The Becsta.NET Second Rant - Privacy on the Internet

Put up your hand if you value your privacy on the Internet. *hand up* I do. I don't want my buying habits to be tracked across the Internet. I don't want targetted advertisements because I don't want advertisements full stop. I don't want to receive shedloads of unsolicited email because I've given away my email address to companies who then sell that information to the highest bidder. I want to maintain control of who I give information to.

So how does personal information get leaked?

Cookies - One common method is through browser cookies. The default setting for both Internet Explorer and Netscape is to allow cookies to be set without informing the user that they've received the cookie. A cookie is a little file sent by the web server to a browser which contains some information as well as item/value pairs. Cookies were born out of a need to track state information during web sessions, as the WWW is state-less. However, companies quickly found out that they can track users habits while they are "surfing" (don't you hate that term) the WWW. Companies like DoubleClick are infamous for doing this - they send you a cookie with a unique number, whilst storing that cookie in a database. Whenever you hit a page with links to the company, the browser will send the cookie back to that company, with the "referrer" field set to the web page being displayed. They will slowly begin to determine which sites you visit, and (according to marketing hype) be able to provide you with a much better experience by displaying ads tailored to your surfing habits.

The fix is to disable cookie use, and to selectively accept cookies. Some sites will boot you off if they detect that you don't have cookies enabled. Quite frankly, I don't want to visit sites which require cookie use.

Monitoring Software - Another common method is through the installation of hidden software, designed to monitor your browsing habits, download habits, reading habits etc (basically spying on you), sometimes in real-time. Some games come with these hidden daemons - with these things being installed in the background while you install and play the game. Almost all of these backdoor bits of software require connectivity to the Internet in order to send the information they've gathered back to the Mother Ship (*record scratch* company).

This is certainly questionable company practice when this happens. I wonder whether this practice violates privacy provisions and laws.

Be vigilant when installing software, take before and after snapshots of files (through Tripwire is good), and only allow expected outbound connections through your firewall.

Opt-in and Opt-out

I have an issue with Opt-out schemes. I provide my email address to, say, my bank, so that I can receive email regarding their online banking. Suddenly, I find I've been subscribed to a million different schemes and email lists - all designed to maximise my experience. I didn't ask to join these schemes. The only way for me to get off them is to "opt out".

I remember reading an article on Slashdot some time ago where a contributor pointed out issues with opt-in and opt-out. The contributor had subscribed to some service on the Internet, later finding he'd been silently subscribed to several other schemes run by the same site. He was given the option to opt-out by going to a "configuration page" and deselecting the services he didn't want to subscribe to, which he did. After several months, he found an email in his inbox from the web site which stated that there seemed to be an "error" within his account, and he'd been resubscribed to the services he opted out of. How kind of them.

I'd much rather opt-into a scheme, than opt-out of a scheme, because I would have made a conscious decision to join the scheme because it would give me some benefit. I think opt-out is a flawed scheme, and should never be used by business.

Pay for Privacy?

Will you pay money for your privacy? I thought privacy was a right, not a privilege I had to buy (opt) into. We shouldn't have to pay money to maintain our privacy. Which raises a question. What do the executives of these companies do to maintain their privacy? Why can't I have the same level of protection?

There is a site on the Internet called Zero Knowledge Networks who specialise in protecting peoples' privacy. The have developed a bit of software which controls privacy features. Unfortunately, you have to pay money to get anything above a basic set of privacy features. Still, their basic package is a good start - they even have a Linux version of their software!

Nothing is Free these Days

Aint that the truth.

Ever wonder how all these "free" services work? A common practice is to dangle a carrot in front of someone, and hope that they bite. In order to get the goods, they have to give up something - if it's not cash, then it must be personal information, which the company can then sell, as the information is owned by the company. Your personal information is someone elses assets.

My suggestion is to read between the lines.