TechnoSocial
Home
Technology
Society
History and Archeology
Science
Photos
Humor
Writings
TechnoSocial
  • Home
  • Technology
  • Society
  • History and Archeology
  • Science
  • Photos
  • Humor
  • Writings
Browsing Tag
formatting
Technology•Writings

Privacy Distribution Mechanisms

January 9, 1997 by Kee Hinckley No Comments

I originally wrote this article in 1997 and posted it to my “blog” (back then I called it a ‘zine) as the first entry. As such the links are horribly out of date. Fortunately, the OPS system described here died of neglect. But I’m sure it will come back in one form or another. — Kee Hinckley, February 26, 2017

When does a privacy enhancement become a privacy distribution mechanism?

In the guise of providing greater user privacy, Netscape, Microsoft and Firefly have greatly increased the consumer information that will be available to web sites.

A few months ago Netscape, Microsoft and Firefly together announced a new initiative, the Open Profiling System (OPS) aimed at quelling user fears over privacy invasions on the internet. It was a great success (from a PR standpoint at least, implementation lags announcement, as usual). The press picked it up and reported on it widely, but nowhere did anyone seem to examine what this will really mean when it is deployed.

The Open Profiling Standard (OPS) is a proposed standard which enables the trusted exchange of profile information between individuals and Web sites, with built in privacy safeguards. Firefly, Netscape, and Microsoft will work together on the OPS proposal during the remainder of the standards review process of the World Wide Web Consortium (W3C).

OPS is designed to enable personalized electronic commerce, content and communication while providing a framework for the individual’s privacy. OPS gives each person complete control over the exchange and usage of their personal information across the Web and also saves them valuable time since they only have to enter their information once.

OPS offers Web sites a greater understanding of their audiences therefore dramatically improving personalized online content, marketing and commerce.

Original link was to http://www.firefly.net/OPS/index.html, the site has since reorganized.
“OPS brings us one step closer to market-based solutions for privacy protection,” says Christine Varney, former commissioner of the Federal Trade Commission (FTC)—Internet Magazine

But before we get into that, let’s step back for a moment and look at the whole issue of privacy on the internet. This is an area fraught with emotion, and greatly lacking in hard analysis.

When the web began, no one was thinking much about privacy. The HTTP protocol provided a way for a browser to specify the identity of the user, and many browsers sent that information, either in the form of an email address, or just the initial account name. The server happily collected the information and logged it in the log files. Early web servers even had code which could be used to connect back to the sender’s computer and (depending on the type of computer and the software running there) verify the actual identity of the user (IDENTD). These features were primarily used for tracking how many users (as opposed to browser “hits”) had visited a site, and for contacting someone who was apparently having trouble (lots of hits to mispelled pages or some such) and helping them out. Those were the innocent days.

As web use increased, some people started realizing that they didn’t really want every site they browsed to know who they were. People complained, and the browser authors stopped sending the user identity. The log files stopped receiving that information (although the empty identity field still resides there–filled in only if the user provides a username and password for a secure site).

The key component of the proposed standard is the ability for users to manage how much information their browser gives out and to whom particular information is given.—Information Week

Some time thereafter, two new information sources became available to web site developers. Some browsers began sending a “referer” field–a piece of information that indicates the URL that the user was viewing prior to reaching the current web page, and the Netscape browser (followed by others) began allowing sites to stash a small “cookie” that would be remembered for a specified period of time, and retrieved any time the same site asked for it. Although cookies get all the press, the referer field is actually the only feature capable of exposing personal information that you’d rather not reveal. But this whole issue has everything to do with emotion, and very little to do with facts. Let’s look at the two features.

Cookies

What you may not know is that the industry already has an excellent solution: the “Open Profiling Standard” (OPS).—Jesse Berst/AnchorDesk

A “cookie” is a computer term for a small piece of information that gets tucked away somewhere by a program for future retrieval. Sometimes they are called “magic cookies”. The name implies an informal storage mechanism, and typically cookies aren’t explicitly stored by the user, they general contain internal information that the program needs. Programs use them all the time. When you restart a program and all the windows come up in the same place as the last time you ran it, when you bring up a search dialog in your word processor and the text of the last item you searched for is sitting there pre-selected–those are all examples of a program stashing away a cookie with some information in it. It didn’t ask you if you wanted to save that information, it just stored it for convenience’s sake. We don’t tend to think of those as privacy risks (although if the last search you did was for “big fat boss”, and the next person to use your computer is the aforementioned boss, you might think otherwise).

“OPS is a great first step,” Gaddis says. “It raises consumer awareness and allows consumers to protect themselves against the few bad eggs that are present with any transaction.”—Computer Shopper

The cookies stored by your browser are no different. When you go to a web site, it has the option of asking your browser to store some information about your session so that it can access it at some future date. That information is usually a session identifier, or some other data that will enable the site to recognize you when you return. The site may use it to remember your login information, or pre-fillin that complaint form so you don’t have to do it again, or just track the happy fact that you have returned to the site. The cookie does not, and can not, contain any information that you haven’t already provided to the site. It also cannot be passed to any other site, so the information you enter on one site can not be snarfed by some other site.

Referer Fields

Referer fields are slightly different. What they tell a site is how you got there. Within a site they are often used for tracking your movement so that the user interface designers can look at how people are using a site and modify the interface to better give people access to sections that aren’t being visited. However what is usually of more interest is the site that you were on before you came to this one. That gives site owners an idea of which remote links are most useful and/or cost effective. The catch is that browsers don’t just pass the referer field when you click on a link, they also often pass it when you type in a URL. So it is possible that sites will pick up the fact that the previous site you were visiting was, shall we say, not one that you might like the world to know you were visiting. It’s rather like stepping out of the adult bookstore and bumping into your next door neighbor.

Oddly enough, though, the referer fields have never really caught on as a “privacy risk” in the press. So be it.

Selling Yourself

As you travel from one site to another on the web, you may be amazed at how much is being given away for free. Research reports, news, travel directions… the list goes on and on. And it’s all free! Sites that charge money for access are few and far between.

Appearances can be deceiving. In fact there are many, many sites on the web that are charging for access, it’s just that the currency isn’t what you are used to. Instead of cash, the currency is personal information. Information about your age, your sex, your marital status, your wealth. Some sites are subtle (Lucent’s MapsOnUs lets you use the site several times before it asks for some information about you (couldn’t do that without cookies :-). Other sites barely let you past the front page before insisting that you register. Other’s tempt you with a contest of some sort. But the end result is the same, you’ve sold some part of your electronic soul for access to the site. You’ve exchanged one sort of information for another.

But what will those people do with that information? Will they sell it to a mailing list? Will it be picked up by spammers? Will tons of junk paper mail start arriving at work? These questions started the privacy experts questioning the whole process, although in practice this is no different than filling out a magazine’s bingo card (and usually far more rewarding). In stepped Netscape, Microsoft, Firefly and others with the OPS, a combination of two technologies and a business practice addressed at giving users more control over their privacy–at least in theory.

The technologies are the vCard standard from the Internet Mail Consortium, and Digital Certificates (also known as X.509), an IETF (Internet Engineering Task Force) standard. The vCard standard specifies a format for storing and exchanging personal information (typically the type found on a business card, but it can cover just about anything). Digital Certificates provide a mechanism for providing secure storage and transmition of identification information–the driver’s license of the internet.

The business process that ties these together is a promise from companies signing up for this standard that they will adhere to certain privacy guidelines.

Web sites that adopt OPS are strongly encouraged to adopt a recognized privacy assurance program that includes third-party auditing, and to clearly post their privacy policies on the site where visitors can see them. In addition, consumers are cautioned not to release their Personal Profile to any site that does not post its privacy policies and submit to third-party auditing.

As business practices go, that one is pretty weak, and nothing that couldn’t have been done without all this new technology. So what does the new technology provide to enhance privacy?

Frankly, nothing. What the OPS does is let you only enter your personal information only once, so that when a site asks for your information, it becomes incredibly easy to provide it. Where before you might have had to fill out a form with home and work addresses, sex, marital status, income and the like. Now you can just hit the “Okay” button on your browser and have all that information automatically sent to the remote system. Where before you might have skipped the non-mandatory fields in a form, now you’ll send them anyway, it’s not any harder.

In sum, the OPS is really a mechanism to make it easier for consumers to tell vendors information about themselves. It provides no more control over privacy information than the current “fill out the form” mechanism, and is far more likely to increase the distribution of personal information to multiple companies. It’s not a “bad” technology in any sense, but the PR that it has gotten is deceptive–OPS does nothing to enhance privacy.

Share:
Reading time: 9 min

About me

I’m Kee Hinckley (he/his). That’s my wife Mollie Pepper on the right. I’m a senior software architect at TiVo Corp (I get the metadata from point A to point B) with a BA in Anthropology. Mollie’s a sociologist with a couple Masters and a PhD on the way; she specializes in borders, gender, and violence. I have two kickass daughters. Shireen Hinckley is a film editor and documentarian currently working on a movie on refugee resettlement, Home Is Where the War Is. Shadi Fotouhi is a QA automation expert at Wayfair (and formerly at robotics firm Jibo), and an amazing artist.

Home is Where the War Is: Taster

Search

nazgul @ twitter

nazgulDr. Pepper’s Husband (Kee Hinckley)@nazgul·
21 Jan

Taking a break.
Out of spoons.
Be well.

Reply on Twitter 1352104884615536640Retweet on Twitter 1352104884615536640Like on Twitter 135210488461553664014Twitter 1352104884615536640
nazgulDr. Pepper’s Husband (Kee Hinckley)@nazgul·
21 Jan

No no no!

Soon-Tzu Speechley 孫子@speechleyish

Do you want ghosts? Because this is how you get ghosts.

Reply on Twitter 1352092807842787332Retweet on Twitter 1352092807842787332Like on Twitter 13520928078427873322Twitter 1352092807842787332
Retweet on TwitterDr. Pepper’s Husband (Kee Hinckley) Retweeted
brianklaasBrian Klaas@brianklaas·
20 Jan

Just wanted to let you know that Eric Trump's wedding planner is no longer the person in charge of federal housing in New York and New Jersey.

Reply on Twitter 1351998300350803970Retweet on Twitter 1351998300350803970875Like on Twitter 13519983003508039704766Twitter 1351998300350803970
nazgulDr. Pepper’s Husband (Kee Hinckley)@nazgul·
21 Jan

So devs.
What restrictions does your company put on your dev env? Which are real, and which aren't enforced? Private devices. Managed devices. Use of privately purchased software. Use of open source software. Which apps can access mail/calendar/contacts…
How does that work?

Reply on Twitter 1352072890733060098Retweet on Twitter 1352072890733060098Like on Twitter 1352072890733060098Twitter 1352072890733060098
Retweet on TwitterDr. Pepper’s Husband (Kee Hinckley) Retweeted
shadow_kylieCheese Ninja@shadow_kylie·
20 Jan

"I bet it would be funny to put a pancake on my cats face"...

2 minutes later "JESUS CHRIST!"

Reply on Twitter 1351998951113818116Retweet on Twitter 135199895111381811632990Like on Twitter 1351998951113818116244553Twitter 1351998951113818116
Load More...

Instagram Feed

kee.hinckley

Some moonlight photos from the iPhone 12. Hand-pro Some moonlight photos from the iPhone 12. Hand-propped up. 4s exposure.
Instagram post 18136840978080112 Instagram post 18136840978080112
I think the #LaConner #sunset construction crew ha I think the #LaConner #sunset construction crew has outdone themselves this evening.
We had gusts up to 70mph last night, and heavy sus We had gusts up to 70mph last night, and heavy sustained winds. That on too of weeks of rain and supersaturated land. Our neighbors were very lucky these trees only hit their truck. Power went out at midnight last night. A couple hundred thousand people still without.
Charlie has the warmest seat in the house. Charlie has the warmest seat in the house.
Hummingbird says hello. Hummingbird says hello.
Sunset video Sunset video
Good evening. Good evening.
Good evening. Good evening.
A moment of serenity. #eagles #laconner A moment of serenity. #eagles #laconner
Breakfast. Working on my Instagram influencer vibe Breakfast.
Working on my Instagram influencer vibe :)
January 2nd January 5th January 2nd
January 5th
“I see you.” “I see you.”
Here’s to a kicking off 2021 the way I’d meant Here’s to a kicking off 2021 the way I’d meant to kickoff 2020.
Gabby; waiting for me to come to bed. Gabby; waiting for me to come to bed.
Happy Holidays from Charlie and Gabby. Happy Holidays from Charlie and Gabby.
My Scarfolk coasters made it to the States before My Scarfolk coasters made it to the States before they shut down Britain!
Had no luck with my super-zoom. I need to figure o Had no luck with my super-zoom. I need to figure out how to keep it from overexposing the stars. But actually got a decent photo with my phone.
The sun is out! #laconner The sun is out! #laconner
In case you thought the NYT’s inability to take In case you thought the NYT’s inability to take fascists seriously was something new.
Load More... Follow on Instagram

Recent Posts

Program of the Day: Hermes

December 4, 2019

Another La Conner Sunset

August 25, 2019
How we gave China the keys to our technological future

How we gave China the keys to our technological future

August 12, 2019

Tags

Anacortes Anna Dobos Apple Art bangladesh birds capecod documentary eagle eclipse Fall flowers heron herons HomeIsWhereTheWarIs i India Iraq joinindaily joinindailyspecifics jordan LaConner lighthouse Maine migrants music Myanmar photography privacy refugee refugees Rohingya roses sandyneck scamming seagull security Shireen Hinckley software stateless sunset thailand WashingtonState

Popular Posts

On Pseudonyms

On Pseudonyms

July 27, 2011

On Bigotry

December 12, 2015

Today’s #joinindaily theme from Johnny Wills is: “The Odd One Out!”

September 21, 2017

How to cheat a slot machine

July 23, 2019

News from elsewhere

[wp-rss-aggregator template=”brief”]

© 2019 Kee Hinckley // All rights reserved