 Number 226 - March 2002 |
|
| Cookies, SpyWare, and other Privacy Threats on the Net | |
| by Ira Wilsker, January 2002 1960s PC User Group | |
|
Chances are that if you
have been browsing the net for even a short time, your online activities
have been tracked, compiled, and used to either direct advertisements
to you, or the information may be sold to others. How does this happen?
is a common question asked on my weekly radio show (KLVI 560AM, Tuesdays
6-7pm).
The most common method of tracking users is the cookie, a small text file placed on your computer by most websites visited. The default setting in both Netscape and Internet Explorer is to accept all cookies without telling you. Generally, cookies fall into three broad categories. First is the type of cookie used by sites such as My Yahoo, other news sites, and some shopping sites to store personalized or registration information. I use My Yahoo as my startup page on my browser as my personalized newspaper, listing current news, weather, stocks, etc. By accepting the My Yahoo cookie, I can view my newspaper each time, and the Yahoo server tracks updates. Some sites, such as Microsoft, require that you accept these cookies so they can (allegedly) provide a more personal service. Other sites use this type of cookie to simply track how many visits you have made to their website. The second type of cookie is the shopping cart cookie. This is a small text file placed on your computer typically only for as long as you are online, which tracks items placed in your online shopping cart until you checkout, and then they expire. Most shopping sites require that you accept this type of cookie. The third type of cookie is the one that worries privacy advocates - that is the advertising cookie. These small text files are typically only read by the company that places them there, but many can be read by other companies and sites as well. These are used to track sites visited, ads seen or clicked on, or otherwise compile a profile of the user. The largest of these advertising cookie companies is DoubleClick. DoubleClick recently won a federal court case when the judge dismissed a case, stating that the placing of cookies on a users computer is not an invasion of privacy (In re DoubleClick Inc. Privacy Litigation, 00 Civ. 0641 NRB). The plaintiffs objected to the fact that cookies placed by DoubleClick could track user names, e-mail address, searches performed, sites visited and other information about the user. Even though the case was dismissed, DoubleClick allows surfers to Opt Out of having DoubleClick track them, by simply connecting to a DoubleClick site, and accepting an Opt Out cookie from www.double click. net:80/ us/ corporate/ privacy/ opt-out.asp. Another site that has comprehensive cookie opt out links is http:// privacy.net/ OptOut/ adnetwork.asp. I recommend that most Internet surfers decide which cookies they want to receive, and that they remove any cookies that the user feels uncomfortable with. With recent versions of Netscape, click on the top tool bar EDIT - PREFERENCES - ADVANCED - and then check both Accept All Cookies and Warn Me Before Accepting A Cookie and then OK. Netscape will show the cookie information in the window, and give the user the opportunity to accept or reject the cookie. With recent versions of Internet Explorer, click on VIEW - INTERNET OPTIONS - ADVANCED - SECURITY - then check both Allow Cookies and Prompt (some versions have slightly different command prompts). If set as shown, IE will show that a cookie was received, but initially not the contents; the More Info button must be clicked to find the content of the cookie. With a little practice, it becomes apparent what types of cookies are being received, and gives the user some control of his privacy. There are several utilities that can be used to manage cookies, and delete any unwanted cookies. There is a directory at http://tucows.exp.net/ cookie95.html, which lists cookie utilities for Win95/98, and links to cookie utilities for other operating systems. A freeware cookie manager, CT Cookie Spy is available at http://camtech2000.net/ Programs/ ctcspy10.zip (this is a ZIP compressed file, and requires a compression utility to uncompress it). |
What many see as a more
intrusive method of tracking and sometimes selling user information is
referred to in the trade as SpyWare, software that tracks almost all
surfing activities, and sends that information to a site which compiles
this information, sometimes along with personal demographic information
that is individually identifiable. A major trend recently has been for
some software, both free and commercial, to supplement the authors
income by tracking the users activities in the background, and then
selling that information. Two of the most popular programs that can
detect and kill SpyWare on your computer are LavaSofts Ad-Aware, and
Gibsons OptOut. Ad-Aware is available free from http://download.cnet.com/
downloads/ 0-10106-100-5055149.html and OptOut is available free from http://grc.com/ optout.htm.
Some of the most common SpyWare programs are Comet Cursor (that cute
utility that changes your cursor as you surf selected web sites), and
Aureate/Radiate (used by many free and commercial programs. Even such
popular programs as the new versions of Print Shop, Quicken Family
Lawyer 2001, Mattel, and other commercial software may contain a version
of SpyWare.
Your browser also sends out information about you, typically without your knowledge. Look at http://privacy.net/ Traced/ and see what your browser can send without your knowledge. Commonly sent are the browser name and version, the registered email address, operating system, monitor settings, IP address (location of computer on the net), referring site name, and a variety of other information. A fairly new method of collecting additional information from surfers is the 1 pixel gif file or Web Bug. This tiny file, only a few bits, can gather much information. A recent news release by CNET http://news.cnet.com/ news/ 0-1005-200-5008849.html stated, "Many site operators and Net advertising companies place Web bugs on their pages to collect information, such as which pages are being read most often the bugs also can be used in more invasive ways, capturing a visitor's (IP) address or installing pernicious filesThe bugs can also be matched with "cookies," the electronic files that are stored on a PC and can contain personal information such as name and e-mail address." Even more devious, in a recent demonstration by the Denver based Privacy Council, a one pixel gif can be used to steal a computer user's entire e-mail address book merely by clicking on a bugged web page. Other examples were tiny executable files placed by the web bug on the users hard drive that collect online information tracking web visits, or monitoring documents for specific words such as financial, without any notice to the user. Another form of one pixel gif can be attached to an email, enabling the sender to retrieve information from the recipient, or secretly send copies back to the sender when the e-mail is replied to or forwarded. Some anti-virus and firewall software can protect computers from some web bugs, but they can be very difficult to detect, and the anti-virus publishers are working to enhance their protection. Specialty software, Personal Sentinel, to protect against web bugs is now available from www.Intelytics.com. This software functions similar to a firewall, protecting from many forms of web bugs. Many of the new threats to personal privacy are insidious, but should not be so threatening that users stop surfing the net. As had been stated in previous columns, it is imperative to have a frequently updated anti-virus program running at all times. In addition to protecting from viruses and Trojans, the anti-virus program may screen out some web bugs. Surf, but surf cautiously. Ira Wilsker is an Instructor IV of Management Development at Lamar Institute of Technology. Ira has been working with computers since 1965 when he took his first computer class at the Illinois Institute of Technology, in Chicago. A past president of the Golden Triangle PC Club, and a board member of the Association of PC Users Groups, Ira is a frequent guest on the local television news, and has lectured locally to internationally on a variety of computer topics ranging from computer and Internet basics, to CyberCrime, and Community Oriented Policing. Ira is the host of the Computer Information Hour on KLVI 560AM every Tuesday, 6-7pm. |
|
Number 226 - March 2002
|
|