Académique Documents
Professionnel Documents
Culture Documents
INTERNET PRIVACY
internet
privacy
You may not be a “number” like Patrick McGoohan in the 60’s TV series The Prisoner, but you are an IP or
email address that’s being stored, processed an analysed by almost every commercial Internet site that
you visit. How do these sites get your information, and more importantly, how can you fight back. PC Mag-
azine Middle East tells you how to remain an anonymous user on the Net.
f you use the Internet, your pri- “DART (Dynamic Advertising Reporting consumers’ personal information:
COOKIES: THE GOOD, THE BAD, AND and what you’ve selected so far. Each time you move to a new stage of
THE SNEAKY Because the server would need massive your online transaction, the merchant’s
Cookies were originally designed to solve amounts of storage to keep this informa- server asks your computer to send back
a practical problem that arises from the de- tion around for tens of thousands of shop- the cookie that’s been stored on your ma-
sign of the World Wide Web. When you pers (an estimated 75 percent of whom chine. This reminds the server of who you
browse a Web site, your computer does- will leave their carts in the virtual aisles are and what you were doing, and the
n’t really stay connected to the site for the and never check out), it’s best to have the conversation continues where it left off.
entire time you’re there. Instead, your PC client, rather than the server, store infor- Cookies are handy for many legitimate
makes a request, receives an answer (usu- mation about the state of the transaction. purposes—for example, to allow a Web
ally in the form of a Web page), and dis- So the server may place a cookie—a bit of site to recognize you as an authorized
connects right away. If, after reading the text identifying you and describing the user without requiring you to log on every
page, you decide to click on a link or a but- transaction—on your machine. The cook- time you access the site. But they can also
ton, your computer makes a new con- ie also contains bookkeeping inform a- be used for nefarious purposes, as we’ll
nection to carry out your request. Because tion, such as the domain from which it see below.
the connection doesn’t stay open, the Web was sent and an expiration date. There
server doesn’t need to devote resources to are two kinds of cookies: session cookies, WEB PAGES AS “PA ST E -U PS”
keeping it alive while you—the slow hu- which vanish each time you shut down One thing about the Web that isn’t obvi-
man—decide what to do next. your bro w s e r, and persistent cookies, ous—except to techies and Web page de-
The downside of this method is that car- which can stay around for months or years. signers—is that a single Web page can be
rying on an ongoing conversation be- An e-commerce site might use both kinds; composed of material that comes from
comes tricky. Let’s suppose you’re making for instance, it might use a session cook- many servers throughout the Internet. A
an online shopping trip in which you place ie to remember information about a par- page on your favorite news site might
half a dozen items in your cart and then ticular shopping trip, and a persistent have text from one server, pictures from
check out. Each time you click, the Web cookie to recognize you when you come a second, and ads from several more. The
server needs to remember who you are back another day. HyperText Markup Language (HTML) in
which the page is written tells your Web tain Web bugs—tiny images that are only plaints about tracking by providing users
browser how to call for the images from one or two pixels in size and are designed with the ability to opt out of their data-
different places and paste them up to make to blend into the page’s background. Why bases. But others have not—and many
the page that appears on your screen. are these invisible images there? Because users believe that trusting any such firm to
Trouble is, unless you’ve installed cook- they allow Web servers to log your access protect privacy is akin to allowing the fox
ie management software or turned off to the page and to place cookies on your to guard the henhouse. Your best bet,
cookies altogether, any machine that sup- computer. therefore, is to take matters into your own
plies any part of a Web page is capable of hands.
feeding your machine a cookie and re- SPECIAL DELIVERY: A The most foolproof way to keep your-
trieving it later. Thus, if you visit two COOKIE self from being tracked via cookies
pages—even on different sites—that con- Snooping via cookies isn’t is to disable them entirely. In
tain ads from the same advertising com- limited to the World Wide Netscape, you can do this by se-
pany, that company can see via its cook- Web. Because the re n- lecting Edit | Preferences and
ies that you traveled from one to the oth- dering engine that’s selecting the Advanced
er. What’s more, if the advertising firm used in Web browsers item in the left-hand col-
has acquired personal information about is also woven into e- umn. In Internet Explorer,
you from the owner of any one of those mail clients and Usenet select Tools | Intern e t
sites (perhaps because you filled in a form news readers, it’s pos- O pt i ons a n d di s ab l e
or made an online purchase), it can apply sible for someone who cookies by customizing
that information when you visit the other. sends you e-mail or posts the security settings.
Sometimes, an image that allows you to an HTML article to a news- Unfortunatel y, disabling
be tracked is not even visible to the naked group to cause your machine to c ooki es can p revent you
eye. Last year, computer security expert access images on his or her site f r om using many e-com-
Richard Smith, founder of Phar Lap Soft- when you read the mail or article. (If merce Web sites. And ask-
ware, reported that many Web pages con- the program has a preview window, the ing your browser to prompt
access may occur automatically before you before accepting or send-
you can stop it.) Instantly, the sender’s ing a cookie can be equally annoying. A
Web server can tell that you read the mes- single Web page may contain dozens of
sage. What’s more, if the sender cus- images, each of which may come with a
tomizes the URL in the message so that it cookie; you may have to click dozens of
contains your e-mail address, he or she will times just to get past all of the prompts and
also know exactly who you are. (This see the page.
technique has been used by spammers to A better approach, therefore, is to in-
verify e-mail addresses.) Finally, unless stall third-party software that blocks or
you have a very recent browser that clos- disables cookies more selectively. Soft-
es this security hole, the server can leave ware that blocks advertising banners, such
and retrieve a cookie—again, possibly as WebWasher (free download, www.web-
containing your e-mail address. washer.com), has the pleasant side effect
Even software you install on your com- of blocking cookies associated with ads
puter can gather information and place it while not affecting cookies from other
in cookies for later retrieval. The Regis- sites. The powerful Internet Junkbuster
tration Wi z a rd in Windows 98 places Proxy (www.junkbusters.com) is a com-
unique ID numbers that identify you and bination advertising blocker and cookie
your computer into cookies without your b l o c k e r, and has many useful feature s .
knowledge or consent. When you later This product lets you block or allow cook-
log onto the Internet and invoke Internet ies by domain name and gives you the
Explorer, the browser jumps to Microsoft’s power to feed sites vanilla wafers (cook-
Web site, which retrieves the cookies. ies set by you rather than by the site).
Each time you visit Microsoft’s site there- None of these programs is foolproof,
after, the cookies are sent again, letting the though. Although the Internet Junkbuster
company know you’re back. More worri- Proxy blocks cookies that are sent direct-
some still is the fact that the Registration ly by a Web server, it doesn’t stop cook-
Wizard ActiveX control has a bug that al- ies from being sent via JavaScript, Java
lows any Web site to retrieve your regis- p rograms, or HTML constructs called
tration information at will. (The ZDNet metatags. And each time a method of set-
Help Channel, at www.zdnet.com/zdhelp/ ting and retrieving cookies is blocked,
stories/main/0,5594,919119,00.html, ex- you can be sure that enterprising adver-
plains how to plug this and other securi- tisers and Web page designers begin a
ty holes related to the Windows 98 Regis- hunt for more.
tration Wizard.) Other utilities also let you choose which
sites can feed your browser cookies, and
COOKIE COUNTERMEASURES some can help you sort through your
Some Web advertising firms, such as cookie files and eliminate cookies from
DoubleClick, have responded to user com- sites you do not want to track you. See the
ANONYMOUS
tions of some of the best of these utilities.
If you want to avoid cookies that are fed
to your machine via e-mail, do not use an
//grc.com/optout.htm), recently discov- place an order on an e-commerce site, browser’s history file can let a subsequent
ered that advertising banner software pub- you’ll almost always see a claim that en- user get back into your electronic mail-
lished by Auriate Media Corp. (now Radi- tering your credit card number and other box—especially if they’re used fairly soon
ate) sends information about which ban- personal information is safe because the after you’ve departed. And depending on
ner ads you click, and the amount of time site is “secure”—that is, the information the browser’s settings, subsequent users
you spend reading them, back to the com- will be encrypted as it travels from your may be able to see what you were doing
pany. keyboard to the merchant’s site. But is it online for days or weeks afterward.
really as secure as the merchant claims it
ANONYMOUS BROWSING is? When you get to the page that requests COMMON SENSE
Because your online privacy is so easy to sensitive information, look carefully at the Other measures you can use to protect
compromise, entire businesses have been tiny lock icon at the bottom of your brows- your privacy are just good common sense.
created to offer anonymous browsing ca- er window and make sure it’s really in the Be stingy with your personal information;
pabilities. Our sidebar “An onymous locked position. (In Netscape Navigator don’t automatically fill in a blank on a
Browsing Services” describes several such and Internet Explorer, the icon turns to a Web form just because it’s there. If you feel
services. The granddaddy of these is gold color when it’s locked.) If the page that the proprietor of a Web site has no
Anonymizer (www.anonymizer. c o m ) . claims that your information is secure but business knowing who you are or some-
Anonymizer runs a proxy server that at- the icon is not in the locked position, thing personal about you, a white lie may
tempts to hide your identity and filter leave the site immediately and shop else- be in order. (Ima Nonymous is a frequent
cookies as you browse. (Unfortunately, where. visitor to many Web sites that require reg-
as with blocking software, enterprising Third, remember that the presence of istration.) Opt out of tracking (Dou-
snoops are constantly striving to find ways encryption doesn’t mean that your data bleClick, for example, lets you obtain an
around these filters. So at any moment, you can’t be monitored before it’s encrypted or OPT_OUT cookie from its Web site) as
can never be 100 percent sure that they’re after it’s decoded again. Let’s say, for ex- often as you can, but do not rely on this
working.) Anonymizer’s service costs $15 ample, that you read your Yahoo! mail at to keep your movements from being
per quarter, and its site offers free trials. the local cybercafe or public library. You watched. If you’re concerned about spam,
The free proxy causes a delay, however, see the little lock icon at the bottom of the or if Web sites insist upon sending you a
and it displays ads at the top of every screen. Think that the encryption in the password only after you’ve furnished an
page. b rowser will protect you? Think again. e-mail address, set up free e-mail accounts
Computers in public places are easily sub- and supply those addresses instead of the
ENCRYPTION: NOT A PANACEA verted by clever hackers, who can install one provided by your ISP. Although noth-
Encryption—scrambling data so unau- programs that monitor your keystrokes ing we’ve mentioned here is foolproof,
thorized parties have a hard time listening before they’re encrypted. These keystrokes you will be able to control—at least some-
in—is a useful process. Virtually every are then sent surreptitiously across the what—who knows how much about you
browser has encryption capabilities. (Most Net to a computer that logs everything— and your loved ones.
e-mail programs don’t have built-in en- including your account names and pass-
cryption, but we strongly rec- words—for later use. For this reason, read- THERE OUGHTA BE A LAW
ommend that you obtain it as ing e-mail on a machine that does not be- Many of us would think—or at least
an inexpensive add-on.) long to you or to someone you trust is hope—that the government would pro-
But it’s not a panacea; you not a good idea. tect consumers from having such dossiers
must understand when to Your personal data can also be compiled about them. But unlike Euro-
trust encryption to protect stolen once it reaches its desti- pean countries, which require citizens to
your privacy. nation. Many e-commerc e give explicit permission before their data
First, you should get sites use custom-built pro- can be shared, bought, or sold, the U.S. has
the most secure ver- grams, or scripts, which are few laws restricting what businesses can
sion of your browser. not carefully audited for do with personal information. And the
Netscape Navigator, for security problems. Some laws that do exist—for example, the Fair
instance, comes in two use software —such as Credit Reporting Act (FCRA)—are notori-
versions—one that uses Windows NT, SQL Server, ously lax. According to the FCRA, anyone
40-bit encryption keys and or I nter net In for m a t i o n who does business with you is entitled to
one that uses 128-bit keys. Server—that have hundreds call a credit bureau and ask for a credit re-
Low-security, 40-bit keys are of well-publicized security port that lists your credit cards, loans,
good enough for mildly sensitive holes that the vendor may home address, telephone number, Social
information, but anyone who has a not have closed. Encryption Security Number, and more. (Even com-
serious desire to break the encryption does little good if the decod- panies that have not done business with
can do so easily. (These weak keys are ed data is filched from a mer- you can obtain some of this information—
used in the default version of the brows- chant’s site. hence the unsolicited credit card offers
er due to U.S. government export restric- Finally, remember to remove your that flood the mailboxes of consumers
tions; the government considers the export browsing history when you finish brows- with good credit records.)
of effective encryption programs to be a ing at a public terminal. (In IE, select Tools Your personal information is your own
threat to national security.) For real secu- | Internet Options, then press the Clear business; how much to divulge, and to
rity, take the time to download a brows- History button on the General tab. In whom, should be your decision. Until and
er with 128-bit keys. Netscape, choose Edit | Preferences and unless the government swings into action
Second, make sure that encryption is re- press the Clear History button in the Pref- to protect consumers, preserving your pri-
ally active when you need it. When you erences dialog. The URLs left behind in a vacy is your own responsibility.