Gazette Archive 3/13/00
My first voyage into cyberspace was amazing and clueless. Let's see, install this software, click here, fill out a form there, give out a credit card number and bang, you're dumped onto the Net. It was so easy and hard at the same time, when you succeed, it's tempting to think that's all there is to it - you can surf to your heart's desire with nary a care in the world. Not so.
In truth, there is lot's of stuff going on behind the scenes which suggest the terms "Internet privacy" could be a tad oxy-moronic. Just as the WWA strives to help you become a better woodworker, this article is aimed at making you a more savvy Web surfer.
This doesn't mean they don't keep a record of your time on the Web. When you dial in, they assign your machine a unique number - an IP (Internet Protocol) number and then record this exchange in their server log. Such an entry might look like this:
On June 2nd at 8:32 AM, username "John Doe" dialed in and was given IP#123.654.246.8
When you disconnect, that too is recorded and the info is archived for a week or longer. The reason you are assigned an IP number is simple: when you click on a link, you're telling another computer (a server) to send you the contents of a web page. They have to know where to send it, right?
From here it gets stickier. The server you get the page from also records your IP number and which page or pages it's sending you. It might also record your browser version which also gives up your computer platform. This is standard information swapped behind the scenes as you surf the Web. Since IP numbers are unique and your ISP only has certain ones it can give out to their customers, if you do something bad on the Net, the authorities can follow the trail back to your ISP and get your personal info with a court order.
For those who access the Net via a proxy server, gateway or router - typical configurations for large intranets - your machine is also allocated an IP number from your gateway server. If you work for a large corporation, there is software available which allows this server to snoop through your webpages or email looking for certain keywords. Be careful if your boss doesn't like you visiting certain websites during working hours.
The Cookie Monster
Unlike IP numbers which can change slightly every time you jump on the Net, cookies are unique identifiers for your computer. Most servers you encounter on the Web install these little morsels so they can identify you the next time you visit the website. After that, all generalizations end with the main difference being the intent of the hosting website.
Many cookies are benign and are designed to save you time. For instance, our bulletin board, The Info Exchange, writes six cookies to your hard drive and stores your username and password so you don't have to type it in whenever you make a post. It also stores the last time you were there so it can show you any new posts since your last visit. Nothing else is stored on our server that isn't required of your registration for posting. Most websites who use benign cookies ask you if you want them or not and leave it up to you whether to accept them. This is good policy.
Malignant cookies are a different animal altogether. Usually all they store on your machine is a unique identifying number but what is stored in the server log is much more involved. Since the server is recording which pages it sends you, this data can be mined with the intent of developing a profile of your interests.
As you re-visit the site, your profile is updated with any additional information the server can gather. If you fill out a form, it might save your name. If you sign onto a mailing list, it might save your email address. If you order something, it might keep your address and credit card info. Coupled with the webpages you like visiting most, your profile might turn into a fairly accurate window into your lifestyle and what you find most interesting at that particular website.
Descending as we go, there is one more type of cookie I think is evil. This cookie follows you around as you visit many of the most popular websites and the profile it creates reaches from one end of the Web to the other. If you like cooking, it knows. If you follow stocks, it knows which ones. If you're looking for a new car, it knows which model you keep going back to over and over again.
The most experienced bakery chef for these cookies is a company called DoubleClick. They market advertising on leading websites with the added benefit of providing user profiles. The cookie they place identifies you at any website which hosts their banners.
Needless to say, the depth of the information gathered can be quite staggering even if DoubleClick never puts your name to your profile. By recording your movements across the Web, eventually they hope to figure out what works in getting you to part with your money. Proponents of this technology say it's no worse than having security cameras in a department store. Yeah...right, except when you're out shopping, the cameras don't follow you from one store to another.
Cookies and Dieting
The extreme protection is to turn off cookies entirely in your browser preferences. You will lose some functionality at many e-commerce sites and other sites like our bulletin board but it's the best way to avoid targeted advertising completely.
Another thing you can do is have your browser ask you each time a server wants to write you a cookie. This way you can choose which ones to accept or not but this can be very annoying considering the widespread usage of these little beasts. Some sites are cookie dependent and will actually refuse your entry unless they can bake a cookie on your hard drive.
A little bit less annoying is only allowing cookies which are sent back to the host server. In this arrangement, the website you're visiting can write their cookie but outside entities like DoubleClick "might be" foiled. Whatever profile is updated shouldn't follow you past the website boundaries.
For those who want the ultimate ease of use while surfing and who still want to control their cookies, you can edit the cookie file and delete which cookies you don't want. That way, you're creating lots of disjointed new profiles when surfing instead of one which is personal and accurate.
If you're on a PC, according to Aaron
Gesicki, the easiest way to find your cookies is to open the
Cookies folder using Windows Explorer. The path to your cookie
directory might look something like this:
If you use a Mac, it's likely all your cookies are in one data file. The free program BBEdit Lite 4.1 from Barebones Software will let you erase which cookies you don't trust while keeping your useful cookies intact. In use, I delete the cookies from my favorite websites if they have no purpose other than to add info to my profile. The ones I don't recognize from ad agencies like DoubleClick might get left alone except for a few transposed numbers here and there...;)
In any case, you should open your cookie file with your browser just to see how many websites are keeping tabs on you. Do a find file for "cookies.txt" or "MagicCookie" and drag the little bugger into your browser window. You might be surprised how many cookies have been baked right under your nose!
Email and Spam
As a webmaster who has his email address scattered widely, I get lots of junk mail. Interestingly, some of the junk mail I get is from the folks who mine for email addresses with the intent of selling them to me. They use a search robot - a software program which scans the Net to glean email addresses. For about $300, I can get 150,000 addresses on CD-ROM. For $800 I can get over a million addresses and I've even received ads offering as many as 5 million email addresses. Wow!
These addresses are picked up from mailing lists, bulletin boards, postings to newsgroups and personal webpages. To pick up more, chain letters are started with the directions that you forward these emails to your pals on the Net. Everytime such an email gets forwarded, it collects more addresses and eventually, if luck is with them or they set it up right, it will get back to the spammer.
By US law, spammers are supposed to include directions for getting off their mailing list and for the most part they do. However, when you reply with unsubscribing directions, it may remove your name from that list but it might put your name on 20 others. By replying, you verify your email address is active and I've received Spam offering 80,000 verified email addresses for $199.95. Not a bad deal, huh!
So, what's a woodworker to do?
Alternative email addresses work well on bulletin boards and newsgroups but can be a hassle for mailing lists. The web interfaces for these re-mailing services are often slow and cumbersome which makes participation tedious at times. Using your regular address can be successful as long as you use discretion in picking your lists. Or you can sign up for the digest version where you can read lots of email with only a few clicks using a remailer.
Regardless of how you behave on the Web, your email address can be treated recklessly by friends and loved ones. Your uncle, who sends everyone in his address book a dirty joke, might need some privacy education if you can read all the other addresses in his email. If you can read their addresses, they can read yours and anyone who simply forwards it will send your email address along for the ride.
To help stem this type of address proliferation, many email programs have a function which allows you to suppress the recipient list. If not, all of them allow you to send any multiple-address emails as a Blind Carbon Copy (BCC). Emails you receive and want to send to others should be stripped of any included addresses. Just as you wouldn't give your parent's phone number to a stranger on the phone, it's time to protect our friend's and family's email addresses as well.
If you have a personal website, you can hide your email address by showing it as a graphic to your visitors. The robots which grab addresses from webpages can't read graphics - at least not yet! Another thing you can do is set up a feedback form which channels any comments from visitors through a script in your server's cgi bin.
If you're like me and get more than your share of Spam, you might find the best way to deal with the problem is simply delete it as it comes in. Setting up email filters will help channel it to the trash more efficiently, but you never know for sure what's getting thrown out until you read it. You can also opt to change your main address but you're likely to spend more time getting folks to use your new address than you will spend hitting the delete button.
Finally, many of you will think this article is much-ado-about-nothing. In many respects, you're absolutely right. The government already knows how much money we make and where we live. The credit card companies know what we like to buy and our doctors know stuff we won't even share with our best friends. Goodness knows there is plenty of junk realmail to go around so it's natural to feel we live in glass houses and throwing bricks only hurts our homeowner's insurance rates.
That said, for those of you who are tired of the intense scrutiny, the attempts to manipulate our buying practices, and you're especially miffed at what goes on without your knowledge, I hope you appreciate this catharsis. If you have any further questions or helpful hints you want to share, you can reach me at this email address:
Yours for a better Internet,
Anyone interested in learning
more can read all about it at the following websites: