Privacy Starts With You

How to protect your privacy online:
Internet ScamBusters #41

We’d like to thank everyone who supported our efforts

last month. Since Internet ScamBusters is a public service, we especially appreciate

your support.

We have a really important issue for you this month on a topic we haven’t covered before: Privacy.

Some of what you learn will most likely surprise you.

Let’s get started…

Privacy Starts in the Home

Privacy is an issue of concern for most of us who use the web. The greatest threat to your privacy may surprise you, though.

It’s not the evil spammer who floods your mailbox, or the site owner who sells your information to other people without your permission.

It’s not even the dreaded cracker, scouring the Net for unsecured machines to plunder for valuable data.

In all likelihood, it’s you.

There are lots of ways you can make private information vulnerable without even knowing it. In this issue we’ll cover a few of those ways, and show you how to make sure you’re not giving information about yourself to people who shouldn’t have it.

Each mistake is easy to correct, and put together, they can make a huge difference. And they should all sound pretty familiar. We’ll start with…

1. Don’t Let Strangers In The House

You may be surprised to learn that the most important thing you can do to protect your privacy online is to have, and use, a good virus checker.

While viruses usually don’t pose privacy threats, a good anti-virus program also checks for and removes trojans. Some trojans can open your computer up to remote control by anyone who has the right software. Once these virtual peeping Toms find a computer that’s been infected by the right sort of trojan, they can do anything they want with your machine.

They can delete files, run programs, and yes – they can read anything on your machine. They can download any information you have stored on your computer. Address books, personal emails, banking and credit card information, digital photos, business files… You name it.

This is one of the most common ways for online stalkers to get information on their victims. It may actually be the main way they choose them.

Even if you never run into one of the dangerous types, is this really the kind of information you’d just leave laying around for anyone with a little curiosity to come in and pick up?

Fortunately, it’s fairly easy to avoid becoming infected by a trojan.

  1. Don’t ever run attachments from anyone but trusted sources.
  • Download software only from reputable sites.
  • Run a virus checker on every new program you install, no matter where it came from.
  • Regularly update your anti-virus software, and check your system for infection frequently.

Just those few steps will drastically reduce the potential for serious invasion of your privacy.

2. Lock Your Doors and “Windows”

Most cases of data getting into the wrong hands are still from physical access to the machine the data is stored on. The answer to this is easy: Don’t let people use your computer unsupervised unless you intend them to have free access to all the data on it. And think about what’s on the computer before you make that decision.

Also, don’t write all your passwords down somewhere that a snoop, invited or not, can easily find them.

That takes care of the doors. Windows are another problem.

For all its convenience and ease of use, Windows is one of the least secure operating systems ever created. Fortunately, there’s software that can fix this problem, and fairly easily at that. It’s called a firewall.

Firewalls make your computer virtually invisible to anyone on the network. One of the best is Zone Alarm. It’s everything most users will ever need, and they offer a free version. Very easy to install and use, and uses very little of your system’s resources.

A firewall is a good idea for anyone who connects to the Internet. It should be considered absolutely essential for anyone with an “always on” connection, such as DSL or cable modems.

You can get a copy of the free personal version, or the professional version for business use, at

Highly recommended.

3. Keep The Curtains Closed

We all know that spammers are annoying, and that they grab email addresses from websites and newsgroup postings.

Have you considered that you may just be giving them your address, without even knowing it?

For example, if you forward a joke, virus warning, or other email to a group of people, do you think those people stop to remove all the addresses from it before they send it on to their friends?

If a spammer gets hold of one of those, do you think they won’t grab every address in the message? (We’ve seen one case in which a message had been forwarded so many times as attachments that it included over 1100 email addresses!)

A less deliberate case is the all too common email virus. The ones that come as attachments and, once opened, email themselves to everyone in your address book. Some of these have been set up to send private info, like passwords and account information, to their programmers.

These are usually gotten by opening infected Word docs, Excel spreadsheets, or other MS Office documents, without taking proper security steps. Unless you really need them (and most of us don’t) turn off macros in Word, Excel, Access, and PowerPoint. Macro-viruses can infect any of these document types.

It’s also a good idea to just delete any executable file or file of the types listed above that you weren’t expecting. These viruses would only come from people you actually know, so even that isn’t a good gauge of their safety.

Again, run a virus scanner at all times. And avoid using Microsoft email programs where you can. They have some serious security problems in the default configurations.

Sometimes the offending program is one you deliberately install, that’s produced by legitimate companies with apparently sound privacy policies. It’s unfortunate, but some people just don’t tell the Truth, the Whole Truth, and Nothing But the Truth.

There are several popular file download utilities and a number of ad supported software programs that report information back to their creators that you might not want spread around. Things like what files you personally downloaded (yes, some of them can identify you personally), what music you listen to on your computer, and what websites you visit.

A far greater threat than profiling software is the type of spy software that anyone can purchase off of the Web and install in the home or business environment. Many of these programs are sold under the pretense to assist employers or parents with monitoring their employees or children’s access.

In reality, programs like KeyKey, Net Spy and Ghost Key Logger are really used to secretly gather sensitive information, passwords and the actual emails of unsuspecting users.

Spyware programs like this are able to capture keystrokes so that everything you type is stored in a secret buffer on the machine. Some of these programs go as far as to take picture “snap shots” of surfing or machine activity. This activity can be later examined by the spy, or in some cases emailed over the Internet to the spying party.

To learn how to check your computer for these “spyware” programs,

check out our Anti Spyware

Resouce Center.

One last note in this section: It IS possible for your email address to be grabbed from within your browser just by visiting a page with the right trick built in. And no, this doesn’t involve Javascript, ActiveX, or any other tricky programming.

Yet another good reason to use a dedicated email program, and to keep your email address out of your browser entirely.

4. Be Careful What You Say To Strangers

The most basic rule in this regard: Watch what you post to discussion lists.

While they can seem cozy, friendly and warm, the regular posters are the ones creating that feeling. Too often, there are 9 “lurkers,” (people who don’t post at all), for every one person posting. And you don’t really know what those people are all about, do you?

When you fill out forms on websites, consider the use the info will be put to before you give it. Don’t give more info than is needed to complete whatever transaction you want to make.

For example, if you’re buying a product that needs to be delivered physically

or using a credit card, the merchant has a legitimate need for your physical

address and, often, your phone number. In these cases there’s also a significant

incentive for them to respect your privacy: Future purchases.

If you’re subscribing to a free newsletter, the publisher really only needs your email address and, if they mail merge, your first name. Asking for any other personal info should be questioned seriously.

If you’re not sure, check their privacy policy carefully. If you don’t like the answer, or if you just don’t feel they should be asking in the first place, don’t give them fake info. That just reinforces their idea that people don’t object. Go elsewhere instead.

Another thing to check for in almost any form is the ability to easily “Opt

out.” This is most common when the company is offering a free download

or other freebie. They will often have a checkbox that you must uncheck if you

don’t want to receive email from them. Many firms will even use this on order

forms for paid products.

Keep your eyes open, and only sign up for things you actually want to receive.

If they don’t offer an option, but tell you right up front that taking them up on their offer means you’re subscribing to something, well, that’s the price of the “freebie.” If you don’t want the subscription, pass on the offer.

If they’re sneaky about it, though – Have at them. Whenever you feel that someone is crossing the line and invading your privacy, let them know how you feel.

In the long run, that’s the most important thing you can do to make privacy something that’s respected by every business and publisher on the Net.

Locking your doors and Windows will take care of many of the less savory types…