|
Approximately eighteen months ago I did an article on e-mail privacy for our audience here at IslamOnLine.net. At the time, I made the comment that you should always consider an e-mail about as a private as a post card, and to act accordingly. To paraphrase what my parents used to tell me, "don’t do (or in this case write) anything you wouldn’t want published on the front page of the newspaper." The same rule very much applies to anything you do on the Internet.
As the recent squabble between the US Department of Justice and search engine Google suggests, you should be aware of what is being collected about you, what’s being done with it and what you can do about it.
Let’s start with a few basics. Whenever you connect with your Internet Service Provider (ISP) you access the Internet. In order to be on the Internet your computer must have an IP address (a 32 bit number that distinguishes your machine from others on the Internet). There are two ways to get one. The first method is to have one assigned to you when you sign into your ISP. It is taken from a pool of numbers that have been given to your ISP to use by INTERNIC (the agency that controls IP addresses). Usually, this number will be different with each login, especially if you have a dial up connection. The other way is to have one of the numbers assigned permanently to your computer’s connection, a so-called "static" address (as opposed to a dynamic address). This type of connection is becoming more common as a larger number of people have cable, DSL or other forms of “always on” modems.
As you can see, knowing the IP address of a computer visiting my site tells me where the computer is coming from. And the ISP will have a record of who was assigned what IP address, whether dynamically or statically. They do that for a number of reasons. Among them are to identify spammers, identify people whose computer has been turned into a zombie and for troubleshooting purposes. For example let’s say you have been assigned IP address 192.168.0.7 by your ISP, you sign on to the Internet, unaware that a Trojan horse has taken over your system and is sending out thousands of spam messages. The next day your ISP receives a complaint that a machine with an IP address assigned to it, 192.168.0.7 is responsible for having sent 40,000 spam messages and is now blacklisted. If your ISP owners are responsible they will contact you and tell you how to remove the Trojan horse from your system.
What Happens?
During each visit to any Internet site, your computer reveals its IP address to the site. The site can store that information, along with the date and time of the visit. This information can be used by researchers, marketers, or investigators. And can potentially identify the person who owns the computer.
Is it a lot? You bet. The amount of information amassed by online companies grows daily. Companies such as Amazon, Yahoo, and AOL are constantly signing up new members who willingly hand over their names, addresses, gender, income levels and, in some cases, credit-card information.
If you don't log in to search engine's site, or a partner service like Google's Gmail offering, the company probably doesn't know your name. But it connects your searches through a cookie, which has a unique identifying number. Using its cookies, Google will remember all searches from your browser. It might also link searches by a user's IP address.
These cookies, which are seen by some as intrusions and others as a legitimate marketing tool, can last a variable period of time. Yahoo sets a cookie that expires in June 2006. A new cookie from Google expires in 2036.
Search engines, such as Google, are constantly building a growing record of search queries, Web site visits and Internet Protocol addresses, which can sometimes help identify who owns the computers being used by searchers.
They and other search companies use logs and data-mining techniques to tune their engines and deliver focused advertising, as well to create “cool” features such as Google Zeitgeist (a service which puts together interesting search trends and patterns). They also use them to help with local searches and return more relevant, personalized search results.
If you sign in on Google's personalized homepage or Yahoo's homepage, the companies can then correlate your search history with any other information, such as the name that you give them. In fact the company could correlate everyone you've e-mailed, all the websites you've visited after a search and even all the words you misspell in queries.
What’s All the Hoopla About?
The actual request of the Bush Administration’s Department of Justice was fairly tame. The Bush administration wanted one million random web addresses and records of all Google searches for a one week period. The US government apparently wanted to estimate how much pornography shows up in the searches that children do.
Google of course, could have easily handed over a list of searches that were entirely unassociated with IP addresses, times, cookies, and registration information. Nothing suggests that the Bush Administration wanted to know who did the searches in any way. At least this time.
So why all the fuss? Basically some people simply don't like the idea of their search history being tied to their personal lives. Others don't know what the information could be used for, but worry that the search companies could find surprising uses for that data that may invade privacy in the future.
Privacy groups feel that private companies should not serve as convenient information repositories for trial attorneys hoping to win court cases. Also, it's not clear where this information will end up, and how far the protective order stretches.
Another reason for the concerns being raised is that many people simply believe that search engine companies are collecting too much information about their users. Google, Yahoo, AOL, and Microsoft set cookies (A cookie is a piece of text that a Web server can store on a user's hard disk—Howstuffworks.com), collect personal information, and retain permanent logs that could be used to create a kind of dossier about a person's search habits.
Also, there is little if any legislation concerning the privacy of these documents. “Internet users may be surprised to learn that privacy standards for personal online data vary widely,” said Chris Hoofnagle of the Electronic Privacy Information Center.
Laws dictate what banks, telephone, cable and satellite companies can do with their customers' information and with whom they can share it, he said. But there are no rules, to govern how most Internet and e-commerce companies handle personal information.
Even without specific legal requirements to safeguard that information, most online search companies have done a good job of policing themselves when it comes to privacy. Google is basically defying a US President and arguing in the courts that the request is illegal. Nonetheless, privacy policies are voluntary and carry no legal weight.
And remember, while the search engine companies may not be willing to give out data that associates searches with you, they may be forced to give up the IP Address. As explained earlier, data associating users with an IP is easily obtainable from ISPs. So even if the search engines refuse to comply, your own ISP could be giving up your data—or selling it.
Ironically you usually can’t obtain your own search history. But if you want to trace your own Google search histories and see trends, and you don't mind if the company uses the information to personalize search results, you can sign up for Google's beta search history service. Of course doing so gives them information on you.
Securing Your Privacy
If you’re one of those people who are concerned about not revealing your search history, there probably isn’t a foolproof way to prevent it. Remember, by going on to the Internet and these sites you have given them an implicit right to gather minimal information on you.
However there are some steps you can take. Cookie management helps. If you want to avoid a permanent record you should delete their cookies at least once a week. Other options might be to obliterate certain cookies when a browser is closed and avoid logging in to other services, such as web mail, offered by a search engine.
To do that in Firefox, you can go into the privacy preference dialog and open Cookies. From there you can remove your search engine cookies and click the box that says: "Don't allow sites that set removed cookies to set future cookies."
In Safari, try the free and versatile PithHelmet plug-in. You can let some cookies in temporarily, decide that some can last longer or prohibit some sites, including third-party advertisers, from setting cookies at all.
While Internet Explorer's tools are not quite as flexible, you can manage your cookies through the Tools menu by following these instructions from Microsoft’s web site. http://support.microsoft.com/kb/q283185.
If you want more searching anonymity than you can get by simply deleting a cookie consider using Tor, The Onion Router. An EFF-sponsored service, Tor helps anonymize your web traffic by bouncing it between volunteer servers. It masks the origins and makes it easier to evade filters, such as those installed by schools or repressive regimes.
The service has its drawbacks. While it can be very useful for a journalist in China, data services can be slower or have greater latency due to the extra stops the data makes, and a the small number of servers.
But remember—computers leak data, so Tor isn’t perfectly anonymous. You can get around that by using Tor, combined with the Privoxy proxy server (which comes bundled with Tor), but it still isn't foolproof. Still, when used with Firefox, Tor and, Privoxy can provide a mostly-anonymous web browsing experience.
Other option, Anonymizer, offers a limited free browsing service and sells software, both of which are supposed to protect your anonymity, but have had serious performance issues. There are other proxy servers on the internet, but you have to judge for yourself whether you trust them, and some websites actively block anonymous browsing.
Final Thoughts
Because most of us use the Internet in the privacy of our homes, offices or even just a quiet corner of an Internet café, we can be lulled into thinking we’re in a private world of our own. We’re not.
Getting on to the Internet is the electronic equivalent of standing on a street corner and shouting out what you’re doing. Using e-mail is like standing in a crowded elevator and talking to a companion in a loud voice. Should you be surprised that other people heard what you said or did?
You should start thinking of using a search engine, or visiting a web site, like you would walking down the street and poking your head into every store, every home and every business. By the time you get to the end of the street everyone who cared to watch, would have known where you went, how long you stayed and what, if anything you did there. An enterprise marketing associate, watching you, might now call the stores on the next street over and told them what they should put out for you to see based on what you did.
That’s what happens when you use the Internet, and you’ll get the same privacy for most of what you do there.
|
