Digital privacy


Digital Privacy is a collective definition that encompasses three sub-related categories; information privacy, communication privacy, and individual privacy. It is often used in contexts that promote advocacy on behalf of individual and consumer privacy rights in digital spheres, and is typically used in opposition to the business practices of many e-marketers/businesses/companies to collect and use such information and data.
We are told our data is exposed and that we lack complete privacy. While our data is exposed through digital mediums, such as social media, we also more sensitized to privacy issues.
The evolution between 2005 and 2011 of the level of disclosure for different profile items on Facebook shows that over the years, people want to keep more information private. Social networks have done the opposite: if we share more information, we expose more and Facebook can sell more to advertisers. Every 8 or 10 months, some social networks face privacy incidents which lead users to regroup and contest, however the networks usually apologize and continue on with the same information-mining tactics.
When we share information with friends, their data are exposed and privacy decreases. This is a consequence of bridging social capital: as we create new and diverse ties on social networks, data becomes linked. This decrease of privacy continues until bundling appears. Privacy then increases through stagnation, creating a community where privacy can be reattained through mass. However, Facebook and other social media outlets find other ways for us to share information, for instance through games, top 10, quizz, etc. It makes what we can call "cycles of privacy".

Privacy Types

Information Privacy

In the context of digital privacy, information privacy is the notion that individuals should have the freedom, or right, to determine how their digital information, mainly that pertaining to personally identifiable information, is collected and used. The EU has various laws that dictate how information may be collected and used by companies. Some of those laws are written to give agency to the preferences of individuals/consumers in how their data is used. In other places, like in the United States, privacy law is argued by some to be less developed in this regard. By example, some legislation, or lack of, allows companies to self-regulate their collection and dissemination practices of consumer information.

Communication Privacy

In the context of digital privacy, communication privacy is the notion that individuals should have the freedom, or right, to communicate information digitally with the expectation that their communications are secure; meaning that messages and communications will only be accessible to the sender's original intended recipient. However, communications can be intercepted or delivered to other recipients without the sender's knowledge, in a multitude of ways. Communications can be intercepted directly through various hacking methods, this is expanded upon further below. Communications can also be delivered to recipients unbeknownst to the sender due to false assumptions made regarding the platform or medium which was used to send information. An example of this is failure to read a company's privacy policy regarding communications on their platform could lead one to assume their communication is protected when it is in fact not. Additionally, companies frequently have been known to lack transparency in how they use information, this can be both intentional and unintentional. Discussion of communication privacy necessarily requires consideration of technological methods of protecting information/communication in digital mediums, the effectiveness and ineffectiveness of such methods/systems, and the development/advancement of new and current technologies.

Individual Privacy

In the context of digital privacy, individual privacy is the notion that individuals have a right to exist freely on the internet, in that they can choose what types of information they are exposed to, and more importantly that unwanted information should not interrupt them. An example of a digital breach of individual privacy would be an internet user receiving unwanted ads and emails/spam, or a computer virus that forces the user to take actions they otherwise wouldn't. In such cases the individual, during that moment, doesn't exist digitally without interruption from unwanted information; thus their individual privacy has been infringed upon.

Individual Privacy

Some internet users proactively work to ensure that their information can not be collected, this is the practice of attempting to remain anonymous.

Information Anonymity

The following examples are systems that allow a user to remain anonymous when accessing the web, and by extension the use of which better ensures the protection of their personally identifiable information.
Onion Routing was originally developed by the U.S. Naval Research Lab and was intended to anonymize web traffic. The system created a path to any TCP/IP server by creating a pathway of onion routers. Once a pathway has been established, all information that is sent through it is anonymously delivered. When the user has finished utilizing the pathway it was essentially deleted which freed the resources to be used for a new pathway within Onion Routing. The Onion Routing project developed into what is today known as Tor, a completely open-sourced and free software. Unlike its predecessor, Onion Routing, Tor is able to protect both the anonymity of individuals as well as web providers. This allows people to set up anonymous web servers which in effect provides a censorship-resistant publishing service.

Communication Anonymity

The previously mentioned information anonymity systems can also potentially protect the contents of communications between two people, but there are other systems that directly function to guarantee a communication remains between only two people; they function to accomplish that only the intended recipient of a communication will receive it.
One of these systems, PGP, has existed in various forms for many years. It functions to protect email messages by encrypting and decrypting them. It originally existed as a command-line-only program, but in recent years it has evolved to have its own full interface and a multitude of email providers offer built-in PGP support. Users can also install PGP-compatible software and manually configure it to encrypt emails on nearly any platform.
SSL and TLS are measures to secure payments online. While these systems are not immune from breaches or failure, many users benefit greatly from their use as every major browser program has support for it built in.

Additional Services

There are additional methods that work to provide anonymity and by extension protect their data. Amongst these include services like IP address changers, in which an internet user typically pays a fee to utilize. Since IP addresses can frequently be traced back to a specific physical location, and likewise by extension can identify someone, the service helps users remain anonymous by providing access to a multitude of servers in various geographic locations around the world which allows the user to appear as if they are physically located in a selected area, even when they are not. This is an example of a method/service that works to allow for information and communication anonymity.
The Virtual Private Network is also a specific example. It is a technology that provides users secured connection over a non-secure public network such as the Internet through several VPN tunneling protocols, handling, and encapsulating traffic at different levels to ensure communication security. VPN is also effective in securing data and privacy over the cloud and data-center environments because it is capable of protecting IPs from exposure to different kinds of attacks. This technology can be categorized into SSL VPN and IPSec VPN, which are methods of data communication from a user device to a VPN gateway using a secure tunnel. There is also the case of the VHSP mechanism, which protects the exposure of an IP address by assigning a temporal IP for the VPN gateway and its services.
The use of Network Address Translation or NAT allows users to hide connections passing through a gateway behind the gateway through the use of a sensible hiding IP address that is routable to the issuing gateway.

The (no) harm principle

One rule emitted by John Stuart Mill is the harm principle. It explains that private references must be respected: one can do whatever he/she wants as long as the others don't suffer from the consequences of it. In our private space, alone, we are free to do whatever we want.
Since media came up with photojournalism, the invasion of celebrities’ private lives started and the right to privacy arose. In 1890, Samuel Warren & Louis Brandeis named it “the right to be left alone”. Today's “privacy incidents” don't exclusively concern celebrities and politicians since most of us are connected and share data: we are not online to be left alone.

The economic value of data

According to Alessandro Acquisti, Curtins Taylor and Liad Wagman in The Economics of Privacy, the individual data can be seen having two different types of value: a commercial value and a private value. The fact that data are collected can have both positive and negative effects: indeed, it can cause a violation of privacy and a monetary cost. Still according to those three researchers, the data analysis is becoming increasingly efficient, that is why there are more and more concerns about the progress of collecting data. Regulations are appearing, such as the EU data protection directive or the US children's online privacy protection act, but the industry is always evolving, so that it seems important to continue keeping an eye on the economics of privacy.

Privacy and Information Breaches

Methods can be purposely crafted to obtain one's personal information illegally. These directed attacks are commonly referred to as hacking, though that term refers to the general practice and doesn't address specific hacking methods and implementation. Various hacking methods as it pertains to the invasion of one's digital privacy are outlined below. As it pertains to intent, within hacking there are two categories of invasion: 1) Directed attacks against someone individually, and 2) Directed attacks against groups. With the latter category, however, a hacker could effectively obtain a specified/particular individual's information through first targeting a larger group. An example of this possibility could be as follows: If a hacker, named individual-A, wishes to obtain a particular person's information, individual-B, he/she could first target a platform or group that has individual-B's information already, such as a credit agency, or they could likewise target a group that individual-B has previously relinquished/provided their data to, like a social media network or a cloud based data service. Through targeting one of those groups, individual-A could effectively obtain individual-B's information by first hacking all data the group has, including the data of other individuals. Once obtained, the hacker could simply identify individual-B's information within the data and disregard the rest.

Example of an Individual Attack: Phishing

is a common method of obtaining someone's private information. This generally consists of an individual, developing a website that looks similar to other major websites that a target person commonly uses. The phishing website may look identical to the legitimate site, but its URL could be a variation in spelling or a different domain such as.org instead of.com. The target person can be directed to the site through a link in a 'fake' email that is designed to look like it came from the website he/she commonly uses. The user then clicks on the URL, proceeds to sign in, or provide other personal information, and as opposed to the information being submitted to the website that the user thought they were on, it is actually sent directly to the hacker. Phishing attacks commonly obtain bank and financial data as well as social networking website information.
There are tools that can help users protect their information from phishing attacks and these include the Web browser extensions, which are capable of flagging suspicious websites and links.

Development and Controversy

Digital privacy is a trending social concern. For example, the TED talk by Eric Berlow and Sean Gourley subsequent to the 2013 mass surveillance disclosures cast a shadow over the privacy of cloud storage and social media. While digital privacy is concerned with the privacy of digital information in general, in many contexts it specifically refers to information concerning personal identity shared over public networks.
Before the Edward Snowden disclosures concerning the extent of the NSA PRISM program were revealed in 2013, the public debate on digital privacy mainly centered on privacy concerns with social networking services, as viewed from within these services.
As the secrecy of the American Foreign Intelligence Surveillance Act becomes widely disclosed, digital privacy is increasingly recognized as an issue in the context of mass surveillance.
The use of cryptographic software to evade prosecution and harassment while sending and receiving information over computer networks is associated with crypto-anarchism, a movement intending to protect individuals from mass surveillance by the government.