Latest Colts News
Started on the Internet
Protecting Yourself on the Net, Part 2 Who Do You Trust? Privacy on the World Wide Web
A person's right to privacy on the Internet has become a hot topic of debate. Earlier this year, several of the Net's leading data collection agencies agreed to voluntary limits to minimize the invasion of privacy. They agreed that from now on, they would release personal information (such as a user's social security number, buying preferences, household income, and other data) only to "qualified subscribers" who promise to use the information appropriately. Previously, such information was available to any party that was interested in acquiring knowledge about a particular individual.
While this may sound like a great relief to many, the actions of these companies represent the exception rather than the rule. The fact is that there are hundreds of such organizations out on the Internet, selling personal information to whoever is interested. With the right resources and some financial reserves, just about any type of personal information can be acquired. The scary thing is, much of this information is being gathered, bought and sold without our knowledge or consent.
An EPIC Test of Privacy
The results were startling. Of the 100 sites tested, about half automatically collected personal or computer data about the people who were visiting the sites. Only about a third of the sites mentioned that they were actually doing such a thing.
In terms of privacy and protecting the information you disclose, only 17 sites even mentioned the privacy factor. Most of those came up short of what EPIC terms adequate disclosure -- for instance, explaining why information is collected, how that information will be used, and what steps the site will take to limit improper use of the data. And only 8 sites gave users some control over whether the web site could share information with other companies or individuals.
Marc Rotenberg, director of EPIC, sees a problem with the way that information is obtained and can be used. "If a person goes to the Web site and gives up his or her name, that person is not necessarily going to know how that information will be used, or if there will be any safeguards to protect that person's privacy, and we think that's a problem."
The Internet's "Cookie" Monster
Whenever you enter a web site, your computer sends the site some kind of information. Usually, it's as simple as the type of computer you're using and the operating system your computer is running. However, your computer can also be asked about what other parts of the Net it's visited lately, and what it was doing there.
Many web sites enable the creation of "cookies." Basically speaking, a cookie is a small kernel of information that can be planted into a user's computer and used without their knowledge. Almost a quarter (23) of the sites surveyed by EPIC used cookies. None of the sites bothered to mention that little fact to their users.
When a user first visits a website and gives out personal information, the site's computer creates a cookie and stores it in the user's hard drive. This way, when the user next visits the site, the cookie will be retrieved, and the site will greet the user by name.
The problem with this is that the same technology that creates cookies can also be used to trackother information as well. A cookie can track which sites a person visits, what pages a user looks at, etc., and then link the data to that person's name and address. Site owners can then sell the information to advertisers and other third parties, without the user's knowledge or consent.
The Big Test: What Does the Net Know About Me?
Even after starting this article and reading other pieces that had been published about Internet privacy, I didn't think the powers that be knew all that much about me. Sure, like most people, I'd blindly submitted my name and address to a few web sites without thinking. I'd spent time in chat rooms and newsgroups posting messages, talking with people from all over the world. And I'd purchased a few hard to find CDs and books off of the Internet last fall.
But I'd always followed the guidelines friends and other users told me. I didn't give out information to shady-looking web sites. I asked my name to be taken off e-mail lists. I enabled my web browser to alert me to incoming cookies from other web sites. And I made sure that any financial transactions done over the Net were done with a secure protocol. No big deal -- I was safe, right?
Wrong! Here are just some of the things I was able to find about myself:
* My full name, date of birth, gender, and marital status;
That's what I was able to find out for free. For a small fee to a data collection service, I could have found out a lot more, such as:
* My social security number (yes, they are for sale);
Needless to say, this experience was a bit unnerving. Finding out the above information took less than a couple of hours of work. All it took was a name, telephone number, and e-mail address. What if someone had a grudge against me and wanted to find out everything they could? With access to the Internet and some extra money, who knows what else they might find.
So how do you make sure important information like your credit history, medical records and social security number don't fall into unscrupulous hands? Here are a few options:
1. Enable your web browser so that it alerts you about accepting cookies from web sites. On Netscape Navigator, this is done by accessing the Network Preferences section from the Options menu; in Internet Explorer, you can access the Cookies folder.
2. If you receive a lot of junk e-mail, send a message back and ask to be taken off that group's e-mail list. Many companies are notoriously slow when it comes to doing this, so you may have to send several messages for them to get the point. If that doesn't do the trick, complain to your Internet service provider; after enough users complained to America Online about junk e-mail, they announced a ban on e-mails sent from five Internet message companies.
3. Don't post your e-mail address on newsgroups. Use your first name only, then wait and see who replies. Better yet, post your messages through an anonymous remailer. This service hides the heading of an e-mail message, allowing you to post messages while making the name and address of the sender indecipherable.
4. Buy and install privacy/encryption software. A number of companies sell encryption software that keeps web sites and other organizations from finding out personal information about you.
A good privacy program for people who use Netscape Navigator is Internet Fast Forward, available at www.privnet.com. Among other privacy features, this plug-in allows users to block web sites from sending cookies and advertisements banners. Users might also want to try an encryption program called Pretty Good Privacy. The commercial version sells for about $129, but you can download a freeware version at http://www.pgp.com.
In addition, there are a number of web sites worth visiting that deal with the privacy issue:
The Electronic Frontier Foundation (www.eff.org) is dedicated to the protection of privacy, free expression, and public information on the Internet. The site contains updates on the online free speech and privacy campaigns as well as links to other privacy organizations.
The Electronic Privacy Information Center's site (www.epic.org) contains the June 1997 survey they conducted on data collection and provides other valuable information about privacy on the Internet.
The Stalker's Home Page (http://pages.ripco.com:8080/~glr/stalk.html) is the personal creation of Glen L. Roberts and provides numerous links to information databases and other data collection agencies. A great resource because everything's on one page for you.
The information provided in this column was not intended to scare any of our readers away from getting online. It was done merely to show the awesome power of the Internet, and how easily private information can be made public without or knowledge or consent. If you are concerned about your right to privacy online, please contact EPIC or the Electronic Frontier Foundation and voice your opinion.
In our next issue, we will review three web sites dedicated to the art of online auto repairs. Future issues will cover the Pointcast news browser, the Internet Movie Database, and online news sources. As always, we welcome your feedback. If you have any questions or comments, please e-mail me.
1. The intricate world of the web. CNN Interactive (www.cnn.com),
June 10, 1997.