The Right To Remain Anonymous
Here are some tools to help you protect your privacy on the 'Net.
- By Joern Wettern
It's amazing how much information you can inadvertently reveal through everyday
activities like browsing the Web and sending e-mail. While we've described numerous
methods for securing your customers' data, what about your own personal privacy?
Here are some tools and best practices for maintaining a modicum of privacy
on the Internet.
These days, more Web sites require that you sign up and provide your e-mail
address before you can get to any information on the site. Once you sign up,
they send a password or download a link to that address. This lets you finally
access the information you need.
There's nothing inherently wrong with this model. There are times, though,
when you don't want to give out your real e-mail address.
You can always create a Hotmail, Yahoo! or Gmail account for receiving a single
e-mail and stop using it afterwards. However, this is extremely time-consuming
and you'll have to remember yet another password. Services like Mailinator (www.mailinator.com)
or PookMail (www.pookmail.com)
let you create an e-mail address simply by entering it into a Web form. For
example, without having to set up anything beforehand, I could provide the address
email@example.com in a Web form and check for mail sent to this address
simply by going to PookMail's Web site. There's no password, so anyone could
read e-mail sent to a PookMail or Mailinator address, but these services are
great when you're not expecting any confidential information and convenience
is of the utmost importance.
Other services like Spamgourmet (www.spamgourmet.com)
give you a disposable e-mail address, but also forward anything arriving there
to your real e-mail address. This approach works better when you want to anonymously
conduct an e-mail exchange that includes more than one or two messages. You
do have to set up the disposable address in advance, though.
It may surprise you to learn what Web site operators can find out about you.
After you've visited a Web site, the logs will contain a list of pages you've
viewed and your computer's IP address. Your browser has also happily told the
Web server about itself and your computer's operating system.
A Web site operator can find out whether you're using Internet Explorer or
Firefox, which version, which OS you're running, which Windows Service Pack
is installed, and which version of the .NET Framework you have. Your browser
also shares your preferred language and which link you clicked to get to the
Web site you've just visited.
The privacy impact of any cookies your browser may send to a Web server is
much more worrisome. In reality, cookies are neither inherently good nor bad.
Contrary to popular belief, they are not automatically dangerous.
Cookies can, however, gather information about you that you may not want to
share. Session cookies, which are limited to a single browser session, are generally
harmless. Persistent cookies may keep track of Web site visitors across multiple
sessions. These can actually provide a better browsing experience, for example,
when the Web server can provide personalized content.
On the other hand, cookies undermine your privacy if you don't want the Web
site to track your activities. Third-party cookies, which may share your information
with multiple Web sites, are especially problematic. These types of cookies
are most often used by advertisers who want to track the ads you've seen, even
when those ads are displayed on multiple Web sites. Companies that use third-party
cookies may also track which Web sites you're visiting to tailor their advertising.
There are a number of techniques you can use to surf the Web anonymously. These
can fully or partially prevent any information about you from being disclosed.
Among the most efficient methods of anonymously surfing is to use a service
that receives your Web page requests, and then sends out a separate request
through one of their servers. Not only does this hide your IP address from the
destination Web site, it also obscures all your browser's characteristics.
one of the oldest services in this category, recently moved to a paid subscription
model and locally installed software. There are other free Web-based services,
though, like The Cloak (www.the-cloak.com).
These let you type a Web address onto a form, and it retrieves the Web page
for you. There may also be options to block cookies or advertising banners.
A free Web-based service can be a better alternative than a paid subscription-based
solution if you only occasionally need to surf anonymously.
Open proxies, which are easy to find on the Internet, technically work much
like the anonymous forwarding services. There's an important difference, though.
These open proxies are actually computers running software that accepts Web
requests from anyone and forwards them on your behalf.
Be careful with these. Many of these computers run software that was installed
by an attacker for their own nefarious reasons. Other open proxies are operated
for the very purpose of capturing other people's Web requests, either to intercept
credit card numbers, perform research or for a number of other shady purposes.
Whenever you redirect your browsing through a third party, make sure that this
third party is trustworthy. Open proxies are inherently suspicious.
Virtual technologies can also help you protect your privacy. Microsoft's Virtual
PC and VMware Workstation let you create a virtual machine that reverts to its
original state once you shut it down. This means any local traces of your earlier
surfing -- including cookies, spyware and viruses -- evaporate once you close
the virtual machine.
Your real computer remains safe, no matter what nasty things your virtual browser
picks up on the Internet. Obviously, this doesn't hide your IP address or any
information sent by your browser, but it does prevent Web sites from tracking
you with cookies.
If your main concern is cookies, then you can configure your browser to either
not process them or be selective about which ones to store. For example, the
Privacy page of Internet Explorer's Options dialog box provides good descriptions
of what each cookie blocking option does and why. Choose the cookie-management
level that balances your need for privacy with your desire for browsing convenience
and regularly clear the cookies from your computer. If you do that, you probably
won't have to worry about cookies affecting your privacy and security.
Despite widespread concerns about Internet privacy, most people willingly disclose
personal information. Many people are happy to share information about themselves
-- whether it's their e-mail address, their shoe size or any communicable diseases
-- in return for a small incentive.
If a Web site you visit or service you use asks you to divulge something about
yourself that you don't want to share, simply don't provide that information.
your ISP and every company whose Internet-based service you use. This can be
a lot of work, but it may reveal some interesting and enlightening information.
lets them do extensive data mining on their subscribers' e-mail messages? Fortunately,
that policy doesn't include viewing individual messages.
Do you have any other low-tech (or high-tech) solutions for Internet privacy
you want to share? If so, let me know -- preferably anonymously.
Joern Wettern, Ph.D., MCSE, MCT, Security+, is the owner of Wettern Network Solutions, a consulting and training firm. He has written books and developed training courses on a number of networking and security topics. In addition to helping
companies implement network security solutions, he regularly teaches seminars and speaks at conferences worldwide.