AUGUST TUTOR ■
INTERNET PRIVACY
internet
privacy
You may not be a “number” like Patrick McGoohan in the 60’s TV series The Prisoner, but you are an IP or
email address that’s being stored, processed an analysed by almost every commercial Internet site that
you visit. How do these sites get your information, and more importantly, how can you fight back. PC Mag-
azine Middle East tells you how to remain an anonymous user on the Net.
f you use the Internet, your pri-
I vacy is under attack. Every time
you view a Web page with an ad-
vertising banner, submit your
name to a site, or enter registration data
into software that works with the Inter-
net, the information you provide can be
catalogued, compiled, correlated with your
movements throughout the Internet, and
sold to any number of willing buyers. In
this article, we’ll explain what you can do
to preserve your privacy.
PERSONAL DATA: A BIG BUSINESS
Before we discuss how your personal in-
formation is gathered and what you can do
about it, you should understand the rea-
sons why this data is being collected in the
first place. Who is after your personal data?
And why is it valuable to them? To find out,
you need look no farther than the Web
sites of the many advertising firms that
post banner ads throughout the Internet.
DoubleClick, a huge online advertising
network, reported the following in its 1998
annual report:
84 August 2000
“DART (Dynamic Advertising Reporting
and Ta rgeting) insures that advertisers
reach their ideal consumers from among
the tens of millions on the
I n t e r n e t . It c a n t a rg e t
prospective customers by
dozens of characteristics,
including geographic re-
gion, language, and busi-
ness.”
By reading individ-
ual users’ IP (Internet
P rotocol) addre s s e s ,
DoubleClick’s D A RT
program anonymously
delivers targeted adver-
tising to consumers and then
provides comprehensive cam-
paign reports to monitor the ef-
fectiveness of the ads. For example,
D A RT allowed I B M’s corporate re-
cruiters to reach college students nation-
wide—with messages targeted specifical-
ly to each college.
Naviant, another Web marketing com-
pany, claims even greater knowledge of
www.DITnet.co.ae
consumers’ personal information:
“At the heart of e-List Services is Na-
viant’s High Tech Household File, the
largest and only 100-percent-verified re-
source for today’s most dynamic buying
market of Internet-enabled house-
holds. With access to over 17.5 mil-
lion households already, and hun-
dreds of thousands more com-
ing on file each month, it’s
the only source you need to
meet your future marketing
and targeting possibilities
with precision.”
In short, these Internet ad-
vertising firms pride them-
selves on being able to collect
precise, detailed information
about you. They may then sell
this information to other
companies, use it to identify
you as you browse the Web, or
use it to select what sorts of ad-
vertising to display on your screen. (In the
example of IBM mentioned above, the ad
agency could even recognize college stu-
■ www.pcmag-mideast.com

dents and cozy up to them by customiz-
ing ads with their schools’ colors, sym-
bols, or mascots.)
Advertisers will pay more for space if
they believe—rightly or wro n g l y — t h a t
t h e y ’ re more likely to show up on the
screens of potential customers. Unfortu-
nately, this means that someone—either
the advertiser, the site, or the agency that
delivers the ads—needs to know sensi-
tive information about you: your age,
where you live, your spending habits, your
marital status, whether you have kids, and
other information you’d probably feel un-
comfortable revealing to strangers.
DIRECT MAIL: BETTER THAN SPAM?
Another reason why companies want to
know not only what Web sites you visit but
who you are stems from Internet users’
nearly universal distaste for spam, or junk
e-mail. Advertisers realize that if they send
spam messages to potential customers,
they’re likely to turn them off—perma-
nently—rather than get a sale. But many
Netizens who abhor spam are nowhere
near as resistant to paper junk mail (or
direct mail advertising, as it’s called in the
trade). If a company sees that you’re
browsing its Web site and it can find out
your mailing address, it can send you a
snail mail sales pitch, which you may be
less likely to reject out of hand.
HOW THEY DO IT
How do sites snoop on your browsing
habits and identify you online? One of the
simplest methods is via your IP address—
a 32-bit number that serves as your com-
puter’s telephone number on the Inter-
net. Whenever your computer sends a
packet of information across the Net, it
includes its IP address so that the recipi-
ent will know where to send a response.
If your system has a permanent connection
to the Internet—for example, via a cable
modem—its IP address is likely to be con-
stant. So, as you move through the Net,
snoops can follow your every step.
Although the IP address is a good way
to identify some Web users, it isn’t fool-
proof. Users with dial-up connections to
the Internet may get a different IP address
each time they call, depending on which
of the ISP’s phone lines they happen to
reach. And all the machines behind a fire-
wall—a device designed to keep intruders
out of a network—sometimes appear to
have the same IP address. (This happens
if a mechanism called Network Address
Translation, or N AT, is used.) So, to
uniquely identify users and their comput-
ers in these situations, Web sites use cook-
ies.
www.DITnet.co.ae ■ www.pcmag-mideast.com
INTERNET PRIVACY
COOKIE MANAGERS
AdSubtract SE 1.64
AdSubtract blocks both ads and cook-
ies in real time. The free download fea-
tures selective blocking for cookies
and it can log its activities. Because it’s
implemented as a proxy server, it’s
browser-agnostic. (Unfortunately, it
cannot block AOL’s internal ads.) A Pro
version with more features was re-
leased in April 2000. This is a great
choice for users who would like to
block ads and stop cookies with one
product. Supports AOL 3+, IE 3+,
Netscape 3+. AdSubtract.com, www
.adsubtract.com. ÅÅÅÅ
Cookie Cruncher 2.11
This free, straightforward application
lets you view, edit, and delete cook-
ies—and that’s about all. It’s a good
choice if all you need is a no-frills cook-
ie editor. Version 2.12 was in beta test-
ing as of this writing. Supports AO L3 + ,
IE 3+, Netscape 3+. RBA Software,
www.rbaworld.com. ÅÅÅÅ
Cookie Crusher 2.5d
Cookie Crusher ($15 list) can accept or
reject cookies by site in real time. As
you surf, an innovative analysis fea-
ture tries to determine the purpose of
an incoming cookie (such as for track-
ing or for a shopping cart) auto-
matically—a nice touch. Like Cookie
Pal, it features a friendly interface and
includes activity logging and cookie
file editing. It can also remove itself
from memory when your browser is
closed. Supports AOL with IE 4+, I E4 + ,
Netscape 3+. The Limit Software,
www.thelimitsoft.com. ÅÅÅÅÅ
Cookie Pal 1.5e
Cookie Pal ($15 list) features an intu-
itive interface that should be comfort-
able even for beginners. It features au-
tomatic, real-time control of cookie
acceptance and can filter cookies by
expiration date; most of the others
can’t. Don’t want to be distracted by a
dialog? Audio cues can alert you when
cookies are accepted or rejected.
Cookie Pal can also log cookie activity
and remove itself from memory when
you shut down your browser. Supports
AOL 3+, IE 3+, Netscape 3+. Kookabur-
ra Soft wa re, www.kburra.com.
ÅÅÅÅÅ
■ AUGUST TUTOR
Cookie Server 1.03
Implemented as a proxy server that
runs behind the scenes on your com-
puter, Cookie Server ($30 list) filters and
handles cookies in real time. Because
Cookie Server is a proxy, it can perform
filtering for any Internet application
that can run through a proxy—in short,
nearly everything you’ll find on a typi-
cal Windows system except the internal
AOL browser. Supports IE (all),
Netscape (all). Newfangled Software
w w w. n ew fa n g le d . sa n -j o s e . c a . u s .
ÅÅÅÅ
IEClean, NSClean
IEClean and NSClean ($40 each) purge
cookies from your cookie file selective-
ly or completely with one click. They
can also wipe out your browser cache,
history files, and other records of your
browsing activities. These products do
not block cookies in real time but can
be invoked with a single click. As the
names suggest, there are separate ver-
sions for Internet Explorer and for
Netscape, and there are both 16-bit
amd 32-bit versions for each browser.
Unfortunately, if you use both I Ea n d
Netscape (Quicken, AOL, and many
mail clients use IE even if Netscape is
your main browser), you must get ver-
sions for both browsers to be com-
pletely protected. Privacy Software also
offers a unique, free utility called Ze-
roClick, which is designed to defeat
tracking by DoubleClick. Supports AOL,
IE (all), Netscape (all). Privacy Software,
www.nsclean.com. ÅÅÅÅ
Window Washer, v. 3.0
There are separate versions of Window
Washer ($15 each) tailored for specific
browsers. Each deletes the cache, his-
tory, and selected cookies. The pro-
grams can be scheduled to run fre-
quently but do not intercept cookies in
real time. We recommend that you
shell out the extra $15 for the full ver-
sion of Window Washer, which sup-
ports all browsers and also cleans up
detritus left by other programs.
Anonymizer Window Washer is a ver-
sion customized for users of the Anony-
mizer anonymous-browsing service.
Supports AOL 4+, IE 3+, Netscape 3+.
Webroot Software, www.webroot
.com. ÅÅÅÅ
August 2000 85
AUGUST TUTOR ■
COOKIES: THE GOOD, THE BAD, AND
THE SNEAKY
Cookies were originally designed to solve
a practical problem that arises from the de-
sign of the World Wide Web. When you
browse a Web site, your computer does-
n’t really stay connected to the site for the
entire time you’re there. Instead, your PC
makes a request, receives an answer (usu-
ally in the form of a Web page), and dis-
connects right away. If, after reading the
page, you decide to click on a link or a but-
ton, your computer makes a new con-
nection to carry out your request. Because
the connection doesn’t stay open, the Web
server doesn’t need to devote resources to
keeping it alive while you—the slow hu-
man—decide what to do next.
The downside of this method is that car-
rying on an ongoing conversation be-
comes tricky. Let’s suppose you’re making
an online shopping trip in which you place
half a dozen items in your cart and then
check out. Each time you click, the Web
server needs to remember who you are
86 August 2000
INTERNET PRIVACY
and what you’ve selected so far.
Because the server would need massive
amounts of storage to keep this informa-
tion around for tens of thousands of shop-
pers (an estimated 75 percent of whom
will leave their carts in the virtual aisles
and never check out), it’s best to have the
client, rather than the server, store infor-
mation about the state of the transaction.
So the server may place a cookie—a bit of
text identifying you and describing the
transaction—on your machine. The cook-
ie also contains bookkeeping inform a-
tion, such as the domain from which it
was sent and an expiration date. There
are two kinds of cookies: session cookies,
which vanish each time you shut down
your bro w s e r, and persistent cookies,
which can stay around for months or years.
An e-commerce site might use both kinds;
for instance, it might use a session cook-
ie to remember information about a par-
ticular shopping trip, and a persistent
cookie to recognize you when you come
back another day.
www.DITnet.co.ae
Each time you move to a new stage of
your online transaction, the merchant’s
server asks your computer to send back
the cookie that’s been stored on your ma-
chine. This reminds the server of who you
are and what you were doing, and the
conversation continues where it left off.
Cookies are handy for many legitimate
purposes—for example, to allow a Web
site to recognize you as an authorized
user without requiring you to log on every
time you access the site. But they can also
be used for nefarious purposes, as we’ll
see below.
WEB PAGES AS “PA ST E -U PS”
One thing about the Web that isn’t obvi-
ous—except to techies and Web page de-
signers—is that a single Web page can be
composed of material that comes from
many servers throughout the Internet. A
page on your favorite news site might
have text from one server, pictures from
a second, and ads from several more. The
HyperText Markup Language (HTML) in
■ www.pcmag-mideast.com

which the page is written tells your Web
browser how to call for the images from
different places and paste them up to make
the page that appears on your screen.
Trouble is, unless you’ve installed cook-
ie management software or turned off
cookies altogether, any machine that sup-
plies any part of a Web page is capable of
feeding your machine a cookie and re-
trieving it later. Thus, if you visit two
pages—even on different sites—that con-
tain ads from the same advertising com-
pany, that company can see via its cook-
ies that you traveled from one to the oth-
er. What’s more, if the advertising firm
has acquired personal information about
you from the owner of any one of those
sites (perhaps because you filled in a form
or made an online purchase), it can apply
that information when you visit the other.
Sometimes, an image that allows you to
be tracked is not even visible to the naked
eye. Last year, computer security expert
Richard Smith, founder of Phar Lap Soft-
ware, reported that many Web pages con-
www.DITnet.co.ae ■ www.pcmag-mideast.com
INTERNET PRIVACY
tain Web bugs—tiny images that are only
one or two pixels in size and are designed
to blend into the page’s background. Why
are these invisible images there? Because
they allow Web servers to log your access
to the page and to place cookies on your
computer.
SPECIAL DELIVERY: A
COOKIE
Snooping via cookies isn’t
limited to the World Wide
Web. Because the re n-
dering engine that’s
used in Web browsers
is also woven into e-
mail clients and Usenet
news readers, it’s pos-
sible for someone who
sends you e-mail or posts
an HTML article to a news-
group to cause your machine to
access images on his or her site
when you read the mail or article. (If
the program has a preview window, the
access may occur automatically before
you can stop it.) Instantly, the sender’s
Web server can tell that you read the mes-
sage. What’s more, if the sender cus-
tomizes the URL in the message so that it
contains your e-mail address, he or she will
also know exactly who you are. (This
technique has been used by spammers to
verify e-mail addresses.) Finally, unless
you have a very recent browser that clos-
es this security hole, the server can leave
and retrieve a cookie—again, possibly
containing your e-mail address.
Even software you install on your com-
puter can gather information and place it
in cookies for later retrieval. The Regis-
tration Wi z a rd in Windows 98 places
unique ID numbers that identify you and
your computer into cookies without your
knowledge or consent. When you later
log onto the Internet and invoke Internet
Explorer, the browser jumps to Microsoft’s
Web site, which retrieves the cookies.
Each time you visit Microsoft’s site there-
after, the cookies are sent again, letting the
company know you’re back. More worri-
some still is the fact that the Registration
Wizard ActiveX control has a bug that al-
lows any Web site to retrieve your regis-
tration information at will. (The ZDNet
Help Channel, at www.zdnet.com/zdhelp/
stories/main/0,5594,919119,00.html, ex-
plains how to plug this and other securi-
ty holes related to the Windows 98 Regis-
tration Wizard.)
COOKIE COUNTERMEASURES
Some Web advertising firms, such as
DoubleClick, have responded to user com-
■ AUGUST TUTOR
plaints about tracking by providing users
with the ability to opt out of their data-
bases. But others have not—and many
users believe that trusting any such firm to
protect privacy is akin to allowing the fox
to guard the henhouse. Your best bet,
therefore, is to take matters into your own
hands.
The most foolproof way to keep your-
self from being tracked via cookies
is to disable them entirely. In
Netscape, you can do this by se-
lecting Edit | Preferences and
selecting the Advanced
item in the left-hand col-
umn. In Internet Explorer,
select Tools | Intern e t
O pt i ons a n d di s ab l e
cookies by customizing
the security settings.
Unfortunatel y, disabling
c ooki es can p revent you
f r om using many e-com-
merce Web sites. And ask-
ing your browser to prompt
you before accepting or send-
ing a cookie can be equally annoying. A
single Web page may contain dozens of
images, each of which may come with a
cookie; you may have to click dozens of
times just to get past all of the prompts and
see the page.
A better approach, therefore, is to in-
stall third-party software that blocks or
disables cookies more selectively. Soft-
ware that blocks advertising banners, such
as WebWasher (free download, www.web-
washer.com), has the pleasant side effect
of blocking cookies associated with ads
while not affecting cookies from other
sites. The powerful Internet Junkbuster
Proxy (www.junkbusters.com) is a com-
bination advertising blocker and cookie
b l o c k e r, and has many useful feature s .
This product lets you block or allow cook-
ies by domain name and gives you the
power to feed sites vanilla wafers (cook-
ies set by you rather than by the site).
None of these programs is foolproof,
though. Although the Internet Junkbuster
Proxy blocks cookies that are sent direct-
ly by a Web server, it doesn’t stop cook-
ies from being sent via JavaScript, Java
p rograms, or HTML constructs called
metatags. And each time a method of set-
ting and retrieving cookies is blocked,
you can be sure that enterprising adver-
tisers and Web page designers begin a
hunt for more.
Other utilities also let you choose which
sites can feed your browser cookies, and
some can help you sort through your
cookie files and eliminate cookies from
sites you do not want to track you. See the
August 2000 85
AUGUST TUTOR ■
ANONYMOUS
BROWSING SERVICES
Anonymizer
Anonymizer is the oldest and most
popular anonymous-browsing ser-
vice on the Internet. The service costs
$15 per quarter or $49 a year. It
blocks cookies, Java, and Javascript,
and conceals your identity. It re-
quires no browser reconfiguration
to use, because it rewrites the links
on each Web page that you view so
that they’re anonymized as well.
Anonymizer can encrypt URLs in tran-
sit between your computer and its
servers, but right now, it can’t do the
same for the data. (A feature that
does this, called Pipeline, was in the
works but not yet available at this
writing.) Anonymizer blocks all cook-
ies, but a Preferences feature (in
beta at this writing) will let you ex-
change cookies with selected sites.
A n o ny m i zer also provides anony-
mous e-mail and Web hosting ser-
vices. A customized version of Web-
root’s Window Washer software is
available to complement the ser-
v i c e . S u pp or t s al l br ow s e rs .
Anonymizer, www.anonymizer.com.
ÅÅÅÅÅ
IDSecure
IDzap challenges Anonymizer’s dom-
inance by offering similar services,
p lus a few ex t ra fe at u res, at the
same price ($15 per quarter, $50 a
year; a free version is also available).
I Dzap’s paid service includes en-
cryption between your browser and
its proxy server at no extra charge.
Selective blocking of cookies was
not available at this writing. Sup-
p o r ts all brow s e rs. I D za p, www
.idzap.com. ÅÅÅÅÅ
Freedom
Freedom is an innovative combina-
tion of software and proxy services
that lets you establish multiple nyms
(personae). The provider claims that
it can’t identify the owner of a nym
because of strong encryption. Free-
dom anonymizes the widest variety
of protocols of any service we tried,
i n cluding browsing, e-mail, I RC,
n ews, telnet, and S S H. It cannot
88 August 2000
INTERNET PRIVACY
anonymize FTP. Alas, there’s no AOL
support. Cookies can be managed
on a per-persona basis or by the soft-
ware on a client PC. Freedom works
only with Microsoft Windows 95 and
9 8 a n d su p po rt s I E 4 . 0+ an d
Netscape 4.0+. Zero-Knowledge Sys-
tems, www.freedom.net. ÅÅÅÅÅ
Privada Proxy
Privada Proxy includes Web Incog-
nito and Messaging Incognito for
a n o nymous browsing and anony-
mous e-mail and newsgroup post-
ing. The product, which costs $5 per
p e rsona per month, is similar to
Zero-Knowledge Systems’ Freedom
but for browsing and e-mail only.
Cookie s can b e blocked befo re
they’re retrieved, or you can delete
them from your system, but cookie
c re ation must be blocked by your
browser or by a third-party utility. Pri-
vada allows cookie management on
a per-persona basis or by the cook-
ie management soft wa re of your
choice. The anonymous e-mail ser-
vice randomly delays messages to
prevent correlation of e-mail trans-
mission with other online activities.
Privada is currently Window s -s p e-
cific, and supports I E 4.0+ and
Netscape 4.0+. It works with AOL
but can’t support the internal AOL
browser. Privada, www.privada.com.
ÅÅÅÅ
Somebody.net
Somebody.net rotates proxies and
I Pa d d resses to keep outsiders from
accessing them. Somebody.net is
significantly more expensive than
Anonymizer and IDSecure (at $49
per month or $229 per year), but
claims to work in countries where
others are inaccessible. To use Some-
body.net, your browser must be con-
figured to use a Web proxy. The com-
pany’s somewhat spooky Web site
does not list an address, a phone
number, or any other company in-
formation; it claims to be located
o u t si d e t h e U S S u p p o r t s a l l
b row s e rs. S o m e b o d y.net, www
.somebody.net. ÅÅÅÅ
www.DITnet.co.ae
sidebar “Cookie Managers” for descrip-
tions of some of the best of these utilities.
If you want to avoid cookies that are fed
to your machine via e-mail, do not use an
e-mail program that automatically invokes
the rendering engine of a Web browser
when you view mail. If you use Outlook
or Outlook Express, you have no choice
but to use Internet Explorer’s rendering
engine; the two are inextricably tied to-
gether. But Eudora, one of the most pop-
ular e-mail clients, gives you a choice. If
you uncheck the box marked Use Micro-
soft’s Viewer in Eudora’s Tools | Options
| Viewing Mail dialog box, IE will not be
invoked to view your mail.
If you want more information on cook-
ies, we recommend the Cookie Central
site, at www.cookiecentral.com.
SOFTWARE THAT SNITCHES
Another threat to your Internet privacy is
software that literally spies on your system
from within, feeding the information to an
outside observer. Some viruses, Trojan
horses, and worm programs do this. Pret-
tyPark, a Trojan horse program that prop-
agates itself via e-mail, is designed to seek
out sensitive data within your system and
transmit it to the program’s creator via
IRC (Internet Relay Chat).
Even legitimate applications can gather
or reveal personal information about you
under certain circumstances. For example,
mIRC, a popular IRC client, implements
the identd (Identification Daemon) pro-
tocol, which allows any system on the In-
ternet to ask your computer who you are.
Many ISP systems likewise implement
identd.
Late last year, news came out that the
Comet Cursor utility, which changes a
Windows system’s cursor according to
the Web site that it’s browsing, was send-
ing information about users’ bro w s i n g
habits to its creator. (The vendor claims
that individual browsing habits are not
logged, but the fact that the program was
doing this at all was unsettling to many.)
Similarly, Netscape’s “What’s Related”
f e a t u re sends some information about
your Internet browsing back to a Netscape
server. (Netscape—now part of AOL—
claims that it uses the information to com-
pile statistics but not to track individual
browsing habits. Privacy-conscious users
will want to disable this feature anyway.)
Consumers harshly rebuked Real Inc.
when they discovered that the company
was monitoring what they viewed via the
ubiquitous RealPlayer multimedia play-
back software. (A patch on the company’s
Web site can disable the snooping.) And
Steve Gibson, of Gibson Research (http:
■ www.pcmag-mideast.com

//grc.com/optout.htm), recently discov-
ered that advertising banner software pub-
lished by Auriate Media Corp. (now Radi-
ate) sends information about which ban-
ner ads you click, and the amount of time
you spend reading them, back to the com-
pany.
ANONYMOUS BROWSING
Because your online privacy is so easy to
compromise, entire businesses have been
created to offer anonymous browsing ca-
pabilities. Our sidebar “An onymous
Browsing Services” describes several such
services. The granddaddy of these is
Anonymizer (www.anonymizer. c o m ) .
Anonymizer runs a proxy server that at-
tempts to hide your identity and filter
cookies as you browse. (Unfortunately,
as with blocking software, enterprising
snoops are constantly striving to find ways
around these filters. So at any moment, you
can never be 100 percent sure that they’re
working.) Anonymizer’s service costs $15
per quarter, and its site offers free trials.
The free proxy causes a delay, however,
and it displays ads at the top of every
page.
ENCRYPTION: NOT A PANACEA
Encryption—scrambling data so unau-
thorized parties have a hard time listening
in—is a useful process. Virtually every
browser has encryption capabilities. (Most
e-mail programs don’t have built-in en-
cryption, but we strongly rec-
ommend that you obtain it as
an inexpensive add-on.)
But it’s not a panacea; you
must understand when to
trust encryption to protect
your privacy.
First, you should get
the most secure ver-
sion of your browser.
Netscape Navigator, for
instance, comes in two
versions—one that uses
40-bit encryption keys and
one that uses 128-bit keys.
Low-security, 40-bit keys are
good enough for mildly sensitive
information, but anyone who has a
serious desire to break the encryption
can do so easily. (These weak keys are
used in the default version of the brows-
er due to U.S. government export restric-
tions; the government considers the export
of effective encryption programs to be a
threat to national security.) For real secu-
rity, take the time to download a brows-
er with 128-bit keys.
Second, make sure that encryption is re-
ally active when you need it. When you
www.DITnet.co.ae ■ www.pcmag-mideast.com
INTERNET PRIVACY
place an order on an e-commerce site,
you’ll almost always see a claim that en-
tering your credit card number and other
personal information is safe because the
site is “secure”—that is, the information
will be encrypted as it travels from your
keyboard to the merchant’s site. But is it
really as secure as the merchant claims it
is? When you get to the page that requests
sensitive information, look carefully at the
tiny lock icon at the bottom of your brows-
er window and make sure it’s really in the
locked position. (In Netscape Navigator
and Internet Explorer, the icon turns to a
gold color when it’s locked.) If the page
claims that your information is secure but
the icon is not in the locked position,
leave the site immediately and shop else-
where.
Third, remember that the presence of
encryption doesn’t mean that your data
can’t be monitored before it’s encrypted or
after it’s decoded again. Let’s say, for ex-
ample, that you read your Yahoo! mail at
the local cybercafe or public library. You
see the little lock icon at the bottom of the
screen. Think that the encryption in the
b rowser will protect you? Think again.
Computers in public places are easily sub-
verted by clever hackers, who can install
programs that monitor your keystrokes
before they’re encrypted. These keystrokes
are then sent surreptitiously across the
Net to a computer that logs everything—
including your account names and pass-
words—for later use. For this reason, read-
ing e-mail on a machine that does not be-
long to you or to someone you trust is
not a good idea.
Your personal data can also be
stolen once it reaches its desti-
nation. Many e-commerc e
sites use custom-built pro-
grams, or scripts, which are
not carefully audited for
security problems. Some
use software —such as
Windows NT, SQL Server,
or I nter net In for m a t i o n
Server—that have hundreds
of well-publicized security
holes that the vendor may
not have closed. Encryption
does little good if the decod-
ed data is filched from a mer-
chant’s site.
Finally, remember to remove your
browsing history when you finish brows-
ing at a public terminal. (In IE, select Tools
| Internet Options, then press the Clear
History button on the General tab. In
Netscape, choose Edit | Preferences and
press the Clear History button in the Pref-
erences dialog. The URLs left behind in a
■ AUGUST TUTOR
browser’s history file can let a subsequent
user get back into your electronic mail-
box—especially if they’re used fairly soon
after you’ve departed. And depending on
the browser’s settings, subsequent users
may be able to see what you were doing
online for days or weeks afterward.
COMMON SENSE
Other measures you can use to protect
your privacy are just good common sense.
Be stingy with your personal information;
don’t automatically fill in a blank on a
Web form just because it’s there. If you feel
that the proprietor of a Web site has no
business knowing who you are or some-
thing personal about you, a white lie may
be in order. (Ima Nonymous is a frequent
visitor to many Web sites that require reg-
istration.) Opt out of tracking (Dou-
bleClick, for example, lets you obtain an
OPT_OUT cookie from its Web site) as
often as you can, but do not rely on this
to keep your movements from being
watched. If you’re concerned about spam,
or if Web sites insist upon sending you a
password only after you’ve furnished an
e-mail address, set up free e-mail accounts
and supply those addresses instead of the
one provided by your ISP. Although noth-
ing we’ve mentioned here is foolproof,
you will be able to control—at least some-
what—who knows how much about you
and your loved ones.
THERE OUGHTA BE A LAW
Many of us would think—or at least
hope—that the government would pro-
tect consumers from having such dossiers
compiled about them. But unlike Euro-
pean countries, which require citizens to
give explicit permission before their data
can be shared, bought, or sold, the U.S. has
few laws restricting what businesses can
do with personal information. And the
laws that do exist—for example, the Fair
Credit Reporting Act (FCRA)—are notori-
ously lax. According to the FCRA, anyone
who does business with you is entitled to
call a credit bureau and ask for a credit re-
port that lists your credit cards, loans,
home address, telephone number, Social
Security Number, and more. (Even com-
panies that have not done business with
you can obtain some of this information—
hence the unsolicited credit card offers
that flood the mailboxes of consumers
with good credit records.)
Your personal information is your own
business; how much to divulge, and to
whom, should be your decision. Until and
unless the government swings into action
to protect consumers, preserving your pri-
vacy is your own responsibility.
August 2000 89