You may feel completely anonymous when you sit in front of your PC surfing the Web, but with every click you risk leaving tracks that clearly identify you to total strangers. Even if you're scrupulous about safeguarding your name and e-mail address, a single slip can give away details to a company whose name you don't recognize. And seemingly innocuous software programs can surreptitiously connect to the Internet and transmit personal data without your knowledge. Alarmed? You should be.
Surprisingly, the most insidious threats to personal privacy come from sources that were until recently considered mostly harmless. In and of themselves, browser cookies can't do much. They can't collect personal information unless you enter it, and each cookie's data is hardwired to a single site.
With the rise of Internet ad agencies, however, cookies have become far more dangerous. By placing ads from a single server on a variety of pages, these agencies can create detailed profiles of Internet use from a single computer. If the agency can convince you to enter your name and e-mail address, it can begin to connect the dots into a surprisingly complete picture. The Internet ad giants have an insatiable appetite for data; DoubleClick, for instance, recently spent $1.7 billion to acquire market research firm Abacus Direct and its treasure trove of 88 million personalized records of consumer activity. Don't recognize the name? If you've ever used the Alta Vista search engine or read the Wall Street Journal online, you're in Double Click's database.
The Ad Game
Internet ad agencies rationalize profiling by explaining that it lets them personalize the browsing experience. They claim that by knowing your preferences, they can serve up banner ads that are more likely to appeal to you than randomly selected ads. Maybe so, but most Internet analysts see a more logical explanation: Click-through rates on banner ads are shockingly low; the best way for ad agencies to make money fast is to mine their data and deliver targeted lists of prospective buyers to their clients.
Of course, cookies aren't the only way to siphon data from your computer to a far-off server. With the explosion in popularity of always-on Internet connections, it's trivially easy for software developers to write Internet connection code into their releases. That's the time-honored principle behind Trojan horse programs like Back Orifice¡ªif a company can convince you to install the program in the first place, it has free rein to snoop through your data and transmit at will.
So what happens when the Trojan horse comes in the form of trusted software? Just last year three popular programs were discovered to be making surreptitious Net transmissions. Real Networks' RealJukebox transmitted statistics about music files to the mothership. Comet Cursors, a browser add-in that transforms the ordinary mouse pointer into a custom image at partner sites, sent serial numbers (stored in a cookie, naturally) back to a central server to track its product's usage. And a silly holiday-themed computer game called Elf Bowling wasn't infected with a virus, as persistent Web rumors insisted; it did, however, open an Inter net connection capable of transmitting data.
In all three cases, the impact on consumers was minimal. The real damage to the companies was measured in PR terms, as each one had to apologize to its users and somehow convince skeptical observers that its failure to disclose the hidden communications channel was an innocent oversight. Sooner or later¡ªprobably sooner¡ªan unscrupulous developer will use this capability to really steal data. Don't let it be yours.
Online advertisers will do nearly anything to seduce you into revealing personal details about yourself. Guard your name, e-mail address, and other details and never give them away without good reason. Set up a throwaway mail account at a free Web service and use it, plus an assumed name, whenever you're required to fill out a survey to gain access to a Web site. And don't install new software unless you're certain it's safe.
For extra protection, monitor your cookie collection and weed out any whose purpose you don't clearly understand (Netscape Navigator users can search for a file called Cookies.txt; Microsoft Internet Explorer users can look in the Temporary Internet Files folder for text files that begin with the word Cookie.) Follow the instructions in "How to Disappear" on page 92 to stop the top Internet ad agencies from collecting personal information about you.
For the strongest protection, use commercial blocking software to hide your identity when browsing the Web. Go to www.anonymizer.com to surf from an anonymous server. For more elaborate protection, download Freedom 1.0 from Zero-Knowledge (www.freedom.net). This compact program lets you create multiple identities, or pseudonyms, and then route your Internet traffic through a series of servers that keep your true identity completely secret.
How to Disappear
A handful of Internet advertising agencies are responsible for virtually all the banner ads you see on the Web. Through sweepstakes, surveys, and other come-ons, they try to entice you to provide personal information; most let you stop the data collection by "opting out." Here's a list of links that let you do just that.
24/7 Media www.247media.com/privacy.htm
Sister company of Engage Technologies; see instructions under Engage Technologies.
For detailed opt-out instructions go to www.delivere.preferences.com/OptOut.
Engage Technologies www.engage.com/privacy/koptout.htm
Just click on its opt-out link.
A division of DoubleClick; see DoubleClick for opt-out instructions.
AdForce www.adforce.com/home/comp3_ priv.html
Real Media www.real.com
Includes details for removing the cookie-based tag that identifies your computer.