Protecting your privacy on the internet
- What is the Internet?
- Privacy threats on the web
This article is for those who are relatively new to the Internet. If you are an experienced Internet user who is aware of privacy risks involved then you probably don't need to read this.
The Internet is a network which has much to offer but you can give away a lot of information about yourself if you are not careful. This may not worry you but if it does read on. It's important to realise that the Internet is international and largely unregulated. This means that the laws of any one country don't usually apply to Internet activities originating in other countries. If you suffer a privacy invasion via the Internet the Privacy Commissioner will only be able to help you if the matter involves an organisation or agency subject to the Privacy Act.
The Internet is a global network connecting a vast number of computers, computer programs and a massive amount of information. Most of us access the Internet via the telephone network. There are a lot of technical details about how the Internet works that you probably don't need to understand. You've possibly heard the phrase TCP/IP bandied about. TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of protocols (or rules) that define how information is transmitted across the Internet. TCP and IP are also protocols in their own right.
- The World Wide Web
- Electronic mail
- News groups and mailing lists
- Internet relay chat
The World Wide Web (WWW or the web)
If you are reading this on the Privacy Commissioner's web site then you are using a browser to access the web. The language used to mark-up or prepare material for the web is called HyperText Mark-up Language (HTML). HTML documents contain the blueprints for displaying a web page. The HyperText Transfer Protocol (HTTP) allows web sites and your web browser to communicate and exchange documents, pictures and sound. Individuals, companies and governments set up websites which can be viewed with browsers. Companies, universities, libraries and some government organisations, sometimes called Internet Service Providers (ISPs), have set up systems of computers called web servers which contain (or host) these websites.
E-mail allows you to send text messages anywhere in the world usually for the price of a local phone call. When you open an account with an ISP you generally get an e-mail address which people can send e-mail to. To send e-mail to other parties you need to know their e-mail address. You may also be able to attach images or sound files to your e-mail messages.
News groups and mailing lists are generally public forums and are usually subject or topic based. The underlying system that supports these forums is e-mail based.
Usenet and Bitnet are collections of news groups. The Usenet is one of the oldest parts of the Internet and evolved from Bulletin Boards. There are thousands of Usenet groups. If you send a message to a Usenet group then potentially anyone with Internet access can read it.
Listserv and majordomo are examples of mailing list computer programs. Mailing lists are a bit different to news groups in that any message sent to the list is forwarded to all the other people who have subscribed to that list.
This is a form of Internet communication which takes place in real-time. There are subject related chat groups similar to discussion groups but the communication is much more interactive with individuals responding and replying to each other's messages in real-time. IRC also provides less formal forums called chat rooms. IRC is usually text based but real-time voice and image based chat systems are also emerging.
When you are surfing the web you may think you are anonymous, but there are various ways that information about you or your activities can be collected without your knowledge or consent:
- There may already be information about you published on the web
- Downloading freeware or shareware
- Search engines
- Electronic commerce
- E-mail and cryptography
- Dangers of Internet Relay Chat
Why are cookies used? Generally, for those of us that access the Internet through a public ISP, each request we make to a website cannot be linked to a previous request, as each request does not contain a permanent unique identifier. Cookies allow website operators to assign a unique permanent identifier to a computer which can be used to associate the requests made to the website from that computer.
Cookies indicate to a website that you have been there before and can be used to record what parts of a website you visit. While cookies in themselves may not identify you, in the way a name or address does, a cookie could potentially be linked with other identifying information. For example, if you provide extra information about yourself to the website by buying something on-line or subscribing to a free service, then the cookies can be used to build up a profile of your buying habits and what you are interested in. They can then be used to tailor banner advertising to your interests.
Many web surfers object strongly to cookies as they feel that they invade their hard drive without their permission. There are various things you can do to combat cookies if you distrust them, these include:
- Setting the browser cookie file to be Read Only. Whether you can do this or not may depend on what sort of Operating System (OS) or browser you are using. But if you can do this then the cookies will only last for as long as your browser is running.
- Set up your computer to delete the cookies file whenever you start your browser.
- Many browsers allow you to set them up so that you are notified when a cookie is to be written to your computer. However there may be instances where there are so many cookies that it becomes annoying to reject them all.
- There are many software products you can get which will reject or manage cookies for you, these include Cookie Crusher, Cookie Pal and Cookie Cruncher.
When you access a web page from a website, the website expects you to provide certain information so that it can provide the page you request. The HyperText transfer protocol (HTTP) is the set of rules that websites and browsers follow in order to communicate. One obvious piece of information the website will require is what page you want to look at. The technical term for the location of this page is the Uniform Resource Locator (URL). http://www.privacy.gov.au is the URL for the Privacy Commissioner's home page.
There are various aspects of HTTP which may allow your surfing activities to be tracked. Other information which may be sent whenever you request a web page includes your e-mail address and the last web page you looked at. Whether this information is transmitted is dependant on whether your browser supports these options and whether you have got your browser configured with your e-mail address. You can visit http://www.uiuc.edu/cgi-bin/info to check out what information your browser is sending with each web page request.
The most widely used browsers are the various versions of Netscape Navigator and Communicator and Microsoft Internet Explorer. Other less widely used browsers include Mosaic, which was one of the original browsers and Lynx which is a text based browser. There have been many reports of security bugs in browsers which can allow hackers and websites to access your personal information while you are surfing the web. Netscape and Microsoft often provide fixes for these bugs soon after they become aware of them, these can be downloaded from their websites. It's difficult to assess the risk to your personal information of using any particular browser, but it may be wise to keep up to date with news about security bugs.
Governments, schools, businesses and other organisations may have already collected personal information about you. Information collected by governments is sometimes publicly available in the form of Public Registers. The Electoral Roll, and the Telephone Directory are Public Registers. Your school, university or employer may publish your name or other information about you. Much personal information which is publicly available has been collected and combined into databases by web based companies which then sell this information to businesses or individuals. Comprehensive and sometimes inaccurate profiles of individuals can be derived by combining information from many sources.
As there is little or no law anywhere in the world governing this sort of activity there's not much you can do about it, but at least you can be aware of it.
There is a lot of free and cheap software available for download on the Internet. It may be difficult to avoid using freeware and shareware as much of this software underpins the Internet (some popular web server applications are free as are the two most popular browsers, Netscape Navigator and Microsoft Explorer). However, it may be prudent to keep track of information about freeware and shareware and only use the software that is widely used and has a good reputation.
These are web-based software tools that allow you to search for information on the Internet. Some of the most well known ones are Google, Yahoo, Alta Vista, Hotbot, Excite, Infoseek and Web-Crawler. Many of these offer facilities to search for people. If your name appears somewhere on the Internet then these search engines can find it. Your name may be associated with other information about you so it may be possible for anyone using search engines to find out quite a bit about you. Some search engines also allow the searching of news groups for postings associated with an e-mail address.
If you buy something from a commercial web site you will probably have to use a credit card. This means you will be transmitting your credit card number over the Internet. Many people are doing this but a lot of others don't think it's safe.
Currently a widely used security system is Secure Socket Layer (SSL) which is built into the major browsers. In Australia most web browsers use 40 bit encryption. While SSL may provide protection during the transmission of Credit Card numbers there are also concerns about the secure storage of Credit Card numbers. There have been instances where hackers have stolen lists of Credit Card numbers from ISPs and commercial web sites.
Governments and businesses are keen to encourage Electronic Commerce but there is some resistance by consumers due to concerns about security and privacy. Currently Internet businesses seem to require you to provide more personal information than you would for over the counter purchases. Many people are concerned that this information will then be re-used for another purpose or sold to direct marketers.
How you set up your e-mail address may affect your privacy. Like street addresses e-mail addresses are essentially locators, but they locate you in cyberspace rather than real space. The format of an e-mail address is A@B.C.D, where A is your name or handle, B is usually your Internet Service Provider (ISP) or the organisation you work for, C and D are called domains. The C domain may refer to your area of work or activity. For example if you worked for the Government then this would probably be .gov. Many commercial ISPs use either .com or .net. D is the country domain, for Australia this is .au. So an e-mail address for someone who works for the Office of the Privacy Commissioner might be FredNirks@privacy.gov.au. If Fred had a private e-mail account with the ISP Ozemail his private e-mail address might be email@example.com. If Fred wanted a more private e-mail address he may use a handle or nym (from pseudonym) such as firstname.lastname@example.org.
The advantage of using a nym is that you can then only reveal your identity to who you want to know it. If you go to the trouble of using a nym you should be careful to set up your e-mail application (this may be part of your browser or a stand alone e-mail application like Eudora) so that the name and identity fields are left blank. Otherwise this information may be included in your e-mail.
If you want to use a nym it is important to use an ISP that has disabled the Finger utility. If this is not disabled then anyone may be able to use your e-mail address to find out your name and other information about you.
E-mail is more like a post card than a letter in an envelope. Anyone who intercepts your e-mail can read it if it's sent as plain text. This may not matter to you but if you would prefer your e-mail to be readable only by those you send it to then you might consider encrypting it. PGP (Pretty Good Privacy) is a popular and free program that uses cryptographic techniques to protect information. The way it works is a bit complicated. If you want to know more about how PGP works then read one of our other documents titled Cryptography and Pretty Good Privacy (Download in or PDF).
Cryptographic techniques also offer mechanisms for emulating signatures on electronic documents. Digital signatures, as they are known, are generally based on public key cryptographic methods. In 1996 Standards Australia released a document titled Strategies for the implementation of a Public Key Authentication Framework (PKAF) in Australia. Late in 1997 the Minister for Communications, the Information Economy and the Arts announced that the Government has agreed to facilitate the creation of a new peak body, which will oversee the development of a national system for on-line authentication. It is likely that the support structures for these initiatives will require the collection of personal identifying information.
Spam is junk e-mail. Many people who have purchased something over the Internet or have their e-mail address published on a website or have subscribed to a news service or who have participated in news groups or mailing lists, get spam. This is because these public sources can be harvested for e-mail addresses. Some ISPs and other Internet businesses have sold lists of their customer's e-mail addresses to spammers. This is now considered to be very bad form. Spammers have been known to use programs to randomly generate e-mail addresses.
Spam has become so prevalent that it can compromise and slow down the whole network. There is now a big anti-spam movement and there are various spam filters you can get to filter out and delete spam. Unfortunately, spam persists. It's an unfortunate fact that if you participate in discussion groups or subscribe to news services then you will probably get spam. The fact that spam is a use of your e-mail address for a purpose that you don't agree to and that you are actually paying for the delivery of the spam makes it particularly annoying.
Spam is now illegal in Australia. New Australian legislation relating to spam - the Spam Act, 2003 - came into effect on 10 April 2004. It is now illegal to send, or cause to be sent, 'unsolicited commercial electronic messages'. The Spam Act is enforced by the Australian Communications Authority (ACA). To report spam, or for information on the Spam Act, spam reduction, and internet security tips visit http://www.acma.gov.au/ACMAINTER.1048806:STANDARD::pc=PC_2008
Chat groups have become very popular. As they operate in real-time they are similar to telephone party lines. Many people who participate in chat groups use nyms or handles, so you don't really know who you are chatting with or even their gender. Some people have established relationships on chat groups which they have continued in real life. However, it is important to note that your personal safety may be at risk, if you meet people from chat rooms, otherwise unknown to you.