PRIVACY LARGE | Computer Privacy Annoyances

< Day Day Up >

PRIVACY @ LARGE

Whois Stalking Me?

The Annoyance:

I'm starting up a web site for battered women, but I don't want abusers to find out how to reach me by searching the Whois database. Is there a way I can register anonymously or tell my registrar to suppress my contact information?

The Fix:

There is, though it's not exactly obvious. The Grand Poobah of Internet policymaking, the Internet Corporation for Assigned Names and Numbers (ICANN) (http://www.icann.org/), requires anyone who registers a web site to make their contact information available to the public via the Whois database. There are plenty of good reasons for this for example, if you need to track down somebody making libelous comments about you on their site, you can search Whois and locate the blighter. But you can get around the public record requirement in a couple of ways.

For example, domain registrar Network Solutions, Inc. (NSI) will provide alternate contact information for the Whois database (such as a private mailbox maintained at NSI and a temporary email address). They'll then forward any email, letters, or calls to your real address while keeping that info safe from spammers, direct marketers, and others who troll the Whois rolls. The cost for this service? A mere $9 a year on top of whatever domain registration fees you're paying (for more information, see http://www.internetprivacyadvocate.org).

You could also use a service like Domains by Proxy (http://www.domainsbyproxy.com), which also charges $9 a year to register the web site for you (thus providing the company's contact info, not yours) while giving you control over domain transfers. But this type of protection can be fairly limited. According to the site's terms of service, if you engage in "morally objectionable activities" (like sending spam), or your site is simply the subject of a legal dispute, Domains by Proxy will remove its name from your record and expose your real contact information to the world.

Even if you forgo a proxy or forwarding service, be careful about the information you put in the Domain Name Service database. Don't enter your home address or phone number (a P.O. box is a much better choice), and avoid using your primary email address.

PRIVACY IN PERIL: ANTI-SOCIAL NETWORKING

The premise of social networking sites is incredibly attractive: Create a profile on a site like Friendster or Tribe.net listing your deepest thoughts and fascinating hobbies, and before long you'll have 400,000 new friends. The problem is that some of those folks might not really be so friendly or even who they say they are.

Social networks are rife with tales of identities being hijacked, profiles being sabotaged, and users who've had highly personal entries re-posted in highly public places. That's in large part because security and privacy are often secondary concerns to the folks who created these sites.

For example, privacy consultant Alan Chapell claims he logged onto Classmates.com and set himself up as reunion organizer for 16 separate classes in 8 schools, just to show how lax the site's authentication was. Johnathan Moore, a 27-year-old software engineer, hacked his way around Friendster and other networks to demonstrate their security flaws. According a report in Wired, he was able to mine the network for users' ZIP codes and last names, which he could then use to track down their home addresses.

Chapell and Moore's intentions were benign; others won't be. Does that mean you should shun social networking sites? Not necessarily. If you're looking to connect with others whether for business or pleasure giving up some degree of privacy is a given. But choose your networks carefully; those that make it easy to contact just anyone are also the most prone to abuse. And remember, you don't have to tell the world everything in your online profile. A little mystery can be a good thing.

Privacy in Peril: Spies at AOL

As if America Online users don't get enough spam, Federal authorities recently charged a former AOL engineer with selling more than 90 million screen names AOL's 30 million+ subscriber base to a Las Vegas-based spammer. Among other noxious materials, the spammer allegedly dealt in advertisements for penis enlargement pills. The AOL employee and his alleged partner in spam now face a maximum of five years in prison and fines of $250,000.

Antidotes for Domain Poisoning

The Annoyance:

I registered a domain name, and suddenly I'm getting all this junk mail from other domain registrars and web hosting services.

The Fix:

One reason may be because ICANN requires registrars to sell Whois records in bulk to other interested parties (charming, no?). If you don't want your domain registration information to be sold, you must tell your registrar. For example, to opt out at Network Solutions, you must log into your account page, click Edit User Info in the left menu and check No next to the statement "I choose to have my name included in the Bulk WHOIS data licensed to third parties for domains for which I am the Account Holder or Primary Contact." Click Save and you're done. For other registrars, you'll need to check the privacy policies and/or email customer support for instructions on how to opt out. And if they don't let you opt out, maybe it's time to switch registrars, eh?

Bloggers are from Mars, Lawyers are from Venus

The Annoyance:

Someone I know posted a web log entry about me that contained information I'd rather keep out of the public domain. Now I'm afraid it will start to show up in Google searches.

The Fix:

Bloggers usually surrender a lot of their personal privacy. That's their choice, and that's fine. Unfortunately, a lot of bloggers also compromise the privacy of others and that's not so fine. An informal survey conducted by researchers at MIT's Media Lab found 66 percent of bloggers reveal personal information about others and use those peoples' real names with nary a thought about securing permission first. Many bloggers also seem to think they can publish anything they want about anyone with impunity, which is a good way to get themselves sued.

For example: Irish blogger Gavin Sheridan (http://www.gavinsblog.com) was threatened with legal action by San Francisco attorneys representing John Gray, author of Men Are From Mars, Women Are From Venus. (Apparently Dr. Gray doesn't cotton to being called a "fraud," even on a relatively obscure web site.) Sheridan shot back a reply (posted on his blog, of course) reminding Gray's attorneys that: a) he's an Irish citizen and thus not bound by the California courts, and b) Gray is a public figure and enjoys fewer libel law protections. At press time, nearly a year later, Gray's attorneys had yet to respond.

But as a private citizen, you are protected by libel laws and can sue bloggers who slander or defame you, if you have the stomach and the budget for it. A better solution is to contact the blogger and politely but firmly ask him/her to correct, retract, or remove the offending statements (although this material may still show up in Google searches if those pages have already been cached). According to that same MIT survey, about a third of bloggers have gone back and edited or removed entries because they were too revealing or too negative, so the odds of a positive response are pretty good.

If you maintain your own blog, respect other peoples' privacy. Ask permission before writing about someone who's not a public figure. If you can't ask, then don't use their real names. And remember: you are liable for what you say online, no matter what your blogger buddies tell you.

Usenet or Lose It

The Annoyance:

Ok, I admit it, I'm a bit of a hothead. I've posted more than my share of flames and outrageous statements on various newsgroups across the Net. Now I regret many of the things I typed in haste. Is there any way I can expunge them or otherwise "take it back"?

The Fix:

Sorry. All the stupid things you've posted on Usenet over the years are preserved for posterity on Google Groups, assuming someone else is bored (or malicious) enough to look for them. But you can save yourself future embarrassment by using an anonymous remailer to post comments from now on. These are especially helpful to people who need to discuss highly personal issues (like sexual or substance abuse) without the stigma of having their identities attached to their comments. You'll find a list of anonymous newsgroup posters at http://www.nemasys.com/ghostwolf/Resources/asarian.shtml. For more information about anonymous speech on the Net, check out the Global Liberty Internet Campaign (http://www.gilc.org/speech/anonymous/).

PRIVACY BY THE NUMBERS

1 in 2
Male Internet users who admit to having visited an adult site
428,579,418
Spam emails blocked by AOL in a randomly selected 12-hour period in July 2004
70%
Online users who say they are concerned about online privacy
40%
Netizens who say they read online privacy policies
1.8 million
Users who were tricked into giving up personal information by phisher email scams
75%
Netizens who reveal personally identifiable information on their web blogs
36%
Bloggers who've posted things that have gotten them in trouble with family, friends, or employers
12 minutes
Average time required for unprotected PC to suffer a hack attack on the Net
30,000
Number of new zombie PCs discovered each day, from January to June 2004
Sources: EarthLink/Harris Interactive, AOL, Messagelabs, Electronic Frontier Foundation, Gartner Research, MIT Media Lab, SANS.org, Symantec

< Day Day Up >