Big Brother
IS Watching You! Privacy Online!
By Mike Banks Valentine
Did you know that you are willingly providing information
to the world with every site you visit, every product
you buy. Your mailing address, your phone number,
your sexual preferences (based on sites you may have
visited), your resumé are available, literally
to the entire world?
There is a nasty little privacy parasite loose on
your computer. You get it by visitingweb sites with
"bugs" on them. Typically served by ad tracking,
affiliate tracking and even email tracking companies
to measure the effectiveness of their ads, track their
visitors and find out when you open their email. Web
bugs are tiny, invisible 1 pixel by 1 pixel graphic
files that notify a third party web site when a page,
an ad or an email is viewed
Now if you've joined an affiliate program through
any of the major affiliate tracking companies, you
have probably even put these bugs on your own pages
without knowing what you've done. They come in the
HTML code you are given to paste into your page by
Commission Junction or LinkShare or BeFree networks
to track your visitors so you can be paid your affiliate
commissions.
You'll see on the link code something like this <img
src="http://service.bfast.com/bfast/serve?bfmid=
26375915&siteid=38461978&bfpage=ehi_home_page"
border="0" width="1" height="1"
NOSAVE > This is actually the WebSite101
code for our affiliate link to eHealthInsurance.com
and is required by their affiliate program. This is
a "good" use of web bugs to track commission
payments to affiliates. It allows the host to track
exactly what web page was visited by the surfer and
when so that affiliate links can be tracked from their
source.
The "bad" bugs are those used by ad servers
to track which advertisements are viewed by surfers
and combine it with other information stored about
that surfer at other web sites. There are bugs included
in HTML email -- those messages that include graphics,
fonts and page color in the messages -- to see when
the email was opened and can even tell where on your
hard drive that email is stored, when it was viewed,
how long it was open and if the links are clicked
on. These bugs are euphemistically titled "beacons"
by Intel corporation in their Privacy
Policy
"Bad" bugs are used by nefarious sites to
collect information from your hard drive and pass
it back to their server without your knowledge. This
is done in combination with cookies
to send information about your surfing habits to third
parties, also without your knowledge. Some of these
nasty little critters can even be used from web pages
or within your email to install "executable bugs,"
which can install a file onto your hard drive to collect
information whenever you are online. For example,
one such bug can scan a hard drive to send information
on every document that contains the word "financial."
More
on Web Bugs . . .
|
|
Fortunately there is a new software available
for Windows users called Bugnosis
which is provided as freeware by the Privacy
Foundation.The software is designed as a browser
plug-in to notify you when a page you visit is
a security risk, or simply if the page contains
web bugs. They are working on a version that will
notify you of bugs in your email. |
Personal privacy on the web is non-existent and
detailed information on you and your family, your
income, your tax information, employment history,
legal documents and e-mail, are becoming easily accessible
to anyone who wants them. Good guy, bad guy or even
your own dear mother.
It's all becoming more available to the world with
each site you visit, each product you purchase and
each e-mail you send. That's right, your e-mail is
not private, and can be accessed by any bright kid
with a modem and too much spare time on his hands.
It's widely known that e-mail is being used as evidence
in court cases to convict hackers, software moguls
and corporate executives of various wrongdoings. Youre
an innocent? You erased it? Doesn't matter, the receiver
and those that were sent a copy of your message may
have an edited, incriminating, misleading, archived
copy. And it can be intercepted and read on route
to it's destination!
There are answers out there to keep your e-mail more
secure, like the encryption key based "envelope"
provided by services like http://www.privacyX.com
to protect your identity and stop others from tracking
and reading those notes you send that you believe
are private.
As you sign up for the PrivacyX service, though, read
the "Terms of Service" (membership agreement)
carefully. The TOS says "we can access your mail"
So it's private from everyone except the provider.
Better to be visible to one than many, but Chief Privacy
Officer David Renardson of PrivacyX.com, Inc. insists
not only that they don't collect, monitor or distribute
any of your personally identifying information, but
that they are seeking ways to prove that to
members of their service.
They don't admit to anything other than "providing
it in aggregate to advertisers". Essentially
the language used in most web site "Terms of Service"
agreements means that they could do anything they
like with your information. It's a kind of "Trust
me" statement.
And therein lies the problem with privacy policies
and even in third party audits. You have to trust
someone. Third party seal programs like BBBonline
and Truste.com
have come under fire repeatedly for refusing to ban
offending members for privacy infractions. They insist
on an audit and review of the bad guys, before they
will penalize or revoke their membership. Meanwhile,
the seals remain posted reassuringly at sites that
don't honor their own privacy policies or those of
the seal programs! No wonder public trust in any privacy
claims is waning.
Another option for safer surfing is a software solution
by ZeroKnowledge. Although we have not tested this software personally, it
is well recognized as a viable solution for web privacy
protection.
Then there are the sites like Lexis-Nexis "People
Locator"
http://www.lexis-nexis.com/lncc/general/privacy_info2.html
At this site they provide "subscribers"
of their service with "publicly available"
information as well as "some non- publicly available"
information. Fortunately there is a way to "opt-out"
of their database, by sending your name, address and
phone number mailto:removal@prod.lexis-nexis.com
Whew! Now you're outta there! But wait! At Lexis-Nexis
there's a reference to the "IRSG" or Individual
Reference Services Group, which is a business consortium
that make a living off of selling your information
to anyone willing to pay for it. In their own words,
the group is made up of "commercial services
that provide data to help identify, verify, or locate
individuals".
Now you have to go to each of the members of the IRSG
and check each member privacy policy (links kindly
provided) http://www.irsg.org/html/irsg_members.htm
by the members. (Although the privacy policy links
for two of these IRSG members return a "404 not
found" error. Hmmmm. And when I visited the "TransUnion"
privacy policy page I got a "HTTP/1.1 Application
Restarting" message repeatedly.
Some provide opt-out options, others don't, but you
can approach each of the credit reporting agencies,
locator services and other information verification
companies through the contact information they provide
and give them a piece of your mind if you like.
Don't expect to get far with services like CDB InfoTech
(recently become ChoicePoint) as when you reach their
privacy policy page link you'll find that they . .
. "do not allow individuals to "opt-out"
of our databases." because CDB "only serves
legitimate businesses and government agencies that
have an appropriate need for the information we report."
Hmmmm. I guess it's up to them what's legitimate and
who's appropriate.
Cookies Anyone?
Now all of the foregoing was interesting, but there
is one particular issue that relates specifically
to the web and your surfing, buying and e-mailing
habits. You should know by now that every site you
visit can place a "cookie" on your
hardrive which will record a few crumbs of information
about you.
This is harmless enough at first glance when all they
seem to care about is the time, date, length of stay
and pages you visited at their site. But when you
know that advertisers that serve ads from the sites
you visit can also track your visit, link it to other
stored data about you gathered at other sites and
finally to any other information they have stored
about you, how do you feel?
This means that the harmless little "session
number" or "state data" gathered about
you from every site you've ever visited, every product
you've ever purchased online and every banner you've
ever clicked on is stored in the database of the ad
server and distributed to it's clients!
To
learn how to disable cookies on your computer, click
here.
Provided by the largest cookie bakery on the web,
DoubleClick
To
get a cookie designed to stop more cookies from being
delivered by DoubleClick ad servers, Click Here.
It is possible to set your browser to the "Do
Not Accept Any Cookies" option. I recommend you
try it once, if only for the enlightenment about how
many sources are collecting information about you.
Some web pages will send as many as a dozen requests
for cookies and many web sites tell you flatly that
in order to use their online service "cookies
must be enabled on your browser" to use the site.
It gets tiring and frustrating clicking the "OK"
button in the warning box that appears each time your
browser detects a request to set a cookie on your
hard drive, if you've checked the "notify me"
option in preferences.
If you want to get a clearer picture of how cookies
can be used to invade your privacy, I recommend an
amazing demonstration of how you can be followed around
the web without your knowledge. Privacy.net has set
up a demo at:
http://www.privacy.net/track/
You'll see how providing information in bits and pieces
to multiple web sites creates a cumulative database
on your travels, habits and preferences online. Prepare
to be mildly miffed or fully outraged, depending on
your level of concern with invasion of privacy.
It is becoming increasingly complex to keep your private
information to yourself. The biggest advertisers online
have created a method which involves cookies which
stop new cookies. You must get yourself a set of "No
Cookies For Me" cookies from a group set up by
this online advertising brain trust. Now ya gotta
have a new cookie to avoid getting any more cookies.
No really, I couldn't eat another bite, please! If
you'd like to follow this recipe for avoiding advertiser
spying on your surfing habits, visit the Network Advertising
Initiative web site and go to the OPT
OUT page, which gives you the option to tick
boxes to opt out of cookies served by the largest
six online ad servers,
- DoubleClick
- Engage
- 24/7 Media
- Matchlogic
- Avenue A
- L90 Inc.
OK, now you're outta there, right? No, not necessarily.
You've opted out but you use your wifes' computer or
you use a different browser to visit sites that serve
the cookies you don't want, so you have to visit the
OPT OUT page again and check off those boxes for every
computer and every browser you use. This could get a
bit tedious! Most surfers don't know that the browser
launched by their service provider might be different
from the built-in browser launched by their operating
system on start-up by the system. The ISP provided browser
is yet another version. Which one are you using now
and on which computer and did you visit the OPT OUT
page with this one?
Fortunately, the NAI has set up a way for you to tell
by going to the verification page, which looks for those
opt-out cookies and verifies that you have them for
each of the participating ad networks. If you don't,
you can go back to the OPT OUT page and get new OPT
OUT cookies. If that still doesn't work, you can go
complain to someone set up to police the activity of
these cookie monsters. Guess who arranged for this compliance
service? Those same advertisers. HMMMM. Well it's better
than nothing. Just visit the Arthur Anderson site called
AndersonCompliance
Now you've filed a complaint and you can feel all better
about it right? Well only if they get a volume of complaints
that suggests a "significant" problem has occurred based
on the number of complaints filed, then they'll conduct
an investigation. Man that's a relief! I wonder if those
ad networks will keep paying these guys to tell them
when they've gotten a significant number of complaints?
I wonder how much they pay for this service and who
monitors the people they are paying to tell them what
they'd like to hear? They'd probably stop paying me
if I played this role, because I'd be telling them every
time a single complaint was lodged.
The final frontier (one becoming legislated by the
FTC) is that of information gathered by web sites
in order to provide services to you online
such as chat, email, directories, instant messaging
and other membership type services. It has become
routine for each of these online service providers
to ask detailed information about you when you register
with them.
The Federal Trade Commission ( http://www.ftc.gov
) has already established the Childrens
Online Privacy Protection Act or COPPA to require
those businesses that collect information from children
under 13 to make that information restricted to third
parties such as advertisers. The FTC also requires
businesses to obtain verifiable parental consent
in order to collect any< information from kids and
provide parents access to and allow them to edit or
delete any information there.
To find out more about the FTC requirements, visit:
http://www.coppa.org
and review the news and compliance issues facing online
businesses that collect information from children.
It all adds up to one very daunting task if you seek
anonymity online, although one web site also provides
safe surfing by offering a service by
which your information is disguised through a proxy
server:
http://www.anonymizer.com/3.0/index.shtml
and a software download to provide privacy ratings:
http://www.enonymous.com/advisor/advisor.asp
What it all comes down to is this, you must be fully
informed about what information is gathered about
you, how it will be used and to whom it is made available.
Practice Safe Surfing!
Web Source
Web Design Tips
by Shelley Lowery
Have You Told Your Visitors About Their Privacy?
More and more, privacy is becoming an important issue
with your visitors. They want to know exactly what you're
planning to do with their personal information you collect.
Create a page on your website called, "Privacy Statement,"
and let your visitors know your intentions.
- - How do you plan on using their information -
Is their information sold or shared with a third
party
- - Why do you collect their email address and how
will it be used
- - Why do you track their IP address - Let your
visitors know that you're not responsible for the
privacy issues of any outside websites you may be
linking to
- - Why do you use order forms and what do you do
with the information acquired
- - Do you run contests and what do you do with
the information
- - Do you have a discussion forum or message board?
Let your visitors know that any information that
is disclosed in these areas becomes public information
and they should exercise caution
- - Do you have security measures in place to protect
the loss, misuse and alteration of the information
under your control?
If so, let your visitors know
- - Let your visitors know how they can opt out
of your mailing lists
- - Provide your visitors with your contact information,
should they have any questions in regard to your
privacy statement.
Visit Web Source to view our "Privacy Statement."
http://www.web-source.net/privacy.htm
Tip provided by:
Web Source: Your Guide to Professional Web Design and
Development. http://www.web-source.net