Online education offers a flexible and unique way of attaining your educational goals. For many classes, you may be asked to visit resources outside of your class's Web site and/or install additional software needed to support learning. Below are three areas of concern you should be aware of when you use the Internet as part of your educational experience. Many sites that appear to be "free" often sell information about you to others for the purpose tracking and targeting ads or aggregating user profiles and behavior to sell to marketing and other commercial services.
For many reasons, both functional and commercial, many Internet sites collect user information. It is in your best interest to understand and review the privacy policy of the Web sites and online services you visit and interact with. Most Web pages will often list their privacy policies at the bottom of most pages and/or their FAQ page or through simple site search. The European Union requires that all Internet sites disclose how privacy is impacted by the use of their cookies. (https://www.cookielaw.org/the-cookie-law)
Note: Many Web sites will farm out processing of data and/or presentation to third parties sites and share your data and data related to privacy with them, often without you consent or knowledge outside of knowing the privacy and TOS policies. In Canvas for example, when you view a Powerpoint the processing for the presentation (when you see the Panda on the bike) is being made available by Box.com not Canvas.
Below is an example of the Privacy Policy by Google which owns YouTube, Gmail, and many other popular online services.
https://www.google.com/intl/en/policies/privacy
Our Privacy Policy explains:
* What information we collect and why we collect it.
* How we use that information.
* The choices we offer, including how to access and update information.
We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to Google so whether you are new to Google or a long-time user, please do take the time to get to know our practices – and if you have any questions contact us...
(see the Google privacy link above for the full text)
Links to other popular online services.
Facebook: https://www.facebook.com/about/basics
Twitter: https://twitter.com/privacy?lang=en
Microsoft: https://privacy.microsoft.com/en-US
Terms of Service (TOS) governs how you can use the information and resources associated with a Internet site and/or application. It is in your best interest to understand and review the TOS of the Web sites and online services you visit and interact with. Most Web pages will often list their TOS at the bottom of most pages and/or their FAQ page or through simple site search.
Terms of service are subject to change and vary from service to service, so several initiatives exist to increase public awareness by clarifying such differences in Terms, including:
* Copyright licensing on user content
* Transparency on government or law enforcement requests for content removal
* Notification of government or third-party requests for personal data
* Transparency of security practices
* Saved or temporary first and third-party cookies
* Data tracking policy and opt-out availability
* Pseudonym allowance
* Readability
* Notification and feedback prior to changes in Terms
* Availability of previous Terms
* Notification prior to information transfer in event of merger or acquisition
* Indemnification or compensation for claims against account or content
* Cancellation or termination of account by user and or service
https://en.wikipedia.org/wiki/Terms_of_service
Links to popular online services.
YouTube: https://www.youtube.com/t/terms
Facebook: https://www.facebook.com/legal/terms/update
Twitter: https://twitter.com/tos?lang=en
Microsoft: https://www.microsoft.com/en-us/servicesagreement
At the end of the day, security is the responsibility of the user per their machine. Below are some of the more common areas of concern when it comes to security. This is far from a complete list.
Every application you add to your computer increases the opportunity for a virus vector.
Not all applications are well crafted and security minded.
In addition, the installation and/or update of an application may make other portions of your computing environment unstable.
Mitigation: Keep applications up to date
Flash is a popular Web browser plug-in to assist with media content. Flash to so prone to issues, that almost all major companies like Apple, Google, Microsoft, and others are pushing Flash into deprecation with open source HTML5 solutions.
The issue is so concerning that the Department of Homeland Security has even issued an advisory!
Mitigation: Do not use Flash
https://www.us-cert.gov/ncas/alerts/TA15-195A
Java is a popular solution delivering platform independent applications. A Java sandbox is installed on a computer and the Java app is run inside the sandbox. The sandbox is "wired" into the core functionality of the user's computer as a "trusted" application.
Mitigation: Keep Java up to date
https://en.wikipedia.org/wiki/Java_security
Browser scripts allow Web browsers to be more interactive and responsive and allow them to be more like an application, like Google Docs, than a simple page with text. Scripts can also do a whole lot more that may not be in a users best interest, like monitoring user activity or injecting viruses.
Mitigation: Keep applications up to date and consider using "no script" solutions to allow you to control which scripts can execute like ScriptBlock for Chrome and NoScript for Firefox.
https://en.wikipedia.org/wiki/Browser_security
"Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to that of cookies, they can be used to store user preferences, save data from Flash games, or to track users' Internet activity. LSOs have been criticized as a breach of browser security, but there are now browser settings and add-ons to limit the duration of their storage." -Wikipedia
Mitigation: Do not use Flash and/or learn to delete Flash cookies
https://en.wikipedia.org/wiki/Local_shared_object
Attachments are a popular way to share a binary document like a Word file or PDF. The applications required to open these attachment can be a vector point for a virus or other unwanted activities. Microsoft Office, for examples, support a powerful scripting engine that can access your office environments in harmful ways like harvesting all your contact information and then copying itself on to an email that will be sent to everyone on the list without the users knowledge. Other applications, like PDF viewer, maybe subject to a "buffer overflow" to copy a place a virus inside your computer.
Mitigation: Turn-off script execution for your office applications and keep your antivirus software up to date
http://us.norton.com/yoursecurityresource/detail.jsp?aid=feature_word
https://www.us-cert.gov/ncas/current-activity/2016/01/12/Adobe-Releases-Security-Updates-Acrobat-and-Reader
http://www.cnet.com/news/melissa-like-virus-reemerges-in-outlook
Below are comments about security and use of email and the Internet from the man who invented the Web, Tim Berners-Lee.
https://www.w3.org/People/Berners-Lee
* What not to email
Email is safe unless it contains programs. (Data and documents are fine, programs are not). If you send me a program, I will not run it, as it could damage my system and could be a virus.
Note: Documents for Microsoft word, Excel, and possibly other Office programs tend to execute programs (scripts) in what you would expect to be harmless documents. These can expose my machine to viruses, because these programs do not (it seems) prevent scripts from running within a document when it received by email. Please do not send me Microsoft Office documents.
If you are sending text, please send it as plain text, HTML, of necessary PDF. If you use your favorite word process, slide tool, etc, and send it in that program's format, then you are forcing me install proprietary software on whatever machine I read them on.
* What you can email
These are all good document standards: Plain text messages, HTML (sometimes called rich text) pages without scripts, Photos (JPEG files, PNG, GIF and SVG), PDF, SMIL, RDF/XML, N3 and so on. All these can be sent as messages or as attachments to messages. I can read them with a variety of software programs, and they cannot contain viruses, unless there is a serious bug in the code I use to read them. If you don't need anything else, then use plain text.
These are good rules when emailing anyone.
Please use my full name in the "To" line with my email address, as this will make your message look less like spam. This will happen automatically if you have me in your address book. If you just type in my email address, I probably won't see your mail.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Updated: 2/25/2016 Mark Westlund @ Olympic College