Big Brother IS Watching You!
Privacy Issues Online!
By Mike Banks Valentine
Did you know that you are willingly providing information to the
world with every site you visit, every product you buy. Your mailing
address, your phone number, your sexual preferences (based on
sites you may have visited), your resumé are available,
literally to the entire world? Then, a practice called email
appending helps to paste all that information together in
multiple marketing
databases.
There is a nasty little privacy parasite loose on your computer.
You get it by visitingweb sites with "bugs" on them.
Typically served by ad tracking, affiliate tracking and even email
tracking companies to measure the effectiveness of their ads,
track their visitors and find out when you open their email. Web
bugs are tiny, invisible 1 pixel by 1 pixel graphic files that
notify a third party web site when a page, an ad or an email is
viewed
Now if you've joined an affiliate program through any of the major
affiliate tracking companies, you have probably even put these
bugs on your own pages without knowing what you've done. They
come in the HTML code you are given to paste into your page by
Commission Junction or LinkShare or BeFree networks to track your
visitors so you can be paid your affiliate commissions.
You'll see on the link code something like this <img
src="http://service.bfast.com/bfast/serve?bfmid=
26375915&siteid=38461978&bfpage=ehi_home_page" border="0"
width="1" height="1" NOSAVE > This
is actually the WebSite101 code for our affiliate link to eHealthInsurance.com
and is required by their affiliate program. This is a "good"
use of web bugs to track commission payments to affiliates. It
allows the host to track exactly what web page was visited by
the surfer and when so that affiliate links can be tracked from
their source.
The "bad" bugs are those used by ad servers to track
which advertisements are viewed by surfers and combine it with
other information stored about that surfer at other web sites.
There are bugs included in HTML email -- those messages that include
graphics, fonts and page color in the messages -- to see when
the email was opened and can even tell where on your hard drive
that email is stored, when it was viewed, how long it was open
and if the links are clicked on. These bugs are euphemistically
titled "beacons" by Intel corporation in their Privacy
Policy
"Bad" bugs are used by nefarious sites to collect information
from your hard drive and pass it back to their server without
your knowledge. This is done in combination with cookies
to send information about your surfing habits to third parties,
also without your knowledge. Some of these nasty little critters
can even be used from web pages or within your email to install
"executable bugs," which can install a file onto your hard drive
to collect information whenever you are online. For example, one
such bug can scan a hard drive to send information on every document
that contains the word "financial." More
on Web Bugs . . .
 |
 |
Fortunately there is a new software available
for Windows users called Bugnosis
which is provided as freeware by the Privacy
Foundation.The software is designed as a browser plug-in
to notify you when a page you visit is a security risk, or
simply if the page contains web bugs. They are working on
a version that will notify you of bugs in your email. |
Personal privacy on the web is non-existent and detailed information
on you and your family, your income, your tax information, employment
history, legal documents and e-mail, are becoming easily accessible
to anyone who wants them. Good guy, bad guy or even your own dear
mother.
It's all becoming more available to the world with each site you
visit, each product you purchase and each e-mail you send. That's
right, your e-mail is not private, and can be accessed by any
bright kid with a modem and too much spare time on his hands.
It's widely known that e-mail is being used as evidence in court
cases to convict hackers, software moguls and corporate executives
of various wrongdoings. You’re an innocent? You erased it?
Doesn't matter, the receiver and those that were sent a copy of
your message may have an edited, incriminating, misleading, archived
copy. And it can be intercepted and read on route to it's destination!
Essentially the language used in most web site "Terms of Service"
agreements means that they could do anything they like with your
information. It's a kind of "Trust me" statement.
And therein lies the problem with privacy policies and even in
third party audits. You have to trust someone. Third party seal
programs like BBBonline
and Truste.com have come
under fire repeatedly for refusing to ban offending members for
privacy infractions. They insist on an audit and review of the
bad guys, before they will penalize or revoke their membership.
Meanwhile, the seals remain posted reassuringly at sites that
don't honor their own privacy policies or those of the seal programs!
No wonder public trust in any privacy claims is waning.
Another option for safer surfing is a software solution by ZeroKnowledge. Although we have not tested this software personally, it
is well recognized as a viable solution for web privacy protection.
Then there are the sites like Lexis-Nexis "People Locator"
http://www.lexis-nexis.com/lncc/general/privacy_info2.html
At this site they provide "subscribers" of their service
with "publicly available" information as well as "some
non- publicly available" information. Fortunately there is
a way to "opt-out" of their database, by sending your
name, address and phone number mailto:removal@prod.lexis-nexis.com
Whew! Now you're outta there! But wait! At Lexis-Nexis there's
a reference to the "IRSG" or Individual Reference Services
Group, which is a business consortium that make a living off of
selling your information to anyone willing to pay for it. In their
own words, the group is made up of "commercial services that
provide data to help identify, verify, or locate individuals".
Now you have to go to each of the members of the IRSG and check
each member privacy policy (links kindly provided) http://www.irsg.org/html/irsg_members.htm
by the members. (Although the privacy policy links for two of
these IRSG members return a "404 not found" error. Hmmmm.
And when I visited the "TransUnion" privacy policy page
I got a "HTTP/1.1 Application Restarting" message repeatedly.
Some provide opt-out options, others don't, but you can approach
each of the credit reporting agencies, locator services and other
information verification companies through the contact information
they provide and give them a piece of your mind if you like.
Don't expect to get far with services like CDB InfoTech (recently
become ChoicePoint) as when you reach their privacy policy page
link you'll find that they . . . "do not allow individuals
to "opt-out" of our databases." because CDB "only
serves legitimate businesses and government agencies that have
an appropriate need for the information we report." Hmmmm.
I guess it's up to them what's legitimate and who's appropriate.
Cookies Anyone?
Now all of the foregoing was interesting, but there is one particular
issue that relates specifically to the web and your surfing, buying
and e-mailing habits. You should know by now that every site you
visit can place a "cookie" on your hardrive which
will record a few crumbs of information about you.
This is harmless enough at first glance when all they seem to
care about is the time, date, length of stay and pages you visited
at their site. But when you know that advertisers that serve ads
from the sites you visit can also track your visit, link it to
other stored data about you gathered at other sites and finally
to any other information they have stored about you, how do you
feel?
This means that the harmless little "session number"
or "state data" gathered about you from every site you've
ever visited, every product you've ever purchased online and every
banner you've ever clicked on is stored in the database of the
ad server and distributed to it's clients!
To
learn how to disable cookies on your computer, click here.
Provided by the largest cookie bakery on the web, DoubleClick
To
get a cookie designed to stop more cookies from being delivered
by DoubleClick ad servers, Click Here.
It is possible to set your browser to the "Do Not Accept
Any Cookies" option. I recommend you try it once, if only
for the enlightenment about how many sources are collecting information
about you. Some web pages will send as many as a dozen requests
for cookies and many web sites tell you flatly that in order to
use their online service "cookies must be enabled on your
browser" to use the site.
It gets tiring and frustrating clicking the "OK" button
in the warning box that appears each time your browser detects
a request to set a cookie on your hard drive, if you've checked
the "notify me" option in preferences.
If you want to get a clearer picture of how cookies can be used
to invade your privacy, I recommend an amazing demonstration of
how you can be followed around the web without your knowledge.
Privacy.net has set up a demo at:
http://www.privacy.net/track/
You'll see how providing information in bits and pieces to multiple
web sites creates a cumulative database on your travels, habits
and preferences online. Prepare to be mildly miffed or fully outraged,
depending on your level of concern with invasion of privacy.
It is becoming increasingly complex to keep your private information
to yourself. The biggest advertisers online have created a method
which involves cookies which stop new cookies. You must get yourself
a set of "No Cookies For Me" cookies from a group set
up by this online advertising brain trust. Now ya gotta have a
new cookie to avoid getting any more cookies. No really, I couldn't
eat another bite, please! If you'd like to follow this recipe
for avoiding advertiser spying on your surfing habits, visit the
Network Advertising Initiative web site and go to the OPT
OUT page, which gives you the option to tick boxes to
opt out of cookies served by the largest six online ad servers,
- DoubleClick
- Engage
- 24/7 Media
- Matchlogic
- Avenue A
- L90 Inc.
OK, now you're outta there, right? No, not necessarily. You've opted
out but you use your wifes' computer or you use a different browser
to visit sites that serve the cookies you don't want, so you have
to visit the OPT OUT page again and check off those boxes for every
computer and every browser you use. This could get a bit tedious!
Most surfers don't know that the browser launched by their service
provider might be different from the built-in browser launched by
their operating system on start-up by the system. The ISP provided
browser is yet another version. Which one are you using now and
on which computer and did you visit the OPT OUT page with this one?
Fortunately, the NAI has set up a way for you to tell by going to
the verification page, which looks for those opt-out cookies and
verifies that you have them for each of the participating ad networks.
If you don't, you can go back to the OPT OUT page and get new OPT
OUT cookies. If that still doesn't work, you can go complain to
someone set up to police the activity of these cookie monsters.
Guess who arranged for this compliance service? Those same advertisers.
HMMMM. Well it's better than nothing. Just visit the Arthur Anderson
site called AndersonCompliance
While you are there, do think about Anderson's role at ENRON! Trust
me, no really, you can trust me!
Now you've filed a complaint and you can feel all better about it
right? Well only if they get a volume of complaints that suggests
a "significant" problem has occurred based on the number of complaints
filed, then they'll conduct an investigation. Man that's a relief!
I wonder if those ad networks will keep paying these guys to tell
them when they've gotten a significant number of complaints? I wonder
how much they pay for this service and who monitors the people they
are paying to tell them what they'd like to hear? They'd probably
stop paying me if I played this role, because I'd be telling them
every time a single complaint was lodged.
The final frontier (one becoming legislated by the FTC) is that
of information gathered by web sites in order to provide “services”
to you online such as chat, email, directories, instant messaging
and other membership type services. It has become routine for
each of these online service providers to ask detailed information
about you when you register with them.
The Federal Trade Commission ( http://www.ftc.gov ) has already
established the “Children’s Online Privacy Protection
Act” or COPPA to require those businesses that collect information
from children under 13 to make that information restricted to
third parties such as advertisers. The FTC also requires businesses
to obtain “verifiable parental consent” in order to
collect any< information from kids and provide parents access
to and allow them to edit or delete any information there.
It all adds up to one very daunting task if you seek anonymity
online, although one web site also provides “safe surfing”
by offering a service by which your information is disguised through
a proxy server:
http://www.anonymizer.com/3.0/index.shtml
and a software download to provide privacy ratings:
http://www.enonymous.com/advisor/advisor.asp
What it all comes down to is this, you must be fully informed
about what information is gathered about you, how it will be used
and to whom it is made available. Practice Safe Surfing!
