Internet privacy

Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. Privacy concerns have been articulated from the beginnings of large-scale computer sharing and especially relate to mass surveillance.
Privacy can entail either personally identifiable information or non-PII information such as a site visitor's behavior on a website. PII refers to any information that can be used to identify an individual. For example, age and physical address alone could identify who an individual is without explicitly disclosing their name, as these two parameters are unique enough to identify a specific person typically. Other forms of PII may include GPS tracking data used by apps, as the daily commute and routine information can be enough to identify an individual.
It has been suggested that the "appeal of online services is to broadcast personal information on purpose." On the other hand, in security expert Bruce Schneier's essay entitled, "The Value of Privacy", he says, "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance."

Levels of privacy

Internet and digital privacy are viewed differently from traditional expectations of privacy. Internet privacy is primarily concerned with protecting user information. Law Professor Jerry Kang explains that the term privacy expresses space, decision, and information. In terms of space, individuals have an expectation that their physical spaces not be intruded. Information privacy is in regard to the collection of user information from a variety of sources.
In the United States, the 1997 Information Infrastructure Task Force created under President Clinton defined information privacy as "an individual's claim to control the terms under which personal information — information identifiable to the individual — is acquired, disclosed, and used." At the end of the 1990s, with the rise of the Internet, it became clear that governments, companies, and other organizations would need to abide by new rules to protect individuals' privacy. With the rise of the Internet and mobile networks, Internet privacy is a daily concern for users.
People with only a casual concern for Internet privacy do not need to achieve total anonymity. Internet users may protect their privacy through controlled disclosure of personal information. The revelation of IP addresses, non-personally-identifiable profiling, and similar information might become acceptable trade-offs for the convenience that users could otherwise lose using the workarounds needed to suppress such details rigorously. On the other hand, some people desire much stronger privacy. In that case, they may try to achieve Internet anonymity to ensure privacy — use of the Internet without giving any third parties the ability to link Internet activities to personally-identifiable information of the Internet user. In order to keep their information private, people need to be careful with what they submit and look at online. When filling out forms and buying merchandise, information is tracked and because it is not private, some companies send Internet users spam and advertising on similar products.
There are also several governmental organizations that protect an individual's privacy and anonymity on the Internet, to a point. In an article presented by the FTC, in October 2011, a number of pointers were brought to attention that help an individual Internet user avoid possible identity theft and other cyber-attacks. Preventing or limiting the usage of Social Security numbers online, being wary and respectful of emails including spam messages, being mindful of personal financial details, creating and managing strong passwords, and intelligent web-browsing behaviours are recommended, among others.
Posting things on the Internet can be harmful or expose people to malicious attacks. Some information posted on the Internet persists for decades, depending on the terms of service, and privacy policies of particular services offered online. This can include comments written on blogs, pictures, and websites, such as Facebook and X. Once it is posted, anyone can potentially find it and access it. Some employers may research potential employees by searching online for the details of their online behaviors, possibly affecting the outcome of the success of the candidate.

Risks to Internet privacy

Since personalised advertisements are more efficient, and thus more profitable, than non-personalised ones, online advertising providers often collect user data such as browsing and search history, shopping patterns and social media behaviour. This data can then be automatically processed to display ads more likely to be successful with the particular user they are being displayed to, as well as to personalise content displayed to the user on social media sites. In 1998, the Federal Trade Commission considered the lack of privacy for children on the Internet and created the Children's Online Privacy Protection Act, limiting options obtaining personal information of children and stipulating requirement for privacy policies.
Apart from corporate data collection, on-line privacy threats also include criminal and fraudulent activity. This category includes shortened links on many social media platforms leading to potentially harmful websites, scam e-mails and e-mail attachments that persuade users to install malware or disclose personal information. On online piracy sites, threats include malicious software being presented as legitimate content. When using a smartphone, geolocation data may be compromised.
In late 2007, Facebook launched the Beacon program in which user commercial activity was released to the public for friends to see. Beacon created considerable controversy soon after it was launched due to privacy concerns, and the Lane v. Facebook, Inc. case ensued.

Internet protocol (IP) addresses

The architecture of the Internet Protocol necessitates that a website receives IP addresses of its visitors, which can be tracked through time. Companies match data over time to associate the name, address, and other information to the IP address. There are opposing views in different jurisdiction on whether an IP address is personal information. The Court of Justice of the European Union has ruled they need to be treated as personally identifiable information if the website tracking them, or a third party like a service provider knows the name or street address of the IP address holder, which would be true for static IP addresses, not for dynamic addresses.
California regulations say IP addresses need to be treated as personal information if the business itself, not a third party, can link them to a name and street address.
An Alberta court ruled that police can obtain the IP addresses and the names and addresses associated with them without a search warrant; the Calgary, Alberta police found IP addresses that initiated online crimes. The service provider gave police the names and addresses associated with those IP addresses.

HTTP cookies

An HTTP cookie is data stored on a user's computer that assists in automated access to websites or web features, or other state information required in complex websites. It may also be used for user-tracking by storing special usage history data in a cookie, and such cookies — for example, those used by Google Analytics — are called tracking cookies. Cookies are a common concern in the field of Internet privacy. Although website developers most commonly use cookies for legitimate technical purposes, cases of abuse occur. In 2009, two researchers noted that social networking profiles could be connected to cookies, allowing the social networking profile to be connected to browsing habits.
In the past, websites have not generally made the user explicitly aware of the storing of cookies, however, tracking cookies and especially third-party tracking cookies are commonly used as ways to compile long-term records of individuals' browsing histories — a privacy concern that prompted European and US lawmakers to take action in 2011. Cookies can also have implications for computer forensics. In past years, most computer users were not completely aware of cookies, but users have become conscious of the possible detrimental effects of Internet cookies: a recent study has shown that 58% of users have deleted cookies from their computer at least once, and that 39% of users delete cookies from their computer every month. Since cookies are advertisers' main way of targeting potential customers, and some customers are deleting cookies, some advertisers started to use persistent [|Flash cookies] and zombie cookies, but modern browsers and anti-malware software can now block or detect and remove such cookies.
The original developers of cookies intended that only the website that originally distributed cookies to users could retrieve them, therefore returning only data already possessed by the website. However, in practice, programmers can circumvent this restriction. Possible consequences include:

the placing of a personally identifiable tag in a browser to facilitate web profiling, or
use of cross-site scripting or other techniques to steal information from a user's cookies.

Cookies do have benefits. One is that for websites that one frequently visits that require a password, cookies may allow a user to not have to sign in every time. A cookie can also track one's preferences to show them websites that might interest them. Cookies make more websites free to use without any type of payment. Some of these benefits are also seen as negative. For example, one of the most common ways of theft is hackers taking one's username and password that a cookie saves. While many sites are free, they sell their space to advertisers. These ads, which are personalized to one's likes, can sometimes freeze one's computer or cause annoyance. Cookies are mostly harmless except for third-party cookies. These cookies are not made by the website itself but by web banner advertising companies. These third-party cookies are dangerous because they take the same information that regular cookies do, such as browsing habits and frequently visited websites, but then they share this information with other companies.
Cookies are often associated with pop-up windows because these windows are often, but not always, tailored to a person's preferences. These windows are an irritation because the close button may be strategically hidden in an unlikely part of the screen. In the worst cases, these pop-up ads can take over the screen and while one tries to close them, they can take one to another unwanted website.
Cookies are seen so negatively because they are not understood and go unnoticed while someone is simply surfing the Internet. The idea that every move one makes while on the Internet is being watched, would frighten most users.
Some users choose to disable cookies in their web browsers. Such an action can reduce some privacy risks but may severely limit or prevent the functionality of many websites. All significant web browsers have this disabling ability built-in, with no external program required. As an alternative, users may frequently delete any stored cookies. Some browsers offer the option to clear cookies automatically whenever the user closes the browser. A third option involves allowing cookies in general but preventing their abuse. There is also a host of wrapper applications that will redirect cookies and cache data to some other location. Concerns exist that the privacy benefits of deleting cookies have been over-stated.
The process of profiling assembles and analyzes several events, each attributable to a single originating entity, in order to gain information relating to the originating entity. Some organizations engage in the profiling of people's web browsing, collecting the URLs of sites visited. The resulting profiles can potentially link with information that personally identifies the individual who did the browsing.
Some web-oriented marketing-research organizations may use this practice legitimately, for example: in order to construct profiles of "typical Internet users". Such profiles, which describe average trends of large groups of Internet users rather than of actual individuals, can then prove useful for market analysis. Although the aggregate data does not constitute a privacy violation, some people believe that the initial profiling does.
Profiling becomes a more contentious privacy issue when data-matching associates the profile of an individual with personally-identifiable information of the individual. This is why Google, the dominant ad platform, that uses cookies to allow marketers to track people has announced plans to "kill the cookie."
Governments and organizations may set up honeypot websites – featuring controversial topics – to attract and track unwary people. This constitutes a potential danger for individuals.