Stateless tracking
As well as analyzing persistent tracking done by cookies, the study also took into account stateless tracking. It’s when a user has cleared all the cookies from their browser, but the internet provider can still “fingerprint” their device by noting the model of their laptop, the version of Chrome they use, for example, and their plugins. It’s like profiling.
“It’s possible to fingerprint your device and recreate the cookies you previously removed,” says Mannan.
Not all of the study’s findings were cautionary tales, though. Mannan notes that Android phones are better at protecting your privacy than laptops.
“That’s because the captive portal on an Android is a separate application,” explains Mannan. “If a cookie is loaded there, it doesn’t affect your main browser. Whereas on a laptop, the captive portal shows up on your default browser. Also, some mobile operating system versions randomize the MAC address automatically, so it’s a more secure design.”
Security Research Centre
For Mannan, privacy is a fundamental right worth protecting. He’s one of 18 Concordia researchers at the Security Research Centre. As of October 2019, members had already secured over $25.6 million in external funds — $17.6 million within the last six years.
He is frustrated when people claim not to care if their personal information is shared online.
“You should care on principle, but also because your private information is monetized,” Mannan says. “Someone’s making money off it. And someone could learn something about you from your Facebook profile and use it to launch a targeted phishing attack against you.”
When it comes to privacy, don’t ask “what do I have to hide?” Mannan advises.
“Better questions are, ‘what are they doing with that information?’ and ‘why are they sharing it with other parties?’”
4 tips to stay private using public Wi-Fi
Ali says she only feels comfortable using the internet at home, where she trusts her provider.
“They’re regulated by law, so they cannot share my information with a third party,” she adds.
She strongly cautions against using public Wi-Fi, in general, but specifically when dealing with anything sensitive, like financials.
Here are her top things to keep in mind when choosing to use public Wi-Fi:
- Don’t register
- Don’t use social media to register
- Always clear your browser of cookies
- Use anti-tracking browser add-ons
Read the cited study, “On Privacy Risks of Public WiFi Captive Portals,” funded by the Office of the Privacy Commissioner of Canada.
Find out more about the Gina Cody School of Engineering and Computer Science.