Privacy on the Internet is a rather emotional topic
for some. As a result, there are some scare stories around. Some of them
are overstated. But there is potential for abuse of your trust in the systems
you use. Therefore, there is some need to take care. How much care should
you take? You decide. It depends on what you're doing on the Internet,
and who you are dealing with in doing so. You might want to keep in mind
that there are a few sites that you might stumble across that are less
than honest. Some of those few think nothing of invading your privacy.
A degree of self-preservation is therefore prudent when surfing. This page
provides information and links to sites that will help you protect yourself.
For example: Many commercial sites collect information
provided by your browser for marketing purposes. What those sites do with
that information varies widely. You can probably trust your local government
site not to abuse whatever information your browser provides to it. That
site may even have instituted reasonable protection against crackers who
might like to steal that information. But you would probably prefer that
a porn site have as little information about you as possible if you ever
visit one, even by accident. And there's everything in between.
To what extent can you be identified when browsing
the Web? That depends on the information provided to the remote host by
you and your browser. You can decide what information you will voluntarily
provide, but be aware that your Web browser provides some information to
remotes site without telling you, although most of that information is
not very significant. Some sites offer free software in the hope that you
will install it so that the included "spyware" can track what sites you
visit, and report that information to a remote host when it has an opportunity
to do so. See "Spychecker", below.
Your browser does provide some information about
your system to remote websites. But pay no attention to those banner ads
that remind you that your machine is broadcasting your IP address. Your
machine
has to provide that address to every host it contacts —
without that address, the remote host doesn't know where to send the web
pages you ask for. Anyone can identify who "owns" a given IP address —
see the Internet "WhoIs" Services links below. If
you're using a dial-up connection through an internet service provider
(ISP), you will usually be assigned a different IP address every time you
log on to your ISP. That address could be one of several thousand if your
ISP is a large one. The IP address will identify your ISP, but it won't
identify you without assistance from your ISP. But if you're using cable,
xDSL, or another service with an "always-on" connection, your IP address
changes only infrequently, if at all — which makes it easier for a hacker
to find you again if he wants to, so you might consider installing some
kind of firewall capability if you haven't already.
Your browser also stores information about where
you've been. Some of that information is accessible to remote sites, particularly
if that site has asked your browser to store that information in the form
of "cookies". Those "cookies" can be retrieved by the site that placed
them, and sometimes by other sites as well if they know what cookies to
ask for. Those "cookies" can be useful — they do allow a site to recognise
you when you come back, and to give you a page that you have customised
without having to make you log in to that site every time you visit.
Maybe you're not worried about that. That's up
to you. But do remember that if you're using your office's computer system
to browse the Web, that system may identify your employer as well as you.
If you like your job, don't use your office system to do anything on the
Internet that would embarrass your boss.
And then there's the concern for the privacy of
information in transit: as a general rule, you should assume that whatever
you send or receive over the Internet is as open to the casual observer
as a postcard unless it's encrypted. That doesn't mean what you send is
being read; given the vast amount of information being transmitted at any
one time, it's unlikely that anyone would bother to read your e-mail unless
they have some reason to tell a computer to watch for it. But there is
always the possibility of some unscrupulous person using software routines
to watch for and record things like charge card names and numbers, userIDs
and passwords, etc. at some point along the route between you and the remote
host. For those reasons, financial institutions and other such services
use encryption processes in their websites to protect your information.
Most browsers will tell you if encryption is being used.
The links below will give you some idea of the
issues and hazards involved, and what you can do to protect yourself if
you feel the need.
Provides freeware that monitors any
attempt by spyware to install itself, and that searches your system for
spyware and disables it. Recommended by several sources. See also Spybot — Search & Destroy, below. (7/04)
About.com's exposition of some of the
ways that HTML e-mail can be used to subvert your privacy without your
knowledge. You might want to consider reverting to a plain-text e-mail
client. If not, make sure that you've set your e-mail program appropriately.
That information is provided for most of the current e-mail programs. (12/02)
A good description of the issues, and
some resources for dealing with some of them. Provides a demo of how your
browsing can be tracked across multiple sites by using cookies. Click
here
for their links page.
A detailed (and only
somewhat technical) dissertation on Internet security and the issues
involved. Brought to you by CERT, of the Carnegie Mellon Software
Engineering Institute. Published in The Froehlich/Kent Encyclopedia of
Telecommunications vol. 15. Marcel Dekker, New York, 1997, pp. 231-255.
(7/04)
Provides free software that reports on spyware (see also Ad-Aware, above). Also provides a wealth of information about what's good (and not so good) in privancy software. (7/04)
Reports a surprising amount of information
— all of it developed from information returned to ElfQrin by your browser.
And who is ElfQrin? Well you might ask. I have no idea, so maybe you don't
want to go there. (7/04)
Security leaks in Web browsers
(particularly MS Internet Explorer) have been much in the news. This
page will help keep you up to date on those issues, and test your
browser for certain vulnerabilities on demand. (7/04)
Reports even more information — all
of it developed from information returned to Privacy.net
by your browser. This site seems to be reputable and actively engaged in
furthering the interests of Internet privacy. (7/04)
The best-known anonymizer. Routes Web
contacts through another client so that the remote host does not obtain
information about you from your browser. Also blocks hostile or inquisitive
Java applets and JavaScript. Allows you to test for several security weaknesses
and explains why they matter. (12/02)
A series of articles designed to help
you evaluate your vulnerability, and take steps to reduce it. Readable
and easy to follow — but not sophisticated. (12/02)
"Protecting Rights and Promoting Freedom
in the Electronic Frontier". It has been actively engaged in this area
for a number of years, and is one of the leading proponents of electronic
freedoms.
"Your resource for online privacy information".
Offers information about the now-infamous DoubleClick information-gathering
site, what that information can be used for, and the option of opting
out of involvement with information gathered by DoubleClick.
E-mail is normally about as private
as a postcard. Stealth Message provides a free on-line service that can
encrypt your e-mail and anonymize its origins. (12/02)
A ZDNet "Special Report" on what you
can do to improve Internet privacy.
... and how to find out who's
getting that information
Assignment of IP (Internet Protocol) addresses and domain names is overseen by four Regional Internet Registries RIRs). Their efforts are co-ordinated through the Internet Assigned Numbers Authority (IANA). See Wikipedia's entry on the subject for the names of those registries and more information about them.
The domain name registrant information collected by the RIRs is public,
i.e., accessible to anyone that knows enough to ask for it. There are
several free services that will search those registries,
domain name servers, and whatever other databases may be needed to turn
an IP address into a domain name or vice-versa — and identify the
holder of any particular domain name. Those listed below are only a few
of such resources. But do bear in mind that
identification of the registered holder of a domain name is less than
rigorous — there are no guarantees that the registrant identified is
what it says it is.
"This site has many
DNS and networking tools for network administrators, domain owners,
users of DNS hosting services, etc." It does. Indeed. Could be as
useful as Sam Spade (see below). (3/05)
Domain, registrar, and nameserver searches
done here. The simplicity of this service is its biggest asset — if it provides the service you want. (3/05)
This one is a goody. Does pings, lookups,
traces, xwhois --- all kinds of things. Comes up with your IP address in
the search box (in case you need to know where you're coming from).
Express Lookup does a Lookup, Trace, Xwhois, and Network Lookup — convenient
for checking the origins of junk e-mail. Need help? Just click on the function
name. But it's too good -- some DNS servers won't respond to queries from Network Tools because of the volume. (3/05)
Need to deal with obscured URLs? This
site offers some possibilities. It also offers a secure browser. Plus the
usual tools for identifying the entity behind a URL.
(3/05)
Identify the holder of a domain
name
in any of the 246 country-code top-level domains (ccTLD). Also provides
a tool for checking the availability of a domain name in up to 10 of
those ccTLDs at a time. (3/05)
Then there's those darn pop-ups
and banner ads...
Many websites are advertising-supported. (Well, they
have to pay the bills somehow, so that they can give us all of those goodies
that they think we want.) But some of them are getting out of hand, and
a few of them may invade your privacy -- see C-Net's
article.
So here are some products that are designed to
minimize those problems:
This product is primarily an enterprise
or corporate solution for the bandwidth wasted by advertising. Rated best
of the three here by the Montreal Gazette in June, 2001. A free version
is available for home and school use. (1/02)
This product comes in three versions.
The free version doesn't do an awful lot, but it's a lot better than nothing.
You'll need the most expensive version to block pop-ups. (1/02)
"The fastest browser on earth". The
paid version costs US$39, but the ad-supported version is free. An easily-reached
preference selection allows the user to suppress pop-up windows with a
single click, and also allows excellent control over what cookies are accepted
and which are rejected. (12/02)
Hackers, Snoopers, and Worms
There are far too many tools out there that enable
those with no more than a modicum of technical knowledge to snoop other
people's systems just for the fun of it. Some snoopers look for information
on your system that will permit them to steal your identity, thus allowing
them to obtain goods and services in your name, leaving you to pay the
bill. Microsoft's default settings in Windows make it easy for them. Those
settings, and some notable security weaknesses, also make it easy for virus
and internet worm writers to use your machine to attack others. Here are
a few things you should consider doing to improve the security of your
machine, especially if you are using an "always-on" high-speed Internet
connection.
Disable Java, javascript, and/or
ActiveX controls in your browser when visiting sites that you do not
have reason to trust.
Disable Windows file and printer
sharing. Or if you need those services in your setup, set strong passwords.
Otherwise, your system is open to the world whenever your Internet connection
is open.
Install all patches and updates available
for your operating system, web browser and e-mail client. Microsoft's update
service makes that fairly painless for Windows users. Click here
to start. But be prepared to spend a bit of time — you may need to download
more than 25MB. The patches will install themselves, and the service allows
you to select only what you need.
Learn more about the ports that Microsoft
Windows leaves open by default, and which can be used by snoopers and
hackers to look at the contents of your hard drive — or trash it, if they
want to. Pay a visit to ShieldsUP!
to find out how to close those
ports, and perhaps improve the performance of your system in the process.
Install hardware that provides firewall
services. Routers and other devices that provide a basic firewall service
are now within the reach of many users. They don't need to be the heart
of a home network -- they'll provide the firewall protection to just one
machine if that's all you need. Broadband router/firewalls are also easy
to set up with the default settings.
There are several software solutions
available. ZoneAlarm
is well regarded, and is free. Setup of any software firewall can be a
little bewildering, but provides a lot of options not available in an inexpensive
router-firewall.
These sites provide resources that will help you determine
how far you want to go in protecting yourself:
This site provides resources that will
let you confirm that your data is as private as you think it is, and reveal
any significant security weaknesses. Some general information and links
also provided. (12/02)
"This document gives home users an overview
of the security risks and countermeasures associated with Internet connectivity."
Brought to you by the Carnegie Mellon Software Engineering Institute. (12/02)
Provides links to do a port scan to
see what unauthorized attempts to access your computer may be successful.
Includes links to similar sites. Also provides downloadable software you
can use to see how effective your firewall is at preventing unauthorized
leakage of information from your computer to a remote host. Brought to
you by Steve Gibson, the author of the SpinRite! HDD diagnostic software.
(12/02)