in personal and professional contexts.