23,129 research outputs found

    Information Outlook, September 2004

    Get PDF
    Volume 8, Issue 9https://scholarworks.sjsu.edu/sla_io_2004/1008/thumbnail.jp

    Information Outlook, September 2004

    Get PDF
    Volume 8, Issue 9https://scholarworks.sjsu.edu/sla_io_2004/1008/thumbnail.jp

    Case study: disclosure of indirect device fingerprinting in privacy policies

    Full text link
    Recent developments in online tracking make it harder for individuals to detect and block trackers. This is especially true for de- vice fingerprinting techniques that websites use to identify and track individual devices. Direct trackers { those that directly ask the device for identifying information { can often be blocked with browser configu- rations or other simple techniques. However, some sites have shifted to indirect tracking methods, which attempt to uniquely identify a device by asking the browser to perform a seemingly-unrelated task. One type of indirect tracking known as Canvas fingerprinting causes the browser to render a graphic recording rendering statistics as a unique identifier. Even experts find it challenging to discern some indirect fingerprinting methods. In this work, we aim to observe how indirect device fingerprint- ing methods are disclosed in privacy policies, and consider whether the disclosures are sufficient to enable website visitors to block the track- ing methods. We compare these disclosures to the disclosure of direct fingerprinting methods on the same websites. Our case study analyzes one indirect ngerprinting technique, Canvas fingerprinting. We use an existing automated detector of this fingerprint- ing technique to conservatively detect its use on Alexa Top 500 websites that cater to United States consumers, and we examine the privacy poli- cies of the resulting 28 websites. Disclosures of indirect fingerprinting vary in specificity. None described the specific methods with enough granularity to know the website used Canvas fingerprinting. Conversely, many sites did provide enough detail about usage of direct fingerprint- ing methods to allow a website visitor to reliably detect and block those techniques. We conclude that indirect fingerprinting methods are often technically difficult to detect, and are not identified with specificity in legal privacy notices. This makes indirect fingerprinting more difficult to block, and therefore risks disturbing the tentative armistice between individuals and websites currently in place for direct fingerprinting. This paper illustrates differences in fingerprinting approaches, and explains why technologists, technology lawyers, and policymakers need to appreciate the challenges of indirect fingerprinting.Accepted manuscrip

    Information Outlook, September 2004

    Get PDF
    Volume 8, Issue 9https://scholarworks.sjsu.edu/sla_io_2004/1008/thumbnail.jp

    The New News: Journalism We Want and Need

    Get PDF
    Economic pressures on one hand and continuing democratization of news on the other have already changed the news picture in Chicago, as elsewhere in the U.S. The Chicago Tribune and Chicago Sun-Times are in bankruptcy, and local broadcast news programs also face economic pressures. Meanwhile, it seems every week brings a new local news entrepreneur from Gapers Block to Beachwood Reporter to Chi-Town Daily News to Windy Citizen to The Printed Blog.In response to these changes, the Knight Foundation is actively supporting a national effort to explore innovations in how information, especially at the local community level, is collected and disseminated to ensure that people find the information they need to make informed decisions about their community's future. The Chicago Community Trust is fortunate to have been selected as a partner working with the Knight Foundation in this effort through the Knight Community Information Challenge. For 94 years, the Trust has united donors to create charitable resources that respond to the changing needs of our community -- meeting basic needs, enriching lives and encouraging innovative ways to improve our neighborhoods and communities.Understanding how online information and communications are meeting, or not, the needs of the community is crucial to the Trust's project supported by the Knight Foundation. To this end, the Trust commissioned the Community Media Workshop to produce The New News: Journalism We Want and Need. We believe this report is a first of its kind resource offering an inventory and assessment of local news coverage for the region by utilizing the interactive power of the internet. Essays in this report also provide insightful perspectives on the opportunities and challenges

    Privacy in Gaming

    Get PDF
    Video game platforms and business models are increasingly built on collection, use, and sharing of personal information for purposes of both functionality and revenue. This paper examines privacy issues and explores data practices, technical specifications, and policy statements of the most popular games and gaming platforms to provide an overview of the current privacy legal landscape for mobile gaming, console gaming, and virtual reality devices. The research observes how modern gaming aligns with information privacy notions and norms and how data practices and technologies specific to gaming may affect users and, in particular, child gamers. After objectively selecting and analyzing major players in gaming, the research notes the many different ways that game companies collect data from users, including through cameras, sensors, microphones, and other hardware, through platform features for social interaction and user-generated content, and by means of tracking technologies like cookies and beacons. The paper also notes how location and biometric data are collected routinely through game platforms and explores issues specific to mobile gaming and pairing with smartphones and other external hardware devices. The paper concludes that transparency as to gaming companies’ data practices could be much improved, especially regarding sharing with third party affiliates. In addition, the research considers how children’s privacy may be particularly affected while gaming, determining that special attention should be paid to user control mechanisms and privacy settings within games and platforms, that social media and other interactive features create unique privacy and safety concerns for children which require gamer and parent education, and that privacy policy language is often incongruent with age ratings advertised to children and parents. To contribute additional research value and resources, the paper attaches a comprehensive set of appendices, on which the research conclusions are in part based, detailing the technical specifications and privacy policy statements of popular games and gaming platforms for mobile gaming, console gaming, and virtual reality devices

    Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies

    Get PDF
    Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed

    Emerging Phishing Trends and Effectiveness of the Anti-Phishing Landing Page

    Full text link
    Each month, more attacks are launched with the aim of making web users believe that they are communicating with a trusted entity which compels them to share their personal, financial information. Phishing costs Internet users billions of dollars every year. Researchers at Carnegie Mellon University (CMU) created an anti-phishing landing page supported by Anti-Phishing Working Group (APWG) with the aim to train users on how to prevent themselves from phishing attacks. It is used by financial institutions, phish site take down vendors, government organizations, and online merchants. When a potential victim clicks on a phishing link that has been taken down, he / she is redirected to the landing page. In this paper, we present the comparative analysis on two datasets that we obtained from APWG's landing page log files; one, from September 7, 2008 - November 11, 2009, and other from January 1, 2014 - April 30, 2014. We found that the landing page has been successful in training users against phishing. Forty six percent users clicked lesser number of phishing URLs from January 2014 to April 2014 which shows that training from the landing page helped users not to fall for phishing attacks. Our analysis shows that phishers have started to modify their techniques by creating more legitimate looking URLs and buying large number of domains to increase their activity. We observed that phishers are exploiting ICANN accredited registrars to launch their attacks even after strict surveillance. We saw that phishers are trying to exploit free subdomain registration services to carry out attacks. In this paper, we also compared the phishing e-mails used by phishers to lure victims in 2008 and 2014. We found that the phishing e-mails have changed considerably over time. Phishers have adopted new techniques like sending promotional e-mails and emotionally targeting users in clicking phishing URLs
    • …
    corecore