Archive for the ‘Identity Management’ Category

7 Feb 2011

Insights on Privacy – Alessandro Acquisti and Christena Nippert-Eng

On February 28, 2011, our Office is holding its second Insights on Privacy armchair discussion. We’ve invited behavioural economist Alessandro Acquisti and sociologist Christena Nippert-Eng to talk about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

In the context of their fields of privacy expertise, we will discuss how we represent ourselves both online and off and the implications of changing perceptions of public and private spaces. The discussion will extend to the challenges of maintaining a professional and personal presence online.

The Insights on Privacy Speakers’ Series is a series of armchair discussions hosted by the Office of the Privacy Commissioner to shed light on new and provocative voices doing interesting work in the field of privacy.

Alessandro Acquisti is an Associate Professor of Information Technology and Public Policy at the Heinz College, Carnegie Mellon University. He is the co-director of the CMU Center for Behavioral Decision Research (CBDR), a member of Carnegie Mellon Cylab, and a fellow of the Ponemon Institute. His work investigates the economic and social impact of information technology, and in particular the economics and behavioural economics of privacy and information security, as well as privacy in online social networks.  He is co-editor the book Digital Privacy: Theory, Technologies, and Practices (2007), an analysis of state-of-the-art technologies, best practices, and research results, as well as legal, regulatory, and ethical issues.

Christena Nippert-Eng is Associate Professor of Sociology in the College of Science and Letters at the Illinois Institute of Technology. Her most recent book, Islands of Privacy: Selective Concealment and Disclosure in Everyday Life (2010) is an exploration of the ways we think about privacy on a daily basis – how we try to achieve it for ourselves and enable it for others. In addition to her work as the National Chair of the Communication and Information Technologies Section of the American Sociological Association (2010-2011), Dr. Nippert-Eng conducts industrial research on people’s behaviour and relationships with objects and spaces, including information and communication technologies. She is currently at work on a second book on privacy and socialization.

To participate:

We are inviting full participation in this discussion. For those of you who attend the session in person, we will be inviting questions from the audience as well as inviting you to tweet the content using the #privtalks hashtag.

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to by February 24th and we will try to incorporate it in the issues we cover.

We will also be offering the audience members the opportunity to complete a voluntary survey to provide us with their views on some of the key questions in the discussion.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian.

Space is limited and is available on a first-come, first-served basis. Please RSVP before February 25, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Monday, February 28, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2nd Floor, Salon Vanier/Stanley


19 Oct 2010

Referrer Madness

By now, many of you have heard of the information that is “leaking” from Facebook applications, and how this wide-ranging problem might affect your personal privacy.

On Monday, the Wall Street Journal continued its online privacy series by reporting that many popular Facebook applications leak personal information – in the form of Facebook user IDs – to online advertisers.  A Facebook user ID is a unique number issued to every user of the site, and is part of a person’s public profile: you cannot restrict access to your user ID simply by modifying your account’s privacy settings.

When you visit a web page, browsers typically report the URL of the page you were viewing before you clicked over to the current page: this is known as the “referrer” URL.  A Facebook app is often loaded on the same web page as third-party ads. When these ads are fetched (to be loaded onto the page), the application tells the advertising network the URL of the current page that is loading their ad. In the case of many Facebook apps, this URL contains the unique user ID of the person who loaded the page. This ID can then be used to identify that specific user – it is linked to public profile information like their full name.  The URL (with the ID) is sent even if the user does not click on any ads.

This is not the first time it has been the subject of discussion. It was raised in a research paper in August 2009 and – in a similar context – described in an earlier WSJ article about Facebook ads. A lawsuit has been filed in California that alleges that Facebook has shared personal data with advertisers.

Current debate around the privacy implications of referrer information has also included criticism of the statements made in the WSJ article. Some commentators found the article alarmist, and others pointed out that these issues are not specific to Facebook, but are a wider web privacy concern. Indeed, the broader privacy implications of referrer data have also been recently raised as part of a complaint to the Federal Trade Commission about Google’s use of referrer headers.

It is important to note that using referrer data is, by itself, a legitimate practice. The web standards that underpin how information and instructions are communicated across the internet allow browsers to send the referrer field as an optional part of a request to a web server. However, there is flexibility as to exactly what information is included in the referrer header, and also whether users allow their browsers to send referrer data in the first place. Harlan Yu outlined a number of solutions in a timely blog post; these include omitting IDs from the web request, using placeholder IDs instead of real Facebook IDs, and improving browsers to give people better control over the transmission of referrer data.

One prominent member of the web community co-wrote an Internet standard document that pointed out privacy concerns of referrer data:

Note: Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer…information.

The co-author? Tim-Berners Lee (considered the father of the web), in 1996. The privacy debate continues…

4 Oct 2010

“People don’t care about privacy until it bites them.”

Understanding how we construct and manage our online reputations is crucial in our understanding of how people determine what to make public and what to keep private in online environments. The interview below, with Firefox’s Creative Director Aza Raskin, has some interesting observations on what the construction of identity and memories could look like in the future. Also, around 4:35, he talks about the work Mozilla has been doing to create a set of privacy icons in the style of Creative Commons licences to help people understand how their data is being collected and used.

7 Sep 2010

Know a Young Person Who’d Like to Win an iPad?

We’re launching our 2010 My Privacy & Me Video Contest for 12-18-year-olds – and the first-place winners will win an iPad!

It’s the same thing this year – but a little different, too! Again, we’re asking them to create their own public service announcements about privacy. But this year, we’d like the videos to fall into one of four categories: Surveillance; Reputation Management; Targeted Advertising; or Online Scams. You can find all contest details here.

This year, teams can consist of one to three people. First-place winners in each category will win an iPad. Second-place winners will win a $200 gift card; and third-place winners will win a $100 gift card. We’ve recognized top-participating schools and teachers in the past, and we have something in store for them in 2010! The deadline is December 10, 2010.

For inspiration, sit down with your young ones and watch the 2009 winning videos. Then, have them start exercising their video-making muscles – we can’t wait to see what they’ve got!

6 Apr 2010

Virtual graffiti

The intersection of geolocational apps and social media has produced…virtual graffiti.

At several American universities, students with cellphones are tagging campus landmarks with comments and labels using location-aware apps like Foursquare. Some universities have found ways to teach through tagging:

“At North Carolina State University, meanwhile, a new library service shows smartphone users historical pictures of campus buildings based on where users are standing, including a snapshot of the first freshman class, from 1890, when the agricultural college’s hot mobile technology was horses.”

And students have found, er, innovative ways to tag spots around campus – one of the deans at the University as at Dallas discovered his office had been tagged in Foursquare with the comment “Watch out for lame jokes!”

The ability to virtually tag places, things and people isn’t new, but it does create challenges when it comes to managing our identities online – who owns that material? Foursquare? The tagger? The person tagged? Right now, the responsibility is in the hands of the tagged – for instance, look at the care university students take in reviewing, and untagging when necessary, photos of themselves that get posted to Facebook after a particularly spectacular weekend.

Is this likely to change? Probably not – online as in offline, we should all know what face we’re putting forward.

11 Mar 2010

Blast from the Past – How many unused profiles do you have online?

This post, by co-op student Erin Siksay, is cross-posted from our youth blog.

I searched myself online the other day and came up with a profile I had created some years ago, complete with picture and date of birth, name, and e-mail address. So many websites require at least some personal information in order to view exclusive content or enjoy the services provided by the website, it gets difficult keeping track of all the websites I’ve signed up for. Inevitably, some end up being neglected or forgotten. Then, years later, they pop up when I’m feeling bored (and perhaps narcissistic) and searching myself online.

I had the website e-mail me my username and password so I could delete the account (and all of its revealing information) from their server so it wouldn’t appear in the search engine queue. (Luckily I’ve used the same e-mail address for many years). If you find yourself in the same situation but with an unknown or expired e-mail address, you can always write to the moderators or developers of the website and request that your profile be taken down or removed.

You may be selective with what information you put into an online profile, but with lots of profiles online it can become difficult to keep track of exactly what personal information is available on the web. One website might require a postal code, another a birthdate. Pieced together, these separate profiles can reveal a lot about the user. This combined profile can then be used for targeted marketing or even more malicious purposes.

Make sure your profile doesn’t come back to haunt you.