Let us look at challenges in internet user privacy. The Internet brings convenience to people, but at the same time there are incidents that highlight the negative impacts of the web world. While a website provides various useful services, it also gathers a wide variety of user data. These data are collected to provide better services to users. In addition, there are websites that gather user information to deliver user-specific advertising because ads are still the leading source of income for most Internet companies.
Internet platform is more suitable than traditional media for advertising because it can be more targeted. In traditional media such as TV, advertisers cannot target a specific group of viewers as all who are sitting in front of the TV will watch the same ad. TV ads can only be broadly classified according to the different time slots and different types of channels— for example, ads on toys and child care products can be telecast on children’s channels; however, health care products for the elderly need to be advertised on an opera channel.
But on the Internet, we can target a specific group of viewers to view ads. For example, if a user searches for the keyword Hangzhou estate and/or related words on a web browser, it can be an indication that the user intents to buy a house and, hence, ads related to the availability of real estates in Hangzhou can be sent to that user. Smart search engines will remember the user’s keywords while it searches for those keywords, for example, real estate, housing policy, etc. From the user’s searches, search engines can analyze if a user intends to purchase a property immediately and based on that analysis they can even suggest a direct contact with a salesperson by guiding the user to a salesperson’s website via ads.
The problem now is how will a website contact this user? During account registration the user may enter his phone number in the profile; websites ask for users’ phone numbers for authentication in cases of forgotten password recovery or registration confirmation. SNSes also collect users’ phone numbers. The more the profile information filled, the better the services received. And the more intelligent a site is, the more personal information the site may possess.
In addition to the user’s personal information, websites can also search for their browsing history, IP addresses corresponding to the location, etc., to verify the user. Intentionally or inadvertently, a user may expose a lot of personal data and if the data cannot be protected properly, it may lead to a major security breach as happened with SONY PSN.
Payment card industry-data security standard (PCI-DSS) set strict rules for enterprises in order to protect the personal information of a cardholder, for example, pin code shall not be transmitted over a network in clear text, and should be removed after use. According to PCI standards, as the existing security technology is complex and protecting users’ personal information is difficult, the best practice is to limit the use of data—“data that does not exist is the safest.”
However, PCI standards are applied only in payment industry; in other industries, websites are still brazenly collecting users’ personal data. The Internet lacks a standard for the classification and protection of users’ privacy data. What data is sensitive? What data can be public? Without finding answers to these questions, discussions about how to protect private data will be in vain.
A user’s phone number, for example, must be very private because if leaked it may lead to the user getting spam messages and all kinds of telemarketing calls. But some users, for commercial purposes, want their mobile phone number advertised in public; hence, these business phone numbers do not fall under private data. Therefore, standardized definition of data privacy is very difficult as the business scenarios are too complex.