h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

This entry is great, but of course it only scratches the surface. I took a course on Internet law, and my study group focused on privacy issues. You can see tons of information we created to teach about online privacy at:

http://www.du.edu/~scapps/privacy/

Please note that internet site owners often don't understand the issues well enough to protect their users' privacy. For instance, H2G2 uses DoubleClick ads. Unbeknownst to them, DoubleClick collects information about all the sites you visit and attempts to combine a resultant list of interests with info like your name, phone number, address, and so on. To get DoubleClick to stop doing this to you, go to:

http://www.doubleclick.net/optout/default.asp

The most frightening new concept in violations is the web bug. These are invisible 1x1 graphics placed on web pages and in HTML-enabled email that can track your movements through the internet without your knowledge. Most of these send information to online marketing companies like DoubleClick just like the example above.

In the case of web bugs, the web site owner or email sender must collaborate with the marketing firm. Nobody likes to admit they are doing this, and so again privacy policies always exclude information about web bugs. Since they are basically a surveillance tool, this is understandable. Violators include purveyors of health and financial information.

For more on web bugs, read the FAQ at:
http://www.tiac.net/users/smiths/privacy/wbfaq.htm

Thanks for reading.

Thanks for the info. I had heard about these web bugs. Should we worry, or just accept the way things are?

Unfortunately, there's not much to do as an ordinary citizen yet.

I asked this question to Richard Smith, the fellow who discovered and named web bugs, while he was visiting my college. In the long term, he thinks internet users will organize an effort to discover all these bugs and shame the companies into removing them. Right now, no such effort exists to his knowledge. When he calls the companies on them himself, he involves the press and one news story later the bugs magically disappear.

An even better solution would be broad privacy legislation with real penalties. The American government has been trying unsuccessfully to pass legislation for years, and it's very unlikely anything will be passed until the consumers become louder than the high-tech lobbyists. Consumers are getting louder, and I give it another 2 to 3 years. Other countries also need similar legislation, and some have it (both the UK, and more recently Canada). But American companies are by far the worst, and the violations won't stop until America passes something.

Unfortunately, two to three years from now marketers will know an awful lot about us. And even if we pass a law, they might find convenient loopholes. In the end, it's probably best to accept this as a part of our technological lives.

I read the draft copy of the American Government statement a while ago. It said a lot, but offered not much as I recall.
In the UK the whole issue of privacy is rearing up, with the plan to be legally able to demand e mail passwords and check on accounts to see if businesses are being run without declaring them for tax purposes. Forgetting your password may become a crimnal offence.
Phil's article arose out of questions I was asking him about the whole thing. I couldn't find anyone else who knew anything, and thought he might. I sent him the links I found as I really couldn't work out if it was something to worry about. I asked our technical support at work and they knew nothing either. I started to feel like some mad conspiracy theorist.

No, you're not a mad conspiracy theorist. There is reason to worry, especially in the long term.

All indications are that the only people really using this information are marketing and advertising executives. The potential exists for governments to subpeona the information that is collected (or request it unofficially), but to my knowledge this isn't being done. And luckily, the marketers haven't figured out yet how to translate the internet data into unsolicited phone calls, mailed ads, or door-to-door sales visits. If they do, many people would be very angry.

The only really "conspiracy" going on with privacy is related to crackers (hackers with ill intent). Some are getting smart and using the internet to assume false identities, to escape from prosecution or commit credit fraud. The rate of identity theft is going up exponentially because these crackers can know everything from your social security# to your favorite cheese. They can also apply for credit online and get a driver's licence in your name. That's kind of scary.

But we're still looking at fewer than 10,000 people per year who must endure the confusion of being mistaken for a criminal in debt... so far.

Identity theft can and does happen. If I never held a passport someone could get a copy of my birth certificate, fill in the right forms, get someone to sign off the photos and become me with a passport. Very difficult then for me to prove who I was and I wouldn't legitimately be able to get a passport and travel.
As for governments and their agencies getting information, there has been an ammendment to the RIP bill in the UK which says that only chief constables (heads of the police forces) or higher will be able to issue warrents for decrypt keys and information rather than a police superintendent.

What about the Cookie leak security hole in HTML email messages? It's how the web bugs get in? Now this does concern me.
If I'm right (and correct away, because I am no techie) this is what could happen. I use IE5, Outlook Express and hotmail, all of which are HTML users. When I read a message it could potentially include a graphic using a standard HTML IMG tag. I don't see an image - it's an invisible gif.
The request for the invisible graphic gif sends a cookie to the site, which includes my email address in the URL.
They get my address in the first place by 'renting' a bit of space in existing junk e mail. The 'bugs' are used already to check if I open the junk mail or not.
But, it could be fixed so that Web browsers don't allow cookies to be sent out from HTML Email messages?

You've got things figured out very weel, Coelacanth.

Currently, the only way to avoid web bugs and other cookies attached to images is to turn all images off while browsing. It would be possible for your browser to protect you by selectively refusing certain images, but to my knowledge none of the big-name browsers or email clients are planning to add this sort of protection any time soon.

I've heard theres a plug-in you can download to block the persistent cookies and the ones that are used to track you, but leave the temporary and harmless ones so that you can still visit pages you want.

[Unsuitable link removed by Moderator](Just an ignorant, but curious )

There are many solutions for people who want to protect their privacy. You can visit [Unsuitable link removed by Moderator]for the two best known solutions.

Be wary, however, because most solutions require you to give up some internet functionality. You should always read up on what you're downloading before you use the software. For instance, software that disables persistent cookies usually can't tell the difference between useful and useless cookies.

h2g2 uses a persistent cookie, and without it you will have to provide your email address and password each time you want to use this site. Such software would disable h2g2's cookie, as well as cookies for many other sites you have registered at. Right now, cookies help these sites remember who you are. So if you do download the [Unsuitable link removed by Moderator]software, you might want to make sure it gives you the power to override the software's decisions on your behalf.

I decided not to download it for that reason, and I'm definitely not technical enough to know what I am doing. I just passed on the info for the more advanced users. As I said, I'm just a bonkers conspiracy theorist.

Worse than cookies and worse than bugs because it is far more insidious, is spyware.

These are programs that do something that you want them to do, but like the Trojan Horse they have an enemy hidden within. There is extra code that tracks everything you do and sends that information transparently to the companies that created the software. The most famous of these is something called "comet cursor" that animates your mouse pointer or changes it to different icons as you jump to different web sites.

Since this software is actually installed on your computer at a system level (by you, voluntarily, because animated cursors are fun), it can track what you do OUTSIDE of your web browser. Cookies and web bugs only work in the browser, and only in *one* browser. Switch from IE to Netscape, and the cookie loses track of you. But the spyware can switch browsers with you, or watch what you do with Eudora e-mail, or Microsoft Word. Real Player had spyware code (they have since removed it) to track what people were listening to and watching. Microsoft also got caught with their hands dirty when early versions of Windows 98 sent information about all the software (Microsoft-branded or not) that you had installed silently to Microsoft, which is part of the reason that the Windows Update web page now tells you in big, bold letters that no information is being sent to Microsoft.

And since you don't know it is there you can't avoid it. Even removing suspect programs like Comet Cursors sometimes leaves the spyware behind.

Thankfully there is free software to get rid of it, available at http://grc.com/optout.htm A fuller-featured future version is being developed and will cost, but the free version will remain available. Many thanks to Steve Gibson for this and the other things he is doing to fight invasions of privacy. It was a similar unrewarded effort by John Norstadt that essentially prevented the spread of viruses on the Mac (compare the thousands of Windows viruses to the *dozens* of Mac viruses). These guys need more recognition. (three cheers)

You are quite right about spyware, d'Elaphant.

However, I don't think you can credit any one person for the continued dearth of Mac viruses. Believe me, crackers can bypass any efforts leveled at them eventually. The relatively low market share of Macs makes them a less desirable target. The same holds true for other less popular operating systems, including BeOS, Linux, and OS2.

Point well taken. There are far fewer games for the Mac too. Less interest in a platform will generate less activity.

And I certainly did not mean to imply that John Norstadt was alone in preventing viruses (definitely not the "continued dearth," since he discontinued his efforts a few years ago). There were lots of people there with him publishing anti-virus freeware, plus Symantec and the other corporations. But Norstadt distributed a powerful, reliable, free, and easy-to-obtain program that was widely used and he updated it to catch new viruses often days before Symantec and Norton updated their products (this is before they were one company). Meanwhile McAfee tried to use fear of viruses to generate a profit, and that was the prevailing attitude in the IBM-compatible world.

My point was only to recognize the contributions of people like Norstadt and Steve Gibson, who make major contributions to our well being with little reward. I think the result of their efforts can be seen, in the example of Norstadt, in the disproportionate difference in the number of viruses for the different platforms (it should after all, be somewhat proportional to the number of users, or the number of games). Now Gibson is fighting security and privacy problems on the Windows platform, and we will all be better off for it.

Three more cheers!