the world-wide web. why we care? how much of your personal info was released to the internet each...
TRANSCRIPT
The World-Wide WebThe World-Wide Web
Why we care?Why we care?
How much of your personal info How much of your personal info was released to the Internet each was released to the Internet each time you view a Web page?time you view a Web page?
How secure your personal (credit How secure your personal (credit card) info is moved from your card) info is moved from your browser to the Web server?browser to the Web server?
How info is transmitted?How info is transmitted?
Uniform Resource Locator (URL)Uniform Resource Locator (URL)
httphttp://://www.cs.uofs.eduwww.cs.uofs.edu/~bi/2005f-html/cil102/~bi/2005f-html/cil102//chap-chap-sum.htmlsum.html
Hypertext Transfer Protocol
Domain name of the Web server
Directory path
Web page
How info is transmitted?How info is transmitted?
Forms using the GET methodForms using the GET method– Your shipping addressYour shipping address– In the webpage, <FORM … In the webpage, <FORM …
METHOD=“GET” …METHOD=“GET” …– Your address is displayed Your address is displayed publiclypublicly
http://www.some.com/shop.php?http://www.some.com/shop.php?name=‘smith’...name=‘smith’...
– Anyone over your shoulder can read itAnyone over your shoulder can read it– Since using the GET method is determined Since using the GET method is determined
by the Web server, there is nothing you by the Web server, there is nothing you can do to avoid itcan do to avoid it
How info is transmitted?How info is transmitted?
Forms using the POST methodForms using the POST method– Your shipping addressYour shipping address– In the webpage, <FORM … In the webpage, <FORM …
METHOD=“POST” …METHOD=“POST” …– Your address is Your address is NOTNOT displayed displayed
publiclypublicly– This does NOT mean it is safe.This does NOT mean it is safe.
What info is transmitted?What info is transmitted?
Each time you access the Web, the Each time you access the Web, the browser sends the following to the browser sends the following to the Web serverWeb server– The IP address of your machineThe IP address of your machine
Often it can identify your town or ISPOften it can identify your town or ISP
– The web server’s IP addressThe web server’s IP address– The OS you use on your machineThe OS you use on your machine– The browser you useThe browser you use
Goto Goto http://www.cs.grinnell.edu/~walker/fluency-book/web-info.php
to see how much info is sent to the Web serverto see how much info is sent to the Web server
What are Cookies?What are Cookies?
Have you ever gone to a website that seemed Have you ever gone to a website that seemed to remember you?to remember you?
Websites use cookies to store info about you Websites use cookies to store info about you on your own computeron your own computer– When you visit such a website, it stores info as When you visit such a website, it stores info as
cookies (cookies (that appear as filesthat appear as files) on your computer) on your computer– Next you visit the same website, your browser sends Next you visit the same website, your browser sends
over all the cookies stored by that websiteover all the cookies stored by that website What info is stored in cookies?What info is stored in cookies?
– In theory, anything the website wants toIn theory, anything the website wants to– Normally, it is about how you used the websiteNormally, it is about how you used the website– A website could store your id, password, etc in A website could store your id, password, etc in
cookies if it has that info.cookies if it has that info.
What are Cookies?What are Cookies?
The positive side of cookiesThe positive side of cookies– A Web server can use cookies to streamline A Web server can use cookies to streamline
and personalize your interactions with itand personalize your interactions with it– A browser is supposed to send cookies only A browser is supposed to send cookies only
to the Web server who stored them.to the Web server who stored them. The negative side of cookiesThe negative side of cookies
– Companies may use cookies to store info for Companies may use cookies to store info for other purposes without your permissionother purposes without your permission
– There are ways for a Web server to get There are ways for a Web server to get cookies that were stored by other Web cookies that were stored by other Web servers.servers.
What defenses against What defenses against CookiesCookies
For the website you visit, especially, For the website you visit, especially, those websites you need to register, those websites you need to register, check:check:– How will the company use the info you How will the company use the info you
supply?supply?– Will the company share info with others?Will the company share info with others?– Can you limit access of other to this Can you limit access of other to this
info?info?– What protections are in place to keep What protections are in place to keep
this info?this info?
What defenses against What defenses against CookiesCookies
If you use a computer at work or school, If you use a computer at work or school, cookies would be stored on school or cookies would be stored on school or company’s computer:company’s computer:– System administrators or managers may read System administrators or managers may read
your cookies filesyour cookies files View your organization’s privacy policyView your organization’s privacy policy
– Technicians may inadvertently access your Technicians may inadvertently access your cookies, when your computer was sent for cookies, when your computer was sent for repair, for example.repair, for example.
– Best way to protect yourself, delete cookies. Best way to protect yourself, delete cookies. Almost every browser has a function you can use to Almost every browser has a function you can use to
delete cookies.delete cookies.
How secure is info during How secure is info during transmissiontransmission
When you use the Internet, all data When you use the Internet, all data you put on the network is visible to you put on the network is visible to computers on the same Ethernet, as computers on the same Ethernet, as discussed in the Network chapter.discussed in the Network chapter.
When your data need to be passed When your data need to be passed from one segment to another segment from one segment to another segment of the network, the intermediate of the network, the intermediate computers can read your data.computers can read your data.
Thus, info is not secure at all when Thus, info is not secure at all when transmitted on the Internet.transmitted on the Internet.
How secure is info during How secure is info during transmissiontransmission
One way to protect yourself is encrypt One way to protect yourself is encrypt info that you want to be confidentialinfo that you want to be confidential– When data is encrypted, it can still be copied When data is encrypted, it can still be copied
or intercepted by other computers, however, or intercepted by other computers, however, they would not know what it means.they would not know what it means.
– When a good encryption is used, it may take When a good encryption is used, it may take years, decades to break the codeyears, decades to break the code
When shopping (or passing private info) When shopping (or passing private info) on the Web, make sure the website uses on the Web, make sure the website uses HTTPS protocol.HTTPS protocol.– HTTPS: Secure HTTP, which asks the browser HTTPS: Secure HTTP, which asks the browser
to encrypt the data before it is transmitted to encrypt the data before it is transmitted and the server decrypts data upon receiving. and the server decrypts data upon receiving.
How can one get credit card How can one get credit card # online?# online?
If you don’t use encryption when you send If you don’t use encryption when you send your credit card number (via email, or the your credit card number (via email, or the Web) on the Internet, someone may intercept Web) on the Internet, someone may intercept the data and get the card number.the data and get the card number.– Encrypt your email and use HTTPSEncrypt your email and use HTTPS
Someone may install a keyboard sniffer, a Someone may install a keyboard sniffer, a spyware, to record every key stroke, and the spyware, to record every key stroke, and the sniffer sends credit card # to an accomplice sniffer sends credit card # to an accomplice site.site.– Remove spyware from your computerRemove spyware from your computer
Credit card companies and companies that Credit card companies and companies that have your credit card info may not have that have your credit card info may not have that info securely protected. Hackers may steal info info securely protected. Hackers may steal info from those companies’ computers.from those companies’ computers.
How can online companies How can online companies defraud me?defraud me?
If the online company (a website) is not a If the online company (a website) is not a real company or it engages in unethical real company or it engages in unethical practices, you may be charged but never practices, you may be charged but never receive the merchandise or overcharged.receive the merchandise or overcharged.
It is very hard to recover the charges It is very hard to recover the charges over the Internet. over the Internet.
To protect yourself, only deal with To protect yourself, only deal with companies with well-established companies with well-established reputation, like amazon.com, etc.reputation, like amazon.com, etc.
TerminologyTerminology
CookiesCookies DecryptionDecryption EncryptionEncryption FormForm Secure HTTPSecure HTTP Uniform Resource Uniform Resource
Locator (URL)Locator (URL)