Guard your online privacy
July 22, 1999
by Scott Spanbauer
(IDG) -- Though it may seem like browsing the Web, downloading files, and sending e-mail are fairly anonymous, safe activities, they're not. Just about anything you do online--even simple browsing--can be observed and tracked. And your seemingly private e-mail is not so private: Employers, system administrators, and hackers can tap into your mail at numerous points along its journey.
For starters, you should conduct your online activity under the assumption that it is public. Surprised? Disturbed? Well, don't yank out your modem or cancel your Internet account just yet. Though you can't achieve absolute online privacy, you can still draw the blinds against prying eyes for a modicum of safety and anonymity.
When you send a piece of e-mail, it travels through several--sometimes even dozens of--servers on its way to its destination. At any point along that chain, it's possible (though relatively unlikely) for your e-mail to be intercepted and read. Who might be reading your messages? Your employer, your Internet service provider, or some no-good hacker with nothing better to do. But there are steps you can take to keep your e-mail from snoops.
Use a private account
If you're connected to the Net at work, stop for a moment and think about your activities. If you're concerned about what's in your e-mail messages, or suspect that your company might not approve of your other Internet activities, don't even test the waters. U.S. laws make everything on your employer-provided PC, including your personal e-mail, the company's property--period. That means your employer can legally read your e-mail, and track your Internet peregrinations and postings (though you're supposed to be informed of that possibility in advance). If you want to keep your online activity private, do it on your own computer at your home, using a service that you pay for. If that's not possible, find out exactly what your employer's Internet and e-mail use policies are, and comply with them.
If you want to remain unknown, send your e-mail through an anonymous service like the Global Internet Liberty Campaign's W3 Anonymous Remailer, or a free Web-based e-mail service like Hotmail or HushMail, which offers encryption-based privacy features that other Web-based e-mail services lack. Both ask for personal information when you create an account, but nothing says that information has to be true.
Don't start threatening the president once you're e-mailing under an assumed name, though. The authorities can still trace your messages; one re-mailer was recently forced to turn over records that could identify a sender. But a re-mailer or Web e-mail service is probably secure enough to protect your online romance (though it can't determine your cyberlover's true sex--sorry).
Albert Yale's quick-and-dirty Ghost Mail is another alternative. Like Hotmail, it's not impervious to subpoenas, but this software-based solution could keep hotheads out of hot water.
Finally, if anonymity in online public forums is a necessity, you can post anonymously to Usenet newsgroups and other discussion boards through the Web-based Deja.com service.
Encrypt, if you must
One way to ensure that your messages don't fall into unknown hands--and one that doesn't require new e-mail accounts or user names--is to encrypt it. The freeware edition of Pretty Good Privacy works with your e-mail program to encrypt and authenticate the messages you exchange with others. Due to American export restrictions on cryptography, the download procedure for PGP varies depending on where you are in the world, but the International PGP Home Page's download wizard is ready to help.
Note that with PGP both the sender and receiver will need the software to exchange encrypted messages. The product is free for personal use and, despite its humble name, PGP is about as good as e-mail privacy gets. (Commercial editions are available from Network Associates.)
More E-Mail Privacy: Avoiding Spam
It's every bit as irritating as telemarketers who always call during the dinner hour: unsolicited commercial e-mail that finds its way into your electronic in-box day after day. Unless you connect to the Net via a small, local Internet service provider, you're probably bound to receive a certain amount of spam, but there are steps you can take to prevent spam from arriving in the first place and ways to get it to stop if it's already flowing in.
Keep your address private
If you don't want spam jamming your in-box, there's a simple solution: Don't make it easy for your address to be harvested. Spammers look for valid e-mail addresses in public areas online--mailing lists, Web pages, Usenet newsgroups, and other discussion forums--then barrage them with junk e-mail. To make it convenient for people to reply to your messages, your e-mail and newsreader programs provide fields where you enter your name and reply address. You can make it tougher for the spammers by modifying these fields. For example, if your real e-mail address is email@example.com, changing it to bob@REMOVETHISserver.com will confound most spammers, while still leaving a clue to your real address for actual human correspondents. If you use a signature file to identify yourself in the body of messages, take the same precaution. And you should follow the same strategy when posting to discussion boards on Web sites: Always tweak your address just enough that automated "spiders" won't be able to send spam your way.
Can the spam
Often, spam messages include instructions for replying to the message in order to be removed from the mailing list. Don't do it. Replying affirms that your address is valid. You're better off using your e-mail program's mail-processing rules to intercept and dispose of unwanted messages; or use third-party spam busters like Webster Image's SpamScan97 and Contact Plus's Spam Buster. These products were highlighted in PC World magazine's "The Defenders" in September 1998, and evaluation versions are available from our FileWorld software library.
You can also try forwarding spam to the postmaster or abuse addresses at the domain from which the message appears to have come (for example, firstname.lastname@example.org or email@example.com). America Online is particularly diligent about tracking down spammers working from within its system. If you receive spam from AOL, forward it immediately to firstname.lastname@example.org, and ask them nicely to deal with the scoundrel. You can also alert SpamCop's free reporting service when you're spammed; if spam becomes a huge problem, you might consider subscribing to SpamCop's filtering service.
Most commercial Web sites, portals, and online businesses (including PC World Online) invite you to volunteer information about yourself in exchange for the free news, software, and other services they provide. The site may swear up and down that it doesn't share the information with anyone else, but you're taking their word for it. Privacy policies are nice--but search warrants, subpoenas, and marketers' big wads of cash are often very persuasive. And occasionally, the Webmasters who administer these sites commit blunders that leave their user information databases open to the world. Other times, buggy server software does it for them. See the Electronic Privacy Information Center's Privacy page for all the disturbing details, and follow these strategies to keep to yourself on the Web.
They ask, don't tell
The best way to keep your personal data personal is to not give it out in the first place. In many cases, you can still get to the content or files you want by entering a made-up name, e-mail address, and street address. Skip any optional fields. If you absolutely have to provide personal data, such as a real e-mail or mailing address (it's hard to buy a book from Amazon.com using a fake address, for example), look for an option to opt out of receiving promotional mailings.
Look for the TRUSTe label
If you do have to submit personal information to a Web site, look first to see if the site is certified by an independent oversight organization, such as TRUSTe. Web sites that adhere to TRUSTe's stated privacy principles can display its "trustmark" and Children's Privacy seals. TRUSTe polices licensed sites to make sure they follow their stated policies and intervenes on behalf of users who report violations.
Surfing the Web seems like an anonymous activity, but every Web site you contact knows your computer's IP address. Combine that with your ISP's logs, and you're suddenly in the spotlight. It's hard for me to imagine a (legal) scenario where you'd need to worry about this, but perhaps I'm just not imaginative enough. In any case, Anonymizer.com offers several services that shield you from the Net-savvy tentacles of the sheriff's department or Federal Bureau of Investigation. To see what information your Web browser provides about you, visit Anonymizer's snooping page.
Zero-Knowledge Systems' forthcoming Freedom works with a volunteer network of privacy servers to hide the source of all communications emanating from your computer.
Be selective about cookies
Cookies are text files stored on your computer that many, if not most, Web sites use to track information about your browsing preferences. Cookies can be a convenience--they can automate your login to a site, for example. They can also document your activity on the Web site, allowing the site's administrators to amass information to use as they wish. These files don't identify you personally, although they do identify your computer.
For an object lesson in how popular cookies are, try setting your browser to refuse all cookies. You won't last more than a few minutes. Third-party cookie utilities make it easier to refuse some cookies while accepting others, without driving you completely nuts. The Limit Software's $15 Cookie Crusher does the job, as does Kookaburra Software's $15 Cookie Pal. Evaluation versions of both programs are available from FileWorld.
Cover your tracks
As you browse the Web, your browser quietly caches Web pages, graphics, and other files you've viewed. This cache serves a noble purpose: It speeds your Web browsing experience by loading files you revisit from the local cache if they exist there. However, it also provides a graphic roadmap of your surfing proclivities to the next person (your boss, your child, your spouse) who sits down at the computer and knows where to look. Ditto for the browser's list of recently visited addresses.
To clear your cache in IE5, select Tools, Internet Options, click the General tab, and then click the Delete Files button. To clear the History file, click the Clear History button on the same page. In Navigator 4 choose Edit, Preferences, select Cache under the Advanced branch, and click both the Clear Memory Cache and Clear Disk Cache buttons. To clear the History list, select the Navigator branch, and then click the Clear History and Clear Location Bar buttons.
Scott Spanbauer is a contributing editor for PC World.
Scientists back anonymous Web messaging
RELATED IDG.net STORIES:
W3 Anonymous Remailer
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.