Getting Started on the Internet, 12/01/97: Protecting Yourself on the Net, Part II

Latest Colts News

Schedule & Weekly Recap Archive

Personnel & Ticket Info

Team Roster


Descendants of the Mayflower

Life Before Indianapolis

Records & Trivia

Photo Gallery

Other Colts Sites

Visit the Trophy Case

Win the Award

Take the Survey

Colts Chat

Message Board

Other Colts Goodies

Sports Webrings the Infopedia Belongs To

Mike Devitt -- the Man, the Myth, the Managing Editor

Send me an e-mail

Getting Started on the Internet

Michael Devitt

Protecting Yourself on the Net, Part 2 Who Do You Trust? Privacy on the World Wide Web

A person's right to privacy on the Internet has become a hot topic of debate. Earlier this year, several of the Net's leading data collection agencies agreed to voluntary limits to minimize the invasion of privacy. They agreed that from now on, they would release personal information (such as a user's social security number, buying preferences, household income, and other data) only to "qualified subscribers" who promise to use the information appropriately. Previously, such information was available to any party that was interested in acquiring knowledge about a particular individual.

While this may sound like a great relief to many, the actions of these companies represent the exception rather than the rule. The fact is that there are hundreds of such organizations out on the Internet, selling personal information to whoever is interested. With the right resources and some financial reserves, just about any type of personal information can be acquired. The scary thing is, much of this information is being gathered, bought and sold without our knowledge or consent.

An EPIC Test of Privacy

In June, the Electronic Privacy Information Center (EPIC) surveyed the 100 busiest Internet sites to see how they operated in terms of user privacy and the ability to gather information. The sites were ranked by the web service. Some of the sites mentioned (, ESPNet, etc.) are ones that many of you probably frequent as well.

The results were startling. Of the 100 sites tested, about half automatically collected personal or computer data about the people who were visiting the sites. Only about a third of the sites mentioned that they were actually doing such a thing.

In terms of privacy and protecting the information you disclose, only 17 sites even mentioned the privacy factor. Most of those came up short of what EPIC terms adequate disclosure -- for instance, explaining why information is collected, how that information will be used, and what steps the site will take to limit improper use of the data. And only 8 sites gave users some control over whether the web site could share information with other companies or individuals.

Marc Rotenberg, director of EPIC, sees a problem with the way that information is obtained and can be used. "If a person goes to the Web site and gives up his or her name, that person is not necessarily going to know how that information will be used, or if there will be any safeguards to protect that person's privacy, and we think that's a problem."

The Internet's "Cookie" Monster

Whenever you enter a web site, your computer sends the site some kind of information. Usually, it's as simple as the type of computer you're using and the operating system your computer is running. However, your computer can also be asked about what other parts of the Net it's visited lately, and what it was doing there.

Many web sites enable the creation of "cookies." Basically speaking, a cookie is a small kernel of information that can be planted into a user's computer and used without their knowledge. Almost a quarter (23) of the sites surveyed by EPIC used cookies. None of the sites bothered to mention that little fact to their users.

When a user first visits a website and gives out personal information, the site's computer creates a cookie and stores it in the user's hard drive. This way, when the user next visits the site, the cookie will be retrieved, and the site will greet the user by name.

The problem with this is that the same technology that creates cookies can also be used to trackother information as well. A cookie can track which sites a person visits, what pages a user looks at, etc., and then link the data to that person's name and address. Site owners can then sell the information to advertisers and other third parties, without the user's knowledge or consent.

Some Internet browsers can be configured to notify the user when a cookie is set and let you choose whether or not to accept a cookie. However, many users are aware of this feature. And as stated before, most sites that use cookies do not mention it to users.

The Big Test: What Does the Net Know About Me?

Even after starting this article and reading other pieces that had been published about Internet privacy, I didn't think the powers that be knew all that much about me. Sure, like most people, I'd blindly submitted my name and address to a few web sites without thinking. I'd spent time in chat rooms and newsgroups posting messages, talking with people from all over the world. And I'd purchased a few hard to find CDs and books off of the Internet last fall.

But I'd always followed the guidelines friends and other users told me. I didn't give out information to shady-looking web sites. I asked my name to be taken off e-mail lists. I enabled my web browser to alert me to incoming cookies from other web sites. And I made sure that any financial transactions done over the Net were done with a secure protocol. No big deal -- I was safe, right?

Wrong! Here are just some of the things I was able to find about myself:

* My full name, date of birth, gender, and marital status;
* My personal address and telephone number;
* My personal e-mail and world wide web addresses;
* My mother's maiden name (I'd used it as a password once);
* The name of my high school football team (I'd used that as a password, as well);
* What high school I graduated from, and the year I graduated;
* What university I'm currently enrolled at, and my major;
* How many e-mail messages I've sent and received in the past week;
* The amount of time I spent connected to the Internet for the past month; * The names of the CDs and books I purchased off of the Internet in November of 1996;
* The titles of two movies I rented from Blockbuster Video the weekend before last.

That's what I was able to find out for free. For a small fee to a data collection service, I could have found out a lot more, such as:

* My social security number (yes, they are for sale);
* My personal driving record and any records of criminal activity;
* My credit history, estimated yearly income, and other financial information;
* My medical history, including the name of my doctor and any medications I may be taking;
* The type of residence I live in;
* The amount of time spent at my current address;
* The type and amount of campaign contributions made to any political parties;
* The addresses and phone numbers of my relatives;
* The identities, addresses, and telephone numbers of my ten closest neighbors.

Needless to say, this experience was a bit unnerving. Finding out the above information took less than a couple of hours of work. All it took was a name, telephone number, and e-mail address. What if someone had a grudge against me and wanted to find out everything they could? With access to the Internet and some extra money, who knows what else they might find.

Protecting Yourself

So how do you make sure important information like your credit history, medical records and social security number don't fall into unscrupulous hands? Here are a few options:

1. Enable your web browser so that it alerts you about accepting cookies from web sites. On Netscape Navigator, this is done by accessing the Network Preferences section from the Options menu; in Internet Explorer, you can access the Cookies folder.

2. If you receive a lot of junk e-mail, send a message back and ask to be taken off that group's e-mail list. Many companies are notoriously slow when it comes to doing this, so you may have to send several messages for them to get the point. If that doesn't do the trick, complain to your Internet service provider; after enough users complained to America Online about junk e-mail, they announced a ban on e-mails sent from five Internet message companies.

3. Don't post your e-mail address on newsgroups. Use your first name only, then wait and see who replies. Better yet, post your messages through an anonymous remailer. This service hides the heading of an e-mail message, allowing you to post messages while making the name and address of the sender indecipherable.

4. Buy and install privacy/encryption software. A number of companies sell encryption software that keeps web sites and other organizations from finding out personal information about you.

A good privacy program for people who use Netscape Navigator is Internet Fast Forward, available at Among other privacy features, this plug-in allows users to block web sites from sending cookies and advertisements banners. Users might also want to try an encryption program called Pretty Good Privacy. The commercial version sells for about $129, but you can download a freeware version at

In addition, there are a number of web sites worth visiting that deal with the privacy issue:

The Electronic Frontier Foundation ( is dedicated to the protection of privacy, free expression, and public information on the Internet. The site contains updates on the online free speech and privacy campaigns as well as links to other privacy organizations.

The Electronic Privacy Information Center's site ( contains the June 1997 survey they conducted on data collection and provides other valuable information about privacy on the Internet.

The Stalker's Home Page ( is the personal creation of Glen L. Roberts and provides numerous links to information databases and other data collection agencies. A great resource because everything's on one page for you.

The information provided in this column was not intended to scare any of our readers away from getting online. It was done merely to show the awesome power of the Internet, and how easily private information can be made public without or knowledge or consent. If you are concerned about your right to privacy online, please contact EPIC or the Electronic Frontier Foundation and voice your opinion.

In our next issue, we will review three web sites dedicated to the art of online auto repairs. Future issues will cover the Pointcast news browser, the Internet Movie Database, and online news sources. As always, we welcome your feedback. If you have any questions or comments, please e-mail me.


1. The intricate world of the web. CNN Interactive (, June 10, 1997.
2. Ibid.
3. Web users seek more privacy. CNN Interactive, June 9, 1997.

Michael Devitt
Huntington Beach, California

Back to the front page.