Big Brother IS Watching You! Privacy Issues Online!
By Mike Banks Valentine
Did you know that you are willingly providing information to the world with every site you visit, every product you buy. Your mailing address, your phone number, your sexual preferences (based on sites you may have visited), your resumé are available, literally to the entire world? Then, a practice called email appending helps to paste all that information together in multiple marketing
There is a nasty little privacy parasite loose on your computer. You get it by visitingweb sites with "bugs" on them. Typically served by ad tracking, affiliate tracking and even email tracking companies to measure the effectiveness of their ads, track their visitors and find out when you open their email. Web bugs are tiny, invisible 1 pixel by 1 pixel graphic files that notify a third party web site when a page, an ad or an email is viewed
Now if you’ve joined an affiliate program through any of the major affiliate tracking companies, you have probably even put these bugs on your own pages without knowing what you’ve done. They come in the HTML code you are given to paste into your page by Commission Junction or LinkShare or BeFree networks to track your visitors so you can be paid your affiliate commissions.
You’ll see on the link code something like this <img src="http://service.bfast.com/bfast/serve?bfmid=
26375915&siteid=38461978&bfpage=ehi_home_page" border="0" width="1" height="1" NOSAVE > This is actually the WebSite101 code for our affiliate link to eHealthInsurance.com and is required by their affiliate program. This is a "good" use of web bugs to track commission payments to affiliates. It allows the host to track exactly what web page was visited by the surfer and when so that affiliate links can be tracked from their source.
"Bad" bugs are used by nefarious sites to collect information from your hard drive and pass it back to their server without your knowledge. This is done in combination with cookies to send information about your surfing habits to third parties, also without your knowledge. Some of these nasty little critters can even be used from web pages or within your email to install “executable bugs,” which can install a file onto your hard drive to collect information whenever you are online. For example, one such bug can scan a hard drive to send information on every document that contains the word “financial.” More on Web Bugs . . .
|Fortunately there is a new software available for Windows users called Bugnosis which is provided as freeware by the Privacy Foundation.The software is designed as a browser plug-in to notify you when a page you visit is a security risk, or simply if the page contains web bugs. They are working on a version that will notify you of bugs in your email.|
Personal privacy on the web is non-existent and detailed information on you and your family, your income, your tax information, employment history, legal documents and e-mail, are becoming easily accessible to anyone who wants them. Good guy, bad guy or even your own dear mother.
It’s all becoming more available to the world with each site you visit, each product you purchase and each e-mail you send. That’s right, your e-mail is not private, and can be accessed by any bright kid with a modem and too much spare time on his hands.
It’s widely known that e-mail is being used as evidence in court cases to convict hackers, software moguls and corporate executives of various wrongdoings. You’re an innocent? You erased it? Doesn’t matter, the receiver and those that were sent a copy of your message may have an edited, incriminating, misleading, archived copy. And it can be intercepted and read on route to it’s destination!
Essentially the language used in most web site “Terms of Service” agreements means that they could do anything they like with your information. It’s a kind of "Trust me" statement.
And therein lies the problem with privacy policies and even in third party audits. You have to trust someone. Third party seal programs like BBBonline and Truste.com have come under fire repeatedly for refusing to ban offending members for privacy infractions. They insist on an audit and review of the bad guys, before they will penalize or revoke their membership. Meanwhile, the seals remain posted reassuringly at sites that don’t honor their own privacy policies or those of the seal programs! No wonder public trust in any privacy claims is waning.
Another option for safer surfing is a software solution by ZeroKnowledge. Although we have not tested this software personally, it is well recognized as a viable solution for web privacy protection.
Then there are the sites like Lexis-Nexis "People Locator"
http://www.lexis-nexis.com/lncc/general/privacy_info2.html At this site they provide "subscribers" of their service with "publicly available" information as well as "some non- publicly available" information. Fortunately there is a way to "opt-out" of their database, by sending your name, address and phone number mailto:email@example.com
Whew! Now you’re outta there! But wait! At Lexis-Nexis there’s a reference to the "IRSG" or Individual Reference Services Group, which is a business consortium that make a living off of selling your information to anyone willing to pay for it. In their own words, the group is made up of "commercial services that provide data to help identify, verify, or locate individuals".
Some provide opt-out options, others don’t, but you can approach each of the credit reporting agencies, locator services and other information verification companies through the contact information they provide and give them a piece of your mind if you like.
Now all of the foregoing was interesting, but there is one particular issue that relates specifically to the web and your surfing, buying and e-mailing habits. You should know by now that every site you visit can place a "cookie" on your hardrive which will record a few crumbs of information about you.
This is harmless enough at first glance when all they seem to care about is the time, date, length of stay and pages you visited at their site. But when you know that advertisers that serve ads from the sites you visit can also track your visit, link it to other stored data about you gathered at other sites and finally to any other information they have stored about you, how do you feel?
This means that the harmless little "session number" or "state data" gathered about you from every site you’ve ever visited, every product you’ve ever purchased online and every banner you’ve ever clicked on is stored in the database of the ad server and distributed to it’s clients!
To learn how to disable cookies on your computer, click here.
Provided by the largest cookie bakery on the web, DoubleClick
To get a cookie designed to stop more cookies from being delivered by DoubleClick ad servers, Click Here.
It is possible to set your browser to the "Do Not Accept Any Cookies" option. I recommend you try it once, if only for the enlightenment about how many sources are collecting information about you. Some web pages will send as many as a dozen requests for cookies and many web sites tell you flatly that in order to use their online service "cookies must be enabled on your browser" to use the site.
It gets tiring and frustrating clicking the "OK" button in the warning box that appears each time your browser detects a request to set a cookie on your hard drive, if you’ve checked the "notify me" option in preferences.
If you want to get a clearer picture of how cookies can be used to invade your privacy, I recommend an amazing demonstration of how you can be followed around the web without your knowledge. Privacy.net has set up a demo at:
You’ll see how providing information in bits and pieces to multiple web sites creates a cumulative database on your travels, habits and preferences online. Prepare to be mildly miffed or fully outraged, depending on your level of concern with invasion of privacy.
It is becoming increasingly complex to keep your private information to yourself. The biggest advertisers online have created a method which involves cookies which stop new cookies. You must get yourself a set of "No Cookies For Me" cookies from a group set up by this online advertising brain trust. Now ya gotta have a new cookie to avoid getting any more cookies. No really, I couldn’t eat another bite, please! If you’d like to follow this recipe for avoiding advertiser spying on your surfing habits, visit the Network Advertising Initiative web site and go to the OPT OUT page, which gives you the option to tick boxes to opt out of cookies served by the largest six online ad servers,
- 24/7 Media
- Avenue A
- L90 Inc.
OK, now you’re outta there, right? No, not necessarily. You’ve opted out but you use your wifes’ computer or you use a different browser to visit sites that serve the cookies you don’t want, so you have to visit the OPT OUT page again and check off those boxes for every computer and every browser you use. This could get a bit tedious! Most surfers don’t know that the browser launched by their service provider might be different from the built-in browser launched by their operating system on start-up by the system. The ISP provided browser is yet another version. Which one are you using now and on which computer and did you visit the OPT OUT page with this one?
Fortunately, the NAI has set up a way for you to tell by going to the verification page, which looks for those opt-out cookies and verifies that you have them for each of the participating ad networks. If you don’t, you can go back to the OPT OUT page and get new OPT OUT cookies. If that still doesn’t work, you can go complain to someone set up to police the activity of these cookie monsters. Guess who arranged for this compliance service? Those same advertisers. HMMMM. Well it’s better than nothing. Just visit the Arthur Anderson site called AndersonCompliance
While you are there, do think about Anderson’s role at ENRON! Trust me, no really, you can trust me!
Now you’ve filed a complaint and you can feel all better about it right? Well only if they get a volume of complaints that suggests a “significant” problem has occurred based on the number of complaints filed, then they’ll conduct an investigation. Man that’s a relief! I wonder if those ad networks will keep paying these guys to tell them when they’ve gotten a significant number of complaints? I wonder how much they pay for this service and who monitors the people they are paying to tell them what they’d like to hear? They’d probably stop paying me if I played this role, because I’d be telling them every time a single complaint was lodged.
The final frontier (one becoming legislated by the FTC) is that of information gathered by web sites in order to provide “services” to you online such as chat, email, directories, instant messaging and other membership type services. It has become routine for each of these online service providers to ask detailed information about you when you register with them.
The Federal Trade Commission ( http://www.ftc.gov ) has already established the “Children’s Online Privacy Protection Act” or COPPA to require those businesses that collect information from children under 13 to make that information restricted to third parties such as advertisers. The FTC also requires businesses to obtain “verifiable parental consent” in order to collect any< information from kids and provide parents access to and allow them to edit or delete any information there. It all adds up to one very daunting task if you seek anonymity online, although one web site also provides “safe surfing” by offering a service by which your information is disguised through a proxy server: http://www.anonymizer.com/3.0/index.shtml
and a software download to provide privacy ratings:
What it all comes down to is this, you must be fully informed about what information is gathered about you, how it will be used and to whom it is made available. Practice Safe Surfing!
- PrivacyNotes Privacy Issues Portal
- The Gramm-Leach-Bliley Act of 1999 (G-L-B)
- The Children’s Online Privacy Protection Act of 2000 (COPPA)
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Americans for Computer Privacy
- Center for Democracy and Technology
- Computer Security Institute
- e-Company Privacy Guide
- Electronic Frontier Foundation
- Electronic Privacy Information Center
- Ernst & Young Privacy Information
- Federal Bureau of Investigation
- Health Privacy Project
- Online Privacy Alliance
- Pew Internet and American Life Project
- Privacy Coalition
- Privacy Council
- Privacy Foundation
- Privacy International
- Privacy Place
- Privacy Rights Clearing House
- Wired News Privacy Collection