Open in app

Sign in

Write

Sign in

Privacy Issues in the Public Web

IndreshP
Delta Force
Published in
9 min readApr 20, 2021

Often when we are stranded in some deserted place and need of some food, we’ll take our mobile phone and search for “nearest bakery.” The first bakery in the search results is just within a kilometer radius. How does our mobile phone know about our location?

Apps, websites have made us relish the world within our palms. We have boundless information in a single touch. But we never realize, our data is also gathered and processed at the same time.

How is personal data getting collected?

1) IP address:

In a network, we send and receive information. Usually, in our day-to-day life, we use letters to send and receive messages. We write our and the receiver’s postal addresses to locate each other. Similarly, on the internet, we send and receive data. Along with the data(the content of the letter) address has to be written. Hence we use an IP address, which acts in a similar way that an address works.

Image of a packet(letter) that has to be sent and received on the internet

How do we find our IP address?

There are two IP addresses:

  1. Public IP address

A public IP address is the globally specific IP address assigned to a computer device, like the postal address used to send a postal email to your home. We can find our public IP address on What’s My IP Address or IPFY.

2. Local IP address/Private IP address

A private IP address is used to locate our device within the network. When we are using a Wi-Fi router in our house, the router has a public IP address, and every device has a private IP address. Again this is similar to the postal process. We receive a letter at our house address. But only one resident reads it; our public IP acts like house address and private IP address like the recipient’s name.

In Windows 10,

  1. Click the Start icon and select Settings.
  2. Click the Network & Internet icon.
  3. To view the private IP address of a wired connection, select Ethernet on the left menu pane and select your network connection; our IP address will appear next to “IPv4 Address”.
  4. To view the private IP address of a wireless connection, select Wi-Fi on the left menu pane and click Hardware Properties; our IP address will appear next to “IPv4 Address”.

IP stands for “Internet Protocol,” which is the set of rules governing the format of data sent via the internet or local network. An IP address is a 32-bit number. It uniquely identifies a host (computer or other devices, such as a printer or router) on a TCP/IP network. IP addresses are usually expressed in dotted-decimal format, with four separated periods, such as 172.16.254.1.

An IP address is not random; it is mathematically produced and allocated by the Internet Assigned Numbers Authority (IANA), an Internet Corporation division for Assigned Names and Numbers (ICANN).

Threats

Cybercriminals may use different techniques to perceive IP address. Attackers can use social engineering to trick into revealing the IP address. Cybercriminals can impersonate with IP address, to download illicit content and anything else they do not want to be tracked back to them. Criminals will attack network as well and initiate a range of assaults. DDoS (distributed denial-of-service) attacks are one of the most common attacks on the network.

Websites or apps collect IP addresses to locate, find Internet Service Providers (ISP), etc. There is a common misbelief that turning off location in devices can stop tracking location.

ISP usually sets up a connection when connected to the internet. It tracks via an IP address. Network traffic is routed through ISP’s servers, which can log and display everything we do online

2) Cookies:

Developers tend to analyze and track us to know our identity, interests, etc., and enrich our user experience. For this purpose, many techniques are used; among them are cookies.

We can locate cookies in cookies storage:

  1. Click F12 after visiting a website to open developer tools.
  2. Move to the Application tab.
  3. Left side, in the Storage pane, click on Cookies.

An HTTP cookie (web cookie, browser cookie) is a small piece of information sent to the web browser by a server. It can be cached by the browser and sent back with subsequent requests to the same server.

Cookies are mainly used for three purposes:

  1. Session management: Logins, game scores, or anything else the server should remember
  2. Personalization: User preferences, themes, and other settings
  3. Tracking: Recording and analyzing user behavior

Third-party cookies

A cookie is associated with a domain. The cookie is a first-party cookie if the domain is the same as the page visited. It is a third-party cookie if the domain is different. Although first-party cookies are set by the server hosting a website, the page may contain images or other components stored on servers in separate domains (e.g. ad banners), which may set third-party cookies. These are mainly used for advertising and tracking across the web.

When visiting several pages, a third-party server can create a profile of a user’s browsing history and preferences based on cookies sent to it by the same browser. Browser settings or extensions can block third-party cookies (or just tracking cookies).

“Whenever a website is visited, the user will be often prompted with an offer of cookies. Cookies can collect our personal information to the amount of time a particular meme is viewed. While cookies are an important component of the modern web, they pose a significant risk of invasion of privacy and a security risk.”

3) Browser Fingerprinting:

To track us even when cookies are disabled on the browser and for unique identification, methods such as browser fingerprinting, pixel tags, etc., are used. Characteristics of one person are different from another. Similarly, the configuration of one device or browser is different from another. This dissimilarity is analyzed and used for the unique identification of our device.

A device fingerprint, machine fingerprint or browser fingerprint is information collected about a remote computing device for identification. Fingerprints can be used to fully or partially identify individual users or devices even when cookies are turned off.

Browser fingerprinting is a powerful tool used by websites to gather information about the version and type of browser, specifics of the operating system, active plugins, language, time zone, screen resolution, and various other active settings.

At first, these data points can seem generic and do not look personalized to identify one particular individual. There is, however, a considerably small chance for another user to have 100 percent matching results. Websites use the information provided by browsers to identify specific users and monitor their online actions. This approach is called ‘browser fingerprinting.’

“Canvas Fingerprinting” is the modern way to get browser information. It is a tiny piece of code within the code that takes the fingerprint of our browser.

“When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors. Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in the data URL format, a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data, which serves as the fingerprint.”

The HTML5 canvas element generates details, such as the font size and the active background color settings of the browser, on a website. Such data acts as a specific fingerprint.

Canvas fingerprinting does not load something onto the computer, unlike how cookies work, so we would not remove any data, as it is stored online.

What do they do with data?

The data gathered is mainly used to improve the user experience. But these data can also be used to influence. The influence ranges from personalized ads to search results.

Using information such as age, location, app usage, and even data from the mobile websites browsed, we are profiled into categories that advertisers can use to target ads. The targeting categories are broke into subcategories including, Demographics, Interests, and Behaviors.

  • Demographics are used to reach individuals based on schooling, employment, finance, income, language, and lifestyle.
  • Interest is used to match individuals based on posts in social media, searches.
  • Behaviors are used to check individuals based on buying preferences or intentions, the use of technology, and more.

Our data is safe until it remains in safe hands.

How can we make sure we are safe?

1. Private browsing

It’s always safe to use our network to surf. When we use some public network connection or anonymous wi-fi, there is a threat to our activity logged.

We can always browse privately, sign out of our account, change our custom results settings, or delete past activity. We can read the terms and conditions to know more about how data is being used.

2. Third-party cookies

Disabling third-party cookies in the web browser can stop advertisers and other third-party entities from tracking. It enhances user privacy and security. It’s always a good idea to periodically clear out third-party cookies.

  1. In Chrome, at the top right, click More.
  2. Click More tools. Clear browsing data.
  3. At the top, choose a time range. To delete everything, select All time.
  4. Next to “Cookies and other site data” and “Cached images and files,” check the boxes.
  5. Click Clear data.

3. VPN

In the postal system, if the letter is sent and received through a service provider who sends and receives letters in his name, without disclosing our identity and encoding our data such that only sender and reader can understand, our data and identity are safe. VPN provides such a service.

VPN stands for “Virtual Private Network” and describes the opportunity to establish a protected network connection when using public networks. VPNs encrypt our internet traffic and disguise your online identity. It makes it more difficult for third parties to track activities online and steal data.

A VPN connection disguises online data traffic and protects it from external access. Unencrypted data can be viewed by anyone who has network access and wants to see it. With a VPN, hackers and cybercriminals can’t decipher this data.

Benefits of VPN

  • Secure encryption: We need an encryption key to read the data. Without one, a brute force attack will take years to decode the code. Our online activities are hidden even on public networks by using a VPN.
  • Disguising our whereabouts: On the internet, VPN servers act as proxies. With VPN, demographic location data comes from a server in another region; hence, it is impossible to determine the actual location. Besides, our activities are not recorded by most VPN services. It implies that any potential user behavior record is hidden.

In this online world, it’s a fact that nothing can be hidden. We have to accustom that our data is getting collected and used. But we can still reduce being tracked.

Privacy

--

--

IndreshP
Delta Force

Written by IndreshP

6 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams