Privacy issues from the outside are another can of worms. Again, the attack protection aspects of one’s privacy have been covered in previous columns. Protection against virus and hacker attacks have been covered. Anti-virus programs and firewalls against the various attacks are the main-stay in protecting one’s privacy from the outside at the computer. And, of course, user discretion on his or her Internet use goes a long way in protecting one’s privacy.

There is another aspect of privacy that also is becoming a very large issue for all of us.  This privacy issue concerns what others obtain from our use of the Internet. This is the data trails we all leave when we surf or buy on the Web. The capability exists to monitor in detail every Web move we make on the Internet. Web sites on the Internet can and are making detailed notes of your habits, surfing locations, shopping, credit cards, and nearly anything you do on the Internet. The details include even secretly recording the titles of music played on one’s computer and building profiles of likes and dislikes on individuals to build individual buyer profiles. This monitoring is going on all the time on the Web. As e-commerce has exploded, the volume of traffic has doubled each year of individuals use the Internet for more of his or her services. We are getting the news, buying groceries and books, renting movies, obtaining advice, and possibly voting on the Internet. All of this activity is being monitored. Just about everything we do on the Internet can be covertly monitored by someone who wants information about us.

Information about each of us is valuable to companies who are looking for any advantage that they can gain over their competitors. Companies, by knowing customers preferences, purchasing behavior, and browsing patterns, can provide targeted products, giving those customers a better on-line shopping experience. This is the best of all worlds picture of providing service. In the real world, however, all this personal data may not used to the customer’s best advantage.

Web sites build database customer profiles by tracking where surfers and buyers go and what they look at or buy. Other Web site managers buy the profile data from marketing and advertising companies that monitor how lookers browse the Web sites. All of this information is used to gain competitive edge in the on-line marketing of products.

There are also “tracking networks” that follow Web surfers as they move about the Web, monitoring hits the surfer stops at and the links that are clicked. This is the Web version of targeted advertising in that the tracking network can profile individuals and pinpoint their desires. Some companies use spyware to catch how individuals use their computers. One company, DoubleClick, specializes in tracking Internet users and collecting all sorts of information, such as financial, credit, and medical information so that it can be combined with demographic data to build individual profiles.

Our personal information has been available forever. Telephone numbers, drivers license numbers, social security numbers, and all that personal data we give up when we get something for free. We provide personal data to every bingo card or warranty card we fill out. And, we want something for nothing, so we sign up for all that free stuff, e-mail accounts, software, and other stuff.

Data has been available from public records for decades. Department of Motor Vehicles and real estate deeds are available on the Internet. Everything you have ever wanted to know about your real estate or any other deed is available from the Bexar County Apprisal District, including a basic house drawing outline. Anyone can quickly collect information about each of us, without our knowing that the data is being collected or for what reason it is being collected. As the information is passed around over the Internet, you do not have any control who holds it or what is done with it. One report indicated that identity theft increased by more than 1,500 percent from 1992 to 1999. A great deal of this theft can be blamed on the significant increase in the use of sensitive information such as credit card data, as it is shared over the relatively insecure Internet Web networks. In addition to DoubleClick, other companies such as A.S. A.P. Investigations, Dig Dirt, Engage Technologies and InfoSeekers advertise that they can provide background reports, bank records, unlisted telephone numbers, asset valuations, social security numbers, group telephone lists, marital and medical records for as little as $100.00. The government has not forgotten the Web and it’s gold mine of personal data either. Remember the Federal Bureau of Investigation, and it’s use Carnivore system, which is a wiretap attached to an ISP to monitor e-mail and instant messages at will.

Lax security at Web sites has made keeping personal data private safe from unauthorized users a real problem. It is difficult to trust any Web site to keep personal data from being used by unauthorized users. This lack of security on Web sites has made them a hacker/cracker paradise. Most of the major Web sites have suffered theft of credit card information. Remember that the moment you hand over your credit card for an on-line purchase, any anonymity you have developed is uncovered. In fact, the biggest threat today isn’t crackers, stalkers, or data brokers, but the legitimate on-line businesses that are creating detailed profiles of who you are and what you do on-line.

Consumer profiling is not new. The catalog companies have been tracking purchased products for years so that they can tailor catalogs specific to your interest. Shopping club cards such as Sams Wholesale allow them to keep detailed records of the products you buy. Special interest magazines such as PC Magazine and PC World keep databases of readers, and, sell them to others. As the practice of profiling was wide-spread in the past, it was not as damaging to individuals as Web site profiling is now. Then, it was not easy to combine, say supermarket purchases with magazine subscriptions. Now, with the Web site profiling, it is a piece of cake to combine all sorts of lists to develop unprecedented amounts of data about personal interests and activities. Is this data accurate? One example I read about recently went like this:

 “Say you buy a book on-line, Profilers can see what you looked at and what you bought. Do these books reflect political opinion, sexual preference, or health conditions? Privacy issue advocates and other critics paint a dark scenario range of outcomes. Profilers then sell this information to corporate employers, who use it to screen out job applicants, say based on data about medical histories or some other factor, which may or may not be true.” 

The potential exists for this profile data to be subject to subpoenas or be used by unscrupulous companies or individuals. One’s surfing habits could be used in a divorce or child custody case, where the opposition could use the data against you. This information can easily become accessible to hackers, employees having problems, or crooks with something to gain by blackmail. All it takes is access to the Internet.

DoubleClick, A.S. A.P. Investigations, Dig Dirt, InfoSeekers, and Engage Technologies are the biggest profilers on the Internet and are Web sites that each of us have probably never visited. They gain information by using banner advertising in thousands of Web sites that are able to collect data about each of us without our knowing it. These firms use tracking cookies to determine which banner ads you see when you access a Web page. The first time you visit the Web page, the ad deposits a cookie on your hard disk drive (HDD). The next time you visit a Web site with an associated ad on it, that cookie on your HDD sends the universal resource locator (URL) of that page back to the ad agency’s server; thus, beginning the detailed clickstream of the places visited on the Internet. Currently, this data is not matched to individual identities, but contains a globally unique identifier (GUID), that lets the server track your Web movements without your actual name or e-mail address. DoubleClick has amassed information on about 100 million users and Engage Technologies has information on approximately 52 million users. DoubleClick is in the process of linking names to the surf data. This has caused privacy activists to ask the Federal Trade Commission to stop this “engaging in unfair and deceptive trade practices by tracking the on-line activities of Internet users.” Several states and civil actions are currently under way to stop these activities.

What can we do?
Anonymous browsing is one way to keep your surfing habits from being tracked by the profilers. Anonymous browsing is usually provided through a service. Among the techniques, which offer varying levels of security, convenience, and cost, are proxies or encrypting the remote URL and Web page data. Proxies retrieve pages from remote Web sites and send them to your browser without leaving your identity on the remote site. Other proxies hide page URLs from outside viewers, but do not protect the content of viewed pages. The most secure service encrypts the remote URL and page data and transfer it via file transfer protocol (FTP).

One of the most though solutions is a free service SafeWeb that uses 128-bit Secure Sockets Layer (SSL) to encrypt all HTTP data. This service is used by entering the desired URL in a form on SafeWeb’s Web site. SafeWeb retrieves the page, encrypts and compresses the page, then sends it to your browser, where it is opened in a separate window. All links accessed through the new window are encrypted. Another example of a secure proxy is Idsecure, a fee based browser. It works on SSL as well. It costs $15.00 every three months or $500.00 per year. It blocks cookies and JavaScripts in one page and allows them on the second page. 

Another security method is to control the placement of cookies on your HDD. Remember that it is through cookies that your Web activity is tracked. Cookies are small files that collect specific data about your Web browsing. The data generated from cookies by profilers is packaged and sold to on-line marketers and advertisers. There are holes in the Microsoft (MS) and Netscape e-mail clients that open them to expose data in cookies. And, cookies generated by one Web site can be read by other profilers. Patches the MS Internet Explorer (IE) have stopped this hole, but many IE users have not installed the patch. The current browsers provide security settings to accept, reject, or be prompted for cookies. Cookie blockers like IDsides Privacy companion is a free download. This program singles out cookies from tracking networks, keeps them out of your machine, and sends an alert, naming the Web site that attempted to get dat on you. Another example by Limit Software’s Cookie Crusher 2.6 have additional options that let you see the issuing Web site, the cookie exploration date, and ID of cookies stored on you machine. This is a cost service at a one time $15.00. It lets you set filters for accepting or rejecting cookies. Keeping track of cookies is one of the most important security techniques you can do for your privacy.

Secure e-mail is very important to your privacy. It was hard to set up in the beginning, but now there are Web-based services, applications, and e-mail plug-ins that add security layers to your e-mail. Disappearing Email 2.6 is a free plug-in for MS Outlook 98/2K that sends self-destructing messages that disappears after a period of time set by the sender. ZixMail is a fee based client that uses it’s own e-mail client or MS Outlook 98/2K. It costs $12.00 per year. Messages are stored under password protection with SecurityDelivery.com, where the recipient can view it in a browser with SSL encryption after receiving notification of it.

Conclusion
Privacy is paramount.