I've been getting quite a few worried calls from family and friends the last few months... they're concerned about how much information they're giving away by browsing the internet. Will they get more junk mail? Will they start getting more phone calls from telemarketers? What do web sites owners know about them?
Everytime you visit a web site, your browser tells that site certain bits of information about you: what kind of computer you have, the web browser you're using, who provides you with internet access, the last page you visited, what page you're asking for, and -- if you are surfing from work -- the name of your company. Its not very personal information and certainly doesn't identify you as much more than a Windows95 user accessing the web through America Online. So what's the big deal?
Well, it turns out there are other ways of finding out more about you.
You could be sent what called a cookie... the web site's computer sends a little bit of data to your computer, which then stores it in a text file on your PC's hard drive. The idea behind cookies is to allow the web site to say, 'welcome back, rich. Last time you were here, you looked at books about computers, here are some other books you might like' or they can allow me to sign onto a web site without constantly re-entering my username and password. Normally, these cookies can only be read by the computer that sent them. If Yahoo sends you a cookie, for example, only Yahoo can read it. And of course you can set your browser to decline cookies automatically... but then those sites might work quite right.
Accepting cookies can become a problem in a work environment. Lets say I let an online store put my username and password in a cookie. Any of my coworkers could theoretically then order products and have them charged to my credit card. Of course, they'd have to also intercept the shipment to the office, but you get the idea.
The data stored in cookies is pretty cryptic. Most places don't store credit card information in them, for example. You can see what's in your Netscape cookie in by opening the file with any word processing program. Its probably called cookies. Microsoft's latest version of Internet Explorer has an even better way... a built-in cookie management system.
Cookies aren't an evil thing, and accepting them isn't necessarily a bad thing. Remember that the reason there is so much free information online is partially because of advertising. The more effective the advertising, the more likely your favorite sites will stick around. That's where this new system called Engage comes in. Sites like GeoCities, Tripod, Lycos and others share information about your web browsing habits with a central database. That database then helps web sites place more relevant advertisements on the sites you visit. The system is set up to protect your privacy since it doesn't store your name or address, and Engage follows the rules set out by privacy organizations. But privacy advocates are split over whether the Engage system is really to be trusted. Luckily, you can tell your browser not to let Engage track your movements.
Privacy is in a pretty sad state these days, mainly thanks to credit reporting agencies and unscrupulous businesses. When any company can grab your driving records, mortgage information, and phone number, package it up and sell it... well, it makes some of the things happening online seem like small potatoes. But the internet is based on a different set of values, values which demand accountability from web site owners. Protecting yourself requires vigilance and activism about things like privacy statements and cookies. If everyone demands a higher standard from online businesses, maybe we can reverse the erosion of our privacy.
----
Big Web Sites to Track Steps of Their Users - New York Times (free registration required)
Engage Removal Process and Privacy Statement
PC World article on privacy
Anonymizer - allows anonymous surfing for a fee
Lucent Personalized Web Assistant