Internet Privacy©
by: Thomas P. Herrod
Copyright© 2000 - 2001
pri•va•cy \"pri-ve-se\ n, pl -cies 1 : the quality or state of being apart from others 2 : SECRECY These words have powerful meaning to some, and not so powerful to others, but one thing remains, EVERYONE is entitled to privacy. Wether it is some personal time, to not giving out your personal information via the Internet, to protecting your credit cards and social security number, to any other dealings with your personal life that you choose not to make public. Some things are meant to keep private, while other people make it their job to get that personal private information, and distribute it, in any way, shape or form, for THEIR PROFIT, AND NOT YOURS. Since when does your personal information become public when you want it private as it should be? ANSWER: When you took it upon yourself to enter the world of the Internet, your privacy rights were tossed out by the proverbial Internet Waste Baskets we call: Advertiser/Third Party Marketing Engineers. This term might offend some people in the advertising sector, but they forget: Even they are targeted by their own privacy violation inventions, in some way. Since the dawning of the Internet, advertisers have tried to muscle their way into your computer in order to compete with their rivals, at the expence of your privacy and personal habits that you make via the Internet, in order to beat the competition. Most of this is done by means not known by you, and your computer is giving out information that you might not be aware of, including your private information to be Cropped: term used to describe that your personal habits/information has been stolen from you via your computer connected to the Internet, whithout your prior knowledge or consent, by a third party program included with the legit program in order to get this information and call back to it's computers for uploading, storage and possible sale, to Browser version snooping, programs that you have on your system, and any other information that your browser is willing to give out via other means. Some browsers and e-mail programs might include these programs and supported features:
XML: http://msdn.microsoft.com/xml/default.asp
All of these technologies above can aid an individual or site to crop your information by using known commands that work with your Browser, E-Mail, or other programs that access the Internet. A programmer or web site administrator who has the proper knowledge to implement these technologies to their advantage, by exploiting your personal information or surfing habits via the Internet with their programming talents will try and get this information at any cost. Some web sites will ask your browser what make and version you are using. This is mostly innocent because some web sites set themselves up for different browsers, and need this information to display the web page(s) to you properly with the browser you are using. Other sites use this information to add to their database what you are using to target you for advertising or other ways to keep tabs on what browser you use for their advantage. Some use this information to gain the upper hand for other programming needs based on what browser you use, and what other technologies can aid them in their tasks to get this information they seek.
ActiveX, JAVA, Cookies and other programming aids were suppose to aid users. Today, however, we have seen an influx of privacy violations so abundant, privacy surpasses itself as a myth, rather than fact when communicating over the Internet. When companies and individuals take it upon themselves to sell or give away a persons private intellectual property for their profit, and not yours, who benefits? It certainly is not the user! Wether it be DEMOGRAPHIC MATERIAL in their words, they can manipulate your computer in a way so that they can get certain information that will benefit them, in the ruse that it will benefit you now, or in the long term. Don't buy that line for one moment folks, or I have some land I am willing to sell you cheap in a biological disaster area. It benefits them and their partners, with little or no benefit to you the end user, at the expence of your privacy.
Web BUGS/PIXEL Cookies - Yes, believe it or not, some web sites hide those little Cookies in their graphics also. If they can't get a cookie in the normal way, they attach it to a graphic in hopes it will be planted. Some even go to the extreme by embedding them in "invisible" so to speak, graphics. Why would they do that, in an extreme and very intrusive manner, to the user? Make your own judgement call here. Some Cookies are good, some Cookies are evil theories abound. Just like commercials that invaded the radio and television scene, the Internet is fair game also for these technologies. They hide them in 1x1 pixels embedded in clear .gif files. (Web bugs, also known as clear .GIF files, enable advertisers to secretly track the online behavior of users for marketing purposes. Web bugs can also be coded in email and linked with a users log files. Basically, same as a Pixel Cookie, but more accepted term for it.)
UNICAST - Unicast is pushing a new ad format called "superstitial", which loads itself unseen into your computers memory while a user is viewing a web site. It appears instantly when a user clicks to another link on the same web site.
EULA: End User License Agreements - These are the little boxes that pop up on their web site or in programs that you install, and have to agree with prior to excepting and running the program or service. The EULA comes in many forms, and there is no standard law that rules over it, less certain states that impose their restrictions or laws governing such policies. The main problem with most EULA's, is that they are sparse, have no privacy statements to protect the user's privacy or personal habits that are cropped via their program or service, disclosing that your personal information was taken and it could be sold/given away for profit or not, to poorly written and maintained by the provider(s). Some web sites and companies do come straight out and tell the end user exactly what is being cropped and how it will be used. This is a double edge sword, because if a person understands the EULA (most people skip right over it to hurry installation, or simply ignore the EULA) and clicks the next dialog button, they know they can use the service or program right away without any penalty in using that service or program. If you do not agree with the EULA, most services and programs will terminate, thus frustrating the user into submission. They use techniques like rambling legal mumbo-jumbo, long and drawn out EULA's in order to accomplish bordom so the user just clicks the next button, threats of lawsuits against the user, promises by third parties, to out right lies. I have seen it all folks. If you want the low down on these EULA's, and if they affect you where you live, check with a professional legal advisor in your area. :o)
Protect Yourself, Learn About These Technologies - Remember, you can only protect yourself as well as you know the advisary and have the proper tools to accomplish the task. There are so many different companies that now sell software for these tasks, it would be hard to list them all. Our personal favorites are Norton Internet Security products by: www.symantec.com . Firewall, Anti-Virus, ActiveX filters/blockers, JAVA filters/blockers, Script filters/blockers, Privacy filters/blockers and Cookie filters/blockers to name a few. If you cannot afford these packages, one can still monitor and get rid of certain annoyances by doing some simple maintenance to your computer without purchasing costly products:
***NOTE*** - In Win98+ systems, you can manage and maintain your Cookies and other nasties in these directories after you surf the web. The first one, which is quite obvious, is located in: C:\Windows\Cookies . After you are done surfing the web, go to this sub-directory and delete everything that you are not familiar with. Keep the cookies that you know and trust. Get rid of everything else, for some of these cookies and other files are nothing more than trackers of where you have been, to monitoring your habits on the Internet, to other nasty activity.
C:\WINDOWS\Temporary Internet Files sub-directory holds the key, however. In this sub-directory, it also keeps these files. However, if you delete them here, the Cookies sub-directory also gets deleted automatically. So, in retrospect of this discovery, you can simply delete these files in this sub-directory with the advantage of also managing the Cookies sub-directory at the same time. Also, going through your Browser/E-Mail Settings/Options can reveal what it is doing. Make sure you understand what they do, and how you can turn off certain features that you do not want activated, but understand the implications when you disable them and what to expect after the change. Make sure you keep up with your operating system and programs updates/patches/fixes on a regular basis. Keeping your system updated is the most important step in locking down known holes and exploits.
Privacy is secrecy, and not public.
ActiveX: http://www.microsoft.com/com/tech/activex.asp
JAVA: http://www.java.sun.com
Cookies: http://www.cookiecentral.com
Scripts & Applets - Used with XML, ActiveX, JAVA, And Visual Basic
1.....Rename your computer to the word unknown and others like unknown2,3,4,5.
2.....Make sure File & Print Sharing are Turned OFF if you don't run a Server.
3.....Make sure you keep all of your software/hardware programs UPDATED.
4.....Never tell anyone your Real Name or Where You Live unless you explicitly trust them.
5.....Beware of the "Con-Artist" which tries to make you divulge personal information.
6.....Know your Browser and E-Mail programs capabilities and it's associated programs.
7.....Teach your children about privacy and how to use it on the Internet.
8.....Keep up with Current News concerning Privacy and Internet Security Techniques.
9.....Clean out your COOKIES directory after surfing the web. ***SEE NOTE BELOW***.
10...Make sure you trust web sites enough to run XML, ActiveX, JAVA, Scripts, Applets, & Visual Basic programs on them. When in doubt, don't permit them.
Visit the following sites to learn more about software tools and services that can protect your personal information and/or enable you to browse the Web anonymously:
| Tool | Publisher | Web Site |
|---|---|---|
| ADAware | Lavasoft | www.lavasoft.de/aaw/index.html |
| Anonymity 4 Proxy | iNetPrivacy Software | www.inetprivacy.com |
| Anonymizer | Anonymizer.com | www.anonymizer.com |
| Gator | Gator.com | www.gator.com |
| Internet Junkbuster Proxy | Junkbusters | www.junkbusters.com |
| iPrivacy | iPrivacy | www.iprivacy.com |
| Naviscope | Naviscope Software | www.naviscope.com |
| Norton Internet Security | Symantec | www.symantec.com |
| Orby | YOUpowered | www.youpowered.com |
| Persona | Persona, Inc. | www.persona.com |
| Privacy Companion | IDcide, Inc. | www.idcide.com |
| Privacy Tools | EPIC | www.epic.org/privacy/tools.html |
| Proxomitron | Scott R. Lemmon | www.computerstuff.net/prox/index.html |
| Safeweb.com | Safeweb.com | www.Safeweb.com |
| TopClick | TopClick Inc. | www.topclick.com |
| ZixCharge | ZixIt | www.zixcharge.com |
Shareware: try before you buy.
Freeware: FREE!
Some of the above types of programs and even programs you have purchased at your favorite computer software store can harbor privacy cropping techniques, and relay that data back to another computer without you knowing it while you are connected to the Internet. The privacy respecting and honorable businesses that give a user an option to deny any information gathered by the business about that user(s) to be deseminated to any third parties, or sold for profit/given away without the explicit consent of the user(s) will not only keep their customers, but gain the trust of the users themselves toward the company or business.
If this were true for all Internet business/companies, privacy would not be a concern. Unfortunately, via the Internet, these privacy concerns are not only true, but very true indeed.
On the other hand, a tangle web they weave. Some software authors are so desparate to get their product out and into the mainstream, They will partner with other companies in order to BUNDLE their products with other individuals or companies. Some of these products/software are nothing short of privacy cropping engineers that try to get information on your software and hardware that is installed on your computer, operating system, e-mail address, browser software, e-mail software, to name just a few. Shareware programs are getting hammered with these techniques. Freeware programs, on the other hand, are the most exploited with these techniques, as well as very poorly written EULA's and privacy statements that truly protect the end user from these practices. We do not state that all of this type of software is evil, it is a well known fact that these types of programs have been targeted for this activity in the past concerning Shareware and Freeware programs available through the Internet, and even bundled with commercial software in some instances, and bundled with purchased hardware for your computer. DEMO programs also have harbored these types of activity and "bundling" techniques. Using a Packet Sniffer program will catch most of this activity if it tries to "call-out" to another computer, as well as serious monitoring and logging capabilities. We have found that the below program was not only affordable, but was of professional quality and even a newbie can use it. For the price and functions it carries, it is an excellent program to include in your Internet arsenal. Parents, on the other hand, should keep packet sniffers from their children. A Packet Sniffer program like CommView, can be used in numerous ways:
I must, however, point out that hackers/crackers/skript kiddies also use packet sniffers for bad purposes also. They use these
packet sniffers to sniff for information that can aid them with their attacks, social engineering manipulation, and any other pertinent
data they can get their hands on, if they can sniff your packets on your computer to aid their tasks. That is why I warn parents to
monitor their children when on the Internet. Children are just as curious, if not more so, then most parents. They find the Internet
not only fasinating, but will experiment on their own when they can. If you do not want your children to find out where mom and dad
have been surfing to, or find out your passwords, to other numerous information, keep packet sniffers away from your children until
you teach them the proper way to use them. Packet Sniffers are powerful tools for the Administrator, Internet Security Experts, and
the Researchers.
Packet Sniffers are powerful tools in the RIGHT hands, but if used by the WRONG individuals, can not only harm your computers
security, but also compromise that expensive computer you vigilently setup for security and privacy. Be aware of what packet sniffers are available for your operating system, and scan your computer for them. If you did not install them, then you know for a fact that
someone else did, to violate your privacy and security. As a side note, check your childrens computers for packet sniffers also! Use
Packet Sniffers responsibly!
Everyone has the right to PRIVACY. This paper is not designed to aid the criminal, but to address those privacy concerns that the public has cried out time and time again concerning Internet Privacy. Your family, children, and loved ones are all affected by these privacy concerns when they connect to the Internet. Until serious legislation is passed to thwart these privacy violations via the Internet, your best defence is to keep updated on these privacy concerns and possible remedies.
Children's Online Privacy Protection Act, News and Solutions: http://coppa.org/
1. Checking programs that send passwords out to the Internet, unencrypted.
2. Checking Firewalls and Intrusion Detection programs for security computer Port Leaks.
3. Checking for rogue programs that connect to the Internet without notifying you, or, asking permission to do so.
4. Checking Routers and Switches for proper operation.
5. Checking Browsers and E-Mail for security and privacy leaks.
CommView Packet-Sniffer: http://www.tamos.com/cv.htm
Remember, YOUR PRIVACY is a RIGHT, not a WRONG -
Useful Links:
Links you should know about -
Privacy Analysis of your Internet Connection: http://www.consumer.net/Analyze
Freedom of Information and Privacy Office: http://www.gov.on.ca/MBS/english/fip
OPTOUT - by Steve Gibson and other Privacy Issues: http://www.grc.com
ZDNET/TechNET Privacy: http://www.zdnet.com/filters/privacy/
Privacy.Net: http://www.privacy.net
Privacy Alliance: http://www.privacyalliance.org/
Hushmail E-Mail: http://www.hushmail.com
JAVA Security Hotlist: http://www.rstcorp.com/javasecurity/links.html
JAVA Security by SUN: http://java.sun.com/security/
Privacy International: http://www.privacy.org/pi/
Cookie Central: http://www.cookiecentral.com
EPIC Cookies Page: http://www.epic.org/privacy/internet/cookies/
Internet Privacy Coalition: http://www.privacy.org/ipc/
CPSR: http://www.cpsr.org/
Internet Privacy Law: http://www.netatty.com/privacy/privacy.html
Privacy Analysis: http://privacy.net/analyze/
Other Infrastructure Links: http://www.nipc.gov/links.htm
Anonymous Web Surfing: http://www.inetprivacy.com/a4proxy/index.htm
Public Records by KnowX: http://www.knowx.com/
IFCC: https://www.ifccfbi.gov/
Better Business Bureau: http://www.bbb.org/
Microsoft Security Advisor: http://www.microsoft.com/security/default.asp
The Privacy Page: http://www.privacy.org/
EPIC Online Guide To Privacy Resources: http://cpsr.org/cpsr/privacy/epic/privacy_resources_faq.html
Privacy Rights Clearinghouse: http://www.privacyrights.org/
Web Paranoia: http://www.webparanoia.com/
Hiding from the Man: How to Protect your Privacy: http://www.chiprowe.com/articles/privacy.html
The Center for the Study of Technology and Society: http://www.tecsoc.org/persec/persec.htm
Electronic Privacy Organizations and Resources: http://cuinfo.cornell.edu/CPL/privacy.htm
HotWired - Index to Privacy Resources: http://hotwired.lycos.com/Lib/Privacy/
Anonymity and Privacy on the Internet: http://www.stack.nl/~galactus/remailers/
RFC1113: http://ice.pvrr.ru/~andrew/rfc/1100/rfc1113.txt.html
Enonymous Software: http://www.enonymous.com/
Canadian Privacy, News, Links: http://www.privacy.nb.ca/
CASPIAN - Consumers Against Supermarket Privacy : http://www.nocards.org/
The Right to Privacy : http://www.rightoprivacy.com/
VA Privacy Policy : http://www.va.gov/privacy/
Electronic Frontier Foundation EFF: http://www.eff.org/pub/Privacy/
We HIGHLY suggest that you browse the provided links for more
indepth analysis concerning these issues, as well as reading and understanding
the software that you use to combat these possible threats. This document does
not garantee that it is 100 percent accurate, implied or otherwise. It is YOUR
JOB to research these issues, and implement what YOU think is necessary to
insure a happy and safe Internet experience. The links provided are for your
reference and may change. Please insure that you visit your favorites from time
to time in case they change their linked locations in order to keep you current
on that particular web sites changes, if any.
This Web Site is not responsible for the content at any of the external sites that we link to (including sponsors) and therefore, are not necessarily endorsed by us. Graphics, programming, copyrights, and trademarks other than that provided by Thomas P. Herrod, belong to their respected owners.