Internet Privacy FAQ

Dan Wallach, Rice University

(Now translated to Belorussian!)

Whenever you consider issues of privacy, it's important to ask who wants to learn what about whom. The risks to your security and privacy vary widely, depending on who you consider to be the one trying to learn secrets about you.

Privacy at Work

What can my employer learn about net surfing behavior?

In general, your Internet connection to the outside world from your desktop machine is completely controlled by your employer. This means they have the technical means to observe each and every Web page you visit as well as read each and every e-mail you send and receive. If you have hobbies or personal activities that you would rather your employer didn't know about, then don't do them at work.

Isn't it illegal for my employer to listen in like this?

Good question. Many employers consider the fact that you're using their computers and their connection to imply they have a right to say how you can use them. Other employers grant you a measure of privacy, but you still have no intrinsic right to privacy (although laws vary from state to state on this).

I separate my work and private e-mail by using a free e-mail service, such as GMail, HotMail or Yahoo! Mail. Is that good enough?

As above, if you're viewing it on your computer at work, your employer could potentially see it. It's generally a good idea to keep your work and personal identities separate. Especially if you post to Usenet newsgroups, blogs, or whatnot, it can be beneficial to post from a more generic account, and perhaps not with your real name. This helps you avoid the need to add the typical ``I speak only for myself, not my employer'' disclaimer.

I am an employer. Should I monitor my employees?

When in doubt, contact a lawyer. An important consideration is how aggressive you want to be with your monitoring. If you install a commercial product that attempts to filter ``objectionable'' content from your employees, you start to put yourself into a legal grey area. If you explicitly ban some Web sites, then you're implicitly endorsing the rest. If you only allow good sites and ban everything else, you make it difficult for your employees to use the web as the general-purpose problem-solving resource that it is. If you explicitly watch over the shoulders of your employees, you could well be sued over something that you missed. Conversely, if you treat your employees like adults and trust their own discretion, you may be able to assume a ``common carrier'' style of defense. You can't sue the phone company because somebody is making harassing phone calls to you over their lines.

Privacy While Surfing the Web

What's the deal with cookies?

Cookies are a way that a Web site can tag you with a unique number. The next time you visit, they get that number back and can recall who you were. Many popular Web sites use cookies for perfectly benign purposes. Cookies get trickier when they are used across Web sites. All of the online advertising companies do this sort of thing. When a Web site wants to have advertisements, they include an image that is loaded from the advertiser rather than from their own Web site. Now, the advertiser can potentially track all the Web sites you've visited, and customized advertisements just for you.

As an example, let's say you have a new baby. You start surfing to various Web sites to learn about products for your child. Although you never explicitly told anyone about your child, the advertiser might assume you have a new baby because you've visited certain kinds of sites, and they they might feed you baby-related advertising anywhere you surf. While this example doesn't sound too bad, imagine if somebody borrows your computer and visits some X-rated Web sites.

That sounds pretty bad, but they still don't know who I am in real life, right?

If, at any point, you visit a Web site and buy something with a credit card, giving them your real name and address, and that Web site feeds your name and address to the advertiser, now your online activities can be tied to your real-world identity.

That should be illegal.

But it isn't. Europe generally has much stronger privacy laws than we do, and Web sites that want to sell products in Europe generally have to follow the stronger European regulations. Still, you have very little legal basis to complain about all this information gathering unless a company's behavior is contradicting any policy it may have posted in public.

Well, I'll forget the Web and just do my thing in the real world.

Although they're not called cookies, the real world has all the same problems. When you fill out a product registration card or send in for a rebate, you're putting your name on that product vendor's mailing list. When you buy a house, your name and address are a matter of public record, and you'll start receiving mail to sell you all the things a new house needs (a security system, window blinds, yard service, etc.). Every time you buy something with your credit card (or one of those loyalty coupon cards at the supermarket), all that information can potentially be attributed back to you at a later date. My cable TV company asked for my social security number before they would hook me up. What do you suppose they plan to do with it? At least with the online world, you can take steps to preserve your privacy. In the real world, pretty much the only thing you can do is pay cash, which isn't always possible. (In fact, after having a baby and buying baby products at the supermarket, their automated coupon machine is regularly offering me baby formula coupons, even if I'm not purchasing any baby products on a given shopping trip. For the loyalty card, the supermarket asked me for my address. Are all the baby product mailings I get a result of this? Who knows?)

How can I only do business with vendors that respect my privacy?

Read their privacy policies. Virtually all online vendors have privacy policies these days. For a good example, read the privacy policy of Intuit. Intuit makes a clear difference between data that can be identified with your name and data that they collect for aggregate statistics only. For an example of a more dodgy policy, here's an excerpt from a defunct dot-com company:

[Defunct company] does not sell, rent, or trade your personal information with others. However, when one or more of our business partners co-sponsor a service, promotion and/or contest, we may share some or all of the information collected in connection with such service, promotion or contest with the co-sponsor(s).

So, they don't give out your personal information except when they feel like giving it to a business partner. That's not very reassuring.

How can I take my privacy into my own hands with these Web sites?

Many of these sites will ask you for your name, your e-mail address, and various demographic information about you (your income level, your age, etc.). Lie. Make up numbers. Make up a fake e-mail address. Unless you believe the Web site is giving you something specific for which they need to know your income (e.g., tax advice), then you can tell them anything you want. Unless you want to receive e-mail from the Web site (e.g., Amazon.com will e-mail you to say your shipment has been delayed), then make up an address (although try to be careful to make sure it's not actually somebody else's valid e-mail address). If a web site wants an email address to verify who you are, perhaps for a password to sign in, you can always make yourself a secondary account with one of the web mail providers.

Also, as a side note, if you receive a spam message that includes some kind of ``send e-mail to remove@CompleteIdiotsRUs.com to remove yourself'', don't do it. All you're doing there is telling them that you have a valid e-mail address and you'll get more junk later from them. For more information about spam, visit the Coalition Against Unsolicited Commercial E-mail.

What about reconfiguring my browser to increase my privacy?

There are a number of things you can do to improve your browsing experience. I'm going to describe what I do for my browser. Firefox and many other browsers allow you to configure your browser to accept cookies only from the originating Web site (see the image, below).

You can get to this dialog box from the Tools -> Options... menu item. You'll notice I've checked the middle option under "Cookies". This options defeats some kinds of third-party tracking. The "ask me every time" option gives you a dialog box every time a cookie is set and gives you the chance to say "no". If you were visiting, for example, myspace.com and got the example below, it's probably a legitimate MySpace cookie, so you'd want to allow it. If you got something unrelated, you'd probably want to deny it.

 

A more aggressive option is to install the AdBlock plugin for Firefox. AdBlock is a reason, all by itself, to use Firefox instead of any other browser. For most advertisements on web pages, you can right-click, scroll down to "AdBlock Image" and you'll get a dialog box like this:

 

You were visiting MySpace and this advertisement is clearly coming from somewhere else. You could replace everything after "overture.com" with an asterisk (*) and hit "okay". Then, no matter where you visit, ads from Overture would simply not appear on the page. Even better, you can hit Control-Shift-A (or select Tools -> Adblock -> List All Elements) and get this gem:

 

Now, you can see everything inside your web page, including the bits that were removed by AdBlock. The ads that were removed are highlighted in red. In addition to removing advertisements from Web pages and making your pages load faster, AdBlock also effectively filtering out many of the cookies used by advertising companies. If they can't get their advertisements into your browser, they can't get their cookies there, either. AdBlock isn't perfect, but it's well worth the effort to learn it. (Incidentally, if you accidentally block something that you actually want, you can go to the main screen and delete it from the list.)

Other risks?

I'm worried about the government knowing what I'm doing.

Prior to 9/11 and the PATRIOT Act, I would have said that the government is the least of your worries (at least in the United States). Certainly, the private sector keeps an awful lot information about U.S. residents. More recently, many people have legitimate concerns about unwarranted wiretaps, among other issues. Still, if you really want to prevent the full force of America's clandestine spying apparatus from watching over your shoulder, you're going to need more help than I can offer you here.

I'm worried about the privacy of my health information.

And so are a lot of other people, especially with today's HMOs' and insurance companies' penny pinching. There's not a lot you can do about it, but they are starting to take privacy seriously.

I'm worried ``hackers'' will mess with me or my computer. (Or) I'm scared ``hackers'' will steal my credit card number.

Probably the most serious risk these days is that hackers might break into a Web site where you've purchased a product and will be able to steal your credit card number. Note that this attack has absolutely nothing to do whether your conversation with the Web site was encrypted or not. That only protects the data from ``eavesdroppers''. Once a Web site has your credit card and stores it on their computer, the encryption is long since decrypted. The only good general advice is to only do business with larger and more established sites. Because they have more to loose, they spend more effort protecting their sites. Also, keep in mind that most credit cards offer a zero-deductible for any Internet-related fraud. You should always read your monthly credit card statements, and you should challenge any charges that you did not make. Unless an online vendor can prove that they really did business with you, they have to eat the loss.

Further information

There are a lot of documents out there that try to cover this topic. If you want a picture of just how bad privacy could become and why it's important to actively do something about it, I heartily recommend reading Database Nation, by Simson Garfinkel (O'Reilly & Associates, January 2000).

Privacy isn't just about hiding things. It's about self-possession, autonomy, and integrity. As we move into the computerized world of the twenty-first century, privacy will be one of our most important civil rights...

• It's not about the man who wants to watch pornography in complete anonymity over the Internet. It's about the woman who's afraid to use the Internet to organize her community against a proposed toxic dump - afraid because the dump's investors are sure to dig through her past if she becomes too much of a nuisance.
• It's not about people speeding on the nation's highways who get automatically generated tickets mailed to them thanks to a computerized speeding trap. It's about lovers who will take less joy in walking around city streets or visiting stores because they know they're being photographed by surveillance cameras everywhere they step.
• It's not about the special prosecutors who leave no stone unturned in their search for corruption or political misdeeds. It's about good, upstanding citizens who are now refusing to enter public service because they don't want a bloodthirsty press rummaging through their old school reports, computerized medical records, and email.
• It's not about the searches, metal detectors, and inquisitions that have become a routine part of our daily lives at airports, schools, and federal buildings. It's about a society that views law-abiding citizens as potential terrorists, yet does little to effectively protect its citizens from the real threats to their safety.

- Database Nation, Simson Garfinkel (quote used with permission)

Some good links

CookieCentral

General information about cookies, how they're used, and pointers to a number of utilities to help you manage your cookies.

EPIC, EFF, ACLU

There are a number of political organizations that concern themselves with your privacy. They're worth supporting.