Privacy, Anonymity and Pseudonymity in Business Transactions over the Internet. Contents



Similar documents
Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Hiding Tracks on the Net

WebMail Forensics. Thomas Akin, CISSP. Director, Southeast Cybercrime Institute Kennesaw State University

How to train your Browser Controller

SSL Overview for Resellers

Device Fingerprinting and Fraud Protection Whitepaper

Profound Outdoors Privacy Policy

Towards Pseudonymous e-commerce

Internet Privacy Options

Evaluation of different Open Source Identity management Systems

Anonymity on the Internet Over Proxy Servers

CHAPTER 6. Learning Objectives. Learning Objectives. E-commerce Payment Systems. Types of Payment Systems

Application Security: Threats and Architecture

Firewalls and Intrusion Detection

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

BlackBerry Internet Service Using the Browser on Your BlackBerry Smartphone Version: 2.8

Swedbank Payment Portal Implementation Overview

N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work

Network Security. Mobin Javed. October 5, 2011

WHY YOU NEED AN SSL CERTIFICATE

WEBSITE PRIVACY POLICY. Last modified 10/20/11

ELECTRONIC COMMERCE WORKED EXAMPLES

How We Use Your Personal Information On An Afinion International Ab And Afion International And Afinion Afion Afion

Digital Cash. is not a check, credit card or a debit card. They leave audit trails. can be sent through computer networks.

Europcar.co.uk collects personal data that you voluntarily provide. This information is collected when you:

Debugging With Netalyzr

Anonymous Communication in Peer-to-Peer Networks for Providing more Privacy and Security

Cookie Policy. Introduction About Cookies

Installation Guide For Choic Enterprise Edition


NETWORKS AND THE INTERNET

DARTFISH PRIVACY POLICY

Privacy Policy. The Read Privacy Policy was created on June 11, 2015

Why you need secure

girlsdrivebetter.com is a trading style of Policywise Ltd, a limited liability company registered in England and Wales number

CS 6393 Lecture 7. Privacy. Prof. Ravi Sandhu Executive Director and Endowed Chair. March 8,

DPW ENTERPRISES Web Design and Hosting Services Autoresponder Software User s Guide

How to make a VPN connection to our servers from Windows 8

Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004

Portal Administration. Administrator Guide

When visiting online banking's sign-on page, your browser establishes a secure session with our server.

Cookie Policy. Introduction About Cookies

2010 Carnegie Mellon University. Malware and Malicious Traffic

DOMAIN AND GLOSSARY The phrases and terms you may encounter, when registering a domain name

I2P - The Invisible Internet Project

Privacy in Enterprise Identity Federation - Policies for Liberty Single Signon -

Basics of Internet Security

SANE: A Protection Architecture For Enterprise Networks

BlackBerry Internet Service. Version: User Guide

Single Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications

Covert Channels. Some instances of use: Hotels that block specific ports Countries that block some access

Electronic Cash Payment Protocols and Systems

Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

ISM/ISC Middleware Module

The World Wide Web: History

WORMS HALMSTAD UNIVERSITY. Network Security. Network Design and Computer Management. Project Title:

Technical Analysis Document

Practical guide for secure Christmas shopping. Navid

Regain Your Privacy on the Internet

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013


Owner of the content within this article is Written by Marc Grote

Topics in Network Security

Examining Proxies to Mitigate Pervasive Surveillance

Cookie Policy. Introduction About Cookies

DISCLOSURES WEB PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

Chapter 7. Address Translation

Cornerstones of Security

Setting up and controlling

Certified E-commerce Consultant (CEC)

Network setup and troubleshooting

Synology QuickConnect

Large-Scale Internet Crimes Global Reach, Vast Numbers, and Anonymity

1. The Web: HTTP; file transfer: FTP; remote login: Telnet; Network News: NNTP; SMTP.

WHAT INFORMATION IS COLLECTED AT MOTOROLA.COM.VN AND/OR MOTOROLA.VN AND HOW IS IT PROCESSED AND USED?

Setting Up Scan to SMB on TaskALFA series MFP s.

A Reseller s Guide to Using Helm

Good Practice use of Outlook, Thunderbird and HORDE Webmail

Cyber Opsec. Protecting Yourself Online. Think. Protect. OPSEC.

SyncThru TM Web Admin Service Administrator Manual

UBS KeyLink Quick reference WEB Installation Guide

Payment Systems for E-Commerce. Shengyu Jin 4/27/2005

INDEX PRIVACY POLICY...2

Wireless Encryption Protection

Information Not Collected and Retained

PROVIDING SINGLE SIGN-ON TO AMAZON EC2 APPLICATIONS FROM AN ON-PREMISES WINDOWS DOMAIN

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

The web server administrator needs to set certain properties to insure that logging is activated.

Is your data safe out there? -A white Paper on Online Security

ARRIS WHOLE HOME SOLUTION PRIVACY POLICY AND CALIFORNIA PRIVACY RIGHTS STATEMENT

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

YouServ: A Web Hosting and Content Sharing Tool for the Masses

Creating a VPN Using Windows 2003 Server and XP Professional

McAfee.com Personal Firewall

Microsoft SharePoint 2010 Deployment with Coyote Point Equalizer

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

CREATING YOUR ONLINE PRESENCE

Configuring an External Domain

Transcription:

Internet Economics Seminar Privacy, Anonymity and Pseudonymity in Business Transactions over the Internet Daniel Bruggesser Jarkko Laine Contents Introduction (definitions, history) State of the privacy in today s internet Economics Law Protecting yourself Technologies now and tomorrow

Definitions Privacy The inverse of the amount of information about one party transferred to another i.e. everything you keep to yourself Anonymity The state of being anonymous, unidentified Pseudonymity The state of being identified by a false name ( nickname ) Definitions (2) A business transaction in the internet Activity where something is being bought over the internet

History of [Ano Pseudo]nymity Historical weapon of those feared of prosecution or worse Considered as a cornerstone of free speech in western civilization Many famous writers have been using pseudonyms to conceal their real identity Mark Twain (known), William Shakespeare (still, and probably forever, unknown) History of anonymity on the world wide web Last fortress of the free speech Anonymous writings have put people in jail Legislators want to restrict anonymity......but anonymity is admittedly part of the nature of the www

Is anonymity good or bad? + You can hide your identity from repressive regime + People of sexual minorities can hide who they are - Makes criminal actions easier - Accountability issues The Economical Meaning of (the Lack of) Anonymity The era of regular customer cards Why give away bonuses to customers? Shops want to know how you consume If knowledge is power, then a God am I! Riddler, Batman Forever Information is money Customer Relationship Management

How s Your Privacy Compromised in the Internet They ll know your IP Issue or not? Cookies are part of the axis of evil Much of wrong information about cookies in the Internet How cookies work Cookie just tells that this browser has been there before Doesn t give any private information Makes it possible to keep file on the user GET / Set-Cookie: browser=3535xxx GET / Cookie: browser=3535xxx

Golden Rule of Cookies Cookies are only sent back to the same web domain as they came from The only thing preventing web sites from swapping information about you How can the rule be subverted, part I How Doubleclick and other advertisers subvert the Golden rule? Advertisements on different pages are served from the same server (e.g. doubleclick.com) Browser thinks your on the same page and returns the cookie Is mostly used to track where a particular (anonymous) user has been Possible to serve targeted ads

How Microsoft Passport Does It? Idea: just one login for the customer in the whole internet User is redirected to Passport always when she enters a member site Hotmail knows you just visited Investor! All Passport services use the same huge customer database Why should you care? All the member sites share the user information Higher flight prices on Expedia for those holding over 1 Million in Investor portfolio The more services involved, the more valuable your information is The network effect (a.k.a. Metcalfe s law) Huge business!

Does Law Protect You? Directive 95/46/EC of the European Parliament: You have to have a customer or equal relationship with the people in the register Passport register probably meets this BUT: The directive doesn t apply to direct marketing Microsoft promises to protect your data How secure has Hotmail proven to be? 27 page agreement: "Microsoft reserves the right to amend this agreement at any time." Technical Aspects Single Servers Networks Protocols Applications Mobile Internet

Anonymous Servers Re-Mailers Removes any private data Pseudoanonymous Server generate a pseudonym for user Server saves relation user - pseudonym Replies are possible Servers Anonymity Servers Anonymity Servers (Anonymity Proxy) for different services www, ftp, news, email, irc,... anonymous or pseudoanonymous Result: you have to trust the serviceprovider

Networks Pseudoanonymity Networks Known also as Onion Routing User gets: ent-to-end connection through a tunnel a pseudonym (IP-Address) PP Webserver PP Browser Browser Local Proxy PP Browser Local Proxy PP Webserver Networks Pseudoanonymity Networks (2) Local Proxy (LP) Pseudoanonymous Proxy (PP) use 1 TCP connection encrypted with SSL (Link Encryption) Nested Encryption with SSL (additional layer) LP NE 3 PP3 NE 2 PP2 LE 1 PP1 LE 2 LE 3

Networks Pseudoanonymity Networks (3) LE1 contains encrypted data from NE2 NE2 contains encrypted data from NE3 needs a lot of SSL connections: 2n+1 LP NE 3 PP3 NE 2 PP2 LE 1 PP1 LE 2 LE 3 Networks Pseudoanonymity Networks (4) For attackers: difficult to link incoming/outgoing traffic on a Proxy difficult to infiltrate an own proxy User (or Local Proxy) knows all SSL-Keys

Networks Crowds similar to Onion Routing User is a member of the crowd Link encrypted choose path through Proxies randomly on hop-by-hop basis request and reply path are the same other request seems to come from your computer Networks Hordes multiple proxies to route towards the responder (similar Crowds) Onion Routing also possible Uses multicast to anonymously reply to the sender IP-Address is a multicast group address difficult to find the membership of the group even you know the group, the receiver is hidden in the receiver set

Protocols Anonymous Subscriptions Subscribe a service newspapers, books, videos... Anonymous access to the service Electronic Cash/Blind Signatures (later) Unlinkable Serial Transactions User holds a token, get a new one on access unlimited access... Applications Electronic Cash many E-Cash systems, here is an example: DigiCash ECash Currency: Ecash Coins: Cyberbucks Everyone has a wallet User pays in Cyberbucks for a service

Applications Electronic Cash (2) Change Ecash Pay for a service Ecash transfer Blind signature Applications Electronic Cash (3) DigiCash ECash Also transfer User-User possible Bank logs all Cyberbucks Online verification by the bank Bank gives blind signatures provides anonymity untraceability

Anonymous Mobile Internet Today s state Providers don t garantee privacy They record to each universal number: (through their centralized billing system) Every call (incoming/outgoing) Movement Time They know our habits, movements,... Anonymous Mobile Internet Where we go tomorrow? Possible solution: Basic idea: Prepaid Handy on-the-fly payment or prepayment random, temporarly, inpersonal numbers A 2 nd device next to our personal one?

Questions 1. Why do people think that their former supposed privacy will evaporate in the internet? 2. Why should an e-commerce customer remain anonymous? 3. So why aren t the means to remain anonymous in wider use? 4. What will be used by a normal user? End

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information