(Press-News.org) WORCESTER, Mass. – A study of more than 100 popular websites used by tens of millions of people has found that three quarters directly leak either private information or users' unique identifiers to third-party tracking sites. The study, co-authored by Craig Wills, professor of computer science at Worcester Polytechnic Institute (WPI), also demonstrated how the leakage of private information by many sites, including email addresses, physical addresses, and even the configuration of a user's web browser—so-called browser fingerprints—could permit tracking sites to link many disparate pieces of information, including browsing histories contained in tracking cookies and the contents of searches on health and travel sites, to create detailed profiles of individuals.
The study (http://w2spconf.com/2011/papers/privacyVsProtection.pdf), presented last week at the Web 2.0 Security and Privacy conference in Oakland, Calif., concluded that efforts made to date to curb the leakage of personal information from websites and online social networking sites, including proposals made in a 2010 Federal Trade Commission (FTC) report on protecting consumer privacy, would be largely ineffective in preventing the identified leakage and linkage. They asserted that websites need to take greater responsibility for privacy protection.
"Despite a number of proposals and reports put forward by researchers, government agencies, and privacy advocates, the problem of privacy has worsened significantly," Wills said. "With the growing disconnect between the existing and proposed privacy protection measures and the increasing and increasingly worrisome linkage of personal information from all sorts of websites, we believe it is time to move beyond what is clearly a losing battle with third-party aggregators and examine what roles first-party sites can play in protecting the privacy of their users."
The researchers, who had previously brought attention to the leakage of personal information from many popular social networking sites (http://preview.tinyurl.com/4y583ru), decided to explore the handling of private information by conventional websites, an area that has gone largely unexamined, Wills said. They focused on sites that encourage users to register, since users often share personal and personally identifiable information, including their names, physical address, and email address, during the registration process. They also examined popular health and travel sites, since users conduct searches on these sites that can point to their health issues or reveal their travel plans.
They found that information is leaked through a number of routes to third-party sites that track users' browsing behavior for advertisers. In some cases, information was passed deliberately to the third-party sites. In others it was included, either deliberately or inadvertently, as part of routine information exchanges with these sites. Depending on the site, the leakage occurred as users were creating, viewing, editing, or logging into their accounts, or while navigating the websites. They also observed sensitive search terms (such as pancreatic cancer) being leaked by health sites and travel itineraries being leaked by travel sites.
The researchers examined the types of information being leaked by the websites and rated them according to their sensitivity and their ability to identify users. A user's name, phone number, or email address rated highest on the identifiability scale, for example, while health information and travel itineraries rated highest on the sensitivity scale. While the majority of leaked information rated low on both scales, the authors said this does not necessarily suggest that users need not be concerned about privacy leaks from websites.
They noted that third-party tracking sites receive a wide range of information from popular websites that could be used to connect diverse bits of leaked information and connect them to an individual user's identity. These include the user ID that a website assigns to a user (leaked by nearly half of the sites studied), unique identifiers like email addresses or home addresses, and browser fingerprints—information on how an individual browser is configured, including the list of installed plugins, which the authors found is leaked by a number of sites.
The study also evaluated a range of actions that web users could take to prevent their information from being leaked, including blocking the setting of cookies and using an advertising blocking utility or the blocking features built into the newest versions of some popular browsers. They found that all of these techniques miss some types of leakage; ad blockers, for example, do not reliably block leakage to so-called hidden third-party sites and also impair the usability of some websites.
They also reviewed proposals included in a December 2010 report on online privacy release by the FTC. "The report advocates the Privacy by Design initiative, which seeks proactive embedding of privacy at the design stage, defaults to be set to private, transparence about users' information, and access to all user-related sensitive data stored in aggregators," the study notes. But even these proposals fail to provide safeguards against the linkage of user information by third-party sites or leakage to hidden third parties, and they do not include methods for either verifying that third-party sites abide by the guidelines or penalizing those that do not.
"A key failure of the FTC report is that it largely ignores the responsibility of websites in safeguarding the privacy of their users," Wills said. "These sites should play a custodial role in protecting their users and preventing the leakage of their sensitive or identifiable information. Third-party sites have a powerful economic incentive to continue to collect and aggregate user information, so relying on them to protect user privacy will continue to be a losing battle. It is time to put the focus on what first-party sites can and should do."
INFORMATION:
About Worcester Polytechnic Institute
Founded in 1865 in Worcester, Mass., WPI was one of the nation's first engineering and technology universities. Its13 academic departments and School of Business offer more than 50 undergraduate and graduate degree programs in science, engineering, technology, business, the social sciences, and the humanities and arts, leading to bachelor's, master's and PhD degrees. WPI's world-class faculty work with students in a number of cutting-edge research areas, leading to breakthroughs and innovations in such fields as biotechnology, fuel cells, information security, materials processing, and nanotechnology. Students also have the opportunity to make a difference to communities and organizations around the world through the university's innovative Global Perspective Program. There are more than 25 WPI project centers throughout North America and Central America, Africa, Australia, Asia, and Europe.
END
Hip strengthening exercises performed by female runners not only significantly reduced patellofemoral pain -- a common knee pain experienced by runners -- but they also improved the runners' gaits, according to Indiana University motion analysis expert Tracy Dierks.
"The results indicate that the strengthening intervention was successful in reducing pain, which corresponded to improved mechanics," said Dierks, associate professor of physical therapy in the School of Health and Rehabilitation Sciences at Indiana University-Purdue University Indianapolis. "The leg was ...
BOSTON – Researchers from Harvard Medical School and MIT have developed a new approach for identifying the "self" proteins targeted in autoimmune diseases such as multiple sclerosis, diabetes and rheumatoid arthritis.
In a paper published in Nature Biotechnology, H. Benjamin Larman and colleagues showed that errant immune responses which mistakenly target the body's own proteins rather than foreign invaders can now be examined in molecular detail. Further research could lead to new insights into the exact causes of these debilitating autoimmune disorders. The results ...
From a distance, Callie (not her real name) appears to be a normal if quiet 5-year-old girl. But when faced with a toy that blows large soap bubbles—an activity that makes the vast majority of kindergarteners squeal and leap with delight—she is uninterested in popping the bubbles or taking a turn with the gun herself. When offered dolls or other toys, she is equally unmoved. When groups of children congregate to play, Callie does not join them. Even at home, she is quiet and withdrawn. While Callie's mother explains this lack of interest in play as simple "shyness," researchers ...
When we've got a problem to solve, we don't just use our brains but the rest of our bodies, too. The connection, as neurologists know, is not uni-directional. Now there's evidence from cognitive psychology of the same fact. "Being able to use your body in problem solving alters the way you solve the problems," says University of Wisconsin psychology professor Martha Alibali. "Body movements are one of the resources we bring to cognitive processes."
These conclusions, of a new study by Alibali and colleagues—Robert C. Spencer, also at the University of Wisconsin, and Lucy ...
The American Academy of Pediatrics recently released new recommendations for infants riding in child safety seats. The group announced that infants should ride in rear-facing car seats for as long as possible. Previously, children could ride in forward-facing seats after their first birthday.
The group relied on a University of Virginia study indicating that small children are 75 percent less likely to die or suffer severe injuries in a car crash if they are facing the rear of the vehicle. Dr. Dennis R. Durbin, scientific co-director of the Center for Injury Research ...
GAINESVILLE, Fla. — Mathematical models analyzing how a cholera outbreak spread in Zimbabwe are providing new insights into the most effective vaccination strategies for preventing future cholera epidemics, according to University of Florida researchers.
The mathematical models employed to analyze a large cholera outbreak in Zimbabwe in 2008-2009 suggest that mass vaccinations deployed strategically could prevent future cholera epidemics in that country and others.
The researchers' findings, published online in late April in the Proceedings of the National Academy of ...
WASHINGTON, DC, June 2, 2011 — A common reading of the recent subprime mortgage crisis pins the blame on bankers and loan brokers who extended mortgages to those who could not afford them, thereby inflating a housing bubble that was destined to burst.
While technically correct, that reading ignores the "politics of creditworthiness" that undergirded the rise of subprime mortgages, as explained in a new article in the June issue of the American Sociological Review by Simone Polillo, an assistant professor of sociology in the University of Virginia's College of Arts & ...
Just before 10:00 a.m. on June 20, 2001, a uniformed police officer was dispatched to do what he thought was a routine welfare check at a home in Houston, Texas. When the officer met Andrea Yates at the door, she immediately told him, "I just killed my kids." When Yates was later asked why she drowned her five children, she claimed she had to in order to save them from hell. The police would learn that Yates had been suffering from long-term post-partum depression and psychosis.
Nearly 10 years after Andrea Yates killed her five children, the case remains hotly debated ...
Philadelphia – Pleural mesothelioma patients who undergo lung-sparing surgery in combination with photodynamic therapy (PDT) show superior overall survival than patient treated using the conventional therapy of extrapleural pneumonectomy (EPP) (or en bloc removal of the lung and surrounding tissue) with PDT, indicates new research from the Raymond and Ruth Perelman School of Medicine at the University of Pennsylvania. The research is published in the June 2011 issue of the Annals of Thoracic Surgery.
"Unlike patients who receive traditional lung sacrificing surgery for ...
On May 6, 2011, the U.S. Consumer Product Safety Commission (CPSC) issued an "urgent warning" about the "Me Too" Clip-On Table Top Baby Chairs (imported by phil&teds USA Inc.). The CPSC has determined that this baby chair poses a risk of serious injury to children. The CPSC strongly urges all consumers to stop using the chairs immediately. See http://www.youtube.com/watch?v=hC0B_k0nTlw for the CPSC's 2-minute video announcement and warning.
The chair consists of a nylon seat with a metal frame that clamps onto a table edge using two metal vise ...
