WordType Designs
Driven To Distractions©
The Sound of One Hand Clapping©

A rchive Date
[ 11-10-2000 ]
Category
[ International Relations ]
sub-Categoy
[ WWW ]
      [http://www.msnbc.com/news/473880.asp

      Tinker, Tailor, Software, Spy
      Privacy: Technology is creating ever more subtle ways for e - commerce firms to know you. How about ‘Web bugs,’ on - screen dots that act as tiny transmitters?
      By Erik Sherman

      October 16 issue - It was last January that Steve Gibson realized someone was watching his every online move. Sitting in his home office, surrounded by computers and monitors, he was trying a new PC security product when it flashed a warning that an unfamiliar - sounding application wanted to use his Internet connection.

      “WHAT THE HECK IS THAT?” wondered Gibson. Head of Gibson Research in Laguna Hills, Calif., and a long - time PC guru, he didn’t remember installing the program. Some software vendor had saved him the trouble. The program, placed on his PC as part of some software application, was an example of “spyware”: programs used by e - commerce companies to track consumers online, typically without their knowledge.

      Gathering information on potential customers is a decades - old, multibillion - dollar business. Companies have always wanted personal data for more efficient marketing. What the Internet offers is a new wealth of detail about users, says Rick Jackson, president of Privada, Inc., a provider of anonymous Web services, who had been vice president of marketing at an e - commerce firm. “Literally we wanted to know how much time you spent on which URL, what you clicked on,” says Jackson. “Everything you did we wanted to track, store, profile and [examine]... If we knew you received NEWSWEEK magazine, we knew something about you. If we stood behind you and watched what you read, we knew a lot more. Guess what? That’s possible on the Web.”

      That’s where spyware comes in. ”[Marketers] put applications on your machines - and there are a million ways of doing that - that listen to your confidential traffic, steal your data and send it out,” says Gregor Freund, president of Zone Labs, Inc., a San Francisco company that makes security software. “You give all these applications a key to your computer. It’s equivalent to giving out the key to your house,” says Freund.

      Why would someone agree to such monitoring? Many applications, including well - known names like Corel’s WordPerfect, offer consumers “free” use of the software in return for watching advertisements. The ads are usually delivered by a third - party ad - management company - Conducent, Inc., of Sterling, Va., for example, works with Corel and 400 other applications and claims installations on more than 12.5 million desktops. Surfing habits become fodder for the personal dossier, also information, such as marital status, age and profession, that may be required to use the free software.

      Many Web sites use cookies, small files stored on a user’s hard drive by a Web site, often for useful purposes like saving user passwords. But cookies can do far more.

      Companies like DoubleClick, an online - marketing firm, store unique IDs in cookies to track a user’s movements through the Web, as well as the banners on which they click. The data go into profiles used for ad delivery. DoubleClick says that the data it gets from ads don’t identify a person, but acknowledges that they can be combined with information that does.

      In addition, Web sites on which the ads appear may track a person’s movements and share the results with DoubleClick. “They’re using triangulation,” says Austin Hill, president of Zero-Knowledge Systems, Inc., a Montreal Internet - anonymity firm. “They take one piece of data at one site and combine it with another piece of data at another site. Using small amounts of data submitted innocuously at different sites, they can go out and get much more information.”

      Unexpected places can extract those bits of information. Many sweepstakes sites exist primarily so their owners can require personal information from those registering to win a prize. According to Hill, some sweepstakes sites either have or are affiliated with search engines. “There’s no clear language that says when you give up your data, you’re making it possible to match all of your searches [on Excite.com] with your personal information,” Hill says.

      A particularly insidious innovation is the Web bug.

      In this technology, a Web page contains an image file that is one pixel by one pixel, a dot so small as to be invisible on your screen when you call up the page. With the right programming, one of these bugs can track your Web use. Turning off the cookies in your browser has no effect. “The Web bugs are becoming quite a big concern. Once they’re hidden and you put them on any page and connected to a server that can pick up the IP address, no matter where you go on the Internet, they can [follow],” says R. Lee Heath, who is developing a browser with advanced security features. Last August, the online retailer Toyrus.com severed its relationship with a marketing company when the company’s use of Web bugs came to light.

      Another potential path for capturing information has been applications downloads. According to Gibson, some versions of a number of programs, including Netscape SmartDownload and RealNetworks’ RealDownload, would report back to the software vendor the name of each file downloaded along with a unique user identifier. “They were receiving sufficient information to profile all of my downloading anywhere on the Internet,” says Gibson. They may not use it: both RealNetworks and AOL, which owns Netscape, for example, say they don’t track users, and both plan to eliminate the function from future software versions. Her own company never stored the information, says Keela Robison, a manager in the consumer division of RealNetworks, but she adds that dealing with online companies is a matter of trust. “Do you trust their business model not to include tracking you surreptitiously? A good way to gauge that is to... read their [privacy] policies.”

      Privacy policies are now a target of controversy. Last summer the bankrupt Web retailer Toysmart.com wanted to sell its customer list to help cover debts. The Federal Trade Commission intervened, saying Toysmart was violating its privacy policy, which promised customers that data would never be shared with another party. “The use people will be able to make of that information is right now one of the hot - button issues in electronic commerce,” says Lynn Pasahow, a technology - law attorney with the Palo Alto, Calif., firm of McCutchen Doyle Brown & Enersen. Of course, privacy policies can be ambiguous. “I don’t think consumers have any clue about the types of dossiers being built on them [by many other companies] in the offline world,” says Robison.

      Some companies promise that they use the information only in the aggregate, combined with the data from all users. But Jackson, a veteran of that world, is dubious. “I can’t comment on any particular company,” he says, “but across the industry, I know for a fact that the holy grail has been to pinpoint the individual. Three years ago it was OK to speak at the conferences about how we’re going to get to one - to - one targeting. Now they just talk about it behind closed doors.”

      What is remarkable is that all these invasions are perfectly legal. Online life gets even more complicated when criminal intent comes in: we’re getting familiar with stories about break - ins at e - commerce sites and the resulting theft of information, like the tens of thousands of credit - card numbers taken from CDUniverse.com.

      With broadband technologies, home PCs can have “always on” connections to the Internet, which makes the user even more vulnerable. “If you’re on a DSL or cable - modem connection, especially one of the bigger carriers, you’re going to be scanned [for vulnerability] continuously,” says George Kurtz, CEO of Foundstone, an Irvine, Calif., security consultancy and coauthor of the 1999 book “Hacking Exposed.” Kurtz thinks that many home PCs are scanned upwards of 20 times a day. Once in, someone can look for a Social Security number, which appears on a surprisingly large number of hard drives. That would allow identity theft. Credit - card numbers could allow financial fraud.

      A “cracker,” or criminal hacker, can also work indirectly, placing doctored software in online file - swapping sites where consumers can download it. “What the person may not know is that the program has a hidden purpose,” says Dennis Lee, director of training and research at New York City security firm IFsec. “Its author can come in and activate control over that machine.” One well - known example of such a so - called Trojan horse is Back Orifice. “It can turn on your camera, it can turn on your microphone, it can copy your files and transmit whatever it sees or hears or reads and transmit that back,” says John Thomas, vice president of information insurance at the Averstar Group of Titan Systems Corp. of Burlington, Mass.

      Peer - to - peer programs using technologies like the one Napster is known for may also offer a path for crackers, because they grant a degree of access to the hard drive of the PC on which it is running. “My technical folks tell me that it is not only theoretically possible, but I think I have some folks who may have gotten into a system [before working here] while they were downloading,” says Martial Robichaud, a former FBI agent and now president of Knowledge Sentry, Inc., of Greenville, S.C.

      Whether the prying party is a crook or corporation, there are steps, like installing security software, that can keep people out. But the biggest step is to be skeptical of all “special offers” on the Internet, such as free software. “I hope that people start getting real skeptical over the use of the word ‘free’,” says Steve Gibson. “Why is this free? And what are they doing in return?” Just looking over your shoulder.      

      © 2000 Newsweek, Inc]
      Cross-Indexed:

      New document Icon


Some pages may require Adobe Acrobat Reader


Copyright and Fair Use Information: The contents of this web site is protected by international copyright laws and may not be reproduced in any form or manner whatsoever, if for the purpose of resale or solicitation of a donation. The essays included here, may be reproduced only if: 1)They are not altered in any way; 2) reproductions must be accompanied by this copyright page ; and 3) it is given freely and without charge.
Fair use: The fair use of copyrighted work, including such use by reproduction in copies or phonorecords or by any other means specified in above sections, for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright. In determining whether the use made of a work in any particular case is fair use the factors to be considered include : (1) the purpose and character of the use, including whether the use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole, and; (4) the effect of the use upon the potential market value of the copyrighted work.
Home | About Narrative? |Contact
Copyright © 2025. All Rights Reserved
HAG122125 (1998 -2026)