Big
Brother IS Watching You! Privacy
Online!
By Mike Banks Valentine
Did you know that you are willingly providing information
to the world with every site you visit, every product you
buy. Your mailing address, your phone number, your sexual
preferences (based on sites you may have visited), your
resumé are available, literally to the entire world?
There is a nasty little privacy parasite loose on your computer.
You get it by visitingweb sites with "bugs" on
them. Typically served by ad tracking, affiliate tracking
and even email tracking companies to measure the effectiveness
of their ads, track their visitors and find out when you
open their email. Web bugs are tiny, invisible 1 pixel by
1 pixel graphic files that notify a third party web site
when a page, an ad or an email is viewed
Now if you've joined an affiliate program through any of
the major affiliate tracking companies, you have probably
even put these bugs on your own pages without knowing what
you've done. They come in the HTML code you are given to
paste into your page by Commission Junction or LinkShare
or BeFree networks to track your visitors so you can be
paid your affiliate commissions.
You'll see on the link code something like this <img
src="http://service.bfast.com/bfast/serve?bfmid=
26375915&siteid=38461978&bfpage=ehi_home_page"
border="0" width="1" height="1"
NOSAVE > This is actually the WebSite101 code
for our affiliate link to eHealthInsurance.com and is required
by their affiliate program. This is a "good" use
of web bugs to track commission payments to affiliates.
It allows the host to track exactly what web page was visited
by the surfer and when so that affiliate links can be tracked
from their source.
The "bad" bugs are those used by ad servers to
track which advertisements are viewed by surfers and combine
it with other information stored about that surfer at other
web sites. There are bugs included in HTML email -- those
messages that include graphics, fonts and page color in
the messages -- to see when the email was opened and can
even tell where on your hard drive that email is stored,
when it was viewed, how long it was open and if the links
are clicked on. These bugs are euphemistically titled "beacons"
by Intel corporation in their Privacy
Policy
"Bad" bugs are used by nefarious sites to collect
information from your hard drive and pass it back to their
server without your knowledge. This is done in combination
with cookies to send information
about your surfing habits to third parties, also without
your knowledge. Some of these nasty little critters can
even be used from web pages or within your email to install
"executable bugs," which can install a file onto your hard
drive to collect information whenever you are online. For
example, one such bug can scan a hard drive to send information
on every document that contains the word "financial." More
on Web Bugs . . .
 |
 |
Fortunately there is a new software available
for Windows users called Bugnosis
which is provided as freeware by the Privacy
Foundation.The software is designed as a browser
plug-in to notify you when a page you visit is a security
risk, or simply if the page contains web bugs. They
are working on a version that will notify you of bugs
in your email. |
Personal privacy on the web is non-existent and detailed
information on you and your family, your income, your tax
information, employment history, legal documents and e-mail,
are becoming easily accessible to anyone who wants them.
Good guy, bad guy or even your own dear mother.
It's all becoming more available to the world with each
site you visit, each product you purchase and each e-mail
you send. That's right, your e-mail is not private, and
can be accessed by any bright kid with a modem and too much
spare time on his hands.
It's widely known that e-mail is being used as evidence
in court cases to convict hackers, software moguls and corporate
executives of various wrongdoings. You’re an innocent?
You erased it? Doesn't matter, the receiver and those that
were sent a copy of your message may have an edited, incriminating,
misleading, archived copy. And it can be intercepted and
read on route to it's destination!
There are answers out there to keep your e-mail more secure,
like the encryption key based "envelope" provided
by services like http://www.privacyX.com
to protect your identity and stop others from tracking and
reading those notes you send that you believe are private.
As you sign up for the PrivacyX service, though, read the
"Terms of Service" (membership agreement) carefully.
The TOS says "we can access your mail" So it's
private from everyone except the provider. Better to be
visible to one than many, but Chief Privacy Officer David
Renardson of PrivacyX.com, Inc. insists not only that they
don't collect, monitor or distribute any of your personally
identifying information, but that they are seeking ways
to prove that to members of their service.
They don't admit to anything other than "providing
it in aggregate to advertisers". Essentially the language
used in most web site "Terms of Service" agreements means
that they could do anything they like with your information.
It's a kind of "Trust me" statement.
And therein lies the problem with privacy policies and even
in third party audits. You have to trust someone. Third
party seal programs like BBBonline
and Truste.com have
come under fire repeatedly for refusing to ban offending
members for privacy infractions. They insist on an audit
and review of the bad guys, before they will penalize or
revoke their membership. Meanwhile, the seals remain posted
reassuringly at sites that don't honor their own privacy
policies or those of the seal programs! No wonder public
trust in any privacy claims is waning.
Another option for safer surfing is a software solution
by ZeroKnowledge. Although we have not tested this software personally, it
is well recognized as a viable solution for web privacy
protection.
Then there are the sites like Lexis-Nexis "People
Locator"
http://www.lexis-nexis.com/lncc/general/privacy_info2.html
At this site they provide "subscribers" of their
service with "publicly available" information
as well as "some non- publicly available" information.
Fortunately there is a way to "opt-out" of their
database, by sending your name, address and phone number
mailto:removal@prod.lexis-nexis.com
Whew! Now you're outta there! But wait! At Lexis-Nexis there's
a reference to the "IRSG" or Individual Reference
Services Group, which is a business consortium that make
a living off of selling your information to anyone willing
to pay for it. In their own words, the group is made up
of "commercial services that provide data to help identify,
verify, or locate individuals".
Now you have to go to each of the members of the IRSG and
check each member privacy policy (links kindly provided)
http://www.irsg.org/html/irsg_members.htm
by the members. (Although the privacy policy links for two
of these IRSG members return a "404 not found"
error. Hmmmm. And when I visited the "TransUnion"
privacy policy page I got a "HTTP/1.1 Application Restarting"
message repeatedly.
Some provide opt-out options, others don't, but you can
approach each of the credit reporting agencies, locator
services and other information verification companies through
the contact information they provide and give them a piece
of your mind if you like.
Don't expect to get far with services like CDB InfoTech
(recently become ChoicePoint) as when you reach their privacy
policy page link you'll find that they . . . "do not
allow individuals to "opt-out" of our databases."
because CDB "only serves legitimate businesses and
government agencies that have an appropriate need for the
information we report." Hmmmm. I guess it's up to them
what's legitimate and who's appropriate.
Cookies Anyone?
Now all of the foregoing was interesting, but there is one
particular issue that relates specifically to the web and
your surfing, buying and e-mailing habits. You should know
by now that every site you visit can place a "cookie"
on your hardrive which will record a few crumbs of information
about you.
This is harmless enough at first glance when all they seem
to care about is the time, date, length of stay and pages
you visited at their site. But when you know that advertisers
that serve ads from the sites you visit can also track your
visit, link it to other stored data about you gathered at
other sites and finally to any other information they have
stored about you, how do you feel?
This means that the harmless little "session number"
or "state data" gathered about you from every
site you've ever visited, every product you've ever purchased
online and every banner you've ever clicked on is stored
in the database of the ad server and distributed to it's
clients!
To
learn how to disable cookies on your computer, click here.
Provided by the largest cookie bakery on the web, DoubleClick
To
get a cookie designed to stop more cookies from being delivered
by DoubleClick ad servers, Click Here.
It is possible to set your browser to the "Do Not Accept
Any Cookies" option. I recommend you try it once, if
only for the enlightenment about how many sources are collecting
information about you. Some web pages will send as many
as a dozen requests for cookies and many web sites tell
you flatly that in order to use their online service "cookies
must be enabled on your browser" to use the site.
It gets tiring and frustrating clicking the "OK"
button in the warning box that appears each time your browser
detects a request to set a cookie on your hard drive, if
you've checked the "notify me" option in preferences.
If you want to get a clearer picture of how cookies can
be used to invade your privacy, I recommend an amazing demonstration
of how you can be followed around the web without your knowledge.
Privacy.net has set up a demo at:
http://www.privacy.net/track/
You'll see how providing information in bits and pieces
to multiple web sites creates a cumulative database on your
travels, habits and preferences online. Prepare to be mildly
miffed or fully outraged, depending on your level of concern
with invasion of privacy.
It is becoming increasingly complex to keep your private
information to yourself. The biggest advertisers online
have created a method which involves cookies which stop
new cookies. You must get yourself a set of "No Cookies
For Me" cookies from a group set up by this online
advertising brain trust. Now ya gotta have a new cookie
to avoid getting any more cookies. No really, I couldn't
eat another bite, please! If you'd like to follow this recipe
for avoiding advertiser spying on your surfing habits, visit
the Network Advertising Initiative web site and go to the
OPT
OUT page, which gives you the option to tick boxes
to opt out of cookies served by the largest six online ad
servers,
- DoubleClick
- Engage
- 24/7 Media
- Matchlogic
- Avenue A
- L90 Inc.
OK, now you're outta there, right? No, not necessarily. You've
opted out but you use your wifes' computer or you use a different
browser to visit sites that serve the cookies you don't want,
so you have to visit the OPT OUT page again and check off
those boxes for every computer and every browser you use.
This could get a bit tedious! Most surfers don't know that
the browser launched by their service provider might be different
from the built-in browser launched by their operating system
on start-up by the system. The ISP provided browser is yet
another version. Which one are you using now and on which
computer and did you visit the OPT OUT page with this one?
Fortunately, the NAI has set up a way for you to tell by going
to the verification page, which looks for those opt-out cookies
and verifies that you have them for each of the participating
ad networks. If you don't, you can go back to the OPT OUT
page and get new OPT OUT cookies. If that still doesn't work,
you can go complain to someone set up to police the activity
of these cookie monsters. Guess who arranged for this compliance
service? Those same advertisers. HMMMM. Well it's better than
nothing. Just visit the Arthur Anderson site called AndersonCompliance
Now you've filed a complaint and you can feel all better about
it right? Well only if they get a volume of complaints that
suggests a "significant" problem has occurred based on the
number of complaints filed, then they'll conduct an investigation.
Man that's a relief! I wonder if those ad networks will keep
paying these guys to tell them when they've gotten a significant
number of complaints? I wonder how much they pay for this
service and who monitors the people they are paying to tell
them what they'd like to hear? They'd probably stop paying
me if I played this role, because I'd be telling them every
time a single complaint was lodged.
The final frontier (one becoming legislated by the FTC)
is that of information gathered by web sites in order
to provide “services” to you online such as
chat, email, directories, instant messaging and other
membership type services. It has become routine for each
of these online service providers to ask detailed information
about you when you register with them.
The Federal Trade Commission ( http://www.ftc.gov ) has
already established the “Children’s Online Privacy
Protection Act” or COPPA to require those businesses
that collect information from children under 13 to make
that information restricted to third parties such as advertisers.
The FTC also requires businesses to obtain “verifiable
parental consent” in order to collect any< information
from kids and provide parents access to and allow them
to edit or delete any information there.
To find out more about the FTC requirements, visit:
http://www.coppa.org
and review the news and compliance issues facing online
businesses that collect information from children.
It all adds up to one very daunting task if you seek anonymity
online, although one web site also provides “safe
surfing” by offering a service by which your information
is disguised through a proxy server:
http://www.anonymizer.com/3.0/index.shtml
and a software download to provide privacy ratings:
http://www.enonymous.com/advisor/advisor.asp
What it all comes down to is this, you must be fully informed
about what information is gathered about you, how it will
be used and to whom it is made available. Practice Safe
Surfing!
--------------------------------------------------------
WebSite101 "Reading List" Weekly Netrepreneur Tip Sheet
Ezine
emphasizing small business online http://website101.com/arch/
e-tutorial online at: http://website101.com/shortcourse.html
By week's end you're ready expand your business to the
web!
--------------------------------------------------------
