In addition to privacy threats due to the Wi-Fi security problems outlined in this book, there are new issues arising as Wi-Fi access expands and more people connect to the Internet through hotspots.
While you may have secured your WLAN at home, when you go to a hotspot you’ve left that protection behind. There is no guarantee that the operator of the hotspot has taken any steps to protect his network or that your network communications aren’t being monitored.
There’s nothing to stop a rogue hotspot operator from recording where you go on the Internet or even from intercepting your passwords and personal data. Even legitimate service providers can collect data on their customers’ online activities and geographic locations. Being aware of this potential for abuse is the first step toward protecting your privacy.
Location-based advertising is a new idea that exploits a wireless service provider’s ability to pinpoint a user’s location and use that information to deliver location- relevant advertising. Yes, that’s right; I said pinpoint your location. All cellular phone companies have the ability to triangulate the position of any phone connected to their network. Most are expanding this ability because of new federal regulations requiring these companies to be able to locate a customer who places an emergency 911 call.
Pinpointing your location doesn’t require that a company use the global positioning system (GPS); it simply monitors the signal strength among multiple cellular towers and calculates the time it takes for the phone’s signal to reach each of them, or triangulating its location (see Figure 9-1). However, many new phones do feature GPS capability and carriers are sure to leverage this.
Figure 9-1: Triangulating a wireless customer’s position
Once the carrier knows a user’s location, it can deliver relevant advertising. For example, if I were in a downtown area and a nearby electronics store was having a sale, then my wireless could send an advertisement about the sale directly to my phone when I was near the store (see Figure 9-2).
Figure 9-2: Location-based ad delivery
This doesn’t only apply to wireless phones; advertisers are targeting Wi-Fi devices as well. In April 2004, a company called Quarterscope announced it had developed a Wi-Fi positioning system (WPS) that it planned to have in service by the end of the year.
Advertising isn’t the only application of this technology. Quarterscope is planning a number of applications, such as wireless city guides, that will take advantage of this positioning system. However, it is also going to market a people-tracking service that presumably parents can use to monitor their kids’ movements.
As ISPs and advertisers begin to track your day-to-day movements and store this data, you have to be aware that this information is likely to find its way onto the Internet or into commercially accessible databases. The potential for abuse of this information is considerable; it adds a completely new dimension to cyber-stalking.
The number of online threats to your privacy continues to grow. Whether you access the Internet via Wi-Fi or a wired connection, you’ll encounter these problems and will have to take steps to protect yourself.
Spyware monitors your Web surfing and may record everything you type, including passwords and credit card numbers. Spyware can end up on your computer in different ways. Some may arrive as part of a worm or virus, while other spyware utilities may be carried by a Trojan program and install themselves whenever the program executes.
Cross-Reference | Refer to Chapter 7 for more information about worms, viruses, and Trojans. |
Spyware might be installed in a drive-by download or a person with access to your computer may install a keylogger or similar application to steal your passwords and record your conversations. The best way to prevent spyware from invading your computer is to do the following:
Install antivirus software and keep it updated
Install antispyware software and keep it updated
Install a personal firewall application
Don’t open or download suspicious e-mail attachments or software
Monitor who has access to your computer
These simple steps will help prevent spyware from violating your privacy and security.
If you believe your computer has spyware on it or if you’d just like to check it to be sure, you can download antispyware software that will do the job. The next section lists some useful software for blocking and removing spyware.
The drive-by download is a new tactic of overaggressive Internet advertisers and, in some cases, crackers. The name drive-by comes from the fact that you’ll be surfing the Web, and while visiting a Web page, the site secretly downloads an application to your computer.
This attack uses misleading tactics to get you to authorize a download, such as a pop-up menu that says “Click here to enter a contest,” or exploits a security flaw in your browser to install itself without you even knowing.
The application downloaded to your computer is usually some sort of adware, which is software that’s used to monitor your activities and deliver ads to your computer. Occasionally, you may also find your computer has been infected with spyware in a drive-by download.
Adware can also be in the form of cookies that collect personal data and track your visits to different Web sites. These are sometimes called Internet transponders because they monitor where you’re visiting on the Internet and report it back to a central service.
Once you’re the victim of a drive-by download, you’ll be inundated with pop-up advertising, and advertisers may even track your movements and send you targeted ads based on your Web searches and pages you visit.
Unfortunately, adware and even spyware can be hard to avoid. One visit to the wrong Web site and you’re infected. Antivirus software doesn’t defend against many of these applications, and a firewall doesn’t provide any protection at all, because the adware is downloaded via your Web browser, often with your unwitting consent.
Caution | Adware and spyware can also be installed on your machine as part of another application. Many free programs are advertising-supported and have ad software built in. Others may track you or collect information about your surfing habits. Most software that includes adware discloses this in the End User Agreement prior to installation. Make sure you read this carefully and decide if you want to proceed. |
Some steps you can take to protect yourself (and your sanity) from adware and spyware are:
Keep your operating system and browser patched and updated
Keep your antivirus software updated
Be careful which sites you visit and what you agree to
Be careful which free applications you install on your machine
Install adware blocking/removing software on your machine, and keep it updated
Spy-blocking and ad-blocking software is useful for protecting your machine from infection and cleaning it if it is infected. There are a number of good programs in this category, some are freeware and others are shareware or commercial products. Some of the popular antispy and antiadware programs are:
Ad-aware. Developed by Lavasoft and a free version is available at www.lavasoftusa.com
Spyblocs. Developed by Eblocs and a limited free version is available at www.eblocs.com
Spybot search and destroy. From Safer Networking Ltd. and a free download is available at www.Spybot.info
Several sites provide information and links to download antiadware and antispy programs. These include:
www.securityconfig.com/software/desktopsecurity/desktopsecurity.htm
www.spychecker.com
www.spywareinfo.com
Cookies are passive files, not executable applications. They are nothing more than text files that contain information. Web sites can create cookies on your machine in order to facilitate services or to track your surfing habits. Tracking cookies work by using a network of participating sites to track your movement.
When you visit a Web site, it checks for the tracking cookie and notes your visit. As you surf the Web, participating Web sites read the cookie and report your visits back to a central server, which then builds a profile of your habits.
In some cases you’re identified by nothing more than a random serial number, but there have been cases where sites have collected more personally identifiable information, including e-mail addresses, ISPs, and even names.
Fortunately, you can control cookies, either with antiadware programs or through adjusting your browser settings. Antiadware programs look for tracking cookies and cookies that contain personable identifiable information and delete or block them. In Internet Explorer you can change your privacy settings. Follow these steps:
Launch Internet Explorer.
Click Tools in the menu bar and select Internet Options from the menu. The Internet Options dialog box appears (see Figure 9-3).
Figure 9-3: The Internet Options dialog box
Click the Privacy tab to view the Privacy settings options, as shown in Figure 9-4.
Figure 9-4: The Internet Options Privacy tab
Move the slider to adjust your privacy settings. As you move it up or down you’ll see definitions of the various levels of privacy to the right of the slider.
To override the privacy settings and allow or block specific sites from setting cookies, click Edit. The Per Site Privacy Actions dialog box appears (see Figure 9-5).
Figure 9-5: The Per Site Privacy Actions dialog box
Enter a Web site you want to manage; click Block or Allow. When you’re finished click OK. The Per Site Privacy Actions dialog box closes.
Click OK again. The Internet Options dialog box closes and your settings will take effect.
By adjusting you browser’s privacy settings, you can block sites attempting to create cookies that contain personal information. Alternately, you can manually delete cookie files or use ad-blocking software to augment Internet Explorer’s ability to block undesirable cookies.