By Dan Tynan
Price: $19.95 USD
£12.95 GBP

Cover | Table of Contents

Table of Contents

Chapter 1: PRIVACY AT RISK

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

It's an unwritten law that you can't write a book about personal privacy without quoting Sun Microsystems CEO Scott McNealy's infamous 1999 statement: "You have zero privacy anyway. Get over it."

There, I've done my duty. But before we move on, let's examine his statement a little more closely.

Fact is, McNealy was wrong. Although privacy protections in this country are not exactly plentiful, this isn't 1984 or The Trial—at least, not yet. There's no video camera trained on you in your home, recording your every moment. (Or if there is, it's a webcam and you probably put it there.) You enjoy relative freedom of movement, though you may be frisked or required to show your ID to board an airplane.

Your bank account, medical records, and school transcripts are all more or less protected by Federal and state law; there's even a law that keeps nosy people from obtaining the names of the videos you rent. Though there are few limits on how corporations can use your data, the courts are starting to force them to follow the policies laid out in their own privacy statements. And while FBI agents can theoretically demand your library records or bookstore receipts if they decide you pose a terrorist threat, odds are pretty good that no one else knows you're reading this book right now.

The trouble is, there's just not enough privacy. There are huge gaps in our legal protections, and the laws we do have are generally half measures at best. (And unlike many European countries, we lack anything resembling a federal Privacy Commissioner.) The privacy that remains is rapidly being eroded by technology, commercial interests, and increasing government surveillance.

In this chapter, I'll outline the threats to your privacy and how we've gotten in this mess. The rest of this book is devoted to what you can do about it. It all starts with a big noisy machine that's probably sitting on or near your desk right now.

Once upon a time, when you needed to deposit money in your checking account, you visited the bank. If you were hungry for something new to read, you went to the bookstore. When you purchased music or rented a movie it came home on a shiny silver disc. Had a medical question? You called your doctor or pulled a book off a shelf. When you wanted to have a private conversation with a friend, you called them on the phone or sent a letter.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

The Spy on Your Desk

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Once upon a time, when you needed to deposit money in your checking account, you visited the bank. If you were hungry for something new to read, you went to the bookstore. When you purchased music or rented a movie it came home on a shiny silver disc. Had a medical question? You called your doctor or pulled a book off a shelf. When you wanted to have a private conversation with a friend, you called them on the phone or sent a letter.

Today, you may be doing all of the above online. It's incredibly convenient and often cheaper. But the threat to your privacy increases exponentially.

All of a sudden, your personal finances, the books you bought at Amazon, the music and video files you downloaded, the medical web sites you visited, the search terms you typed into Google or Yahoo, your email and instant message conversations—all are concentrated in a single point of entry: your computer.

A computer is a secretary who jots everything down, takes perfect notes, and never forgets a thing until you tell it to (or the hard disk crashes). Unless you've taken steps to protect yourself—and most people don't—anyone with rudimentary computer skills can sit at your keyboard and learn everything about you in just a few minutes. They can look at your browser history or your cookie files, scan your document folders, peek inside your personal finance software, and so on. They can build a highly detailed dossier of your hobbies and interests, your physical ailments, your fiscal health, and any naughtiness you may have been up to. No hacking required.

This also includes any law enforcement agencies, divorce attorneys, and possibly your boss—anyone with an adversarial interest and/or the legal right to impound your computer can see what you've been up to.

Oh, and those files you deleted? They're still there (see Figure 1-1). Unless you're very careful and know precisely what to do, anything that's been "deleted" can be retrieved fairly easily. (For tips on how to secure your PC, see Chapter 2.)

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Dawn of the Undead PC

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

But that's not the scary problem. The scary problem is what happens out there in the depths of cyberspace.

In the last two years, we've seen wave upon wave of email worms sent with a single purpose: to take control of our computers. They rummage through your address book and send themselves to all your friends and associates, so the email looks like it's coming from someone you know and trust.

Many worms come in the guise of what looks like a harmless file attachment. But when the file is opened, it can unleash any number of e-plagues. For example, it might install a keylogger —software that captures everything you type and secretly transmits the data back to the sociopaths who sent you the worm. Some keyloggers are clever enough to wait until you visit your bank's web site, then capture your account information and password and shoot it off to cyber criminals halfway around the world.

Alternately, the attachment may install "malware" that lets someone take complete control of your machine, turning it into a "zombie" that can be used to send more worms, spew spam, launch attacks against web sites, or steal your personal information. The number of zombie PCs increased by 1500 percent in the first six months of 2004, according to a report issued by security vendor Symantec. There are probably millions of remotely controlled PCs in the wild. Nobody knows the exact number—especially not the owners of the zombies.

Even if you're savvy enough to avoid worms, keyloggers, and malware, your privacy can be compromised in myriad other ways. Visit the wrong web site or download the wrong "free" software, and your computer could end up with a spyware infection (see Figure 1-2). Spyware can not only pop up obnoxious ads every time you surf the Web, it can also record the address of every page you look at and "phone home" with the information. Anti-spyware vendor PC Pitstop says at least one out of five PCs tested on its web site (http://www.pcpitstop.com/spycheck/default.asp) report some kind of spyware infection.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Working for the Man

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Of course, somebody might already be reading your email and logging what web sites you frequent. He may be listening to your phone conversations and secretly photographing you. He could be talking to your friends and associates about you and tracking your movements. He might be examining the content of your bloodstream and the depths of your psyche. And he'd be doing all of it without breaking a single law.

That somebody would be your boss.

By nearly every measure, employer surveillance is on the rise. According to surveys by the American Management Association, around two-thirds of employers monitor Web use on the job and half scan your email. More than a third poke around your hard drive, and one out of five admits to using software that keeps a running record of everything an employee does on his or her computer.

The spying goes well beyond your desktop. More and more firms are relying on pre-employment background checks, notes Beth Givens, Director of the Privacy Rights Clearinghouse. According to The Society for Human Resource Management (http://www.shrm.org), 80 percent of large employers conduct background screens on job applicants, nearly twice as many as eight years ago (see Figure 1-3). While employee drug testing has declined in recent years, 2 out of 3 companies continue to test job applicants. And your personnel files may be an open book to nosy employees looking to steal your information. According to a study by Michigan State University, employee records are the single largest resource for identity thieves. In most cases, the courts have ruled that you give up nearly all expectations of privacy when you join a corporation. (The rules for government employees are better, but only slightly.) Even so, you aren't entirely without rights at work. Recent changes to credit reporting laws give you access

Figure 1-3: With thousands of low-rent web sites hawking background checks on the cheap, even small businesses can afford to check up on their employees (or business associates, spouses, neighbors, etc).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

The Information Explosion

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Even with the dangers posed by digital delinquents and eavesdropping employers, the biggest threat to your personal privacy is your own bad self. But who can blame you? We've all been trained to fork over our personal information since kindergarten, filling out form after form in school, doctor's offices, work, and for an ever-expanding number of governmental entities.

The problem is that in the USA, once you give up your personal information it no longer belongs to you. In a 1976 decision (Miller vs. U.S.), the U.S. Supreme Court ruled that Americans do not have a reasonable expectation of privacy for information they voluntarily provide to others. In other words, if you tell someone something they're free to tell anyone else, unless there's a specific law that forbids sharing this info or you make someone sign a legal document that says they won't disclose it.

(Of course, if you don't give up your data you can't get a job, or a credit card, or insurance, or medical care, and so on. So the notion that we "volunteer" this information is questionable. But I digress.)

In the past, keeping this data private wasn't an issue. When you filled out at a form at the doctor's office, that's where it stayed. Some of that information might go to your insurer or to your employer, where it would sit in an equally musty drawer until a clerk pulled your file. Even as records began to find their way onto computers in the '60s and '70s, the information was generally stored on mainframes sitting in the basement, accessible only to a few chosen geeks. Thus you were protected by what's known as "security through obscurity."

But the personal computer, and later the Internet, changed all that. Suddenly your files were accessible to anyone with a PC and a connection. With just a few clicks your data could be easily acquired and combined with other files. And outside of a few very limited legal restrictions, it could be sold and resold almost endlessly. The result: a boom in massive commercial databases and a multi-billion dollar data mining industry.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

The Data Industrial Complex

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

What happens to all this data? It gets vacuumed up by huge data mining companies like Acxiom and ChoicePoint, who merge public and private data, then slice and dice it based on where you live, the products you buy, the magazines you read, how much money you make, and so on. This information is then resold to marketers, insurers, potential employers, and law enforcement agencies.

This data is used in myriad ways. For example, ChoicePoint's 19 billion records are used for employer background checks, drug screening, criminal records searches, locating deadbeat dads, preventing mortgage or insurance fraud, biometric screening, analyzing DNA samples, verifying applicants for public assistance programs, and making sure banks comply with the guidelines of the USA Patriot Act (see Figure 1-5). ChoicePoint records have been used to locate 822 missing children, and to scrub the names of alleged felons from the rolls of Florida voters in 2000. The company is a particular favorite of Uncle Sam. According to a 2001 report in the Wall Street Journal , ChoicePoint has contracts with 35 Federal agencies; on its web site, the company boasts of its contracts with the Department of Homeland Security.

Figure 1-5: ChoicePoint owns Rapsheets.com, a national criminal records database, and Vital Chek Network, which maintains birth records of all babies born in the U.S.

Collecting data on consumers isn't necessarily a bad thing; it's what the data collector does with your information afterward that counts. Over the years, a generally agreed upon set of principles have developed that apply to organizations that gather data on individuals, be they a government agency or a mom-and-pop web site. Here's how a by-the-book data collector should operate—and what most of them actually do.

Notice:

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Location, Location, Location

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Scared? In the next few years privacy advocates foresee far more Orwellian scenarios. For several years, thanks to Global Positioning Systems (GPS), someone could track your location anywhere on the globe, cheaply and relatively easily. Now surveillance is being supersized; the authorities may soon have the ability to track everyone, everywhere. They may even be able to track the vehicles you drive and the products you buy.

In fact, you probably already have a tracking device in your pocket. By law, new "E911 capable" cell phones must have tracking technology built-in so emergency services can locate you when you call 911 on your mobile phone. (Whether this service actually works depends on where you live; it has yet to be implemented nationwide, due to problems upgrading antiquated emergency dispatch systems.)

But the same technology that brings the paramedics to your rescue may also let the police locate you at other times, or request a record of your 'sightings' from your wireless company. A divorce or civil attorney could subpoena your location records for use in a trial. Don't forget the capitalist angle. Depending on the agreement you sign, your wireless company could sell your location information to advertisers—so when you're driving by McDonald's, your cell phone might receive a coupon for a free Healthee Burger. Revenues for location-based services are expected to reach anywhere from $15 billion to $40 billion by 2007.

The National Transportation Safety Board has called for all cars to be outfitted with event data recorders—a "black box" that records how far and fast you've driven, and whether you slammed on the brakes or were wearing your seatbelt. Ostensibly designed to help investigators determine the cause of accidents and improve safety, EDRs could also be used to monitor your driving, issue tickets, assess mileage taxes, or boost your insurance rates. Progressive Insurance of Minneapolis has started a pilot program offering discounts to drivers who agree to upload their EDR data. Approximately two-thirds of 2004 model cars have some kind of EDR installed, according to the U.S. National Highway Traffic Safety Administration.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 2: PRIVACY AT HOME

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Like charity, privacy begins at home. The threats are almost too numerous to name. Your privacy can be accidentally or deliberately violated by your spouse, your kids, roommates, house guests, or simply by your own carelessness.

Many privacy threats involve the treasure trove of data you store on your home PC. Inquisitive types could glean reams of information about you just by glancing at your screen or examining your browser history. Strangers driving by your house could tap into your wireless home network. Hackers could secretly install software that logs your keystrokes in order to steal passwords and personal information. (To learn how to prevent such threats, see Chapter 3.) The list goes on.

But computers are hardly the only places where your privacy is at risk Privacy annoyances abound thanks to your telephone (telemarketers and tele-stalkers), your mailbox (junk mail and thieves), fax machine (low-rent advertisers), cell phone (eavesdroppers and text spammers), and so on. Perhaps worst of all, poor privacy practices could lead to the theft of your personal identity—and a world of hurt for your reputation and credit rating. Feeling paranoid yet? Read on and take action!

The Annoyance:

I keep sensitive files on my home desktop machine—my banking records, old love letters, the chapters from my unfinished best-selling novel—that are nobody else's business, damn it. How do I keep Nosy Nellies from walking up to my computer while I'm not there and rummaging around on it?

The Fix:

One way is to use a password-protected logon so that only you can gain access to your desktop's...er, desktop. If you're sharing the computer, you'll need to set up multiple logons, each with a unique password (see Figure 2-1).

To set up different identities in Windows XP, open the Control Panel, double-click User Accounts, click "Create a new account," supply a username and click Next. Under "Pick an account type" select Limited and click the Create Account button. XP will add the username to the group of accounts on your system. Select the new account in the subsequent screen by clicking its icon. Select "Create a password," then enter a password for the account. Do this for everyone who's likely to use your system.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

MY DATA, MYSELF

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I keep sensitive files on my home desktop machine—my banking records, old love letters, the chapters from my unfinished best-selling novel—that are nobody else's business, damn it. How do I keep Nosy Nellies from walking up to my computer while I'm not there and rummaging around on it?

The Fix:

One way is to use a password-protected logon so that only you can gain access to your desktop's...er, desktop. If you're sharing the computer, you'll need to set up multiple logons, each with a unique password (see Figure 2-1).

To set up different identities in Windows XP, open the Control Panel, double-click User Accounts, click "Create a new account," supply a username and click Next. Under "Pick an account type" select Limited and click the Create Account button. XP will add the username to the group of accounts on your system. Select the new account in the subsequent screen by clicking its icon. Select "Create a password," then enter a password for the account. Do this for everyone who's likely to use your system.

If you want to be able to quickly switch between users without having to close all your documents and programs, make sure Fast User Switching is turned on. From the main User Accounts Window, select "Change the way users log on and off" and check the Use Fast User Switching box. Click the Apply Options button and close the User Accounts window.

When you first set up Windows XP, create a limited user account for your everyday use in addition to your administrative account. A limited account can't create passwords, install software, or perform other system chores; if bad guys hijack your system when you're logged on as a limited user, they won't be able to do as much damage.

Figure 2-1: Sharing your computer with the entire family? Windows XP lets you create accounts for multiple usersmultiple users

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

HOME SWEET NETWORKS

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

My home wireless network has been acting funky and some of the settings seem to be changed. What's going on?

The Fix:

You could be a victim of drive-by hacking. Freeloaders may be taking a joyride on your home network, accessing the Net via your wireless connection or worse, pawing through your system. Keep in mind that a WiFi setup uses radio signals to broadcast data up to 500 feet from the router, which means a network you set up in your home office can easily extend into the street outside your house. In fact, seeking out unprotected WiFi networks—called wardriving—has become a favorite pastime of some geeks (see http://www.wardriving.com). A recent survey of some 225,000 home WiFi networks by WorldWideWardrive.com found more than 60 percent were completely wide open. Talk about an entrèe for freeloaders and hackers!

Aside from tightwad neighbors sucking up your Internet bandwidth, you could be a sitting duck for anyone who wants to troll your hard drive for juicy information. Even if your PC is protected with a firewall, somebody could use your LAN to send out malware-laden email or download kiddie porn—and it will be you the Feds are chasing, not the bad guys. To find out if your WiFi network is open, download the free Net Stumbler (http://www.netstumbler.com) and run a scan (see Figure 2-4). If your network is unprotected, it will be listed with a green light next to it. (Secure networks have green lights with locks inside). Odds are you're giving the neighbors a free ride. (For tips on how to secure your WiFi network, see the sidebar "WiFi Tiki Tavi.")

Figure 2-4: NetStumbler is a handy (and free) tool for finding WiFi networks in your vicinity—and seeing which ones are wide open and easy to access. (Make sure yours isn't one of them.)

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

CELL PHONES

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I just received a text ad for a cheap home mortgage on my cell phone. Not only am I receiving ads I don't want, I'm being forced to pay for them! What can I do to stop cell phone spam?

The Fix:

Unsolicited ads sent via cell phone text messaging services has been an unpleasant fact of life in Japan and Europe for a few years, and it could become a big problem for the United States' 165 million cell phone owners. The CAN SPAM Act of 2003 authorized the FCC to look into methods for stopping phone spam; in February 2005, the agency published a list of wireless domains to which spammers were forbidden to send commercial text messages without a customer's permission. (For more info, see http://ftp.fcc.gov/cgb/policy/canspam.html.) But given the miniscule impact CAN SPAM has had on our email inboxes, don't expect much relief from the FCC ruling.

The practical step is to call your wireless provider to register a complaint; many will simply take the spam messaging charges off your bill, says John Walls, VP of public affairs for the Cellular Telecommunications and Internet Association (CTIA). He adds that major wireless carriers are aware of the problem and actively filter out most spam messages before they reach customers. While you're at it, be sure to file a complaint with the FCC at http://www.fcc.gov/cgb/complaints.html or call them at (888)225-5322.

In the good old days, dialing 911 on your cell phone was about as effective as rolling down the window and shouting "Help!" Unlike traditional land line phones, emergency operators had no easy way to trace wireless calls back to their physical location. That began to change in 1996 when the Federal Communications Commission mandated that tracking technology, such as Global Positioning Satellite transponders, be built into every cell phone, which allows emergency responders to pinpoint their locations. Wireless carriers are required to implement "Enhanced 911" (E911) capabilities in their networks by December 31, 2005, but when this service will be available nationwide is anyone's guess, thanks to problems upgrading the country's antiquated emergency response equipment. (For the 411 on E911, see

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

TELEMARKETING, JUNK MAIL, AND FAXES

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I get more calls from telemarketers—or their auto-dialer machines—than from people I know. I'm sick to death of it. How do I make it stop?

The Fix:

Here's something that actually seems to work: sign up for the Federal Trade Commission's Do Not Call List. Since it launched in June 2003, more than 85 million Americans have signed up. You can add your name and number to the rolls by visiting www.donotcall.gov or calling (888) 382-1222. You'll have to wait three months before your request officially takes effect. Telemarketers that violate the Do Not Call rules can be fined up to $11,000 per incident (to file a complaint, visit https://www.donotcall.gov/Complain/ComplainCheck.aspx). As of June 2004, the FTC had received more than 550,000 complaints about companies violating the list, though it had taken action against only one telemarketing firm thus far.

The Annoyance:

OK, I signed up for the Do Not Call list (DNC). Yet I still get calls at my place of work from charitable organizations and other businesses. What gives?

The Fix:

Unfortunately, the Feds also built in a number of exceptions to the DNC. For example, the list only covers home numbers, not businesses. Political or charitable organizations and people taking surveys are also exempt. You can try adding your business number to see if telemarketers will remove it anyway (seemed to work for me). You can also use the Direct Marketing Association's mail preference service, which is used by some charities as well as businesses, to take your name off calling lists (see http://www.dmaconsumers.org/cgi/offtelephonedave). Otherwise you'll have to ask each organization that calls you to put your name and number on its internal do-not-call list, which they're legally required to honor.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

IDENTITY THEFT

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

My mailbox is bursting with offers for pre-approved credit cards and home equity loans. I'm worried somebody might get to my mail before I do and steal these offers.

The Fix:

You should be. Your mailbox is a prime target for identity thieves, and any mail containing sensitive information—like credit card offers, bills, receipts—could be used by a thief to create new accounts in your name.

The first step is to tell the big credit reporting agencies (Equifax, Experian, Innovis, and TransUnion) to stop selling your information for use in pre-approved credit card offers. Simply call (888) 567-8688 and provide your home phone number, full name, address, zip code, Social Security Number, and date of birth. You can choose to have information suppressed for five years or permanently. You can also fill out a form online at http://www.optoutprescreen.com (see Figure 2-7).

Figure 2-7: You can opt out permanently from pre-approved card offers at optoutprescreen.com, but do it quickly-if you don't fill out the form within 10 minutes it turns into a pumpkin.

But you might still get credit offers from banks that get your name from other sources, as well as other offers that contain information ID thieves would love to get their hands on. Worse, anyone going through your trash could easily find the stuff you thought you'd tossed. To foil dumpster divers, buy a good crosscut paper shredder. You can find one that will even chew up your old credit cards for around $70 at an office supply store. To limit strangers' access to your mail, get a locked mailbox that lets your mail carrier feed everything through a slot (prices start at around $150), or direct all your commercial mail to a Post Office box or private mailbox.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 3: PRIVACY ON THE NET

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

Seemingly overnight, the World Wide Web has turned into the Big Bad Net. You can't open a newspaper (or dial up a newspaper's web site) without reading about another privacy threat traveling over the wires or across our WiFi networks.

More and more it seems like we're engaged in a cyber war, and the bad guys are winning. Spammers overwhelm our inboxes with sleazy come-ons, and no one seems able to stop them. Every few days a new email worm appears, more virulent than the last. Trojan Horses and spyware infect our PCs and steal our data, or turn our machines into tools for digital delinquents to launch attacks. If online stalkers don't track us down, identity thieves surely will, ruining credit ratings and reputations in the process. You say you live to swap MP3s? You may live to regret it when a record industry subpoena lands on your doorstep.

Meanwhile, your browser holds a veritable cornucopia of personal information about you and your habits, which rapacious e-marketers will capture and sell to the highest bidder. And no one, not even a child, is safe.

Is life on the Net really that bad? No. But it can be, if you don't take sufficient precautions. Here are some real-world ways to protect yourself in cyberspace.

The Annoyance:

I surf the Web every day and never give a thought to online threats. But what about the information on my surfing stored on my PC? Can anyone simply walk up to my computer and see where I've been and what I've been up to?

The Fix:

You bet. A web browser like Internet Explorer can build an amazing dossier on you and your interests, available to anyone who sits at your keyboard while you're away. (Of course, first they have to get at your browser—see Chapter 2, "One Computer, Many Eyeballs," for information on how to limit access to your machine.) They can see the pages you've looked at, the places you've shopped, the terms you've searched for, and much more. Fortunately, there are ways to cover your tracks and keep your browsing habits private. As with most of life's odious chores you can either do the job yourself or hire someone else—in this case a software utility—to do your dirty work. Here's the DIY route.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

BROWSING AROUND

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I surf the Web every day and never give a thought to online threats. But what about the information on my surfing stored on my PC? Can anyone simply walk up to my computer and see where I've been and what I've been up to?

The Fix:

You bet. A web browser like Internet Explorer can build an amazing dossier on you and your interests, available to anyone who sits at your keyboard while you're away. (Of course, first they have to get at your browser—see Chapter 2, "One Computer, Many Eyeballs," for information on how to limit access to your machine.) They can see the pages you've looked at, the places you've shopped, the terms you've searched for, and much more. Fortunately, there are ways to cover your tracks and keep your browsing habits private. As with most of life's odious chores you can either do the job yourself or hire someone else—in this case a software utility—to do your dirty work. Here's the DIY route.

Step 1:

Forget Your History. By default, Internet Explorer 6.x and Mozilla Firefox 1.0 maintain nearly three weeks worth of browsing history (Netscape 7.x and 8.x store a mere 9 days by default). That can be handy for those senior moments when you know you saw a fascinating web page last week but can't remember when or where; unfortunately, it's also like having a digital gumshoe on your trail. To erase your history in IE 6.0, go to Tools→Internet Options, click the General tab, click the Clear History button, and then OK. Now you're back to square one. To keep IE from recording your future wanderings, in the same dialog box set the "Days to keep pages in history" to 0. (But if you have another senior moment, you're on your own.)

In Netscape 7.x, you'd select Edit→Preferences, double-click Navigator in the left-hand pane and select History, then click Clear History. In the same window you can also set the number of days you want Netscape to remember your web travels. Then click OK.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

EMAIL

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

Spam spam egg sausage and spam—that's all I get in my inbox. How did these spammers get my email address?

The Fix:

Spammers can grab your email address in any number of ways. If you posted your address in an online forum, newsgroup, or on a web page, it was probably harvested by a spambot—special software that scours the web looking for "@" signs, then collects the addresses surrounding them. You may have signed up for an online sweepstakes at a site like jackpot.com or grouplotto.com and agreed to receive the junk, even if you're not aware you agreed to it. (See the "How to Read a Privacy Policy" sidebar in this chapter.) Or a friend might have signed you up at one of these sites (friends like this you don't need). More likely you were the victim of a "dictionary" or "brute force" attack, where a spammer overwhelms your ISP's email server with messages sent to random combinations of letters (like bob-aaa@yoursisp.com, bob-aab@yourisp.com, etc); those that don't bounce back are added to the spammers' collection and then sold—over and over and over. So, in other words, you could do absolutely nothing on the Net and some spammer could still find your email address and start filling your inbox with junk.

For a detailed discussion of the many ways spammers harvest email addresses, see http://www.private.org.il/harvest.html. For a good general discussion of Spam, read the FAQ provided by the Coalition Against Unsolicited Commercial Email (http://www.cauce.org/about/faq.shtml).

The Annoyance:

I'm tired of being a magnet for electronic luncheon meat. What can I do to wrest my email address from the clutches of these evildoers?

The Fix:

Sorry. Once a spammer has your address there isn't much you can do to get it back, short of abandoning your old address and starting from scratch with a new one. But you can limit exposing your new address using a few time-tested tricks. For a start, don't use your primary email address when you fill out web forms, especially for sites that offer something free in exchange for your information. Instead, set up a junk address on a free web mail service (such as Yahoo Mail) and use that one when you sign up. You may have to check that address periodically for legit mail, such as the confirmation messages you get when you sign up for some sites.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

HACKERS, VIRUSES, AND WORMS—OH MY!

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

My computer seems to have a mind of its own. The drive light is flashing and it seems to be busy doing things when I'm nowhere near it. Have I been hacked? Do I have a computer virus? What can I do to keep from being hacked or infected?

The Fix:

Your machine may well have a virus. (Then again, maybe Windows is having one its regular nervous breakdowns.) Some viruses and worms announce themselves by displaying a silly message on screen; some make themselves known by destroying data or disabling your system. But in the past year we've seen an epidemic of attacks that turn PCs into so-called zombies —machines that are remotely controlled over the Internet and used to launch attacks against other sites, forward spam, or do virtually anything else the hacker desires. Another big threat is keystroke loggers—software that captures what you type and sends it to a remote location. These are extremely handy for stealing passwords, credit card numbers, and other confidential information.

The only way to prevent zombification is to follow safe email practices (such as not opening file attachments; see "Don't Get Too Attached"), keep your operating system up to date, and get software that protects you from digital delinquents (see the sidebar "Ten Essential Privacy Tools").

Think your PC is safe just the way it is? A visit to Steve Gibson's ShieldsUP! (http://www.grc.com/default.htm) may change your mind. (Scroll down to the "Hot Spots" area of the page to reveal the ShieldsUP! link.) The site will perform a benign probe of your PC's ports—the communications gateways it uses to send email, get web pages, and so on—and tell you whether you're vulnerable to attack. If you aren't running some kind of firewall or connected to a router, your system is wide open.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

ONLINE SHOPPING

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

The idea of typing my credit card number onto a web page gives me the willies. I feel like I'm inviting people to rip me off.

The Fix:

It shouldn't. Though e-commerce sites do occasionally get hacked (and shady sites might steal your data, see Table 3-2), using a credit card actually offers you some protection if you get ripped off. Thanks to the Fair Credit Reporting Act, if someone steals your credit card information to make purchases, you're only liable for $50 of the total—even then, many banks and merchants will credit the entire amount when online fraud is involved, provided you catch the mistake in time.

But you'll want to make sure the site is legitimate (see Table 3-2) and that it uses Secure Socket Layer encryption to protect your credit info as it zips through cyberspace. Even then, you'll need to monitor your account carefully to make sure nobody's "cramming" your card—adding bogus extra charges to the account. Most banks put a limit (like a couple of months) on how long after the initial purchase you can dispute a charge, so examine your monthly statements or check your account more often online. An alternative is to get a separate credit card with a low limit and use it exclusively for online purchases. If crammers do max out the account, you'll be less exposed.

Whatever you do, don't ever send a check or cash to a web site, unless you don't care about losing money. (And if that's how you feel, could you send me some, too?)

Table 3-2: Is that online store a legitimate business or a snare for the unwary? Look for these warning signs.

Shop with confidence	Buyer beware

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

ONLINE FILE SWAPPING

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I just downloaded the entire Barry Manilow MP3 Collection using my favorite file-sharing network. These networks are anonymous, right? The record companies can't possibly find out who I am, right?

The Fix:

Wrong and wrong. Some of your fellow file swappers aren't really file swappers—they're firms like Ranger Online that are employed by the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) to catch file-sharing scofflaws. Exactly how these companies operate is a trade secret, but essentially they log onto peer-to-peer networks like Kazaa or Gnutella, initiate downloads, and record the IP addresses of computers containing large numbers of illegally copied songs. The RIAA's crack legal team then sends a letter to the Internet Service Providers who control these IP addresses, demanding the ISPs identify the swappers using them. Under the safe harbor provision of the Digital Millennium Copyright Act (DMCA), ISPs that cooperate with this request can't be prosecuted for violating copyright laws. Among the recipients of an RIAA subpoena were a 12-year-old honors student in New York City and an 83-year-old grandmother in West Virginia who'd been dead for a month.

According to a report in the Honolulu Advertiser, agents with the FBI's Cybercrime unit asked computer repair shops on the island of Oahu to report on any machines containing child porn, threats to national security, or file-swapping software. Next time you vacation in the islands, you may want to leave your laptop at home.

Still, some large ISPs like SBC and Verizon refused to comply with the RIAA's demands. In December 2003, a DC district court ruled the RIAA didn't have the authority to force ISPs to identify their customers under the DMCA. So the RIAA's legal eagles changed tactics and began filing "John Doe" suits under other provisions of Federal evidentiary law, making it harder for ISPs to avoid cooperating. (For a good summary of the legal issues, see the Privacy Resolutions PC page at

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

KIDS AND THE NET

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I don't want my kids growing up to be fry cooks at McDonald's, so I got them a computer with a fast Internet connection. Now I'm afraid they'll become a little too worldly, too soon. How do I shield them from the Net's nasty, dark underbelly?

The Fix:

The first thing you can do is set up separate logons for each child, with settings appropriate to each age group. You'll also want to set yourself up as the adminstrator for that computer, so you can control what they can and can't do with it. (For the skinny on how to set up accounts, see Chapter 2, "One Computer, Many Eyeballs") If you share a computer, this will help keep them from eyeing your browser history or snooping around in your private files.

Once you've done that, you can log on as your child and adjust his or her browser settings to limit what sites they can visit, based on their content. (Though my advice is to use such content filters sparingly; see "Hire a Nanny.") Internet Explorer 6.x comes with an older ratings system devised by the Recreational Software Advisory Council (RASCi), which is now part of the Internet Content Ratings Association.

To turn the Ratings system on, select Tools→Internet Options and click the Content tab, followed by the Enable button. In the Content Advisor dialog box select the Ratings tab and click OK. If you've never enabled the Content Advisor you'll be prompted to create a password. Once you've got a password, click the Settings button in the Content Advisor section, enter your password and on the Ratings tab, use the sliders to choose the levels of sex, violence, nudity, and language you're willing to have your kids exposed to online (the strictest setting is Level 0, all the way to the left). Click Apply, then OK. The default setting is to have all filters turned to Level 0, which is probably what you want with smaller children, but probably not with Net-savvy teens.

Of course, site labeling is entirely voluntary and the vast majority of web sites are unrated. To keep your kids from wandering onto the wrong site, select the General tab and make sure the "Users can see sites that have no rating" box is unchecked. If you want to give kids the option of visiting an unrated site (with your approval, of course), check the box next to "Supervisor can type a password to allow users to view restricted content." You will quickly grow tired of doing this for unrated sites they like to visit over and over. The easiest way to avoid this problem is to select the Approved Sites tab, type the names of sites the kids can visit whether they're rated or not, and click the Always button. (To ban sites you never want them to see, you can simply type the URL and click the Never button.) When you're done customizing the settings, click OK twice to confirm your choices.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

PRIVACY @ LARGE

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I'm starting up a web site for battered women, but I don't want abusers to find out how to reach me by searching the Whois database. Is there a way I can register anonymously or tell my registrar to suppress my contact information?

The Fix:

There is, though it's not exactly obvious. The Grand Poobah of Internet policymaking, the Internet Corporation for Assigned Names and Numbers (ICANN) (http://www.icann.org/), requires anyone who registers a web site to make their contact information available to the public via the Whois database. There are plenty of good reasons for this—for example, if you need to track down somebody making libelous comments about you on their site, you can search Whois and locate the blighter. But you can get around the public record requirement in a couple of ways.

For example, domain registrar Network Solutions, Inc. (NSI) will provide alternate contact information for the Whois database (such as a private mailbox maintained at NSI and a temporary email address). They'll then forward any email, letters, or calls to your real address while keeping that info safe from spammers, direct marketers, and others who troll the Whois rolls. The cost for this service? A mere $9 a year on top of whatever domain registration fees you're paying (for more information, see http://www.internetprivacyadvocate.org).

You could also use a service like Domains by Proxy (http://www.domainsbyproxy.com), which also charges $9 a year to register the web site for you (thus providing the company's contact info, not yours) while giving you control over domain transfers. But this type of protection can be fairly limited. According to the site's terms of service, if you engage in "morally objectionable activities" (like sending spam), or your site is simply the subject of a legal dispute, Domains by Proxy will remove its name from your record and expose your real contact information to the world.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

Chapter 4: PRIVACY AT WORK

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

In the 21st century, the phrase "workplace privacy" has become something of an oxymoron. If you work in the public sector, you may be able to lean on the U.S. Constitution and other state and federal laws for a modicum of protection. If you're slaving away for a private firm, your privacy rights can essentially be summarized as "their property, their rules."

In the past, workplace monitoring was spurred by a desire to increase productivity. These days, corporations are more worried about attackers than slackers. Worms, viruses, spyware, and other malicious code can reach into the network of computers at any corporation, and cost billions of dollars in lost income and time spent cleaning up the mess. Hackers and electronic eavesdroppers can compromise a company's internal networks and steal confidential data—if employees don't accidentally leak the information first via email or instant messaging. Concerns about security lead human resource executives to employ in-depth background checks and pre-employment screening. And that's barely scratching the surface.

But different companies have different cultures. Some may strictly forbid extracurricular web surfing; others may allow it as a perk for break times, or encourage you to explore the Web because it makes for more informed employees. Some firms record every call you make or scan every email message; others only monitor randomly or in situations where they suspect wrongdoing. And, of course, a few benighted firms don't monitor at all but rely on their employees to act appropriately.

Clearly, it pays to figure out what kind of company you're working for. What activities does your employer monitor and how? You'll want your company to put its policies in writing, so everyone knows where the lines are drawn. You should ask your boss what he's doing to protect your privacy, not just invade it. And while you're at it, you should find out what's legal, what isn't, and what's unknown. This chapter will give you those goods, and more.

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

THE INTERNET AT WORK

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I think my boss is watching where I go on the Web. Aren't employers required to notify you if they monitor your web activity?

The Fix:

In general, no. With very few exceptions, private employers can monitor everything you do in the workplace and aren't required to tell you a thing about it. (Government employees actually enjoy a few more rights; see the sidebar "Better Fed than Dead?")

Some employers include vague language like "we reserve the right to monitor your activities," either on a splash screen when you turn on your computer or buried deep within the employee handbook. Of course, that doesn't tell you whether they are monitoring or how they might be going about it. Only Connecticut and Delaware require employers to notify employees before monitoring their online communications. In other states it's entirely up to each company.

Lewis Maltby, president of the National Workrights Institute (http://www.workrights.org), says that while there's little you can do to prevent your boss from monitoring your online behavior, you can make monitoring less intrusive and more transparent:

• Ask your boss whether your company monitors employee communications, and if so, what types of communication and how. If your boss doesn't know, ask her to inquire further about this and get back to you.
• Once you find out what's monitored, decide how you want to communicate personal information. For example, if your company routinely scans email traffic but not phone calls, you may want to call your spouse or your doctor the next time you need to discuss a personal issue (although a better idea would be to use your cell phone or another line not owned by your company).

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

APPLYING FOR WORK

Content preview·Buy PDF of this chapter|Buy reprint rights for this chapter

The Annoyance:

I just applied for a job at a prestigious company, but before they'll even consider me they insist on a urine sample. Can I legally refuse?

The Fix:

You can always refuse, but you probably won't get the job. Since the "Just Say No" campaign of the early 80s, drug testing has become an unfortunate part of life at many companies. It's also been used for more than just keeping addicts off the payrolls. According to a 2001 survey by the American Management Association (AMA), employers also use such tests to deny employment based on an applicant's medical history, HIV status, presence of sexually-transmitted diseases, and whether they're pregnant. Companies have also successfully used drug test results to deny workers' compensation claims. And even if you're perfectly clean (and healthy, and not with child), you could still get nixed due to false test results (see Table 4-3).

Table 4-3: You could be a druggie...or you may just have a head cold.

Legal Substance	May show up us...
Sources: Erowid, Community Health Gate
Ibuprofen	Marijuana
Cold remedies or diet pills	Amphetamines
Novocain	Cocaine

Additional content appearing in this section has been removed.
Purchase this book now or read it online at Safari to get the whole thing!

HR/PERSONNEL RECORDS

Content preview·Buy PDF of this chapter|