As mentioned in
Novembers Topic of the Month, October saw the 30th anniversary of
the internet, and Nua Internet Surveys report that there are
currently 180 million adults and children accessing the Internet
in The World. In Ireland there are a total of 370,000 people on
line, with one new user coming on-line every 3 minutes 23
seconds.
What many fail to
realise is, although you browse the net and it seems anonymous;
this is not how it actually is. This months topic deals with
blowing away any preconceptions about how private the net really
is.
A Browsers
Papertrail
Although the
Internet has revolutionised global communications, As you browse
through a series of webpages, you leave behind in your wake,
information which you never thought could be obtained. Your IP
Address, operating system, browser name/version, screen
resolution, geographical location, and what webpage you were at
last. Whenever you visit a Website, you not only expose yourself
to risk of invasion, you provide information about yourself, that
can include your viewing habits, your search terms, your address,
phone number, employment details, your credit card numbers, and
more.
FBI Director Louis
Freeh would like to limit the dangers of the Internet by
requiring ISPs to keep records of everything we do online, and
turn that information over to law enforcement upon request. And
certainly that would, if it could be done, cut down certain
dangers such as child pornography and online harassment. But that
would just set up other dangers: As matter of course, information
is gathered about you whenever you're online. Between information
you leave behind as you surf, and information that's just out
there on the Internet (telephone directories, address listings,
etc), you could actually be tracked down to your home.
Dan Cohn and his
Web detective agency, Docusearch.com, can shatter every notion
you ever had about privacy. Using only a keyboard and the phone,
he is able to uncover the innermost details of his clients --
whom they call late at night; how much money they have in the
bank; their salary and rent. He can even get unlisted phone
numbers.
It would be a
salesman's dream and a paranoid's nightmare. Adding to the
paranoia: Hundreds of data sleuths like Dan Cohn of Docusearch
have opened up shop on the Web to sell precious pieces of these
data. Some are ethical; some aren't. They mine celebrity secrets,
spy on business rivals and track down hidden assets, secret
lovers and deadbeat dads. They include Strategic Data Service (at
datahawk.com) and Infoseekers.com and Dig Dirt Inc. (both at the PI Mall,
www.pimall.com). Cohn's firm will get a client your
unlisted number for IR£40, your Social Security number for
IR£40 and your bank balances for IR£35. Your driving record
goes for IR25; tracing a cell phone number costs IR£65. Cohn
will even tell someone what stocks, bonds and securities you own
for IR£150.
As mentioned
previously, commercial trackers are cheap and provide useful
information for those who maintain websites. They provide
information on who comes to the website, from where and why. If
you would like to get a free tracker, visit this site, http://v.extreme-dm.com/.
The
"cookie",is a mechanism set up by a Webmaster to get
facts about visitors, another way to diminish your anonymity.
When, at a Web site, a cookie latches on to you, it logs what
adverts you click on, the transactions you make and the links you
follow after you leave. This data enable the Webmaster to create
a profile of you and display adverts in tune with your interests
the next time you visit.
It also allows him
to customise content. So, for example, instead of the standard
welcome page, you might see a welcome page with your name on it.
How cookies got their cute, curious name, nobody seems to know
for sure. Netscape, which pioneered these tiny files, says
helpfully that there was "nothing particularly amusing"
about their origin.
Cookies at first
did a simple job, automatically identifying return-site visitors
and saving them the hassle of having to log in. But their evolved
tracking behaviour now arouses such unease that the United States
Department of Energy has issued a bulletin declaring: "The
popular concepts and rumours about what a cookie can do has
reached almost mystical proportions, frightening users and
worrying their managers." The department has a point; the
threat of cookies has been exaggerated. Although they invade your
hard drive and are saved in your browser, they do not carry
viruses. Nor can they by themselves work out your name, income,
address etc. "The only way that any private information
could be in your cookie file would be if you personally gave that
information to a Web server in the first place and it decided to
put that information into your cookie file for some reason,"
Netscape said.
But conspiracy
theorists will be reassured to hear that the cookie is not
entirely innocent. Using cookies and IP addresses, advertising
networks can track you when you have not even paid them a visit,
as you surf other sites which are their members. Often, the sites
require registration and personal details. Once you have given
such data, it can be shared with the advertising network at large
without your knowledge.
Worse, suppose you
used your credit card to buy a product from a Web site which uses
a cookie to record your credit-card number. The company in
question could make purchases through your account. Data from
cookies can also can be collected and sold to advertisers. The
increase in spam - unsolicited e-mail - could arise from cookie
consumption.
Many sites, such
as Yahoo!, state they will not sell data they extract from users.
Even so, you may object to cookies on the grounds that they
should not be allowed to follow users at all. However mundane the
data they collect, the idea of being shadowed from site to site
is spooky, tapping into our fear of the stalker.
If you are deeply
paranoid, you can go into hiding by browsing through Anonymizer (www.anonymizer.com). If you feel vindictive, you may prefer to download
one of the Web's many fearsome anti-cookie utilities, such as
Cookie Monster which wipes your cookies each time you start up.
Or you can do it
yourself - cookies are really pretty pathetic, mere text files
stored on your hard drive. But remember, deleting your cookies
will mean you start from scratch at every Web site you usually
visit, meaning you will feel less at home. So it makes sense to
show restraint. In recent versions of Internet Explorer and
Netscape, you can peacefully adjust your preferences to block
cookies or screen them. Screening shows up the fact that cookies
are becoming ubiquitous. Almost every major site on the Net now
uses them - even sites with nothing to sell, just out of sheer
nosiness. So, go check your hard drive and see how many cookies
you have collected - you may be in for a shock.
How safe
is your E-mail ?
Most electronic
mail on the Internet is about as private as a postcard. After it
leaves the sender's computer, the message jumps from one network
server to the next as it streams toward the recipient. The
problem is, it's easy for a hacker to intercept the message en
route and impossible to tell if anyone else has read this
supposedly private correspondence before it reaches its
destination.
Hackers use
various tricks to hijack e-mail as it passes between servers.
Even a server protected by a firewall (software which denies
unauthorized access to a system) offers no guarantee of security.
Hackers could run a program that cycles through every permutation
of simple passwords until it hits on one that unlocks the
network. Or they could attach themselves to a company's World
Wide Web server,which is often left outside the firewall, since
it's considered an external site,and then slip into the company's
network as if they were internal users.
E-mail is
irresistible to eavesdroppers, because it's often full of juicy
information, from secret corporate strategies to credit card
numbers. Some e-mail contains headers with logins and passwords,
allowing hackers to sign on and gain complete access, even to
secure areas.
The only way to
safeguard e-mail from eavesdroppers is by encrypting
it,scrambling the message so it can be read only by the intended
recipient. In essence, the e-mail is encased in a secure, digital
envelope that hackers can't penetrate. The unofficial encryption
flagship on the Net is a program called Pretty Good Privacy, or
PGP, developed by Phil Zimmermann, a computer security expert. A
commercial version of PGPmail costs IR£100, but you can get an
older freeware version at http://www.pgp.com/ or from PC World Online. RSA Data
Security of Redwood City, California, makes more elaborate
encryption programs, which can cost up to IR£1000 per
workstation.
Both PGP and RSA
adopt an approach known as public key/private key, which uses a
complex algorithm to uniquely encode each e-mail with a so-called
public key. The key includes data detailing who the recipient is.
Only the corresponding private key can decode the message. Many
network operating systems such as, Microsoft Windows NT, Novell
NetWare, and software such as Lotus Notes, among others offer
encryption programs as add-ons. These work well for closed
networks and intranets because all users share the same software
and, thus, the same security safeguards. But encryption on an
open network like the Internet is much more difficult. For it to
work, the sender and the recipient must use compatible software.
Although PGP and RSA software are compatible, other encryption
schemes aren't.
Encryption can be
complicated and expensive to use. If it's not feasible, keep in
mind that your e-mail may not be private, and limit your
correspondence accordingly. Don't send information in an e-mail
message that you wouldn't send on a postcard.
Worried about internet privacy ? These resources are excellent ...
