ad info




CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

From...
PC World

Guard your online privacy

July 22, 1999
Web posted at: 10:58 a.m. EDT (1458 GMT)

by Scott Spanbauer
privacy graphic

 ALSO
   Message Board: Online privacy

   Sign up for the Computer Connection email service

   For more computing stories

  

(IDG) -- Though it may seem like browsing the Web, downloading files, and sending e-mail are fairly anonymous, safe activities, they're not. Just about anything you do online--even simple browsing--can be observed and tracked. And your seemingly private e-mail is not so private: Employers, system administrators, and hackers can tap into your mail at numerous points along its journey.

For starters, you should conduct your online activity under the assumption that it is public. Surprised? Disturbed? Well, don't yank out your modem or cancel your Internet account just yet. Though you can't achieve absolute online privacy, you can still draw the blinds against prying eyes for a modicum of safety and anonymity.

E-Mail Privacy

When you send a piece of e-mail, it travels through several--sometimes even dozens of--servers on its way to its destination. At any point along that chain, it's possible (though relatively unlikely) for your e-mail to be intercepted and read. Who might be reading your messages? Your employer, your Internet service provider, or some no-good hacker with nothing better to do. But there are steps you can take to keep your e-mail from snoops.

Use a private account

If you're connected to the Net at work, stop for a moment and think about your activities. If you're concerned about what's in your e-mail messages, or suspect that your company might not approve of your other Internet activities, don't even test the waters. U.S. laws make everything on your employer-provided PC, including your personal e-mail, the company's property--period. That means your employer can legally read your e-mail, and track your Internet peregrinations and postings (though you're supposed to be informed of that possibility in advance). If you want to keep your online activity private, do it on your own computer at your home, using a service that you pay for. If that's not possible, find out exactly what your employer's Internet and e-mail use policies are, and comply with them.

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at IDG.net
 *   IDG.net's desktop PC page
  IDG.net's portable PC page
  IDG.net's Windows software page
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for computer geniuses (& newbies)
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

Go anonymous

If you want to remain unknown, send your e-mail through an anonymous service like the Global Internet Liberty Campaign's W3 Anonymous Remailer, or a free Web-based e-mail service like Hotmail or HushMail, which offers encryption-based privacy features that other Web-based e-mail services lack. Both ask for personal information when you create an account, but nothing says that information has to be true.

Don't start threatening the president once you're e-mailing under an assumed name, though. The authorities can still trace your messages; one re-mailer was recently forced to turn over records that could identify a sender. But a re-mailer or Web e-mail service is probably secure enough to protect your online romance (though it can't determine your cyberlover's true sex--sorry).

Albert Yale's quick-and-dirty Ghost Mail is another alternative. Like Hotmail, it's not impervious to subpoenas, but this software-based solution could keep hotheads out of hot water.

Finally, if anonymity in online public forums is a necessity, you can post anonymously to Usenet newsgroups and other discussion boards through the Web-based Deja.com service.

Encrypt, if you must

One way to ensure that your messages don't fall into unknown hands--and one that doesn't require new e-mail accounts or user names--is to encrypt it. The freeware edition of Pretty Good Privacy works with your e-mail program to encrypt and authenticate the messages you exchange with others. Due to American export restrictions on cryptography, the download procedure for PGP varies depending on where you are in the world, but the International PGP Home Page's download wizard is ready to help.

Note that with PGP both the sender and receiver will need the software to exchange encrypted messages. The product is free for personal use and, despite its humble name, PGP is about as good as e-mail privacy gets. (Commercial editions are available from Network Associates.)

More E-Mail Privacy: Avoiding Spam

It's every bit as irritating as telemarketers who always call during the dinner hour: unsolicited commercial e-mail that finds its way into your electronic in-box day after day. Unless you connect to the Net via a small, local Internet service provider, you're probably bound to receive a certain amount of spam, but there are steps you can take to prevent spam from arriving in the first place and ways to get it to stop if it's already flowing in.

Keep your address private

If you don't want spam jamming your in-box, there's a simple solution: Don't make it easy for your address to be harvested. Spammers look for valid e-mail addresses in public areas online--mailing lists, Web pages, Usenet newsgroups, and other discussion forums--then barrage them with junk e-mail. To make it convenient for people to reply to your messages, your e-mail and newsreader programs provide fields where you enter your name and reply address. You can make it tougher for the spammers by modifying these fields. For example, if your real e-mail address is bob@server.com, changing it to bob@REMOVETHISserver.com will confound most spammers, while still leaving a clue to your real address for actual human correspondents. If you use a signature file to identify yourself in the body of messages, take the same precaution. And you should follow the same strategy when posting to discussion boards on Web sites: Always tweak your address just enough that automated "spiders" won't be able to send spam your way.

Can the spam

Often, spam messages include instructions for replying to the message in order to be removed from the mailing list. Don't do it. Replying affirms that your address is valid. You're better off using your e-mail program's mail-processing rules to intercept and dispose of unwanted messages; or use third-party spam busters like Webster Image's SpamScan97 and Contact Plus's Spam Buster. These products were highlighted in PC World magazine's "The Defenders" in September 1998, and evaluation versions are available from our FileWorld software library.

You can also try forwarding spam to the postmaster or abuse addresses at the domain from which the message appears to have come (for example, postmaster@spamdomain.com or abuse@spamdomain.com). America Online is particularly diligent about tracking down spammers working from within its system. If you receive spam from AOL, forward it immediately to abuse@aol.com, and ask them nicely to deal with the scoundrel. You can also alert SpamCop's free reporting service when you're spammed; if spam becomes a huge problem, you might consider subscribing to SpamCop's filtering service.

Web Privacy

Most commercial Web sites, portals, and online businesses (including PC World Online) invite you to volunteer information about yourself in exchange for the free news, software, and other services they provide. The site may swear up and down that it doesn't share the information with anyone else, but you're taking their word for it. Privacy policies are nice--but search warrants, subpoenas, and marketers' big wads of cash are often very persuasive. And occasionally, the Webmasters who administer these sites commit blunders that leave their user information databases open to the world. Other times, buggy server software does it for them. See the Electronic Privacy Information Center's Privacy page for all the disturbing details, and follow these strategies to keep to yourself on the Web.

They ask, don't tell

The best way to keep your personal data personal is to not give it out in the first place. In many cases, you can still get to the content or files you want by entering a made-up name, e-mail address, and street address. Skip any optional fields. If you absolutely have to provide personal data, such as a real e-mail or mailing address (it's hard to buy a book from Amazon.com using a fake address, for example), look for an option to opt out of receiving promotional mailings.

Look for the TRUSTe label

If you do have to submit personal information to a Web site, look first to see if the site is certified by an independent oversight organization, such as TRUSTe. Web sites that adhere to TRUSTe's stated privacy principles can display its "trustmark" and Children's Privacy seals. TRUSTe polices licensed sites to make sure they follow their stated policies and intervenes on behalf of users who report violations.

Surf anonymously

Surfing the Web seems like an anonymous activity, but every Web site you contact knows your computer's IP address. Combine that with your ISP's logs, and you're suddenly in the spotlight. It's hard for me to imagine a (legal) scenario where you'd need to worry about this, but perhaps I'm just not imaginative enough. In any case, Anonymizer.com offers several services that shield you from the Net-savvy tentacles of the sheriff's department or Federal Bureau of Investigation. To see what information your Web browser provides about you, visit Anonymizer's snooping page.

Zero-Knowledge Systems' forthcoming Freedom works with a volunteer network of privacy servers to hide the source of all communications emanating from your computer.

Be selective about cookies

Cookies are text files stored on your computer that many, if not most, Web sites use to track information about your browsing preferences. Cookies can be a convenience--they can automate your login to a site, for example. They can also document your activity on the Web site, allowing the site's administrators to amass information to use as they wish. These files don't identify you personally, although they do identify your computer.

If you'd rather not have some wet-behind-the-ears Victoria's Secret Webmaster pondering your camisole predilections, you can tell your browser to refuse cookies or to prompt you each time a Web site wants to write one to your hard disk. In Microsoft Internet Explorer 5 select Tools, Internet Options, choose the Security tab, and then click the Custom Level button and scroll down to Cookies to locate the settings. In Netscape Navigator 4, choose Edit, Preferences and select the Advanced branch of the Category tree to find the cookie settings.

For an object lesson in how popular cookies are, try setting your browser to refuse all cookies. You won't last more than a few minutes. Third-party cookie utilities make it easier to refuse some cookies while accepting others, without driving you completely nuts. The Limit Software's $15 Cookie Crusher does the job, as does Kookaburra Software's $15 Cookie Pal. Evaluation versions of both programs are available from FileWorld.

Cover your tracks

As you browse the Web, your browser quietly caches Web pages, graphics, and other files you've viewed. This cache serves a noble purpose: It speeds your Web browsing experience by loading files you revisit from the local cache if they exist there. However, it also provides a graphic roadmap of your surfing proclivities to the next person (your boss, your child, your spouse) who sits down at the computer and knows where to look. Ditto for the browser's list of recently visited addresses.

To clear your cache in IE5, select Tools, Internet Options, click the General tab, and then click the Delete Files button. To clear the History file, click the Clear History button on the same page. In Navigator 4 choose Edit, Preferences, select Cache under the Advanced branch, and click both the Clear Memory Cache and Clear Disk Cache buttons. To clear the History list, select the Navigator branch, and then click the Clear History and Clear Location Bar buttons.

Scott Spanbauer is a contributing editor for PC World.


RELATED STORIES:
Scientists back anonymous Web messaging
July 5, 1999
U.S. Supreme Court takes up driver's license data privacy
May 21, 1999

RELATED IDG.net STORIES:
GhostMail download
(PCWorld)
The defenders
(PCWorld)
SpamScan 97 download
(PCWorld)
Spam Buster download
(PCWorld)
Cookie Crusher download
(PCWorld)
Cookie Pal download
(PCWorld)
You are for sale
(PCWorld)
Going private
(PCWorld)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
W3 Anonymous Remailer
PGP freeware download
SpamCop
Electronic Privacy Information Center's Privacy page
TRUSTe
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.