Net users try to reclaim privacy
These are sobering times for Internet users who value their privacy.
The government has expanded its online surveillance authority in the wake of Sept. 11. And Web users are bombarded almost daily with warnings about cyberterrorism, hackers, worms, spyware, identity theft and cookies.
It seems you can't wander down the Information Superhighway these days without wondering who is spying on you or surreptitiously sucking up all your personal information.
Fortunately, there are lots of tools for Internet users who want to reclaim at least some of their privacy.
Encrypted e-mail, "anonymous" Web surfing, and software that crushes cookies and eats spyware can all help reduce your online exposure.
Consider, however, how paranoid you want to be. Building a virtual wall around your online self can be time-consuming and hinder your Internet experience.
Law-abiding citizens probably do not have to worry about the government trolling their e-mail or logging their Web-surfing habits, privacy experts say. On the other hand, hackers, unscrupulous network administrators, co-workers and online marketers all could be trying to scoop up personal information about you without your knowledge.
"I think things have definitely gotten worse," said Lee Tien, a privacy attorney with the Electronic Frontier Foundation. "What has changed is the technology makes it easier to track people, to mine data about people. It's cheaper to analyze data. And with the cheaper technology, they can store more data."
E-mail is perhaps the most ubiquitous form of Internet use, and in many ways the most insecure. Far from being a direct communication between people, an e-mail makes several hops across computers on workplace networks, Internet service providers and e-mail providers, before finally landing in the mailbox of the recipient. Almost anywhere along the way, someone with the right tools can sneak a peek.
"E-mail is essentially a digital version of a postcard, and there are many people who can intercept it," said Chris Hoofnagle, deputy counsel for the Electronic Privacy Information Center.
The best way to foil would-be mail snoopers is to encrypt your e-mail. Encryption scrambles the messages you send to others, requiring the recipient to unscramble the message to read it. The encryption itself is virtually unbreakable. But it requires users on both ends to have a pair of "keys" to encrypt and un-encrypt messages.
Because of its complexity, and the fact that encrypted e-mail users can generally talk only to other encryption users, encryption has resisted widespread adoption.
I tried to install a freeware version of Pretty Good Privacy, easily the most popular encryption program, on our Windows box. The program integrated seamlessly into our Outlook mail program. But it was cumbersome and a little confusing to install, and a couple of weeks later, I still haven't figured out how to use it.
"It's not that easy to use," said Phil Zimmermann, who invented Pretty Good Privacy. "When I developed PGP, it was for human rights applications, and the stakes were high. ... We'll be better off if we develop a system that your mom can use."
Secure Web mail services are making encryption more user-friendly.
Hushmail (www.hushmail.com) is a Web mail service much like Yahoo Mail and Hotmail. Registration is quick and painless, and the company asks for no personal information. After registering, users create a pair of encryption keys that will be used to send and receive messages.
But as easy as it is, Hushmail suffers from a common problem: It can send encrypted e-mail only to recipients equipped to accept it.
ZipLip.com, another Web-based secure e-mail service, cleverly bypasses that problem. Instead of actually sending encrypted messages to the recipient, ZipLip sends an e-mail notifying the recipient that a message is waiting on the ZipLip Web site.
Users retrieve the messages using a special passcode, and then they're deleted from the ZipLip servers.
The advantage here is that the recipient does not need an encryption program on his computer to read the message.
Company President Kon Leong said the service is a "personal project" of his that does not make any money for the Mountain View company^; its main business is selling secure e-mail services to companies.
"I felt that our privacy has been compromised," Leong said. "I think the technology has progressed nicely in terms of allowing snooping around, and for the consumer side of things, there's not a lot of counterbalance."
After e-mail, Internet users might want to consider the vulnerability of their Web-surfing habits. Web surfing litters the Internet with personal information, from Internet protocol addresses, which can identify individual computers, to sometimes personal information like names and e-mail addresses.
Web site owners can see what kind of operating system and monitor you're using, what part of the country or world you're in, and when you last visited their site. They can tell which Web site you visited before theirs, and which one you went to next.
Moreover, hidden scripts on a Web page can bore into your hard drive and retrieve private information, often without your knowledge.
Some of that information is merged with "offline" information, such as credit reports, to draw up a clearer picture of your buying habits, said Lance Cottrell, president of Anonymizer.com, an online service and software program that makes Web surfing anonymous.
"I think the real issue is the amount of information gathering going on," Cottrell said. "People underestimate the value of this information."
Cottrell says Anonymizer, which cloaks a user's Web surfing by routing all user information through its servers first, now has 1 million users and 100,000 subscribers paying $29.95 annually. A limited free version is available as well.
"The general awareness has continued to grow," Cottrell said. "We're seeing a growing concern about security, and people are looking for ways to improve their control."
Cookies, those little text files silently placed on your computer by the Web sites you visit, continue to be a privacy issue. The list of Web sites using cookies seems to grow daily (Look on your hard drive for a folder named "Cookies." We've collected more than 2,400 cookies in just the last year.)
Many cookies serve a useful purpose, such as remembering log-in information or helping e-commerce Web sites keep track of what's in your shopping cart.
But cookies are also used by advertisers to track your surfing and shopping habits. Privacy experts said users should be more aggressive in managing their cookies. Some browsers allow users to block cookies completely (not recommended) or to accept them on a case-by-case basis. Look in the preferences menu of your browser.
Seth Schoen, staff technologist at the Electronic Frontier Foundation, says he deletes all his cookies once a month. He recommends users check out cookie management software such as Cookie Crusher, (www.thelimitsoft.com/cookie/). Newer browsers, such as Mozilla, allow users to automatically delete their cookies after a set period of time.
The newest privacy threat is something called spyware. Sometimes installed on users' computers without their knowledge, spyware programs gather information about the user and his Web habits, information that is then fed back to the owner of the spyware.
Schoen said spyware is an example of how privacy can be compromised by exploiting a computer's weakest links.
"If you're using encrypted e-mail, the technology may be very sophisticated," Schoen said. "But if you end up with spyware getting into where your e-mail is stored, it can copy your address book and send it all over the Internet."
Often, the software will download advertisements -- ad banners, pop-up windows, etc. -- to a user's computer for display later while the user surfs the web.
Schoen said the emergence of spyware underscores the need for computer users never to download and install programs indiscriminately.
Lastly, don't discount viruses, which can invade your computer, grab personal information and files, and send them back out to other Internet users. Make sure your virus-protection software is up to date and turned on at all times.
"All systems are vulnerable," Hoofnagle said. "A lot of what's going on with security is just making intrusion more difficult."
Cybercrime News Archive
^macro[showdigestcomments;^uri;Net users try to reclaim privacy]