Keep Your Surfing to Yourself
If all this gives you the creeps, you can take a few protective measures. Most involve a trade-off between convenience and privacy.
Surf Anonymously One way to keep people from monitoring your browsing is to hide it from them. For this, you can go to a nifty Web site called Anonymizer ( https://www.anonymizer.com ) and use its Anonymizer surfing service. Enter a Web address you want to visit–the service uses its servers to mask your identity as you continue to surf. Surfing anonymously is the only way to stop transmission of your IP address when you visit a site.You can try this service free, which means you’ll experience a slight delay before linking to sites, or pay for a Premium account ($14.95 for three months or $49.95 for a year) for quicker performance. The site also plans to offer Premium members selective blocking of Java applets and JavaScripts. The Anonymizer site provides free anonymous e-mail (see the accompanying feature “Protect Your E-mail”) and an anonymous ISP for $59.95 a month.
Watch Your Cookies If anonymous surfing seems extreme, your next choice is simply to accept that sites know your IP address and to get wise about cookies. (If you dial in to your ISP, it may assign you a different IP address each time anyway.)Most of the major reputable sites offer an “opt-out,” or the ability to request that the site not track you with a cookie. You’ll usually find this option on a site’s privacy-policy page. The Center for Democracy and Technology (CDT) offers a Web site ( https://opt-out.cdt.org/online/ ) to help you through the process at many of the top portals, profilers, and e-commerce sites, such as DoubleClick and Yahoo. But opting out takes a bit of time and effort–and may not actually work, since it’s voluntary on the part of the companies.
Current versions of Microsoft Internet Explorer and Netscape Communicator have security features that keep sites from obtaining your e-mail address or accessing your files without your permission, and every browser offers you the ability to turn off cookies.
Turning off cookies is a great idea in theory that usually fails in practice. First off, some e-commerce sites require cookies to keep track of what’s in your shopping cart. If you turn cookies off, most browsers will beep at you repeatedly–sometimes multiple times on a single Web page–warning you that the site is trying to send a cookie and asking you to accept or reject the file. Needless to say, this makes browsing all but impossible.
Microsoft’s new Internet Explorer 5.0 (425/882-8080, https://www.microsoft.com/mac/ie/ ) improves on this process significantly, allowing you to block cookies without all the beeping. If you want to know what cookies you’ve picked up in Internet Explorer, open Preferences and select Cookies from the commands on the left under Receiving Files. The list of cookies appears on the right. You can then select any you don’t want and press Delete.
Use Cookie-Zapping Software For Netscape users and people with older versions of Internet Explorer, a few programs can help manage cookies. Some offer other features that make them worthwhile for Explorer 5.0 users, too.Webroot’s $29.95 MacWasher (800/772-9383, https://www.webroot.com/macwasher.html ) is the most thorough of the bunch (see Reviews, April 2000). This shareware utility cleans your cookie file at selected times or during start-up or shutdown. MacWasher allows you to select cookies and files you don’t want deleted so you can still log in to your favorite trusted site.
If you don’t want to pony up the money for MacWasher, two freeware programs can help: 1.0 Technologies’ No Cookie 2.0 ( https://www.onepointoh.com/products/NoCookie/ ) and MagicCookie Monster ( https://download.at/drjsoftware ), from Dr. Jon’s Software. No Cookie allows you to see what’s in your cookie file, delete its contents, and disable the file so it can’t save new cookies but won’t cause your browser to keep beeping at you. The only problem with No Cookie is that it basically offers an all-or-nothing approach. You may want some of your cookies that personalize certain pages.
While No Cookie uses a machete, MagicCookie Monster wields a scalpel. With this utility, you can edit your cookie file, selectively deleting any cookie you don’t want. Of course, the flaw here is that you can’t disable the cookie file, so those nasty cookies will return soon enough.
| Click here for Sidebar “Your Cubicle Is Not Your Castle” or Sidebar “Make Your Mac Hacker-Proof” |
Lightspeed Surfer can also block Java applets, JavaScripts, and plug-ins–which can bring their own host of security problems, though most of those problems have occurred only on Windows computers. Of course, this kind of heavy-duty protection has its price–you lose some of the nifty functions those Java programs provide, such as streaming stock quotes and real-time chat. Also, your browser can already turn Java and JavaScript on or off on-the-fly, so this feature may be overkill.
Don’t Let Others Connect the Dots
We’ve talked about several ways people can obtain information about you on the Web, but one of the biggest dangers is how easily they can put all this information together. Take, for example, the following popular Internet legend.
As the story goes, BigHank53 sends a random e-mail to a site, calling its creators stupid. These levelheaded chaps search the Web, probably using a search engine such as AltaVista, for his Hotmail address. (For tips on searching the Web, see “The Macworld Web Searcher’s Companion,” May 2000.) He’s put this e-mail address on his home page, along with his résumé, information about his family, and his activities with a church youth group. The site’s creators then do a search of Usenet discussion groups and discover BigHank53’s e-mail address somewhere else–on postings to adult newsgroups.
After searching for the phone number of his church and employer, they have all the information they need to blackmail poor BigHank53. Their price? He must put a blinking banner that says “I am stoopit” on his home page. Is this a true story? Probably not. The scary thing is that it could be.
Discussion Groups Are Not Private Take a lesson from BigHank53. If you post to discussion groups, know that your posting gets archived and that people can search for what you’ve said by typing your name on a site called Deja.com (formerly Deja News).This site archives every posting to every Internet newsgroup in searchable form. The premise of Deja.com is that you can see people’s comments about a product you may be considering buying and use the archive as a grassroots Consumer Reports.
People can use this service for different purposes, however. Anyone from crazy site creators to potential and current employers, for example, can search for your name or e-mail address. If you’re making nasty remarks about your coworkers or have a penchant for violent or sexual materials, they may find that enough grounds to fire you or not to hire you. This holds true if you keep an online diary or Web log–if it’s on the Web, it’s not private.
Watch Where You Post Your E-mail Address There’s another reason for wariness when you post to discussion groups. Spammers use programs that mine these newsgroups and collect e-mail addresses, and then they flood you with spam about the latest get-rich-quick scheme or porn site.If you want to avoid spam, or don’t want your Usenet postings forever on display with your identifying e-mail address, get an anonymous Web-based e-mail address from a provider such as Yahoo Mail or Hotmail. These are also great to use for all online registrations–the source of some spam.
To really throw the dogs off your scent, sign up for a couple different e-mail addresses and rotate them. This keeps anyone from developing a profile, even on your anonymous e-mail. If you don’t like the idea of logging into all those accounts, use a secure (and free) personal information portal like Yodlee ( https://www.yodlee.com ) to check all your e-mail addresses at once. There’s another option if you want fellow posters to be able to write you but want to outwit spammers’ programs–you can also insert a word or two into your e-mail address and include instructions for people to delete them before writing–for example, reader_nospam@macworld.com. Never put these camouflage e-mail addresses on a personal home page with your name on it.
The Last Word
The precautions you choose to take really depend on how much privacy you require. In all likelihood, you could surf and post freely your whole life without dire consequences–but why take the chance? A few simple measures can put you in control of what people know about you and what they don’t.
ELLIOT ZARET covers portals and e-commerce for MSNBC.com. SCHOLLE SAWYER is Macworld’s executive editor.
July, 2000 page: 69
Your Cubicle Is Not Your CastleWhat you do at work is not your own business. It’s perfectly legal for your company to monitor your surfing and rifle through your e-mail while you’re on the clock (see the accompanying feature “Protect Your E-mail”). And it may do just that–according to a 1998 study by the International Data Corporation (IDC), 45 percent of all companies and 17 percent of Fortune 1000 companies use software to monitor their employees. IDC predicts that number will jump to 80 percent by 2001.
Is the Boss Watching? Mac network managers can use software such as Netopia’s netOctopus 3.5 (800/803-8212, https://www.netopia.com ) for this purpose. Network managers can also see where you surf without using any software at all–by simply checking the logs on the corporate proxy server. Tidy Up Your Hard Drive But your employer doesn’t have to spy on you over the network to see where you’ve been. Your own hard drive will quickly spill your secrets. Microsoft Internet Explorer and Netscape Communicator both keep cache files, which speed surfing by storing images and pages you have visited. These files also provide a road map of where you’ve been. Internet Explorer’s History file keeps a detailed record of your movements as well. If you’re concerned your boss might mistakenly confuse that research you did at Amazon.com or ESPN.com for pleasure surfing, you can erase your tracks.To do this in Internet Explorer, choose Internet Preferences from the Edit menu. Click on Web Browser and then on Advanced. Click on Empty Now to clear your cache; to delete your history, ask it to remember 0 places visited. In Netscape, go to the Edit menu and select Preferences. Choose the Advanced option and select Cache. Click on the Clear Disk Cache Now button.
You can also use a program such as MacWasher to get rid of all trace of your cache file or Internet Explorer History file. This program even deletes the Recent Files folder in your Apple Menu and empties the Trash.
Use a Password When it came out that former CIA director John Deutch had all sorts of secret intelligence files on a Mac at his house, the account also revealed that someone using the computer had been surfing porn sites. A security report said the sex surfer was most likely someone else–possibly a housekeeper–and Deutch was probably not home at the time.Ignoring the obvious question of whether the sex surfer therefore had access to the classified CIA files, the former head spook could have avoided the embarrassment of sexual innuendo with OS 9. A simple step, such as using OS 9’s Voiceprint feature (see Secrets, May 2000) to lock intruders out of the hard drive, could at least ensure that you don’t get in trouble for what you didn’t do. If you use text passwords, include capital and lowercase letters, as well as numbers and punctuation marks.
Your Own Worst Enemy
Unfortunately, you are your own biggest security risk. Any data you put in an online form, especially personal information, is fair game for advertisers or hackers.
Most information–whether it be e-mail, a photo, or items you type into a form–travels across the Internet in packets. These bounce from server to server until they reach the right computer. Hackers have programs that can sit on a server and read all the packets that pass by, so a hacker can intercept information at will.
 |
| A Clear Cache Your browser’s Cache file keeps a record of every Web page you’ve visited. To erase this trail in Netscape Navigator, go to Preferences and click on Clear Disk Cache Now. |
If you’re a fan of genealogy, for example, you may have posted your mother’s maiden name on your home page or on a genealogy site such as FamilyTree Maker.com. You also may have given your date of birth in these places or when you registered for any number of sites.
Your Social Security number is probably the safest (and most crucial) of the lot, so protect it as best you can–do not give it to companies unless you must: for example, when you deal with the DMV or a creditor. If you suspect someone has intercepted your personal information and stolen your identity, move fast (see the table “Privacy Resources”).
Use Secure Sites In some cases, however, you may feel that giving away some information in exchange for certain services is well worth it. In that case, follow some simple precautions. Require a secure site whenever you give any personal information. You have two ways to check: the key or padlock in the bottom left corner of your browser window should be locked; and the URL should begin with https:// rather than https:// (the s is for secure) if the connection is secure. Make Your Mac Hacker-ProofWhen you’re constantly connected to the Internet through DSL, cable modem, or other high-speed technologies, the Internet is constantly connected to you. Millions of people can probe your Macintosh over an always-on connection–24 hours a day, 7 days a week. Do you trust all those people? Of course not!
You use a Mac, so you’re immune to many problems that plague the Windows world. In its default configuration, the current Mac OS is not vulnerable to spammers or other miscreants. For instance, no one can hijack your computer and turn it into a “zombie attacker,” as happened with many individuals’ PCs in the recent denial-of-service attacks against Yahoo and other big Web sites.
Now that you’re using the Internet more ambitiously, though, it’s important to make sure you aren’t exposing your computer–or yourself–to unnecessary risks. If you’re running an e-mail or Web server, you’ll want to protect your data as best you can from online thugs. One answer is firewall software.
Ports of Call
Internet programs communicate using ports. These aren’t physical connectors on your computer, but numbered, software-based sockets on your Internet connection. Many port numbers are standardized. Port 25 sends mail; Web servers typically occupy port 80. Servers and some Internet programs listen on specific ports and respond to incoming connections: if you enable Personal Web Sharing, by default it listens for connections on port 80.
Firewalls can enable or block connections on specific ports and often for particular Internet addresses. Let’s say you want to use Personal Web Sharing (or Mac OS 9’s Internet-capable File Sharing) to access files on your home computer from work. In addition to password-protecting your Mac, you could configure a firewall so it only permits access to port 80 (Web Sharing) or port 548 (File Sharing) from your work computer. This way, you could access your files from work, but the firewall would deny any attempt to connect to your Mac from other computers elsewhere. (However, this would also prevent you from connecting from the cybercafé down the street.)
Options Your always-on Internet connection may use a simple hardware router–particularly if you have more than one static IP address. If so, that router may offer basic firewall capabilities, but you might have to configure it using a Telnet client, and it probably has little or no logging capability.Open Door Networks (541/488-4127, https://www.opendoor.com ) offers the $60 DoorStop Personal Edition (see Reviews, June 2000), a simple firewall designed to protect the Macintosh on which you install it. DoorStop’s interface is occasionally confusing, but configuration is straightforward, and DoorStop works with common services like Web Sharing, File Sharing, Timbuktu, Retrospect, and FileMaker. An enhanced $300 Server Edition offers more-flexible configuration options for Macs functioning as Internet servers.
Intego’s $150 NetBarrier (305/868-7920, https://www.intego.com ) also protects the computer on which you install it but offers an elaborate interface with traffic-monitoring gauges and configuration options (see Reviews, December 1999). Unlike DoorStop, NetBarrier can filter incoming and outgoing traffic, so you can prevent credit card or Social Security numbers from leaving your computer. NetBarrier protects against some denial-of-service attacks and detects port scans, which usually mean a miscreant is looking for an exploitable service. This program also overcomes a weakness in Open Transport by scrambling TCP sequences so it’s tough to hijack an Internet session. NetBarrier is overkill for most people, but it offers unique features.
If you’re connecting multiple computers to the Internet, software routers such as Vicomsoft’s $100 SoftRouter (800/818-4266, https://www.vicomsoft.com ) and Sustainable Softworks’ $90 IPNetRouter ( https://www.sustworks.com ) add firewall capabilities for an entire network. However, both products require more technical know-how.
Safety Strategies
There are two basic approaches to a firewall: you can selectively enable connections or selectively deny connections. The former approach is more conservative–the firewall blocks all connections except the types you specifically permit. The latter approach is less secure, but it’s also less hassle. You don’t have to remember to use Passive FTP (in the Internet control panel’s Advanced settings) or reconfigure your firewall if you install something, say, America Online Instant Messenger.
Breathe Easier
A firewall cannot protect you from every Internet threat–you can still receive Trojan horse programs or virus-infected documents via e-mail, and Web sites still try to track your every move–but it can prevent some abuses of your Mac. –GEOFF DUNCAN