How To Protect
Yourself Online
by Stanton McCandlish
Personal Finance
Eighty-five percent of Web sites collect personal information from their users, according to the Federal Trade Commission. While most of the information is used for legitimate purposes, occasionally it falls into the wrong hands. Abuses include identity theft, diversion of funds from bank accounts and misuse of medical information.
To help guard against these and other calamities, here are rules to follow while surfing the Net.
Don't reveal personal information inadvertently. You may be "shedding" personal details, including e-mail addresses and other contact information, without even knowing it unless you properly configure your Web browser. In your browsers "Setup", "Options" or "Preferences" menu, consider using a pseudonym instead of your real name, and dont enter an e-mail address, or provide other personally indentifiable information that you dont wish to share.
Turn on cookie notices in your Web browser. "Cookies" are tidbits of information that Web sites store on your computer, temporarily or more-or-less permanently. In many cases cookies are useful and innocuous, such as passwords and user IDs, so you dont have to keep retyping them every time you load a new page. Other cookies, however, can be used for "data mining" purposes tracking your motions through a Web site, the time you spend there, what links you click on and other details that the company wants to record, usually for marketing purposes.
Browsers such as Netscape enable you to control cookies, posting a notice when a site tries to write a cookie file to your hard drive, allowing you to decide whether or not to accept it. It also allows you to automatically block all cookies that are being sent to third parties (or to block all cookies entirely, but this will make some sites inoperable).
Keep a "clean" e-mail address. Its best to use a "side" account when mailing to unknown parties, posting to newsgroups and other public spaces on the Net, and when publishing a Web page that mentions your e-mail address. Use a pseudonymous or alternate e-mail address for these purposes. Use your main or preferred address only on small, members-only lists and with known, trusted individuals.
Addresses that are posted in public space can be easily discovered by spammers (Online junk mailers). If your "throw away" address gets spammed enough to become annoying, you can simply kill it and start a new one.
Avoid sending highly personal e-mail at work. An increasing number of employers are monitoring and recording employee Web usage, as well as e-mail. This also could compromise home banking passwords and other sensitive information. Keep private data and private Net usage private, at home.
Beware of sites that offer a reward or prize in exchange for your contact or other information. Theyre likely gathering this information for direct marketing purposes. Be especially wary of sweepstakes and contests. You probably wont win, but the marketer sure will if you give them your information.
Be conscious of Web security. Never submit a credit card number or highly sensitive personal information without first making sure your connection is secure (encrypted). In any browser, look at the URL (Web address) line a secure connection will begin "https://" instead of "http://".
Be conscious of home computer security. If you have a DSL line or other connection to the Internet thats up and running 24 hours (unlike a modem-and-phone-line connection) be sure to turn your computer off when youre not using it. System crackers search for vulnerable, unattended DSL connected home computers, and can invade them with surprising ease, rifling through files looking for credit card numbers or other sensitive data. They can even take over the computer and quietly use it for their own purposes, such as launching attacks on other computers elsewhere attacks you could initially be blamed for.
Examine privacy policies and seals. When youre considering doing business with a Web site, find out the following: Does the site provide offline contact information, including a postal address? Does it have a prominently posted privacy policy? And just because they call it a "privacy policy" doesnt mean it will protect you read it yourself. Many are little more than disclaimers saying you have no privacy! Also, is the privacy statement backed up with a seal program such as TRUSTe (www.truste.org) or BBBonline (www.bbbonline.org)? Such programs hold Web sites to some baseline standards, and may revoke the approval-seal licenses of bad-acting companies that dont keep their word.
Use encryption! Online threats include industrial espionage, government surveillance, identity theft, disgruntled former associates, and system crackers. Relatively easy-to-use e-mail and file encryption software is available for free,
such as Pretty Good Privacy (PGP, available at www.pgpi.org). There are also securely encrypted "tunnel" connections, anonymous dialup, even anonymous Web publishing. Hopefully someday soon, good encryption and computer security
will be included in all ISP services and operating systems.
Editors Note: Stanton McCandlish is Advocacy Director at the Electronic Frontier Foundation, www.eff.org. Excerpted from Personal Finance, 1750 Old Meadow Rd., Ste. 301, McLean, VA 22102, 1 year, 24 issues, $69.
