Can You be Tracked on the Web?
Written on October 20, 2000 by Robert & Karen Vanderzweerde
Appeared in Greenmaster Magazine
Every time you surf the web, send e-mail, accept a "cookie", or
provide personal information to a web site, you are leaving an electronic crumb
trail for others to follow. Do you ever wonder how your name gets on spam or
junk e-mail?
Just as you used to tear up the carbon paper in credit card receipts to
prevent others from finding them in the trash and copying the numbers, you need
to take precautions on the Internet. You wouldn't give out personal information
to strangers, so don't blindly trust the Internet either.
Why would someone want to track "little ole" me?
The Internet is big business. If companies can "fine tune" their
marketing efforts by targeting specific individuals, not only do their profits
improve by selling more products or services, they also benefit from reduced
marketing costs. That is why getting to know you, your habits, and your personal
preferences is so valuable.
Each "crumb" of information can appear insignificant, but now there
is software to aggregate the data. As more data is gathered, more is known about
you. By combining these electronic crumbs with other sources of data, such as
telephone directories, a comprehensive "profile" about you can be
built. Forget about names, e-mail addresses, or credit card numbers, these
packages could begin with just your postal code.
There is a balance between being completely anonymous or completely known.
Many people give out personal data or allow "cookies" to be place on
their computer in order to receive the personal service that companies offer.
It's a trade off between convenience and privacy.
How can they track me?
Let me count the ways …
1. Each time you visit a web site, information about your visit is recorded.
This includes what pages you've viewed, how long you viewed information, what
you downloaded, etc.
Most of the time, this information is used to determine which areas of the
web site are popular and which areas need more work. Also, some sites rely on
advertising to survive and the number of people who visit the site determines
what revenue the site gets (they get paid for each instance that an ad is
displayed). If you click on an advertisement, the fees are even higher.
Of course, your visit is anonymous … or is it?
Whenever you click on something, you're sending a request for information to
a web server. Part of this request includes your return Internet Protocol or IP
address (otherwise, the answer would never get back to your computer). An IP
address doesn't necessarily identify you but it could. If you use a dial-up
account, your Internet Service Provider (ISP) gives you a new IP address from
their assigned pool of addresses each time you dial in. The web sites that you
subsequently visit don't know it's you but can identify your ISP. If you use a
cable modem or another high-speed service, you are assigned a permanent IP
address. All your activity can be specifically traced back to your IP address
and anytime you give out any personal data, such as a name, it can be traced
back to you.
2. Purchased anything on the web lately? Every time you do, you fill out a
form with your name, address, and payment information. This information is
captured and stored. It can be used to send you promotions by e-mail (or regular
mail too). Specific promotions can be targeted to you, as they know what you've
purchased and can build up your buying history.
While this may appear harmless (most people don't seem to mind the occasional
e-mail announcing special promotions), it can get out of hand. The information
could also be sold to others.
3. Entered a contest or two? Again, you gave personal information about
yourself and your desires -- you entered the contest because you wanted the
prize, didn't you? Enough said (see point number 2 above).
4. Banner ads or the ads at the top of the screen are a potential source of
trouble, especially if your browser is enabled to accept "cookies"
automatically.
"Cookies" are bits of text that are written to your computer.
Usually this is done to personalize your web experience (ever wonder how the
site remembers you when you re-visit days or weeks later?).
While "cookies" are harmless in themselves, they can be used to
track where you have been. When a service, such as DoubleClick Inc., handles the
banner ads on many web sites, a single company collects the "cookies"
of where you have been and builds a surfing profile about you -- especially if
you have ever clicked on a banner ad. DoubleClick got into hot water when they
tried to match this data to information about people in other databases (they
promised not to do this in the fine print of their privacy policy).
5. Finally, there are also non-electronic ways that you can provide
information. Many subscription renewals or event registrations now ask for
e-mail addresses. Of course, they're entered into a computer and used to send
you targeted information or promotions (e.g. conference notifications). Address
lists are often sold or rented and your e-mail address goes along with your name
and address.
There are more ways of finding out about you, but I think you get the
picture.
What can I do?
Before giving out any personal information, check the web site's privacy
policy. Reputable sites make the privacy policy easy to find and easy to
understand. It should spell out exactly what the recipients of the information
plan to do with it and, more importantly, what they promise not to do with it.
Sometimes there are options to opt out of certain activities (e.g. "Check
here if you do not want to receive occasional mailings or promotions for
us" or "We sell our information to keep our costs down, check here if
you do not want your information to be included").
If there is no privacy policy, leave the site immediately. You can complain
to the web master of that site by clicking on a "contact us" button or
function -- just remember that your e-mail address is included in the mail
message that you send.
When giving personal data or credit card information, make sure the
information travels over the Internet in a secure manner. The data should be
encrypted so that others have difficulty deciphering it. In Internet Explorer,
look for the little lock at the bottom of the browser screen. If the lock
appears, the data is encrypted. If not, your information could be read by anyone
as it travels over the Internet.
Turn off "cookies". At least, change your browser settings so that
you are warned whenever a "cookie" is about to be written to your
computer and you can then accept the ones that you want. In Internet Explorer,
pull down the "Tools" menu and select "Internet Options".
Then click on the "Security" tab and the "Custom Level"
button. Scroll down until you see the "Cookies" section and set the
following:
Allow cookies that are stored on my computer Disable or Prompt
Allow per-session cookies (not stored) Enable
If you are paranoid about people watching you, consider using a service such
as Zero Knowledge, which routes your activity through a series of servers,
encrypting data along the way, so as to make it impossible to trace either the
origin or destination of the communication. This service does come at a cost.
Won't the government protect me?
In January 2001, Canada is implementing bill C-6. It requires that companies
disclose what is being done with personal information collected and forbids
disclosure to unauthorized third parties without consent. The United States
favours voluntary compliance and no legislation is planned.
A final word …
When carbon paper was removed from credit card receipts, credit card
processing became safer. The same is starting to happen on the Internet but
we're not there yet. Until then, be cautious.
|
