2. xHTML - a ‘stateless’ environment
stateless
(adj.) Having no information about what occurred previously.
• Most modern applications maintain state, which means
that they remember what you were doing last time you
ran the application, and they remember all your
configuration settings. This is extremely useful because it
means you can mould the application to your working
habits.
• Each request for a new web page is processed without
any knowledge of previous pages requested or
processed.
2
3. How do they do that?
For example:
A user ‘logs in’ to a web page. Once
logged in, the user can browse the site
while maintaining their logged in state.
3
4. Is PHP stateless?
• Variables are destroyed as soon as the page
script finishes executing.
• The script can access the ‘referrer’, the address
of the previous page, although this can’t really
be trusted.
$_SERVER['HTTP_REFERER']
• It is possible to add data to a database/text file
to add persistent data, although this is not
connected with a particular user…
4
5. Is PHP Stateless… No!
• The usual way to maintain state in PHP
pages is via the use of Sessions.
• To understand how these work, we need
to have a look at what and how cookies
are..
5
6. Taking the Byte Out of
Cookies:
Privacy, Consent, and the
Web
Daniel Lin
Department of Computer Science
University of Illinois at Urbana-Champaign
Michael C. Loui
Department of Electrical and Computer Engineering,
and Coordinated Science Laboratory
University of Illinois at Urbana-Champaign
6
7. Introduction
• What is different about our concerns with privacy
when we deal with the Internet?
• Our contributions:
– Difference between the collection and centralization of
information.
– The role of informed consent in the theory of privacy
– Reasonable expectation of privacy and Internet
cookies
7
8. Theories of Privacy
• Right “to be let alone” (Warren & Brandeis)
• Control of information (Fried, …)
• Undocumented personal knowledge (Parent)
• Privacy as restricted access (Gavison)
– Secrecy
– Anonymity
– Solitude
– Loss of privacy versus violation of privacy
• Why privacy is important (Rachels, Benn)
8
9. Informed Consent and the
Collection of Information
• Disclosure
• Comprehension
• Voluntariness
• Competence
• Consent
9
10. Collection of Personal Information
• An ethical collection of personal information
causes a loss of privacy
– Obtaining informed consent is sufficient but not
necessary for an ethical collection of personal
information
• An unethical collection of personal information
causes a violation of privacy
– Collection of personal information is unethical when it
does not comport with the reasonable expectation
of privacy for this situation
10
11. Centralization of Information
• Assembling personal information from
multiple sources, originally collected for
different purposes: “digital dossier”
• Violation of privacy with no extra loss of
privacy:
– Composite portrait out of context
– Unauthorized subsets of information
11
12. Reasonable Expectation of
Privacy
• Natural versus normative privacy (Moor)
• Privacy in public places (Nissenbaum)
– Supermarket: public place
– Shopping cart: private in public?
• The Internet
– Home office: private place
– Web access: public in private?
12
13. Internet Cookies
• The Internet
– Reasonable expectations of privacy are
neither firmly rooted nor well developed
• What are Internet cookies?
– Internet cookies allow a Web site to gather
and store information about our visit to that
Web site
13
14. What is a Cookie?
• A cookie is a small text file that is stored
on a user’s computer.
• Each cookie on the user’s computer is
connected to a particular domain.
• Each cookie be used to store up to 4kB of
data.
• A maximum of 20 cookies can be stored
on a user’s PC per domain.
14
15. Example (1)
1. User sends a request for page at
www.example.com for the first time.
page request
15
16. Example (2)
2. Server sends back the page xhtml to the
browser AND stores some data in a
cookie on the user’s PC.
xhtml
cookie data
16
17. Example (1)
3. At the next page request for domain
www.example.com, all cookie data
associated with this domain is sent too.
page request
cookie data
17
18. Set a cookie
setcookie(name [,value [,expire [,path [,domain
[,secure]]]]])
name = cookie name
value = data to store (string)
expire = UNIX timestamp when the cookie expires.
Default is that cookie expires when browser is
closed.
path = Path on the server within and below which the
cookie is available on.
domain = Domain at which the cookie is available
for.
secure = If cookie should be sent over HTTPS
connection only. Default false.
18
19. Set a cookie - examples
setcookie(‘name’,’Robert’)
This command will set the cookie called
name on the user’s PC containing the
data Robert. It will be available to all
pages in the same directory or
subdirectory of the page that set it (the
default path and domain). It will expire
and be deleted when the browser is
closed (default expire).
19
20. Set a cookie - examples
setcookie(‘age’,’20’,time()
+60*60*24*30)
This command will set the cookie called
age on the user’s PC containing the data
20. It will be available to all pages in the
same directory or subdirectory of the page
that set it (the default path and domain).
It will expire and be deleted after 30 days.
20
21. Set a cookie - examples
setcookie(‘gender’,’male’,0,’/’)
This command will set the cookie called
gender on the user’s PC containing the
data male. It will be available within the
entire domain that set it. It will expire and
be deleted when the browser is closed.
21
22. Read cookie data
• All cookie data is available through the
superglobal $_COOKIE:
$variable = $_COOKIE[‘cookie_name’]
or
$variable = $HTTP_COOKIE_VARS[‘cookie_name’];
e.g.
$age = $_COOKIE[‘age’]
22
23. Storing an array..
• Only strings can be stored in Cookie files.
• To store an array in a cookie, convert it to
a string by using the serialize() PHP
function.
• The array can be reconstructed using the
unserialize() function once it had
been read back in.
• Remember cookie size is limited!
23
24. Delete a cookie
• To remove a cookie, simply overwrite the cookie
with a new one with an expiry time in the past…
setcookie(‘cookie_name’,’’,time()-6000)
• Note that theoretically any number taken away
from the time() function should do, but due to
variations in local computer times, it is advisable
to use a day or two.
24
25. To be first.. HEADER REQUESTS
• As the setcookie command involves
sending a HTTP header request, it must
be executed before any xhtml is echoed
to the browser, including whitespace.
echoed
whitespace
before
correct! setcookie
incorrect.
25
26. Malicious Cookie Usage
• There is a bit of a stigma attached to
cookies – and they can be maliciously
used (e.g. set via 3rd party banner ads).
• The important thing to note is that some
people browse with them turned off.
e.g. in FF, Tools > Options > Privacy
26
27. The USER is in control
• Cookies are stored client-side, so never
trust them completely: They can be
easily viewed, modified or created by a 3 rd
party.
• They can be turned on and off at will by
the user.
27
28. What do Cookies Look Like?
• All cookies contain the same information:
– The name of the cookie
– The value of the cookie
– An expiration date
– The path for which the cookie is valid
– The domain for which the cookie is valid
– A flag indicating whether the cookie requires secure
transport
28
29. What do Cookies Look Like?
• An example cookie file from a UNIX workstation using
Netscape:
# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This is a generated file! Do not edit.
victory.cnn.com FALSE / FALSE 942189160 NGUserID cf1947b7-20682-
881794064-1
revenue.infi.net FALSE / FALSE 942189160 KRRC d083adf8-4235-
882047182-1
adserv.newcentury.net FALSE / FALSE 942189160 NGUserID d101991f-
10174-882047153-1
.doubleclick.net TRUE / FALSE 1920499140 id 117828a6
.illuminatus.com TRUE / FALSE 945734399 Count 1
29
30. Argument Against Cookies
(Mayer-Schoenberger)
• Cookies are stored on the user’s computer without the
user’s consent or knowledge
• Cookies are clandestinely and automatically transferred
from the user’s computer to the Web server
• Because cookies allow the Web server to set an
expiration date, they violate the “accuracy” and
“timeliness” principles in the European Union Directive
on the Protection of Personal Data
• Once the cookie is set, it is freely accessible to Web
servers: FALSE
30
31. Morally Permissible Cookies
Collection of Personal Information
• Customer preferences
• Online shopping 31
Mr. Smith
32. Immoral Uses of Cookies
Centralization of Personal Information
In order to measure
our browsing
behavior, target
marketers track us
over the Internet by
adding cookies to
the advertisement
banners on so many
Web pages.
Is such a use of
cookies ethical?
Does it fit within a
reasonable
expectation of
privacy on the
Web?
32
33. Development of Cookie
“Awareness”
• Most Web browsers allow the user to
configure their cookie options:
Netscape Navigator Netscape Communicator
33
34. Summary and Conclusions
• If the collection of personal information exceeds a reasonable
expectation of privacy, obtaining informed consent makes such
a collection ethical. If the collection of information lies within a
reasonable expectation, informed consent does not seem
necessary.
• Internet cookies are a tool. They can be used in both morally
permissible and immoral ways.
• In general, Web servers cannot obtain your personal information
unless you explicitly give it (e-mail address, credit card
numbers, home address, phone number).
• Do cookie notifications provide sufficient information for an
informed choice?
• Cookie notification detracts from the usability of Web browsers.
How to improve? 34
35. What went wrong
(The Cookie Concept)
•Introduced for good reason: Helping users access their favorite web sites
easily from the second time onwards.
•Sometimes used by unscrupulous entities for other reasons: It happened that
some marketing firms tried to use this to access private information for
advertising campaigns.
35
Notas del editor
Some browsers don’t supply a referrer address, and in any case it can be easily spoofed so should never really be trusted!
1. What is different about our concerns for the Internet? Documented concerns about privacy have been around for at least 100 years (since 1890 in Warren and Brandeis Harvard Law Review article). What is different is the scale of information and the ease with which is moves (both collected and released) on the Internet. Internet transactions unlike real world transactions have not been around long enough for the public to know the impact. An additional setback is that the general public does not understand technology. A good way of saying this is that the public has not yet developed a reasonable expectation of privacy for transactions on the Web. 2. Collection and centralization of information There are at least two types of manipulation of information which occur on the Internet- collection and centralization. We will see how differently these types of information implementation can affect our privacy. 3. Role of Informed Consent Concept of informed consent is well developed in the field of medical ethics . We extend its boundaries here and see how it is a useful tool for privacy discussions. 4. Reasonable expectation of privacy and Cookies Explore Cookies and offer an interpretation of reasonable expectation of privacy for them
1. Privacy as the right “to be let alone” If Alice clubs Bob on the head with a baseball bat, she has not invaded his privacy. Yet she has not let Bob alone. 2. Privacy as control of information If Alice tells Bob about Charles’s smoking habit, Charles suffers no loss of privacy because his smoking habit is widely known. But he has no control of this information. 3. Privacy as Undocumented Personal Knowledge Any personal information which can be found in public documents such as newspapers and magazines cannot cause violations of privacy. Alice is unknowingly photographed sunbathing nude on her private beach. The photographed is published in various magazines. According to this definition of privacy, the next time someone sees Alice nude, she will not lose any privacy. 4. Privacy as Restricted Access Secrecy- extent to which we are known to others. Anonymity- extent to which we are the subject of others’ attention. Solitude- extent to which others have physical access to us. Loss of privacy can be good: lower auto insurance, leniency from courts. 5. If time, discuss why privacy is important (Rachels- social context for relations)
Segue from previous slide: When, then, is a loss of privacy a violation of privacy? 1. Disclosure All pertinent information must be disclosed to the subject (how and why the information is being collected) 2. Comprehension Subject understands risks and benefits of revealing information 3. Voluntariness Subject is under no pressure of duress to reveal the information 4. Competence Subject takes responsibility for releasing information 5. Consent Subject is given a choice whether to reveal the information
To summarize, if we are uncertain whether a collection of information causes a violation of privacy- that is, if we are uncertain of the reasonable expectations of privacy for a certain situation, obtaining informed consent will make the collection ethical.
Note that the data to be stored must always be a string…
Note that the data to be stored must always be a string…
With PHP => version 4.1, the $_COOKIE superglobal is the one to go for, otherwise 2 nd option.
Let’s look at the first line, victory.cnn.com The name of this cookie is NGUserID The value of this cookie is cf1947b7-20682-881794064-1 The expiration date is 942189160 The valid path is / (starting from the root) The valid domain is victory.cnn.com The secure transport flag is FALSE CNN probably uses this cookie to access a database of information about this user, cf1947b7-20682-881794064-1 , to access a database of information accumulated about this user.
Let’s look at the first line, victory.cnn.com The name of this cookie is NGUserID The value of this cookie is cf1947b7-20682-881794064-1 The expiration date is 942189160 The valid path is / (starting from the root) The valid domain is victory.cnn.com The secure transport flag is FALSE CNN probably uses this cookie to access a database of information about this user, cf1947b7-20682-881794064-1 , to access a database of information accumulated about this user.
Mayer-Schoenberger presents four reasons why cookies are an invasion of our privacy. 1. As we have seen, cookie are just a text file stored on the hard drive by your web browser. Technically, this is no different from cache files, temporary files, or log files which are stored on our hard drive without our knowledge. 2. Typical computer user is unaware of much information which is transferred to other machines. Web page visits always reveal: IP address Current time Previous Web page visited 3. This argument mistakes the tool for the use. The expiration date allows the realization of the accuracy and timeliness principles. It also allows for abuse of these principles.
Compare morally permissible uses of cookies to “doing good business”. These cookies are not unlike the memory of the Mr. Smith, the storekeeper of the local grocery store. The more your visit, the more Mr. Smith remembers about you, the better service he will give you, the more often you will return. Note that Mr. Smith can do good business with you without ever knowing your name. Same with cookies.
1. Older Web browsers did not have a large choice of cookie options. Only one option- whether you are notified when a Web page you visit wants to set a cookie. Interesting to note that you could not disable cookies at this time. 2. During the research of this topic, the new Netscape Communicator came out. Distinguishes between our ethical and unethical uses of cookies. Includes an option to disable cookies entirely.