The Impact on Privacy by Data Collection and Processing

Introduction

Urban societies have integrated modern technology into its system and are comfortable with its capabilities and compatibility with modern life. However, many are unaware of how such technologies function or operate; often trusting the machines with their personal private information without knowing the consequences, allowing it to have an incredible impact on each individual's privacy. Understanding the workings behind the scenes is the first step to avoiding difficulties, and to eventually find solutions.

Cloud Data Storage

Simply put, a host computer runs an application called a hypervisor, which creates virtual machine simulations that simulate physical computers well enough to run any software, including operating systems and end-user applications.^[1] Often times, many physical devices such as processors, hard drives and network devices are located in datacenters, responsible for storage and processing needs.^[1] Using a combination of software layers allows for effective server management. The Virtualization layer is essential for providing the cloud with resource pooling, location independence, and rapid elasticity.^[1] The management layer monitors traffic and responds to fluctuation in server creation or destruction, as well as implement security monitoring and regulations.^[1] This system is suitable for sharing, quickly accessing, and updating information in real-time with minimal management or service provider interaction;^[1] however, this presents a few problems.

Confidentiality refers to only authorized parties or systems having the ability to access protected data.^[1] With a larger number of parties, devices and applications involved, the risk of compromising confidential information expands to multiple points of access.^[2] Entrusting data control to the cloud also increases the risk of data compromise, by allowing it to become accessible to an augmented amount of parties.^[2]

Advertisement Appeal

Advertisement refers to a public announcement and or promotion of a product.^[4] Advertisements thoroughly cover every site on the internet. Although it appears to only be a slight irritation, many websites track and mine for each user's actions and may sell the data to advertisers ^[5]. As stated by Narayanan, "The information that's most useful for them to collect is your browsing history and your search history".^[5] Using this information, advertisers can infer a user's behaviour and preferences to present relevant advertisements and to tailor prices.^[5] Each user behaves with subtle differences when interacting with a webpage, and this is sufficient to derive a unique fingerprint. This technique of data collection is known as Canvas Fingerprinting.^[6] Canvas Fingerprinting is a commonly-used technique adopted by many well-known sites and companies.^[7]

Cookie Syncing

A common data-collection technique is the usage of Cookies. Websites may use and or exploit cookies to gather data from its users. Cookie syncing is the process by which various trackers link different given IDs to the same user.^[8] The technique is argued to be used to provide relevant advertisements and or information to each user. This is worrisome, as it raises more serious privacy concerns than Canvas Fingerprinting and deletion of a Cookie may prove to be a hassle, as some trackers may "respawn" once cleared.

As stated by Englehardt, "Cookie syncing enables a world of back-end data sharing, and there is so little oversight of the tracking ecosystem that we just don't know what is happening behind the scenes. And this is a problem. Based on the evidence of what we can observe in the browser, it seems that every avenue for data collection and sharing does seem to eventually get utilized".

Figure 1

(See Figure 1) The graph on the left is completely disconnected, meaning the user effectively appears as two different users to the trackers. But when this tracker receives respawned cookies via cookie syncing, they gain the ability to connect the user's visits to websites they track from before and after cookie clearing using vectors. This is called an Evercookie.^[8] Although many companies consider this practice to be a deplorable breach of privacy, some trackers respawn and sync their Cookies after the user has cleared all cookies. "Thus, even trackers that don't employ respawning/evercookies nonetheless gain the ability to continually track users who clear cookies".^[7]

Bibliography

1. Zissis, D., & Lekkas, D. (2012). Addressing cloud computing security issues. Future Generation computer systems, 28(3), 583-592. Retrieved from https://www.sciencedirect.com/science/article/pii/S0167739X10002554
2. Alliance, C. S. (2010). Top threats to cloud computing v1. 0. White Paper. Retrieved from https://cloudsecurityalliance.org/topthreats/csathreats.v1.0.pdf
3. Polemi, D. (1998). Trusted third party services for health care in Europe. Future Generation Computer Systems, 14(1-2), 51-59. Retrieved from https://www.sciencedirect.com/science/article/pii/S0167739X98000089
4. Advertisement. (n.d.). Retrieved from https://www.merriam-webster.com/dictionary/advertisement
5. Hill, S. (2015, June 26). How much do online advertisers really know about you? We asked an expert. Retrieved from https://www.digitaltrends.com/computing/how-do-advertisers-track-you-online-we-found-out/
6. Kirk, J. (2014, July 25). 'Canvas fingerprinting' online tracking is sneaky but easy to halt. Retrieved from https://www.pcworld.com/article/2458280/canvas-fingerprinting-tracking-is-sneaky-but-easy-to-halt.html
7. Englehardt, S. (2014, August 7). The hidden perils of cookie syncing. Retrieved from https://freedom-to-tinker.com/2014/08/07/the-hidden-perils-of-cookie-syncing/
8. Acar, G., Eubank, C., Englehardt, S., Juarez, M., Narayanan, A., & Diaz, C. (2014, November). The web never forgets: Persistent tracking mechanisms in the wild. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 674-689). ACM. Retrieved from https://www.ftc.gov/system/files/documents/public_comments/2015/10/00064-98109.pdf