By the Book: This article is an excerpt from Computer Privacy Annoyance s, by Dan Tynan (copyright 2005; reprinted by permission of O’Reilly Media ).
It’s an unwritten law that you can’t write about personal privacy without quoting Sun Microsystems CEO Scott McNealy’s infamous 1999 statement: “You have zero privacy anyway. Get over it.” But the fact is, McNealy was wrong. Although protections in this country are not exactly plentiful, this isn’t 1984 or The Trial—at least, not yet. Here’s how to avoid some of the most annoying invasions of your online privacy.
Tell people finders to get lost
I just typed my phone number into Google, and boy, did I get a shock—it had my name, phone number, address, and even a map to my house. It’s like the Complete Stalker’s Tool Kit. How do I un-Google myself?
I’ve got some bad news: It’s not just Google. You may well be listed in any number of online directories, such as AnyWho, WhitePages.com, Switchboard, and so on.
Online directories buy this information from data brokers, who get their data from phone directories and other public and private sources. Some—like InfoSpace, Switchboard, and Yahoo People Search—obtain their listings from Acxiom, a major U.S. data vendor. You can ask Acxiom to remove your data by sending an e-mail message to firstname.lastname@example.org or by calling 877/774-2094; either way, the company will mail you an opt-out form to send back. [In the European Union, send an e-mail to email@example.com.—Ed. ]
But you’ll still need to visit each directory and remove yourself, because your data can linger for months and even years.
Get off the list
It takes some legwork to remove your name, address, and phone number from online directories. Here’s where to go to opt out of the major sites.
In some cases, you may have to call, send a letter, or respond to an e-mail to confirm the deletion. You should also ask your local phone company to make your phone number unlisted; otherwise, this information will end up in the white pages and thence online, and you’ll have to start all over again. But remember: delisting yourself will make it harder for old college roommates or ex-spouses to look you up (which may be a good thing).
Swat Web bugs
I’ve heard that it’s possible for spammers to tell if you’ve read e-mail they’ve sent you. That just creeps me out. How do they do this, and how can I stop them?
You’ve heard right—provided they’re sending you HTML mail. In fact, this is becoming standard practice for all bulk e-mailers, legitimate and otherwise. The trick involves embedding a tiny transparent graphic—often a single pixel—in the message and tying it to a bit of HTML code. When you open the message, that little bit of HTML code tells the page to go fetch a picture from another server out on the Net. But there’s no picture to fetch; the server on the other end craftily records the fact that the e-mail was opened, the e-mail address of who opened it, the computer’s IP address, the browser that was used, and potentially more. Many Web sites use the same technology to determine what pages people open when they visit a site.
To turn these Web bugs off in e-mail messages, disable HTML mail. [In Apple’s Mail, go to Mail: Preferences: Viewing and make sure the Display Remote Images In HTML Messages option is turned off. By default, Microsoft Entourage 2004 doesn’t download pictures from senders who aren’t in either your Address Book or your Mailing List Manager.—Ed.]
Watching the (digital) detectives
I’m bombarded by spam that claims I can find out anything about anybody simply by buying a $30 software package. Are these things for real?
Well, they’re real in the sense that the people who sell them really do take your money. But no software product can turn you into a virtual Philip Marlowe or, conversely, expose your secrets to the world. The “detective” software products I’ve seen consist largely of text files explaining how to find and use public-records databases, along with links to paid search sites. Because the data is public—and largely available for free at sites such as Search Systems and Public Record Finder —there’s no earthly reason to spend 30 bucks. And since you can’t do much to suppress public records (such as property ownership or professional licenses), worrying about it makes little sense.
Give credit where credit is due
The idea of typing my credit card number onto a Web page gives me the willies. I feel like I’m inviting people to rip me off.
It shouldn’t. Though e-commerce sites do occasionally get hacked and shady sites might steal your data, using a credit card actually offers you some protection if you get ripped off. Thanks to the Fair Credit Reporting Act, if someone steals your credit card information to make purchases, you’re liable for only $50 of the total—even then, many banks and merchants will credit the entire amount when online fraud is involved, provided you catch the mistake in a timely manner.
But you’ll want to make sure the site is legitimate and that it uses Secure Sockets Layer encryption to protect your credit info as it zips through cyberspace. (You’ll know the page is protected when you see the letters https in the Web address and a tiny padlock icon at the top of the browser window.)
Even then, you’ll need to monitor your account carefully to make sure nobody’s “cramming” your card—adding bogus extra charges to the account. Most banks put a limit (such as a couple of months) on how long after the initial purchase you can dispute a charge, so examine your monthly statements or check your account more often online. An alternative is to get a separate credit card with a low limit and use it exclusively for online purchases. If crammers do max out the account, you’ll have less to lose.
Whatever you do, don’t send a check or cash to a Web site—unless you don’t care about losing money. (And if that’s how you feel, could you send me some, too?) Look for logos from trusted authorities, such as VeriSign or the Better Business Bureau OnLine (make sure you can click on those to go to the logo owner’s site). And if a street address is missing or leads to a P.O. box or private mail drop, buyer beware.
Privacy by the numbers
|1.8 million||Users who were tricked into giving up personal information by e-mail phishing scams (messages that falsely appear to come from a bank, for example)|
|428,579,418||Spam e-mail messages blocked by AOL in a randomly selected 12-hour period in July 2004|
|1 in 2||Male Internet users who admit to having visited an adult site|
|36%||Bloggers who’ve posted things that have gotten them in trouble with family, friends, or employers|
|70%||Online users who say they are concerned about online privacy|
|1 in 4||Firms that have fired employees for violating written e-mail policies|
|1 in 5||Companies that had business e-mail subpoenaed in 2003|
|$776,000,000||Projected annual sales of Web-monitoring software by 2007|
|75%||Netizens who reveal personally identifiable information on their Weblogs|
Usenet or lose it
OK, I admit it—I’m a bit of a hothead. I’ve posted my share of outrageous statements on various newsgroups across the Net. Now I regret many of the things I typed in haste. Is there a way I can expunge them or otherwise “take it back”?
Sorry. All the stupid things you’ve posted on Usenet over the years are preserved for posterity on Google Groups, assuming someone else is bored or malicious enough to look for them. But you can save yourself future embarrassment by using an anonymous remailer to post comments from now on. These are especially helpful to people who need to discuss highly personal issues (like sexual or substance abuse) without having their identities attached to their comments.
[ Dan Tynan is a PC World contributing editor; he has been writing about Internet privacy and security for nearly a decade. ]