Few people realize that it is easier to keep one’s privacy in the real world than in the increasing more complex on-line world. Besides the hackers who invade users computers and servers, the service providers themselves (the companies that host sites and e-mail accounts) and any address on the Internet can also systematically collect data, with the purpose of personalizing services or of prying into other people’s business. Accessing the world-wide computer network, the user may, by filling in forms, supply personal details like address, telephone, ID or credit card number, besides unwittingly giving information about his interests, habits, purchases and personal preferences. Concerned with the loss of privacy of the millions of web surfers who access the Internet and do not want to be identified, researchers from the Computer Science Department of the Federal University of Minas Gerais (UFMG) have developed a system that makes it possible to browse the web with more privacy, protected by “masks”.
A mask is a kind of pseudonym associated with a group of persons who share the same theme of interest, instead of being associated with a specific individual. Hence, automatically, the user who visits a site about tourism, for example, becomes linked to a group identified with the theme, at the service provider. Site maintainers record the visit of the group, and not of the user, who will be able to receive personalized information, if applicable, without any kind of identification.
The work by the team from UFMG has gained notoriety. It was the cover story of the Security & Privacy magazine, on of the most important publications in its sphere in the United States, published by the Institute of Electrical and Electronics Engineers, an organization that is better known by its acronym IEEE, which brings together 380,000 members in 150 countries, from the areas of engineering, telecommunications and computing. The article Masks: bringing anonymity and personalization together was written by researchers Virgílio Almeida and Wagner Meira Júnior, professor at UFMG, and by Lucila Ishitani, who is studying for her doctorate. The prototype will be available as freeware, to be used free of charge by users and institutions universities, government, companies and service providers before the end of the year.
Valuable profile
The problem of the lack of privacy on the Internet is a serious one, because many surfers are unaware that the world-wide web lodges camouflaged programs, capable of monitoring the behavior of the users and drawing up their profiles. The simple fact of accessing a portal is sufficient for identification. According to Almeida, the pop-ups, those little windows with ads that open up on the screen independent of the user’s choice, besides being irritating, identify in a compulsory manner the computer connected to the page, even before they are closed. No action is needed of the Internet user for this invasion to exist. As to the banners (spaces for advertising within a website) all you have to do is click on them for the information about the machine to be captured automatically.
One of the ways of monitoring the behavior and preferences of the users is through cookies files stored on the user’s computer by sites with the objective of making it possible to identifying the internaut who accesses the virtual pages, as well as recovering the previous activities of this user, filed on the site’s server. These files are installed on the user’s computer, regardless of his wishes, and without his even noticing, the moment he accesses a website. “In actual fact, identifying the internaut is done using resources of the browser, both Netscape and Explorer” says Meira Júnior, explaining that the cookies are bundled up with them. Another way of being identified is through the IP (Internet Protocol) address, which is the registration of the users with their respective service providers, present in all the interactions of the user on the web.
Nowadays, the internaut can easily resort to tools for not being identified, such as those that disable cookies in the browsers themselves, but he becomes totally anonymous, which makes browsing over the Internet web difficult in some cases. “Anonymity tools bar any information whatsoever, while the mask filters, but lets through information that may help”, Almeida explains. “A bit of exposure is good and contributes towards an improvement in the services”, adds Meira Júnior. “This is the case of the mobile telephony companies, which monitor all the movement on the telephone, draw up a profile of the users, and launch promotional plans and packages that cater to the majority of the customers”, is the example he gives. “Purchase at the virtual bookshops can also become more interesting if you make clear your preferences. The programs installed on the sites register the literary profile and send precious tips to the virtual customers”, recalls Almeida, who tested the mechanisms for formulating the masks onthe website of a real electronic bookshop.
Detestable messages
On the other hand, there is no lack of reasons for concern over privacy on the Internet. “There are companies in the United States that are specialized in capturing data, drawing up profiles, mapping them and selling them”, says Almeida. If today the information is channeled towards direct marketing that clogs the inboxes of the “chosen” with detestable spam e-mails that are neither requested nor authorized , there is nothing to prevent these specialist companies from tracking the comings and goings of the Internet surfers, if they decide to change their focus and go beyond the limits of personalized advertising.
As it is possible on the web to collect data in almost all operations, including electronic mail, these “innocent” companies focused on digital marketing may expand their clientele and start rummaging medical data in hospitals and health insurance companies, to further ends that the users are unaware of. This is not to talk about the projects being developed by the American government that provide for detecting behavior, regarded by them as suspect, of people from any place on the planet.
Secure and personalized
The structure of masks developed by the researchers from Minas Gerais is secure, because its generates a temporary and anonymous identity that the user adopts while he browses, which is impossible to be recovered by sites and other programs. One and the same user is given several identifications, depending on the places visited. When accessing a site that identifies the visitors, for example, their details will be totally protected and only the identification of the mask, which does not contain any details of the user, will be captured. However, the mask offers information that can help to personalize the services from the websites.
The system is innovative, because it selects the level of privacy. As this concept, besides being a cultural issue, is very personal, it is the internaut himself who decides the personal data that can circulate over the web. Generally speaking, the architecture of the masks works with two resources: the privacy agent and the mask server. The agent is installed in the user?s machine, and it has the purpose of negotiating with the server the most suitable mask for the website that may be visited, besides warning about the level of threat to privacy.
The server, which may be anywhere on the network, has the function of storing the masks and selecting them according to the site visited. A dialog box warns about the data gathered by the page accessed on the Internet and gives the user the chance to control information that he does not wish to reveal. In certain situations, the masks have to be disabled. “On the secure sites, like bank websites, where identification is fundamental, we have to give up anonymity, in order to benefit from the on-line services”, Almeida notes.
Republish