Personal Security on the web: an in-depth tutorial

For better or worse, being anonymous on the Internet gets harder every day. Every computer is connected in a unique way. That means everybody can be traced. And it doesn’t take the CIA, FBI or NSA to do it. The first step is a simple reverse DNS lookup. Here are other IP tracking tools. Anybody with a bit of determination can learn a lot about you.

DON'T PANIC!: I'm not here to cause alarm!

This document is, however, meant to give you a couple of pointers to using the web safely. Well, relatively safely, anyway.

Personal Security and the “World Wide Web”

The most important point is that the Internet is about as safe or dangerous as a city street. (Ok, that sounds like a bit of an exaggeration, but I’ll explain…)

There are two points to Personal Security – Personal Safety, and Personal Privacy – That is, keeping yourself safe and keeping your information safe. The MOST important thing to me is the Personal Safety area, though I will bang on at length about Privacy later on…

Personal Safety

For the sake of this argument, lets pretend I’m an internet nutcase. (in this case, pretend I’m a potentially dangerous one..)
The Internet gives me a couple of advantages:

• Anonymity – You don’t know who you’re talking to. (I’ll get to webcams later) I say I’m Helga, 21, from Sweden, and you’d pretty much have to take my word for it. Sure, I might send you a photo, but how hard’s it going to be to find a photo of a young blonde woman in front of some ambiguous background?

• Obscurity – You don’t know where I am. Yeah, I tell you I’m from Sweden, and maybe even get someone to send you a postcard from there, but really I could live around the corner. And even if you eventually found out that I actually lived around the corner – you’d still be looking out for that blonde woman in the picture I chopped out of the clothes catalogue…

• Personality – I can seem to be like anyone In the space of an online conversation, I could pretend to be pretty much any personality I wanted to be – Age, Sex, Nationality, Religion, Personal Feeling – I’ve got the time to think about and construct the sort of answer I think the person I’m corresponding with expects.

So the person you think I am after hours and hours of chat may not in fact be the person I really am. I’m not saying lock yourself in a room with a baseball bat and 911 on speed dial, but I am saying be careful who you trust, how much you trust them, and how soon you trust them. (If you trust them at all).

Because of the anonymity of the Internet, I can create a new personality, email address, etc any time I like, so if you suddenly realize that Helga is a complete nutjob – and might even live around the corner(!), my next personality – Phil, 26, Construction worker from Staten Island, will be the next in line to chat/email away..

Again, I’m not saying avoid the internet. That would be as dumb as saying avoid footpaths because that’s where mugging’s happen. What I am saying, is control what information you give out, and to whom. Here are some pointers:

• Be cautious about giving out information about yourself – particularly your address and phone number.
• Be cautious about narrowing down the search area by giving snippets of information – i.e. your Town, Your school, etc.
• Be alert to people who seem to want to know a lot about you. Sure, they may be normal people who are genuinely interested, but they also may be internet dirtbags.
• Be practical. The internet is a great place to meet people, but it’s more difficult to tell what people are like. (Anyone can come across as a nice, caring, witty, charming and funny person on the internet. Hell, if I can pull it off, anyone can)
• Be cautious of people who’re overly friendly or suggestive. Better safe than sorry

* Again, don’t give out your home address. If someone wants to send you something, get them to send it C/O- someone else, a parent or friend’s workplace, etc

If someone’s weirding you out, break off conversations with them. Change your email address, chat name, etc, if you need to avoid them. Often internet nutters realise they’ve gone too far and back off for a while, so again – better safe than sorry – pull the ripcord on them. Don’t look back!

* Be hugely cautious about meeting people in person. Especially alone, or in strange places.

* Be cautious about giving out information about your friends too. Keep their information as private as (or more private than) your own.

WebCams

I have only two warnings about web cams from my browsing on the web:

* Be careful what they show – I.e. what’s in plain view of the camera – the credit card on your desk, your home address, what’s out your window, (your Elvis outfit,) etc

* Be careful what you show them – I.e. your tits/your dick, etc.

I almost wasn’t going to put the tits/dick bit it, but I thought, what the hell, that’s what I mean to say.

If you want to flash someone, BEWARE the pictures could float around on the internet forever..

You may think you’re showing only one person, but it may turn out you’re actually showing 1/2 the world, or it’s being intercepted, and/or it’s being captured, which would mean that you can probably expect that more than that one person is going to see it.

If it’s been captured the two problems are:

1. They’ll be there forever – looooonnnng after you think it wasn’t such a good idea…
2. Sooner or later, someone who you really want to hide your flash picture from is going to see it. (Or someone that knows them will). It could be your parents, it could be the new boyfriend/girlfriend in 2 years time who really doesn’t like that sort of thing, etc.

So I’m suggesting you act cautiously – (And look after your friends too.)
One phrase I have honestly heard many, MANY times over is: “It seemed like a good idea at the time”

Look after yourself!

Personal Privacy

Apart from nutters like me, you may also get targeted by:

* Spam Mailings (I.e. email advertising)
* Groups with various Political or Social agendas, who may want to meet you in person to put pressure on you in the old fashioned way
* Companies wishing to sell you further products
* People wishing to masquerade as you for some scam (Like me pretending to be Helga so you’ll send me money [to move to your beautiful country and be with you])

How’s my information gathered?

There are stacks of ways I can get information out about you. I could:

• Ask you. (Didn’t see that one coming did you?)
• Find it out from your personal web pages
• Get it from Usenet news or other Message Boards
• Find it out from “public” records (phone books, class lists, Electoral rolls..)
• Find it out from some site you’ve previously supplied information to but which has not taken adequate steps to protect it, OR has shared it willingly
• Find it out from your insecure web browser. (I.e. somehow direct you to “web page” which grabs values to known cookies and/or environment variables) – use FIREFOX 2.0 !
• “Infect” your machine with an application which extracts information about you and posts it to me somehow.

* Ask you. Yep, I mentioned that Twice. The second one is where you’re filling out a form to:

License some software, apply or register for some service or support, enable some product, fill out an online warranty, BUY something, Be notified of the avalability, enter a competition, get an email account, etc.

• See it for myself on your web cam.
• Ask a mutual acquaintance about your info when you’re offline.

* and many, many more

So how should I protect myself and my information?

• Don’t volunteer it in the first place
• Don’t put your email address on web-pages, Message Board info, etc. – If you simply HAVE to have it on a web page, consider making it in the form of an IMAGE that can’t be electronically read. (I.e. use a paint program to create a picture of the text of your email address)
• Only give information to online information requesters where you think it’s appropriate. I.e. if you’re filling in an online warranty, how much you make a year, your age, sex and occupation have nothing to do with the manufacturer. If you’re annoyed, you may want to:

o Send email to the site asking why the information is required and if it’s legally required to fulfill the terms of the warranty
o Require a statement from them stating what they will use your information for and that they won’t be passing it on to anyone else.
o Require a statement from them outlining the measures they’ve taken to protect your information.

• Simply refuse to supply the information. Period!
  

o For the really keen: Take legal action against them if they refuse to supply the service, etc See Legalities below.

• Have virus scanning software installed and up to date.

• Don’t use the same passwords between services. I.e. The same password for yahoo as amazon as your chat personality, etc.

* Turn off unneccessary functionality in your browser. I generally turn off cookies, Java, etc, but you’ll find that things like Hotmail don’t work properly if this happens. I’m not a big fan of microsoft/hotmail/msn/passport in general as they collect gobs of information on what you do and where you browse. You may want to spread your mail info around a few different freemail sites, like yahoo, etc.

• Provide false information. WHO SAID THAT!?! See Legalities and False Demographics below.. At your own risk…

* If you have to use a real email address to complete the registration, warranty, etc, consider creating a one-time e-mail account, just to get that message, then let it lapse.. http://TemporaryInbox.com

Marketing and Falsifying your Demographic Information (Your age, location, Occupation, Income, Marital Status, etc) is used in two main ways:

* To market something to you.
* To analyse what you do, to predict the best ways to market something to people like you.

Explanation
In the first case (Marketing to you), they may create a mailing or contact list of all the people they have in their database who are Single, Male and between the ages of 18 and 35. Then they contact these blokes and offer them a discount subscription to Hot Nuns in Bondage Monthly. Why? Well, it’s a lot cheaper, and less hassle to market to people they think might be interested in Hot Nuns in Bondage than to just email everyone on their database. They also stand less chance of alienating those people on their database who think that Nuns in Bondage is abhorrent, and who might then change their email address, etc. The really interesting part is that the company often pats itself on the back for being so proactive in “selecting” people to junkmail…

In the second case (Analysing what you do), Marketing Bods use cookies, scripts, etc, to collect information about you, how you browse, where you browse, etc, and try and spot trends in what you do. As a simple example, if they notice that 93% of the people who say that they’re Computing Professionals go to hotnunsinbondage.com, they’ll start thinking:

• Computing Professionals are generally perves
• There’s an untapped porn segment in there…
• Interest in Nuns and/or Bondage may be on the rise.

(Of course, they slap all the raw info into a program that does Analysis of Variance stuff, which spits out the above info)
None of this helps you if you’re one of the 7% of Computing Professionals who’s not interested and who suddenly starts getting stacks of invitations to various smut sites…

Faking it, and how to appear uninteresting
If you don’t want any of the above, you may want to fake information so as to make yourself appear dull, thereby avoiding being in a target demographic. It requires a bit of thought. The first, and most important point is: They’re generally after your money. Not all the time, true, but a lot of the time. For this reason:

• Make yourself very young or very, very old.
  (Never fess up to owning your own computer 🙂

• You might want to make your Income figure really low.

• You probably don’t own your own ANYTHING.

• Maybe you rent, or share accomodation with others.

• You might even be unemployed, or in prison!.

• You might live in some out-of-the-way place which is really difficult to get to.. Antartica is fairly unpopular.

There’s stacks of other things you may want to choose. However, there’s no use complaining that they’re sending you junkmail, passing your info around if you don’t check/uncheck the boxes which ask you if you want to be contacted about stuff and/or if they can pass your info on to other people “who you may be interested in hearing from…”

Legalities
These can be tricky and vary from Country to Country, and even State to State. Worse still, some large companies collect and store information on a machine in a country where the rules on information gathering are most lenient. So, whilst it may be against the law for a company to collect information about you in YOUR Country, it may be perfectly legal in the Country where the Database and website live.

Also, when a company actually HAS your information it can be fairly difficult to make them relinquish it. The legalities of whose information it now is become a bit complex here. So, back to basics, the best approach is not to supply the information in the first place.

Supplying False information might void warranties and registrations, and make you suffer anything else the Company with the dud information may want to do to you to punish you. If you’re going to provide false information, you may want to choose what info is false and what is not.

You may want to fill out the information in your browser’s Identity form so that it supplies this dud info by default. But Remember, you’re doing it at your own risk.

ALSO REMEMBER:

I AM HELGA H HELGASSON FROM STOCKHOLM, SWEDEN.
I DRIVE A VERY OLD VOLVO.
I AM 71, AND UNEMPLOYED
I EARN 3,000 POTATOES A YEAR
IN THE PAST YEAR I SPENT $400 ON COMPUTING ACCESSORIES/VIDEOS/DVDS/WHATEVER
I DO NOT INTEND TO PURCHASE ANYTHING IN THE NEXT 12 MONTHS
I HEARD ABOUT YOUR SITE FROM A SEARCH FORM.
I WAS SEARCHING FOR “NOSEY COMPANIES”

IF that fails, I MAY ALSO BE:

BOB B BOBSON, In prison, earn $2,000 a year, don’t have a computer.
FRED F FREDSON, artist, am on welfare
etc…

Final Note
I know it sounds like I think the Internet’s a den of iniquity. It’s not, it’s a mixed bag of people, some exceptionally neat and some exceptionally nasty.

The best approach I can suggest is to just be cautious. It doesn’t cost anything to be cautious about who you’re dealing with, and it may save you some hassle in the long run.

Take Care and
stay Anonymous !