privacy

Neal's Big Page of Privacy Information

When I was new to the web, I had the impression that the WWW was a place where information and ideas could be exchanged with complete anonymity. However, I have come to realize that this is not the case.

The purpose of this page is to educate people about security issues on (as well as off) the web, as well as pertinent information about what kinds of legislation those in Washington would like to pass to defeat the privacy of citizens. There are also links to resources which are much more complete sources than this page is intended to be. This page is meant to open your eyes, the links will provide you with a lot of information that may change how you think about the issue of privacy.

Most people did not visit this page to see a big lecture, so I will only attempt to address two issues myself. I will address what cookies are, and address some pending legislation which is very concerning.

COOKIES
What is a cookie?

Well, a cookie is a piece of code that is stored on your hard drive (in your web browser) when you access a site which contains code which 'sets' the cookie, and determines how long the cookie will remain. This piece of code will identify you on subsequent visits to the site; in a manner of speaking, you're 'marked'. The cookie can also reveal such information as how often you visit the site, what link referred you there, and seriously, your ISP address (which is basically a piece of code that identifies what server and computer location you called the site from), and perhaps even your name and e-mail address! This is a link to a site which has a page that will show you exactly what information you give away when you surf the web.

Read Microsoft's explanation of cookies . Sounds harmless enough, right? Well, think about this. What would you say if everytime you opened a book, a device tracked your location and recorded the details of what you were reading? This is a rather inflammatory viewpoint, but is the gist of what a cookie does.

What are cookies used for?

This varies.

If you've ever shopped online, cookies let you maintain your personal shopping cart, and such things. If you're comfortable with the idea of online shopping, this is where cookies maybe are acceptable.

But, at their worst, cookies can be used to help spammers flood your e-mail box with junk mail. For example, if you were to access a site with cookies, and if your browser has cookies enabled (and reveals your e-mail address), it's likely you will soon find unsolicited e-mail showing up in your box. Some people who maintain sites with cookies also sell e-mail addresses to companies, who will then spam you.

Worst of all, your browser keeps a record of all cookies that are currently active. Someone with access to your computer could easily access this file, and see what you've been looking at online. Think about this. What would you do if you found out that everywhere you went today, you left a trail that anyone could follow, if they so desired? If that doesn't bother you fine; I would think that most people wouldn't like this. Look in the directory where your web browser is located, and look for a file with a name like cookies.txt . Open it, and see what it has to say! I find this a most entertaining/disturbing thing to do when I'm using 'public-use' computers around campus.

What can I do?

Well, you can either disable cookies on your browser, or you can set your browser to warn you before accepting cookies, and give you the option of not accepting them. Pull down Edit...Preferences...Advanced...Cookies on most browsers to do this. You will find some websites, especially commercial ones, will not load at all if cookies are disabled.

If you disable cookies, you will usually not be able to shop online, and places like Microsoft won't let you download software, even though cookies are 'voluntary' (their words).

There are also servers which will serve as a go-between, to let you surf more anonymously. Check out Junkbusters for a list of such servers.

If you scroll down to the bottom of the page, there's a list of links for a start.

WEB LITIGATION

Right now, there are many bills pending in state legislatures. Some of these bills are well-intended (protecting children on the web, etc...), which I applaud, but some of these bills contain such loose terminology, and have such far-reaching implications, that there may be a lot of unknowing criminals out there before long.

Some examples...

Kansas

Senate Bill 670, sponsor Senator Huelskamp. Requires the mandatory use of blocking software by all users on Internet terminals at state-funded public libraries, school districts, and state and local educational institutions, colleges and universities.

Don't misunderstand me here; I'm all for keeping adult material out of minors' hands. However, many blocking software packages block a lot more sites than what they're supposed to.

In short, good idea, wrong solution.

Ohio

House Bill 565, sponsor Rep. Terwilleger (pending). Criminalizes the dissemination of material on the Internet that is "harmful to minors."

Oklahoma

House Bill 1048, enacted 4/95. Sponsor: Rep. Perry. Prohibits online transmission of material deemed "harmful to minors."

Well, at least RJ Reynolds will be in trouble. Smoking is "harmful to minors" isn't it? On this site, minors can read all about tobacco and cigarettes. Of course, I'm being a bit flippant here, but the point is...

What the hell does "harmful to minors" mean anyway?!! Does RJ Reynolds fit that description, because of the aforementioned reason? How about the ACLU's page? After all, that page may cause young people to question the validity of pending laws such as this. "Harmful"? Who knows! This law would seem to give carte blanche to anyone who wants to shut down just about any site out there.

Connecticut

House Bill 6883, enacted 6/95.

Sponsor: House Committee on Judiciary.

Creates criminal liability for sending an online message "with intent to harass, annoy or alarm another person."

I sure hope this page doesn't strike the disfavor of anyone who lives in Connecticut. Again, the language is so broad that it could realistically be applied to anything!

Nevada

Senate Bill 13, enacted 7/97. Creates an action for civil damages against persons who transmit unsolicited advertising over the Internet.

I believe they meant well, but again, there's a problem. Does this mean that those annoying ads that pop up on Yahoo! (for Amazon.com, Netgrocer, or whoever) are illegal? Also, visit most pages on Geocities (among other places), and you will be bombarded with ads that pop-up, which are clearly 'unsolicited'. Is this illegal? If so, please cut me a check immediately. But I suppose at least they're trying to combat junk e-mail.

Georgia

House Bill 1630, enacted 4/96. Sponsor: Rep. Don Parsons. Criminalized the use of pseudonyms on the Net, and prohibits unauthorized links to web site with trade names or logos.

Very disturbing. Does this mean that you broke the law the last time you chatted on IRC without using your real name, or penned a web page under a pseudonym? Fortunately, this law has since been STRUCK DOWN!

All of this also brings up an interesting point. How does one establish what state has jurisdiction when it comes to web sites? If an offending site was written by a person in California, is stored on a computer in Connecticut, and is owned by a corporation in Texas, who has jurisdiction? Beats me. If you can tell me, I'd like to know.

PRIVACY LINKS

These are sites that contain useful or interesting information.

http://www.aclu.org/issues/cyber/censor/stbills.html This part of the ACLU's page has information on even more pending and current legislation. (most text in yellow on this page was quoted from this source)

http://www.2020tech.com/maildrop/privacy.html The Privacy Page has lots of info on cookies, cryptography, and all kinds of privacy issues.

http://www.cen.uiuc.edu/~ejk/WWW-privacy.html How much information does your browser give away about you? Visit this page, and you can find out.

http://www.epic.org/alert/ Epic Alert is a journal that covers privacy and civil-liberties issues.

http://www.junkbusters.com/ht/en/links.html Junkbusters offers services to prevent spam. They also offer a huge list of links. Recommended.

http://www.glr.com/glr.html Don't be misled. This page is called 'Stalker's Page', but it does not (nor do I) endorse stalking anyone. It simply shows how much information about you could be floating out there on the web. Also addresses how to take advantage of the Freedom of Information act. Ever wondered if you have an FBI file? You might be surprised.

http://www.bevcom.org/copswatch/index.htm The COPSWATCH page. This page really has more to do with civil-liberties than anything else; specifically, this page has writers who watch episodes of the series 'COPS' and point out illegal acts committed by the officers (in view of millions of TV watchers) appearing on the show.

TIPS FOR MAINTAINING PRIVACY

If you don't want to disable cookies completely, at least set your browser to warn you before you accept one. Set your browser to 'warn me before accepting a cookie', surf around for a bit, and see the sheer volume of cookies that people want to set on your computer.

Or, most browsers let you set your identity (try Edit...Preferences...Identity). Use a fake e-mail address, such as mrx@nowhere.net. In practice, if someone really wanted to find out who you were, they could track your ISP address, but this way, if you accept cookies, your mailbox at least won't become filled with spam. If you use AOL's standard browser, you do not have this option.

Java adds a lot of nifty effects to the web, but there are also some security loopholes associated with it. If you are very concerned with web security, you may consider disabling Javascript on your browser.

Be wary of what you post to USENET. A quick search of Dejanews (do an advanced search) will yield everything you've posted recently. Also, many companies use 'spiders', programs that troll newsgroups to collect e-mail addresses.

Many state governments (including Tennessee) have forms you can fill out to block the release of personal information about you to any-old-person-off-the-street. Yes, otherwise, someone off the street can walk into the DMV and legally obtain information about you. Inquire about this. One can do this at the Knoxville DMV, actually.

Be careful to whom you give your social security number. The SSN# was never intended to be a universal identification code, and it can be used by someone who has it to, at the least, pry into your background, and at worst, set up fake credit information, among other things, in your name. The last time I applied to get phone service, utilities, etc., I was appalled to note that everyone wanted a SSN#. However, if you are vehement about not giving out your number, most companies will back off. Try it. In Tennessee, your SSN is by default printed on driver's licenses. Upon request, you may opt to have your SSN not included on your license.

BACK