How to Regain Privacy on the Net

by Boris Loza

You'd probably be surprised if you knew what information is available about yourself on the Internet.

Whenever you connect to the Internet you leave a great trail of information.  Do you want to know what kind?  Go to leader.ru/secure/who.html or www.anonymizer.com/snoop.cgi and see.

They can find out where you've come from, your operating system, browser type, and many other things.  Besides this, many servers keep careful records of your input into search engines, information that's submitted in forms, your shopping habits on the Web, and information about uploaded/downloaded files.

Who Gets This Information and How?

Some companies, such as DoubleClick, create large databases of such information, which are used by target advertising companies or which can be sold to any interested buyers.  Have you ever wondered why every copy of Netscape running on Microsoft Windows defaults to home.netscape.com as a home page and the Internet Explorer browser defaults to www.msn.com?

Another method that web sites use to track visitors is a special feature called a cookie, which contains a small amount of information transmitted between a web server and a browser.  Cookies can contain your username/ID, computer type, IP address, and server location.

Ever heard of web bugs (also known as clear GIFs)?  Like cookies, web bugs are electronic tags that help web sites and advertisers track visitors' whereabouts in cyberspace.  The placement of a web bug on a page allows the site hosting the banner ad to know your IP address and the page that you visited.  This can be further correlated to cookie information that may be sent by your browser as part of the request to retrieve the page.  But web bugs are invisible on the page and are much smaller, about the size of the period at the end of this sentence.  Unlike cookies, people can't see web bugs and anti-cookie filters won't catch them.

Browsers also contain other useful data for those who know how to make use of it, such as hit logging and GUID numbers, as used by Microsoft's Internet Explorer.  Hit logging keeps track of all of your offline activities.  When you click on a banner ad, a record is made of how long you looked at it and what ad you clicked on, as well as personal information stored by the Internet Explorer browser.  Hit logging is also designed to "phone home" to the server that created it.

GUID numbers are randomly generated "Guaranteed Unique" or "Globally Unique ID" numbers.  It's highly unlikely that these numbers will ever occur twice across the planet.  They are the ultimate "electronic dog tag" and can survive even if you kill the cookies and remove the "spyware."

Since the GUID number is kept on your system, it can be requested at any time.  And since Microsoft has it on its databases - along with your name, address, and other registration details - the potential for creating a system that tracks your every online move is enormous.  And there's even more!

Did you know that if you're on a network, every Office 97 file you create could be traced back to you?  That's because Office 97 attaches its own permanent GUID to everything you create.  So if you send a document to your best friend and she deletes its entire contents, replaces it with abuse about your boss, adds a macro virus to it, renames it, and sends it to everyone in your company, it's still got your address on it as the originator!

You can see what GUID looks like by opening any Office 97 Word file with Notepad and searching for the phrase GUID.  A few bytes later, you'll find an ID number broken up with spaces inside two curly braces.  By the way, GUID helped to capture a creator of the Melissa virus.  But that's another story.

Other applications and companies that use "spyware" and "phone home" are RealNetwork's RealJukebox, PKZIP, zBubbles, CuteFTP, and many others.  SurfMonkey is an application that's supposed to block Internet sites inappropriate for kids, but it also keeps their personal ID, phone number, and email address.

Radiate is a company that serves the shareware market.  Popular applications such as Go!Zilla, Free Solitaire, and GetRight come embedded with an automated ad-serving "spyware" package created by Radiate.  More than 400 different applications have this program embedded within them.

The Comet Cursor from Comet Systems is cursor software that replaces the standard screen cursor with many funny-looking cartoon characters that appeal to kids, such as Garfield and Pok´mon.  This is free software, but while users think they're getting just a cute cursor, in reality every time they visit any of 60,000 web sites supporting Comet Cursor technology, it will report the user's unique serial number back to Comet Systems.  Therefore, a profile of the user's interests can be compiled, and targeted ads can be served up to the users.  (There's no such thing as a free lunch!)

In this article, we'll show what you can do to minimize, and sometimes prevent, submitting information to the Internet on your behalf.  Even if you continue to allow it to happen, at least you'll be aware of how they do it.

Cookies and Web Bugs

When you revisit an Internet server, your browser shares the cookie previously installed on your hard drive, providing information that quickly identifies you.

Whenever you hit a Web site supported by advertising, the ad server reads the cookie from your machine.  The ad server then uses your cookie to look up your profile and determine which ad to serve to you dynamically, based on the interests it's gleaned from your surfing activities at its member sites.

The ad server also records which advertisements you've clicked through.  The type of ad and the amount of time you've spent at the site is also captured.  Also keep in mind that cookies, the subject of several lawsuits, are sent in clear text, in both directions, whenever encryption isn't used.

If you use Internet Explorer on Windows 2000, you can see your cookies by opening the Documents and Settings\[Your Profile]\Cookies directory.  The cookie folder consists of several files, each of which is a text file containing an actual cookie value.

For more information about how Microsoft "bakes" cookies check the "Cookies with Your Coffee" article at msdn.microsoft.com/library/default.asp?url=/library/en-us/dn_voices_webmen/html/webmen052797.asp

Microsoft Internet Explorer 5 has a lot of menu and dialog changes, but you can still disable cookies.  Go to the Tools -> Internet Options -> Security menu.  In there, you can choose the security level for four different browsing conditions: Internet Sites, Local Sites, Trusted Sites, and Restricted Sites.  If you select Internet, and click on Custom Level, you'll get a dialog box where you can accept all, warn before accepting, or reject all cookies.

Once a cookie is rejected, it is thrown out and not saved to memory or disk.  Don't forget, though, that servers will keep looking for the cookie even if you have discarded it and may try to replace it as you surf around.  Remember also that some web sites (such as www.hotmail.com) require cookies.  You cannot login into such websites if you've disabled cookies.

Netscape users can also see their cookies found in the C:\Program Files\Netscape\Users\[Your profile]\cookies.txt file.  This file consists of a block of ASCII text.  Briefly, what you can see in this file is:

Domain:  The domain that created and can read the variable, such as: .google.com

Flag:  A TRUE or FALSE value indicating if all machines within a given domain can access the variable.  The browser, depending on the value set for domain, sets this value automatically.

Path:  The path within the domain for which the variable is valid.

Secure:  A TRUE or FALSE value indicating if a secure connection (like SSL) with the domain is needed to access the variable.

Expiration:  The time at which the variable will expire.  Time is defined as the number of seconds since Jan 1, 1970 00:00:00 GMT  Example: 2145774284

Name:  The name of the variable.

Value:  The value of the variable.

For more information about Netscape cookies, browse Netscape's cookie spec located at: www.netscape.com/newsref/std/cookie_spec.html

For complete cookie information refer to RFC 2109 at: www.rfc.net/rfc2109.html

Note that most cookies can be accessed by all hosts in the domain (e.g. google.com, hotmail.msn.com, etc.)!

If you want to disable cookies on Netscape go to the Edit -> Preferences -> Advanced -> Cookie.

The web bugs, like cookies, are usually used for tracking customer habits but are much harder to detect.  A web bug is a graphic on a web page or in an email message that's designed to monitor who's reading the page or message.

Unfortunately, this technique could be used toward malicious ends, such as grabbing IP addresses or installing files.  The security company SecuritySpace, in a monthly report - (www.securityspace.com/s_survey/data/man.200112/webbug.html), has identified companies that benefit from the use of web bugs, including online advertising networks DoubleClick and LinkExchange, as well as Google and America Online.

The only way to find a web bug using the Internet Explorer and Netscape browsers is to view the HTML source code of a web page and search for <img> tags that match up with cookies stored on the user's computer.

A web bug typically has its height and width parameters in the <img> tag set to 1, it's loaded from a different server than the rest of the web page, and it has an associated cookie.

For example:

<img src="http://ads.msn.com/ads/ABUCHE/00742350015_TX.gif?Pagegroup=BECHK 1" width="1" height="1" border="0" alt="*">

This web bug was placed on the home page by Microsoft's site www.bcentral.com to provide "spy" information about visitors to ads.msn.com.  By the way, this site contains more than ten web bugs!

Email web bugs are also represented as 1-by-1 pixel <img> tags just like web bugs for web pages.  However, because the sender of the message already knows your email address, they also could include the email address in the web bug URL.  The email address can be in plain text or encrypted.

Web bugs used with emails allow the measurement of how many people have viewed the same email message in a marketing campaign.  They help to detect whether someone has viewed a message.  (People who don't view a message are removed from the list for future mailings.)  They also help to synchronize a web browser cookie to a particular email address, allowing a web site to know the identity of people who come to the site at a later date.

Using web bugs also allows the sender of an email message to see what has been written when the message is forwarded with comments to other recipients: www.privacyfoundation.org/privacywatch/report.asp?id=54

For a demonstration of bugged email see: mackraz.com/trickybit/readreceipt

For more information, check the Web Bug FAQ at www.eff.org/Privacy/Marketing/web_bug.html or see the web bug gallery at www.bugnosis.org/examples.html.  You can use a free web bug detector plug-in for Internet Explorer called Bugnosis by the Privacy Foundation.

Proxies, Anonymity Providing Servers, and Remailers

One can remain anonymous while web surfing by using a proxy server.

A proxy acts as an intermediary, routing communications between clients and the rest of a network.  Web proxies can hide your IP address and allow you to stay anonymous.  If you don't use any proxy server yet, you may choose one from a free proxy public servers list at http://tools.rosinstrument.com/proxy.

To configure your Internet Explorer 5 browser to use a proxy, go to the Tools -> Internet Options -> Connections menu bar.  Click on Setup and follow the instructions on the screen. Check the Manual Proxy Server option and click on Next.  Put the hostname of the proxy you're going to use and a port number (provided by proxy server).

To check whether your proxy server reveals your IP address, go to www.all-nettools.com/pr.htm.  If you get the message Proxy Server Detected!, then there's a security hole in your proxy and information about your real IP address is listed.  (In this case, try to use another proxy.)  If the message is Proxy server not detected, everything should be O.K.

Netscape users can add a proxy by going to Edit -> Preferences -> Advanced -> Proxy.

If you don't want to use a proxy server, try one of the anonymity providing servers listed below.  These servers act as a proxy since web pages are retrieved by them rather than by the person actually browsing the web (you).  Go to one of these web sites and just type a URL you want to visit - the server does the job for you, securing you from many potential dangers.

Some of the Anonymity Providing Servers Available

Servers with SSL Support

• Anonymyth: www.anonymyth.com
• Orangatango: www.orangatango.com
• Rewebber: www.rewebber.com and www.anon.de

Servers without SSL Support

• Anonymouse: anonymouse.is4u.de
• Anonymizer: www.anonymizer.com
• SiegeSoft: www.siegesoft.com

Anonymyth uses 512-bit SSL encryption for all HTTP data, which prevents your ISP from tracking your Internet activities.  The only traces that are left from your browsing are in your browser history list.

If you want to remain anonymous while sending emails, you can use a remailer.  This is a special service that receives an email message from you, then readdresses it, and sends it to the person you want to send it to.

During the process, any headers that might point back to you are removed.  Many remailers are available on the Internet; some of them let you put a fake return address, but most of them directly state that the message is sent from an anonymous source.

One of these web-based remailers can be found at ssl.dizum.com/help/remailer.html.  For a list of remailers check security.tao.ca/email.shtml.

Other Useful Tips

You may want to clear out your browser's history list.

This is something that should be done each time you're finished with your browsing if you don't want someone to be able to easily see where you've been surfing (if you share your Windows workstation or server).

To do this for Internet Explorer 5:

• Click the Tools menu bar.
• Choose Internet Options.
• On the General tab, click Clear History.
• When it asks Delete all items in your History folder? click O.K.
• Click the O.K. button at the bottom of the Internet Options window.

Another place that your web trail is recorded is the cache directory - a temporary storage area for recently visited pages and images.  The cache allows for repeatedly visited Web sites to show up more quickly when you reload them into your browser.  If you don't want people to read your cache it should be deleted.

Note, however, that on slower machines with slow connections, this will result in a noticeable decrease in the speed when your computer brings up previously visited web pages.

To delete your cache on Internet Explorer 5:

• Choose Internet Options from Internet Explorer's Tools menu.
• Locate the Temporary Internet Files heading, click the Delete Files button, and choose O.K. when prompted.
• Click the O.K. button at the bottom of the Internet Options window.
• Close and restart your browser.

Netscape users may go to the Edit -> Preferences -> Navigator menu to delete your browser's history list and to the Edit -> Preferences -> Navigator -> Cache to clean up your browser's cache.

Balance Your Paranoia

This article isn't intended to frighten you.

Just remember that there isn't much privacy on the Internet.  So think carefully about which sites you choose to visit, and think twice before you provide any information about yourself.