Your personal information sure has been in the news a lot recently. Well, maybe not yours in particular, but hardly a week goes by without some sort of horror story about private data becoming anything but private. With all the scare in the air you might be convinced to bury your head—and your computer—in the sand. Don’t. There are some things you should worry about and some you really shouldn’t. This guide will help you separate the two and help you preserve your privacy online.
Accept that you’re already screwed. You can’t help it—a loss of privacy is a fact of modern life, a result of the comforts and conveniences that define it. The files on your computer were completely safe until you decided to connect it to a public network, i.e., the Internet. Well, now you’ve done it. Computers are just too complex to protect in a completely foolproof manner. It doesn’t matter if you’re running Windows, Mac OS, or Linux—someone out there is finding a new way to break in. And even if your computer is safe, you are leaving behind you a trail of information about your credit card purchases, your Web surfing, your phone number, and your income. Someone somewhere knows something about you that you’d rather they didn’t. My advice: Adopt a Zenlike acceptance of your fate.
If you can do that, determine what level of privacy you’re prepared to battle for. One Microsoft alumnus was rumored to be so fanatic about his privacy that he paid cash or cashier’s check for everything, took the bus everywhere so he didn’t need a driver’s license, and wouldn’t give his Social Security number to anyone. Assuming you don’t want to completely disappear, I’ve devised a slew of security suggestions from which you can pick and choose to match your temperament. And, to give you a perspective of what’s reasonable, I’ve indicated what security steps I take.
Beware the Internet and practice safe computing. Any computer connected to the Internet is at risk, especially one connected to a cable modem, a DSL line, or even a regular phone line for hours at a stretch. Such permanent connections give hackers extra time to find your computer and attack it. To foil them, download the latest security updates for your operating system and browser. (Windows updates, Apple updates, and Redhat Linux are all free and easy to install, as are upgrades for Microsoft Internet Explorer and the latest iterations of Netscape Communicator, Version 6.01 and Version 4.78.)
Because computer viruses and worms can gather information from your computer and send it elsewhere, disinfect your computer regularly. Here’s a good roundup of scanning and virus protection software and strategies. You should update your virus software every week and monitor this Web site for news about emerging viruses that your virus software might not be able to handle. Protect your computer from attack with software and/or hardware firewalls. Go here to learn more about firewalls.
After you’ve updated and cleansed your system and installed a firewall, practice safe computing! Namely, never open an e-mail attachment from a stranger that has the extensions “.exe” or “.vbs.” If an acquaintance sends them, make sure they’re not infected with a virus by saving and scanning them with your virus software. The same goes for files downloaded from the Web. As a rule, make sure any software you download comes from a reputable source before opening it. Everybody should take all these steps.
Also, turn off your operating system’s “file-sharing” capacity so that nobody on your network can get a peek at the private files on your hard drive. This page tells you how.
Encrypt your messages. Special “packet sniffing” software can intercept your e-mail on the Internet, but it’s not that huge of a risk. As this sidebar from a previous “Webhead” explains, my computer can only sniff packets from a small group of other computers. (On the other hand, Mr. John Morrison of 2314 Miller St., you should really do something about that cyst.) The FBI has a giant packet-sniffer scheme in the works called Carnivore that can scan e-mail, presumably looking for terrorist bombers and kiddie porn. If you don’t want anyone to read your e-mail under any circumstances (say, if you’re a terrorist or sending kiddie porn), you and your correspondents should install encryption software like PGP. Personally, I don’t bother—my e-mail just isn’t that interesting.
The same goes with instant messages. Unfortunately the only major IM software that can be encrypted is ICQ (again using PGP). If you want to keep it a secret, don’t send it by IM. Again, I don’t sweat it.
Don’t use your work computer for personal stuff. Not only does your employer have the right to read anything on your computer, he also controls the local network. That means he or the techs who run your system are in a perfect position to read your e-mail and instant messages and track which Web sites you visit.
There is a way around your boss’ snooping, however. Software like PC Anywhere or Microsoft Terminal Server allows you to run programs on your home computer and view the results at work. This is really only usable if you have a fast connection at home. It’s still possible for your employers to monitor you, but unless they’ve aimed a video camera at your screen or installed a keystroke recording device or program on your office machine, you’re pretty safe.
Don’t use credit cards online. Credit cards, as I explained last year, are not a secure payment method. SSL, the encryption used to send credit card information across the Internet, can be (and has been) broken by security professionals. The larger risk is that the company that receives you credit card information may be lax about security, or employ crooks who will steal your number. That said, my wife and I use our credit cards online all the time because our credit card company will eat any illicit charges. By the way, Discover Card can generate a unique credit card number for every online purchase, which gives you additional security. American Express Blue offers a similar feature.
Beware of cookies. Cookies are little files that Web sites deposit on your computer that help it recognize you when you return. They make it possible for Amazon.com to say “Welcome Bill!” whenever I go to the site and recommend new purchases based on my previous ones. But they also allow Web sites to gather information about you even when you aren’t explicitly identifying yourself. Say you visit a site nine times and then on the 10th you buy something, at which point you give your name and billing information. That cookie could classify you as the sort of person who visits a site nine times before buying something, and might make that information available to a third party.
I don’t block cookies because they make shopping and browsing more convenient, and I don’t think they currently compromise my privacy. But if you want to stop them, here’s how: In Internet Explorer, choose Tools and then Internet Options. From there, select the Security tab. Click on the Internet button, then Custom Level. Finally, select both the Disable (or Prompt if you’re just curious) options under Cookies. In Netscape Communicator, go to Edit and then Preferences. Click on Advanced on the left side of the window and click on Disable Cookies on the right side of the window. Then click OK.
Tell a lot of little lies. If a site requires your phone number or ZIP code for anything but credit card verification, give fake ones. Don’t surrender your e-mail address unless you’re prepared to get spammed. And don’t provide personal profile information when you register at a Web site. You may ask, why should I care if JustTennisBalls.com knows that I earn more than $100,000 a year? Well, it could sell that information to someone else, or get bought by AllThingsTennis.com and suddenly your salary information is combined with some other profile questions you answered elsewhere, and suddenly a large company has a lot of information about you that you’d rather it not have. Personally, when I can’t leave an answer blank I tell a lot of little lies.
Read privacy policies. Or at least make sure to read the fine print so you can “opt out” of giving a company the right to sell or trade your personal information. If the Web site won’t let you opt out, consider using a different company. I mostly opt out, unless I truly want to read about a retailer’s special offers.
Stay abreast of privacy news. Intel, Microsoft, and RealNetworks—to name just three companies—have considered or piloted schemes to collect and transmit information from your computer to their marketing departments without telling you first. In the past, bad publicity generated by news stories has stopped these companies in their tracks. Privacy Digest monitors computer privacy issues, and CNet’s News.com announces security holes as they’re uncovered. Read both regularly. I do.
Aggregated information is scary. Any single action—visiting a Web site, clicking on an ad, buying a CD—may not say much about you. But when those actions are recorded and taken in aggregate, a portrait emerges that may surprise even you. Doubleclick, the largest online advertising agency, keeps a log of every ad of its you’ve ever clicked on or even viewed, and from which Web pages. The company then uses this information to determine which ad to send you next. (Read Doubleclick’s Privacy Policy to opt out of this monitoring system.) Last year, a major flap ensued when Doubleclick revealed its plan to combine this database with a direct marketing database it acquired, attaching names and addresses to online behavior. After a huge protest, Doubleclick withdrew that plan.
Someday, somebody will invent a computer switch for you to flick to protect your data. But until then, keeping things secret will remain a very private matter between you and your PC. Go to it.
