This essay has been prepared for CS 101 Algorithms & Programming course. You can freely use it.

User Data Privacy on Web Services Ahmet Alp Balkan <ahmet(at)ahmetalpbalkan.com>

The growing number of Web technologies and their usage have revolutionized the web. Web startups will play an important role in the next web generation (Web 2.0 or Web 3.0) together with Semantic Web technologies. One of the biggest challenges in Web Services is privacy issues. With the widespreading of World Wide Web in 1990’s, web sites started to collect user data and many details in different ways.

In June 1994, Lou Montulli created the one of the biggest features and problems of Internet. “At that moment in Web history, every visit to a site was like the first, with no automatic way to record that a visitor had dropped by before. […] Visitors would have to work their way through the same clicks again and again; it was like visiting a store where the shopkeeper had amnesia.” [1] Then he created the solution which is a small file placed by Web site on the computer called “magic cookies”.

Born of web cookies was the milestone in history of Web. Visitors are able to store their preferences and data on the web and browsers were asking users to let Web sites reach their cookies via browsers such as IE, Netscape etc. Thanks to cookies, when a visitor chooses the city where he or she lives in a weather forecasting service, this option is saved under cookies and the same city appears automatically on the next visit. This process can be performed without knowing visitor’s personal details. Because he or she is an anonymous visitor and does not give personal details. However, these when visitors have an account from this site, they give their names, e-mail addresses and such personal details with their passwords, “then the cookie becomes a powerful mechanism for personal tracking.” [1] Today, many sites remember their previously logined users by cookies and many user behaviors are recorded to improve user interfaces and navigation by developers.

Web became a dangerous platform which users can users can lose their privacy easily. Users started to give their personal details such as name, email address, city, zip code, phone numbers, hobbies, interests, secret questions and their answers, credit card numbers by signing up an account from a Web site without any hesitation. According to Directive 95/46/EC on the protection of personal data of European Union [2], web site owners are obliged to store user data “from the third party or parties to whom the data are disclosed”. After this point, there a few concerns about the safety of personal data.

  • Is anyone able to know his/her personal data exists on anyone else’s computer?

  • Are law enforcements and authorities allowed to reach the stored personal data for security or intelligence reasons?

  • If personal data is stolen from somebody and carried away to another county, does it become untraceable? [3] There are many directives about protection of personal details and free movement of such data in European Union. However, there are not any directives about this issue in United States of America. Because of this problem, many US companies working with EU countries accepted “Safe Harbor”3 certification “which aims to harmonize data privacy practices in trading between the United States of America and the stricter privacy controls of the European Union Directive 95/46/EC on the protection of personal data.” [4] US-EU Safe Harbor license is created by United States Department of Commerce.

With the launch of new Web Services such as personal helpers and information services users are started to use remember option of user name and password on many sites and allowed a risk to let hackers to get hold of their credentials. For instance, Gmail of Google launched [5] new appearance settings for users and one of them changes its skin by the weather conditions of the location which users live in. Many social platforms such as Facebook and Myspace, started to show advertisements related to user’s own and his/her friends’/connection’s interests and hobbies to increase CPM rates of advertisements. Many online stores and merchanting platforms such as eBay, Amazon started to show related products related to searched or bought items and they collect payment details of customers[6]. “Cookies also allow sites to show advertisements tied directly to the parts of the site a visitor has seen, so that someone visiting a health-oriented site who reads information about diabetes drugs might see an advertisement for a newly approved medication for the condition."(page 4) [1] This usage of personal data is applied under condition of user’s acceptance of Terms of Service (TOS) and Privacy Policy of the Web Service. This method should not be recognized as steal of personal data. It can be used for improving search engine qualities to retrieve more relevant results for user.

Another point of privacy is right of private communication. Everyone uses mobile phones, e-mails and instant messaging (IM) softwares for daily communication. But there are concerns about trace of our private communication. Actually, we know that NSA (National Security Agency) or CIA (Central Intelligence Agency) has caught many terrorists before who uses web-based mail and IM services. “However, logs of accused using Yahoo mail or Hotmail are provided immediately upon request as Yahoo and Microsoft both have their subsidiaries in India,” says an intelligence official. [7]  Same story heard on Orkut (which is a social networking platform, established by Orkut Büyükökten and acquired by Google, Inc.), a terror strike is obstructed by detecting private messaging (PM) and Mumbai Mirror Daily Newspaper reported that so many terrorists and under world people are connecting through Orkut.

In this case, every site and online software which is collecting user data and personal information should prepare a “Privacy Policy” with appopriate rules and explicitly ask users for confirmation even if it is for improvements of the software. The next step for site owners is to protect user data very carefully. On leakage cases, many scandals may happen (see further reading). As is seen, our privacy is under risk. If you lose one of your passwords, you may lose your credit card number, secret details, personal data and much more easily. You should think for a while when you are giving personal data to a website on registration form.

Further Reading

  1. Giving Web a Memory Cost Its Users Privacy , New York Times, Published : September 4, 2001. Last access: Jan 5, 2009.<http://query.nytimes.com/gst/fullpage.html?res=9B0DE1D61639F937A3575AC0A9679C8B63&scp=9&sq=privacy%20web&st=cse>

  2. Directive_95/46/EC_on_the_protection_of_personal_data, Wikipedia, the free encyclopedia Last access : Jan 5, 2009.

  3. Amerika ile Avrupa Birliği Hukuki Düzenlemelerinin Gizlilik Haklarına Bakış Açısının Kararlaştırılması, Av. M. Murat Bilgin. Last Access : Jan 5, 2009. (Turkish)

  4. Safe Harbor, Wikipedia, the free encyclopedia. Last access: Jan 5, 2009.

  5. The Official Gmail Blog, Spice up your inbox with colors and themes. Annie Chen. Released: Nov 2008. Last access: Jan 5, 2009.

  6. Privacy term-preserving e-payments using one-time payment details, Mafruz Zaman Ashrafi – See Kiong Ng, Released: May 11, 2008. Last Access : Jan 5, 2009. Article on ScienceDirect,

  7. Orkut won’t let cops hack terrorists, Harsimran Singh. The Economic Times : India Times. Release Date: Dec 12, 2006. Last Access : Jan 5, 2009. MLA Citation Format of this Text