Woodworker's Central Woodworker's Gazette Gazette Archive 3/13/00

Internet Privacy What Woodworkers Should Know Online By Jim Mattson Updated 3/14/00 My first voyage into cyberspace was amazing and clueless. Let's see, install this software, click here, fill out a form there, give out a credit card number and bang, you're dumped onto the Net. It was so easy and hard at the same time, when you succeed, it's tempting to think that's all there is to it - you can surf to your heart's desire with nary a care in the world. Not so. In truth, there is lot's of stuff going on behind the scenes which suggest the terms "Internet privacy" could be a tad oxy-moronic. Just as the WWA strives to help you become a better woodworker, this article is aimed at making you a more savvy Web surfer. The Basics When you sign up with an ISP (Internet Service Provider), you generally have to tell them who you are. ISPs are supposed to protect your personal information much as your doctor does and for the most part they have done a pretty good job. If an ISP were to use your personal info in ways you wouldn't approve, they would be out of business very quickly. This doesn't mean they don't keep a record of your time on the Web. When you dial in, they assign your machine a unique number - an IP (Internet Protocol) number and then record this exchange in their server log. Such an entry might look like this: On June 2nd at 8:32 AM, username "John Doe" dialed in and was given IP#123.654.246.8 When you disconnect, that too is recorded and the info is archived for a week or longer. The reason you are assigned an IP number is simple: when you click on a link, you're telling another computer (a server) to send you the contents of a web page. They have to know where to send it, right? From here it gets stickier. The server you get the page from also records your IP number and which page or pages it's sending you. It might also record your browser version which also gives up your computer platform. This is standard information swapped behind the scenes as you surf the Web. Since IP numbers are unique and your ISP only has certain ones it can give out to their customers, if you do something bad on the Net, the authorities can follow the trail back to your ISP and get your personal info with a court order. For those who access the Net via a proxy server, gateway or router - typical configurations for large intranets - your machine is also allocated an IP number from your gateway server. If you work for a large corporation, there is software available which allows this server to snoop through your webpages or email looking for certain keywords. Be careful if your boss doesn't like you visiting certain websites during working hours. The Cookie Monster Perhaps the most misunderstood feature of Web surfing is the diminutive and often sour-tasting cookie. In essence, a cookie is just one line of text written to a file on your computer. When you return to a cookie-baking website, the server looks for it's own cookie and, depending on what is written in the file, it might send you different webpages or different graphics (usually ad banners) for those webpages. Unlike IP numbers which can change slightly every time you jump on the Net, cookies are unique identifiers for your computer. Most servers you encounter on the Web install these little morsels so they can identify you the next time you visit the website. After that, all generalizations end with the main difference being the intent of the hosting website. Many cookies are benign and are designed to save you time. For instance, our bulletin board, The Info Exchange, writes six cookies to your hard drive and stores your username and password so you don't have to type it in whenever you make a post. It also stores the last time you were there so it can show you any new posts since your last visit. Nothing else is stored on our server that isn't required of your registration for posting. Most websites who use benign cookies ask you if you want them or not and leave it up to you whether to accept them. This is good policy. Malignant cookies are a different animal altogether. Usually all they store on your machine is a unique identifying number but what is stored in the server log is much more involved. Since the server is recording which pages it sends you, this data can be mined with the intent of developing a profile of your interests. As you re-visit the site, your profile is updated with any additional information the server can gather. If you fill out a form, it might save your name. If you sign onto a mailing list, it might save your email address. If you order something, it might keep your address and credit card info. Coupled with the webpages you like visiting most, your profile might turn into a fairly accurate window into your lifestyle and what you find most interesting at that particular website. Hopefully, websites which build these profiles won't share their info with other entities and at worst, they'll only use their knowledge to target a few particular advertising banners your way. Reading a company's privacy policy is a good way to understand how they use their cookies and the extent of their use of any information they may gather. Descending as we go, there is one more type of cookie I think is evil. This cookie follows you around as you visit many of the most popular websites and the profile it creates reaches from one end of the Web to the other. If you like cooking, it knows. If you follow stocks, it knows which ones. If you're looking for a new car, it knows which model you keep going back to over and over again. The most experienced bakery chef for these cookies is a company called DoubleClick. They market advertising on leading websites with the added benefit of providing user profiles. The cookie they place identifies you at any website which hosts their banners. Needless to say, the depth of the information gathered can be quite staggering even if DoubleClick never puts your name to your profile. By recording your movements across the Web, eventually they hope to figure out what works in getting you to part with your money. Proponents of this technology say it's no worse than having security cameras in a department store. Yeah...right, except when you're out shopping, the cameras don't follow you from one store to another. Cookies and Dieting The situation isn't entirely grim and as long as you know what's going on. You can protect your privacy while Web surfing regardless of the intent of the website. Some cookies might even be helpful if they help you find items you're looking for but might otherwise overlook. The extreme protection is to turn off cookies entirely in your browser preferences. You will lose some functionality at many e-commerce sites and other sites like our bulletin board but it's the best way to avoid targeted advertising completely. Another thing you can do is have your browser ask you each time a server wants to write you a cookie. This way you can choose which ones to accept or not but this can be very annoying considering the widespread usage of these little beasts. Some sites are cookie dependent and will actually refuse your entry unless they can bake a cookie on your hard drive. A little bit less annoying is only allowing cookies which are sent back to the host server. In this arrangement, the website you're visiting can write their cookie but outside entities like DoubleClick "might be" foiled. Whatever profile is updated shouldn't follow you past the website boundaries. For those who want the ultimate ease of use while surfing and who still want to control their cookies, you can edit the cookie file and delete which cookies you don't want. That way, you're creating lots of disjointed new profiles when surfing instead of one which is personal and accurate. If you're on a PC, according to Aaron Gesicki, the easiest way to find your cookies is to open the Cookies folder using Windows Explorer. The path to your cookie directory might look something like this: My Computer/C:/Windows/Cookies Once in there, you can delete which cookies you don't want or edit them with NotePad. If you use a Mac, it's likely all your cookies are in one data file. The free program BBEdit Lite 4.1 from Barebones Software will let you erase which cookies you don't trust while keeping your useful cookies intact. In use, I delete the cookies from my favorite websites if they have no purpose other than to add info to my profile. The ones I don't recognize from ad agencies like DoubleClick might get left alone except for a few transposed numbers here and there...;) In any case, you should open your cookie file with your browser just to see how many websites are keeping tabs on you. Do a find file for "cookies.txt" or "MagicCookie" and drag the little bugger into your browser window. You might be surprised how many cookies have been baked right under your nose! Email and Spam There is nothing more annoying than getting more Spam (junk email) than regular letters from your friends and family. How does this happen? You try not to leave your email address all over the place but somehow, someone has got your number. What a pain! As a webmaster who has his email address scattered widely, I get lots of junk mail. Interestingly, some of the junk mail I get is from the folks who mine for email addresses with the intent of selling them to me. They use a search robot - a software program which scans the Net to glean email addresses. For about $300, I can get 150,000 addresses on CD-ROM. For $800 I can get over a million addresses and I've even received ads offering as many as 5 million email addresses. Wow! These addresses are picked up from mailing lists, bulletin boards, postings to newsgroups and personal webpages. To pick up more, chain letters are started with the directions that you forward these emails to your pals on the Net. Everytime such an email gets forwarded, it collects more addresses and eventually, if luck is with them or they set it up right, it will get back to the spammer. By US law, spammers are supposed to include directions for getting off their mailing list and for the most part they do. However, when you reply with unsubscribing directions, it may remove your name from that list but it might put your name on 20 others. By replying, you verify your email address is active and I've received Spam offering 80,000 verified email addresses for $199.95. Not a bad deal, huh! So, what's a woodworker to do? If you have been on the Net for a while and you aren't getting Spam, you're already doing the right things. If you're new to the Net, be wary of where you leave your address. Most places of e-commerce require email addresses for any credit card transaction. Be sure to read their privacy policy before giving up your email address or better yet, set up an alternative email account with a remailer service like Yahoo!, Excite or Hotmail. If your alternative email box starts to fill with junk mail, you can simply start another one, leaving your main email address private. Alternative email addresses work well on bulletin boards and newsgroups but can be a hassle for mailing lists. The web interfaces for these re-mailing services are often slow and cumbersome which makes participation tedious at times. Using your regular address can be successful as long as you use discretion in picking your lists. Or you can sign up for the digest version where you can read lots of email with only a few clicks using a remailer. Regardless of how you behave on the Web, your email address can be treated recklessly by friends and loved ones. Your uncle, who sends everyone in his address book a dirty joke, might need some privacy education if you can read all the other addresses in his email. If you can read their addresses, they can read yours and anyone who simply forwards it will send your email address along for the ride. To help stem this type of address proliferation, many email programs have a function which allows you to suppress the recipient list. If not, all of them allow you to send any multiple-address emails as a Blind Carbon Copy (BCC). Emails you receive and want to send to others should be stripped of any included addresses. Just as you wouldn't give your parent's phone number to a stranger on the phone, it's time to protect our friend's and family's email addresses as well. If you have a personal website, you can hide your email address by showing it as a graphic to your visitors. The robots which grab addresses from webpages can't read graphics - at least not yet! Another thing you can do is set up a feedback form which channels any comments from visitors through a script in your server's cgi bin. If you're like me and get more than your share of Spam, you might find the best way to deal with the problem is simply delete it as it comes in. Setting up email filters will help channel it to the trash more efficiently, but you never know for sure what's getting thrown out until you read it. You can also opt to change your main address but you're likely to spend more time getting folks to use your new address than you will spend hitting the delete button. Finally, many of you will think this article is much-ado-about-nothing. In many respects, you're absolutely right. The government already knows how much money we make and where we live. The credit card companies know what we like to buy and our doctors know stuff we won't even share with our best friends. Goodness knows there is plenty of junk realmail to go around so it's natural to feel we live in glass houses and throwing bricks only hurts our homeowner's insurance rates. That said, for those of you who are tired of the intense scrutiny, the attempts to manipulate our buying practices, and you're especially miffed at what goes on without your knowledge, I hope you appreciate this catharsis. If you have any further questions or helpful hints you want to share, you can reach me at this email address: Yours for a better Internet, Jim Mattson Anyone interested in learning more can read all about it at the following websites: Cookies Center for Democracy and Technology What Banner Ads Say About Us Anonymizer Freedom.net DoubleClick Press Release March 2, 2000 Spam O'Reilly Stop Spam Center CAUCE The War On Spam Fight Junk Email UXN Spam Combat The Spamhaus Project The Art Of Hunting Spam