Consumer Payment Card News

Internet Privacy an Oxymoron??

Cookies and milk ain’t what they used to be. “Magic Cookies,” according to John Eckhouse, Senior Editor/Online HomePC, are “little crumbs of information that a Web site downloads to your computer’s hard drive — usually without your knowledge — when you visit, and reads each time you return.” In his feature article in the April issue of HomePC, Eckhouse points out that in most cases, cookies are helpful, time-saving tools. They can, however, be used to gather information about visitors to Web sites and that information can then be sold to other companies.

Cookies aren’t the only way companies and people can learn intimate details about individuals over the net. Even those who have never logged on to a computer are vulnerable. According to Eckhouse, there’s a startling amount of information on the net about non-surfers. The data is available courtesy of data brokers who have collected information from phone directories; birth, marriage, divorce, death, property tax and driver’s license records; credit bureaus; and other assorted databases.

Children are another target for data collection. Unscrupulous advertisers often ask kids visiting certain Web sites for personal information, such as name, address, phone number, e-mail address, computer usage, friend’s e-mail addresses, pets and kind of products owned — all without requiring an adult’s permission or disclosing how the information will be used.

It’s even easier to get the lowdown on a regular Net user. To test how simple it is to gather highly personal information online, Eckhouse began with the e-mail address of someone with whom he had communicated just a few times. By using resources readily available on the Net (including one with the ominous moniker The Stalker’s Home Page), in just 40 minutes Eckhouse uncovered the following about his e-mail pal: his home address, his two home phone numbers, his daughter’s age and the fact that she’s diabetic, his favorite music artists, his interest in brewing beer at home, and that he first logged onto the Web in June 1995 using a 486DX2/66PC.

Postings to Usenet newsgroups can also be traced by anyone using Deja News, an enormous, searchable database that stores virtually every posting made to Usenet groups since March 1995 (Deja News is aiming to archive every posting since Usenet’s founding in 1979). “If someone collects everything you’ve ever discussed in newsgroups, a pretty good profile of you emerges,” Eckhouse said. Other options for collecting information about an individual include hiring a cyber-sleuth. “I e-mailed a request to Sherlock, a service of the American Information Network, and paid $20 by credit card,” Eckhouse said. “Within 24 hours, I received my e-mail pal’s social security number, and every home address he’s had since 1977.”

The ramifications are jarring: “A con artist could take out a loan or get a credit card using your identity, then stick you with the bills,” Eckhouse said. “A potential employer might use the Web to run a quick check on your character and you’d never know that something you said online (in a Usenet newsgroup, for example) cost you the job. A stalker might even use information about you to harass you online or in person.”

What can individuals do to protect their privacy? Eckhouse recommends the following:

Use e-mail Encryption Programs or Limit Online Visits to Safeguarded Sites

If a user is concerned about the possibility that someone is reading his or her e-mail, it is possible to protect e-mail with encryption software such as PGmail 4.5, a Windows program available on the Web from Pretty Good Privacy (http://www.pgp.com).

Visit Sites Bearing the eTrust Symbol

To make sure the information a user provides online voluntarily does not come back to haunt him, he should look for the eTrust symbol that will soon be turning up on Web sites. The symbol means the site safeguards online information by adhering to a set of rules designed by privacy advocates headed by the Electronic Frontier Foundation (EFF), a non-profit organization concerned with civil liberties in cyberspace (http://www.eff.org). The international accounting firms of Coopers & Lybrand and KPMG will audit the privacy practices of Web sites displaying the eTrust symbol.

Just Say No to Cookies

Web browsers can be set to warn a user whenever a site attempts to place a cookie on the computer’s hard drive. In Internet Explorer versions 2.0 and later, go to the View menu, select Options, click on the Advanced tab and then check the box that says Warn Before Accepting Cookies. In Netscape Navigator versions 1.0 and above, go to the Options menu, select Network Preferences, click on the Protocols tab, then check the box that says Show an Alert Before Accepting a Cookie. Now, each time a user visits a site that attempts to place a cookie on the hard drive, he or she has the option to select Yes (which lets the cookie come in) or No (which blocks the cookie but still lets the user view the Web site). Programs such as Cookie Cutter (available for $19.95 at the Pretty Good Privacy Web site at http://www.pgp.com) and CookieMaster (available at http://www.hotfiles.com) let users remove existing cookies and selectively intercept new ones that are sent to users.

Anonymize

To block Web sites from collecting information about users, surfers can begin every visit from a site called the Anonymizer (http://www.anonymizer.com). This site acts as a middleman between a user’s PC and the Web so that when she types in a URL or clicks on a h.plink, the Anonymizer retrieves the Web page for her without revealing her identity and without allowing any cookies to be deposited on her computer. “The Anonymizer may slow down Web surfing a bit,” Eckhouse said, “but it may well be worth the privacy you’ll gain.”

Block Usenet Archives

When posting to newsgroups, just type the phrase x-no-archives:yes as the first line of your posting to a Usenet newsgroup, and Deja News won’t put the message into its archive. Users can also e-mail Deja News and ask the service to purge its database of old postings a user would rather not have anyone see.

Additional help is on the horizon. Katherine Montgomery, President of the Center For Media Education (CME), wants the Federal Trade Commission to require children’s Web sites to obtain verifiable consent from parents before collecting information, and to disclose to adults what’s being gathered, how it will be used and who will have access to it.

Until such an act is in place, however, Eckhouse recommends parents take an active role in monitoring their children’s activities while they are online. And, although a system for prohibiting disclosure of personal information on the Net does not exist yet, if Rep. Bruce Vento (D-Minn.) has his way in Congress, the Consumer Privacy Protection Act of 1997 he introduced in January will prohibit companies from disclosing any personal information unless the parties involved provide their explicit written consent. Additionally, consumers would have the right to see and correct errors in any personal information stored online by the company.

Published monthly by CMP Media Inc., HomePC provides easy-to-understand information about home computers, and each issue is packed with engaging features, trouble-shooting tips and first-hand product reviews. The magazine’s editors and columnists are the foremost experts in education, entertainment, and productivity products for home computer users, and can be reached at http://www.homepc.com, or on America Online at Keyword: HomePC.

CMP Media Inc. provides publishing, marketing and information services to the entire high-technology spectrum — the builders, sellers and users of technology — through print and electronic media. All of CMP’s publications and online products can be accessed through the company’s TechWeb(R) site on the World Wide Web (http://www.techweb.com). Along with HomePC, print titles include EE Times, Computer Reseller News, InformationWeek, NetGuide Magazine and WINDOWS Magazine.

Leave A Reply