Privacy on the internet
Privacy on the Internet: an Inria researcher at the European Parliament
Nobody is safe on the Internet: commercial websites are constantly using ingenious ways in which they track, profile and identify users. While European Parliament is discussing these problems in scope of the ePrivacy Regulation, Nataliia Bielova, an expert in the subject and a researcher at the Inria Sophia Antipolis - Méditerranée centre, was invited to present the work of the two project-teams Indes and Privatics, during an event devoted to ePrivacy .
Every time you connect to the Internet, the websites you visit collect multiple types of data that make it possible to identify you – mainly for commercial purposes. How the collection of such data is organised, and is user privacy sufficiently protected? The European Commission is focusing on these questions and is currently working on an update of the ePrivacy directive, governing privacy and electronic communications within the European Union. This legal text will complement the General Data Protection Regulation. Its objective: to reinforce the privacy of Internet users.
Cookies: outdated technology
Several experts were invited to share their technical knowledge in their particular areas of expertise in order to enlighten the members of the European Parliament responsible for preparing the final version of the ePrivacy Regulation.They included Nataliia Bielova, Inria researcher at Sophia Antipolis and member of the Indes project-team, who studies and designs the security and privacy protection in Web applications.
On 7 June 2017, before several representatives of the European Parliament - including the MEP Marju Lauristin, rapporteur of the ePrivacy Regulation - this 31-year-old researcher came to demonstrate that our computers can be detected and identified by commercial Internet websites in a very sophisticated way...
“Cookies, these little files that are saved on the hard drive in order to recognize a visitor when they return to a website, are not the only way to identify Internet users and monitor their browsing activities” , Nataliia Bielova explains. “Even rejecting or deleting cookies doesn’t protect the users, since trackers and advertisers are increasingly turning to a form of identification that doesn’t require any cookies. They use different parameters such as the browser, operating system, language, font and the time zone -- this information forms a kind of identity card, called a "device fingerprint", which is specific to each terminal. As a result, it enables Internet users to be identified and followed online.”
Extensions...that make us identifiable!
In order to demonstrate (and expose) the dangers of this technology, Nataliia has been working with the Privatics team at the Inria Grenoble Rhône-Alpes centre since the end of 2016. By working together, the researchers have shown that users’ terminals, and more specifically the browser, can be identified based on the extensions they install and the websites they are logged into.
A website that allows everyone to test their browser, https://extensions.inrialpes.fr, and to check if it can be identified has been developed and has been available online since March 2017. It is this tool that the researcher came to present to the European Parliament representatives. “I was able to explain how it works and talk about new technologies that can be used by commercial websites to track users.”
The project has revealed, amongst other things, a strange paradox: the more extensions you install to protect your privacy (like Ghostery or Disconnect, which block trackers and adverts), the more identifiable you are! This discovery obviously raises several questions in the context of the European regulation, and in particular this one: should websites be allowed to detect the presence of privacy protection software without the users’ consent?
“Research to impact the world”
“The main problem is privacy of Internet users. For the data brokers and advertisement companies, data collection is a source of income. These interests are, of course, contradictory”, interprets Nataliia Bielova, who wants Internet users to be better protected. This will happen in part through the practices authorised by browsers, but also through the regulations laid down by Europe.
“I was very honoured to be consulted and to speak in front of the representatives of the European Parliament”, the expert adds. On the basis of her presentation and those of other experts, the draft regulation will be reworked and should be implemented in May 2018. “I have been working on these subjects since 2012, and it was a dream to be able to speak in front of this assembly. I hope that my presentation will have an impact on the law. That is why I am a researcher - to be able to impact the society”.
These articles could interest you:
Data gathering on InriaChannel
Data gathering on smartphone, an Inria video
The teams and their personal web pages
They are talking about ..
L'Obs with Rue 89 / Only in french