Are You Concerned About Privacy On The Web?

There are as many different mindsets on web privacy as there are web users out there. Every week or so, a new “scare” crops up, be it a hacking scam or an expose on oversharing. But I wonder if users are truly aware of the limits of their privacy on-line. I know that I could have a better understanding than I currently posses.

I am a bit wiser about protected information after reading a Computerworld article (link here), published yesterday about the information that Facebook or Comcast may turn over to authorities in response to subpoenas. The breadth of the information is quite large. As the article explains, the information to be turned over must comply with applicable laws (and presumably Constitutional protections). However, as the ability to track information on the internet is far more fine-grained than in real-life, failing to comply with the law can be far more damning in cyber-space.

The documents supporting the Computerworld article are concededly a few years dated and may have been updated. Nonetheless, they are illuminating. For example, when Facebook is served with a subpoena, it follows its internal guidelines, set forth below:

Types of Information Available

User Neoprint

The Neoprint is an expanded view of a given user profile. A request should specify that they are requesting a “Neoprint of used Id XXXXXX”.

User Photoprint

The Photoprint is a compilation of all photos uploaded by the user that have not been deleted, along with all photos uploaded by any user which have the requested user tagged in them. A request should specify that they are requesting a “Photoprint of user Id XXXXXX”.

User Contact Info

All user contact information input by the user and not subsequently deleted by the user is available, regardless of whether it is visible in their profile. This information may include the following:
Birth date
Contact e-mail address(s)
Physical address
Work phone
Screen name (usually for AOL Messenger/iChat)

With the exception of contact e-mail and activated mobile numbers, Facebook validates none of this information. A request should specify that they are requesting “Contact information of user specified by [some other piece of contact information]”. No historical data is retained.

Group Contact Info

Where a group is known, we will provide a list of users currently registered in a group. We will also provide a PDF of the current status of the group profile page.

A request should specify that they are requesting “Contact information for group XXXXXX”.

No historical data is retained.

IP Logs

IP logs can be produced for a given user ID or IP address. A request should specify that they are requesting the “IP log of user Id XXXXXX” or “IP log of IP address”.

The log contains the following information:

* Script – script executed. For instance, a profile view of the URL would populate script with “profile.php”

* Scriptget – additional information passed to the script. In the above example, scriptget would contain “id=29445421”

* Userid – The Facebook user id of the account active for the request

* View time – date of execution in Pacific Time

* IP – source IP address

IP log data is generally retained for 90 days from present date. However, this data source is under active and major redevelopment and data may be retained for a longer or shorter period.

Special Requests

The Facebook Security Team may be able to retrieve specific information not addressed in the general categories above. Please contact Facebook if you have a specific investigative need prior to issuing a subpoena or warrant.

When Comcast is directed to hand over information, the type and amount is even more overwhelming. Of course, there are the emails, customer information including contact and payment data, and similar details one might expecte. But Comcast also can assist law enforcement in effecting what are called “pen registers” or “trap and trace” devices, which track all of your internet activity, including emails, websites and IMs.

Of course, one should bear in mind that there must first be some lawful basis for investigation to support the issuance of a subpoena (although some of the safeguards may be bypassed if there  “is an immediate danger of death or an immediate risk of serious physical injury…”).

I still contend that the best safeguard against inadvertent disclosure of dangerous information is a healthy dose of common sense. Lacking that, however, privacy should indeed be a concern, particularly for those skirting the line of legality. Perhaps assuming that you have no privacy on-line would be the safest way to proceed.


4 comments on “Are You Concerned About Privacy On The Web?

  1. It seems that you’ve put a good amount of effort into your article and I want a lot more of these on the World Wide Web these days. I truly got a kick out of your post. I do not have a bunch to to say in reply, I only wanted to register to say fantastic work.

  2. I had to refresh the page 2 times to view this page for some reason, however, the information on here was worth the wait. I loved that it is also really easy to read for the eyes.

  3. Hey there, I want to say that I really like reading your blog but it’s taking a while to load up for me. I don’t have a slow internet connection either, so I think it may be your site? Or maybe there is just a lot of people trying to load up right now, either way I advise you look into it and also, keep up the nice blog posts.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s