On the off-chance that it hasn't dawned on you, the Web is not the safest place in the world. Viruses are everywhere, hackers are lurking, identity theft is on the rise, commerical sites are pinging your computer on a constant basis without you knowing it, companies compiling your "digital identity" in their databases every time you go to the grocery store or buy jeans, underwear, and books,...and the Government is announcing that supercomputers and programs like Carnivore can read millions of e-mails in seconds, whether you like it or not.
What can you do to protect yourself, your computer, your privacy? There are some downloads which will help enormously. Some are independent, that is, they keep watch for you. Some you will have to actively use to protect yourself. Your privacy and your security are your responsibilities. No one can do it for you.
-
Are you worried about any of this?
- The First Thing to Do: The first thing you can do is goto EFF: The Electronic Frontiers Foundation, an organization concerned with electronic privacy and free speech on the Net, to learn about all these issues. Goto their Top Twelve Ways to Protect Your Privacy.
The Second Thing to Do: Goto ZDTV and make use of their information on all aspects of computing and the web, including ZDTV News and ZDTV Cybercrime. You can also take advantage of their Security Scanner , which will check your system for security holes, Trojan horses, and the latest viruses--including popular variants of Stages and Love Bug.
And in a perfect example of the right hand not knowing what the left hand is doing, the Federal Trade Commission will provide you with the ability to find out what various people, including credit reporting agencies like Equifax (1-800-525-6285), Experian (1-888-EXPERIAN) [They contacted me and told me that it had to have their name instead of the numbers...go figure..must be some kind of capitalist thing...That's a joke Ms. Dalby 
. For the actual numbers...1-888-397-3742] and their OptOut List, and TransUnion (1-800-680-7289), know, or think they know, about you. Check it out people! Something like 40% of all credit reports are incorrect in major ways!!! Make them shape up and treat you like a real human being.
-
Identity Theft:
- Things to Do: Be cautious! Above all! Don't give private information about yourself out over the Net. If you are asked to fill in information for a product survey or anything you are not sure about -- and some things you may be sure about, but don't want to deal with -- LIE!!! Make up an name! Tell them you are Alfred E. Neuman (my favorite email address is: AENeuman@madmag.com), Jim Morrison (try" LizardKing@MorrisonHotel.com), Emelia Earhardt, Hillary Clinton, Richard Milhouse Nixon!!! It isn't like the computer knows, for goodness sake. And who in the hell said it was any of their business, anyway?!
And don't give out your address, phone number, Social Security Number, or credit card number over the Net carelessly. Best not to give them away at all. Second best, if you are buying on-line, deal only with reputable companies, who are using Secured Servers, with industry standard, commercial grade (or better yet, military grade encryption or PGP). Read their Privacy Policies. If you don't like what you see, don't buy. Or take the option of calling in your credit card over a land-line telephone (Not a portable phone or a cell phone, bozo. They work on radio frequencies that can be intercepted. Remember poor Prince Charles....). If they are a reputable company, they will have an option which allows this.
-
What impact will the So-Called "Patriot Act" have on your privacy, both on-line and off-line?
- Where to get information.
Go to The Electronic Frontier Foundation, for their analysis of the impact of the Patriot Act on your privacy.
You can also go to The Center for Constitutional Rights, The American Civil Liberties Union Freedom Network, or their take on what this does for the CIA, or the American Libraries Association
-
Do you really want people to know you are on-line? To know what you are doing or where your computer is located? Hackers or Commerical Sites "pinging" your computer for information on you and what you are doing?:
- Things to Do: You would be surprised at the number of people trying to get access to your computer while you are on-line (for instance, I have been "pinged" seventeen times tonight!), without you even knowing it is going on.
There is a solution! Goto Zone Labs, who have offered as freeware, a program called ZoneAlarm, which blocks outside access to your computer, unless you authorize it, will notify you if someone "pings" you while you are on-line, while letting you appear as if you are not there. Essentially, it creates a firewall between you and the Net; this is a Good Thing. You are in "stealth mode"!!! No one can see you!!! This is a Good Thing!!!
It will also ask you which of your programs should have outside access to the Net, an advantage if you do get a virus, since it will trap it on your computer and not allow further contamination and infection using your computer as a jumping-off point. Your friends will thank you. This Free program is recommended by ZDTV as indispensible!! GET IT NOW!!! OR REGRET IT LATER!!!
Review on ZDNET: "ZoneAlarm is an easy-to-use Internet security utility that sets up a personal firewall that's particularly well suited to DSL and cable modem users. Computers with such an always-on connection have a permanent IP address, making them especially vulnerable to information theft and other attacks. ZoneAlarm lets you select one of three security levels to separately apply to local and Internet traffic. In addition, you can designate which programs on your computer are allowed to access the Internet. Anytime an event occurs that ZoneAlarm blocks, you're notified with a pop-up window that details the offense and asks how to respond to future occurrences. The program also provides integrated protection against VB script email attachments. Its system-tray icon even provides a handy menu that enables you to disable all Internet activity with a mouse click. You can also set this "lock up" to activate automatically after a selected period of inactivity or whenever your screen saver activates. Detailed logging of all activity is maintained. The program is free for personal use."
Addendum: If you are using a dial-up connection (modem), you are probably at a much lower level of danger than someone using a cable modem or a DSL connection. With a dial-up modem, you are essentially a moving target, on-again, off-again, with a different IP address every time. That is the way dial-ups work. So you are mucher harder to track by anyone interested in looking for vulnerable machines. If you are on a cable modem or DSL, you are no longer a moving target. Since you are "contantly on", you have become something resembling a sitting duck. You might want to pause a moment and think....yes, a dial-up is slower and a cable modem is faster, but you are more vulnerable. You might want to change a bit of speed for some security. What's a few more seconds, after all? If you don't want to do this, then do download and use Zone Labs. You need it even more than the dial-ups do.
-
You don't want people reading your e-mail? Tell them where to get off!! And tell them NOW !!!
- Things to do: Most browsers provide you with encryption for e-mail. For instance, I regularly use Pegasus, a freeware e-mail system which I happen to think, IMHO, is as good as it gets. It has a pretty damn good encrytion system built in, and you can enhance it with downloads of third party plug-ins. A number of these use either military grade encryption or PGP.
- QDPGP: Developed by Gerard Thomas, this is the premier 32-bit encryption plugin for Pegasus Mail, and the only one currently officially certified by the developer of Pegasus Mail itself. With support for all major versions of PGP and for a variety of other encryption and security concepts, QDPGP offers the most complete and well-integrated encryption component available for Pegasus Mail. Requires any 32-bit version of Pegasus Mail v3.0 or later.
- PGP-JN: Developed by John Navas, this module provides support for PGP v2.6 for the 16-bit version of Pegasus Mail.
- PMPGP: Created by Michael in der Wiesche, PMPGP provides an alternative to QDPGP for 32-bit versions of Pegasus Mail, with excellent support for the full gamut of PGP functions, and an optional interface and documentation in German.
- Invincible Mail : an encryptor compatible with PGP 2.6.x. Currently available for the USA and Canada only; a download site for the rest of the world should be available soon.
- RPK Invisimail: a new encryptor, based on a (relatively) new public-key encryption method called RPK. Download sites all over the world are available; for details of the encryption algorithm itself, see the RPK Public Key Cryptography web site
You can also use PGP by a cut-and-paste, to the text screen prior to sending the e-mail.
Better yet, and maybe best of all, get PGP: Pretty Good Privacy a freeware download from MIT, developed by the crypto-genius Phil Zimmerman.
PGP is the world's defacto standard for email encryption and authentication
PGP® or Pretty Good Privacy® is a powerful cryptographic product family that enables people to securely exchange messages, and to secure files, disk volumes and network connections with both privacy and strong authentication. Privacy means that only the intended recipient of a message can read it. By providing the ability to encrypt messages, PGP provides protection against anyone eavesdropping on the network. Even if the information is intercepted, it is completely unreadable to the snooper. Authentication identifies the origin of the information, certainty that it is authentic, and that it has not been altered. Authentication also provides an extremely valuable tool in network security: verification of the identity of an individual. In addition to secure messaging, PGP also provides secure data storage, enabling you to encrypt files stored on your computer. Version 6.5.2 also includes PGPnet - a powerful VPN client which enables secure peer-to-peer IP-based network connections - and Self-Decrypting Archives (SDAs) which allow you to exchange information securely even with those who do not have PGP.
In response to demands for algorithm independence, v. 5.0 uses the DSS/Diffie-Hellman algorithm (the ElGamal version of Diffie-Hellman). The PGP implementation of DSS/Diffie-Hellman is more flexible and extensible than the older RSA key pairs. Version 5 does not have the ability to generate RSA key pairs. Version 6.5.1 also introduces PGPnet - a powerful VPN client which enables secure peer-to-peer IP-based network connections - and Self-Decrypting Archives (SDAs) which allow you to exchange information securely even with those who do not have PGP. It is now in version 6.5.3
People, we will all be dead, or at least so old it won't matter, before the government or anyone else can decrypt PGP. It works with most of the best known e-mail programs, and if you have one not listed on the MIT page, you can cut-and-paste.
If you are running a LINUX-box, goto NAI for advisory updates on LINUX 5.0 releases and the predictability of weak public keys.
It you are running a BeBox or BeOS as your operating system, I don't know if PGP has been ported to BeOS. Contact them to see. In the meantime, if you are running Windows and BeOS on the same box, and you want secure e-mail, send it from your Windows platform. See, there is something to thank Bill Gates for....
You don't need full-blown encryption? But you would like something to lock up things on your computer from the casual peeker? Then down load Skinny Zipper v2.1, a freeware compression and encryption program of just over 673k, which uses the Blowfish encryption algorithim. "Its small dialog box, which is always on top, provides two distinct areas to accept drag-and-dropped files to process. Select a destination folder and enter a file name before dropping files onto the 'Zip' drop zone. You can store path information, password protect your ZIP file and securely wipe the original files from your hard drive. Skinny Zipper even creates self-extracting ZIPs with the greatest of ease. Enter a password before dropping one or more files into the 'Encrypt' drop zone to apply Blowfish encryption and optionally wipe the originals. Skinny Zipper comes with all the basics to address your day-to-day needs, including command line support. It's very easy to use." Ziff Davis has plenty of freeware and shareware security programs to full your needs. Check it out. You don't even want people to know where your mail is coming from? Then use an anonymous remailer. Or you don't want people watching you browse? Use something like Anonymizer which provides anonymous web-surfing services.
PGP is secure, but do you want real-time voice or text communications?:
If you want real-time communications, and don't mind typing, then get one or more of the instant messenging services available. It is as private as it gets. There is no way that the government or anyone else can track it or decipher it. It is reasonably secrue and private communications on the net. This only problem is lack of cross-platform compatibility (AOL won't allow MSN people to see AOL people and vice versa. Push for open standards.) We have a Chat Room set up on the History Department Webpage, which other people will be using. But check it out. See how it works. Then download an instant messenging service, get your friends and family to do the same, then use it!!!! AOL AIM Messenger MSN Messenging Service AT and T IMHERE Service Yahoo! Messenger ICQ Instant Messenger If you have a netcam, and they are increasingly less expensive people, you can use Microsoft Netmeeting for real-time voice and visual communications. It comes with your computer. Think about using it. Possible drawback for privacy: it all goes through a central server.A great program for video mail is VideoMail, from Australia, where they do a lot of really GOOD work. Check it out!! It records videos, compresses them, and then sends them to your intended "target". Most browsers recognize it immediately. It plays in RealPlayer, and you can download a freeware version of this. Be careful how it affects your system. Don't download everything they offer. Minimalist is best.
And what about your Hard disk (floppy disk) when you erase it? You don't really think it actually erases everything, do you? Got news for you, it only changes the address block; most of the data is still there for anyone with the software to reconstruct and read.:
Or download BC Wipe, from Ziff-Davis software archives to remove sensitive data from your computer? Wnen you "delete" a file, it doesn't actually erase it. It only takes out the location references. Any good disk utility program can restore it. What you really want do is "slash-and-burn". "This freeware tool hooks into the Explorer right-click context menu to enable you to get rid of data permanently. Files and folders can be wiped clean and deleted with just a few clicks. Two main modes of wiping are provided: Normal standard wiping (in which you may define the number of passes) and U.S. Department of Defense seven-pass, extended-character, rotation wiping. BCWipe also lets you clean all free space on your hard drive(s), shred the contents of the Windows swap file, and view a file before you remove it." (ZDTV Review)When it gets though with your hard-disk or floppy, not even God could read it. Go for it people!! There is no excuse!
SPAM? Funny when Monty Python does it. Not so funny when you are spammed. Is there a solution?
People spying on you when you download?
Perhaps you don't mind being watched and tracked as you move around the Internet. The idea seems extremely invasive to me. The companies hide the information that they are watching you deep in the license agreement, hardly an attempt to warn you. " (ZDTV newstory) If you don't want this done to you, don't use these programs. Or better yet, get a spyware program such as OptOut, which will detect and stop such spying.
Try Spyblocker Many Web sites have ads that are distracting and a drain on bandwidth. Some sites send cookies and other (Trojans and web-bugs, etc.) files to your computer. Still others acquire information about you, your machine, and your browsing habits by using single-pixel Web bugs and other methods.
SpyBlocker monitors this type of Web activity and allows users to control or block the ads and tracking systems. But SpyBlocker goes one step further. SpyBlocker strips ads out of ad-supported software, disabling the ad module and tracking capabilities without disabling the functionality of the program. (From the ZDNet Website)
Sick of Web Bugs? Try Bugnosis, from the Privacy Foundation Org. Did you know that as you head to different sites, so-called "Web bugs" on Web pages can help track your activities? These Web bugs are invisible graphics that can be used to track what you do on a site. They can gather all kinds of information about you, including your IP address. Bugnosis will alert you whenever you visit a page with a Web bug on it. In some cases, it can even give you an email address on the site to complain about the Web bug.
"When installed, the Bugnosis software monitors the Web pages and e-mail viewed on that computer and makes its analysis available to the user of that computer. Bugnosis does not transmit this information over the network or otherwise automatically store the information, for example, on disk files. However, the user may choose to manually save the information by selecting 'Save,' 'Send to,' 'Print,' etc. "Bugnosis partially relies upon an internal, evolving database regarding certain businesses and their privacy practices. In order to keep this information up to date, Bugnosis will periodically ask users if they wish to download new settings from the Bugnosis Web site. This reminder can be disabled through the Bugnosis options pages. When a user downloads new settings, the Bugnosis site will receive a record of the user's computer contacting the Bugnosis site, indicating the requesting computer's IP address and the time of the request (as is typical with most Web transactions). We may use this information to investigate a software, security, or legal problem, but under ordinary circumstances the information will not be used.
"Bugnosis attempts to reveal the presence of Web bugs, but makes no claim about their purpose. For example, Bugnosis may identify a Web site hit counter as a Web bug."
Note: Bugnosis currently does not work with Internet Explorer 6.0 beta.
Sick of Cookies? Cookie Pal. Cookie Pal is a complete Internet cookie management system for Windows 95/98/Me. It lets you automatically accept or reject Internet cookies from all sites or just from sites you specify, without the need to click on the Web browser's Cookie Alert messages. Cookie Pal also allows you to view and delete existing cookies on your system.
In version 1.6c, Copernic replaces Napster as the default program to monitor for cookies, and the maximum number of modules that Cookie Pal can monitor has been increased from 30 to 40. This version also includes bug fixes.
Viruses, Trojan Horses, Worms, and assorted Nasties:
First, don't open e-mail attachments!!! Even if they appear to be from your mother or lover(s) or best friend, unless you know in advance something is coming. Many viruses troll e-mail address books and send out the virus as an attachment to an address which appears to be someone you know or who know you and is sending you . Again, don't open attachments!!! Trash them!!!
Second, get a decent anti-virus program, such as Norton Anti-Virus, or MacAfee Virus Scan. There is a program that we used at the ETSU for years and which is now in a Windows version, F-Prot , which is REALLY GREAT!! Third, scan your hard disk on a regular basis, once a month, every two weeks. And make sure your anti-virus program is as current as possible, with regular downloads of updated files. It is worth the time, if it saves your disk from being whacked. Fourth, try setting your e-mail options so that you cannot receive really hugh files. If you are expecting video mail, then you may have to keep it high (several hundred K), but it not, reduce it down to, something approximating the size of your average e-mail received. See if that works for everyone sending you mail, and then go from there. Fourth, Goto The Virus Information Center for up-to-the-minute information on viruses and associated sorts of things. You want to be able to trade information (text, music, political propaganda, etc.) without Big Brother or Big Business breathing down you neck or trying to put your server (a la Napster) out of business?:
From their FAQ Page: "The “Freenet” project aims to create an information publication system similar to the World Wide Web (but with several major advantages over it) based on the protocol described in Ian Clarke's paper A Distributed Decentralised Information Storage and Retrieval System. Information can be inserted into the system associated with a "key" (normally some form of description of the information such as "/text/philosophy/sun tzu/the art of war"). Later anyone else can retrieve the information using the appropriate key. In this respect it is a little like the World Wide Web which requires a URL to retrieve a particular document.
Unlike the Web, information on Freenet is not stored at fixed locations or subject to any kind of centralized control. Freenet is a single world-wide information store that stores, caches, and distributes the information based on demand. This allows Freenet to be more efficient at some functions than the Web, and also allows information to be published and read without fear of censorship because individual documents cannot be traced to their source or even to where they are physically stored. To participate in this system users will simply need to run a piece of server software on their computer, and optionally use a client program to insert and remove information from the system. Anyone can write a client (or indeed a server) program for Freenet, which is based on an open protocol. Reference implementations of these programs are being written in the Java programming language.
You can find lots of file-sharing alternatives to Napster at C-Net. This includes such programs as:
Tired of Direct Marketing Phone Calls?
People can also register their telephone numbers on the "Do Not Call" list via mail by writing the agency at 460 James Robertson Parkway, Nashville, TN, 37243, or via the Internet at http://www2.state.tn.us/tra/nocall.htm. Telemarketers face legal penalties for calling numbers that are listed on the registry.
For those who are tired of having their mailboxes crammed with pre-approved credit card applications or other unwanted promotions, contact the three major credit bureaus and notify them that you do not want personal information about you shared for promotional purposes. Write a letter to each of the three bureaus: Equifax Inc., Options, PO Box 740123, Atlanta, GA, 30374-0123; Experian, Consumer Opt-Out, 701 Experian Parkway, Allen, TX, 75013; and Trans Union, Marketing List Opt Out, PO Box 97238, Jackson, MS, 39288-7328.
In addition, the Direct Marketing Association offers the Mail and Telephone Preference Services, which allow people to reduce the amount of direct mail marketing and telemarketing they receive from many national companies for five years. To reduce direct-mail marketing, write a letter to the Direct Marketing Association, Mail Preference Service, PO Box 9008, Farmingdale, NY, 11735-9008. To reduce telemarketing, write a letter to the Direct Marketing Association, Telephone Preference Service, PO Box 9014, Farmingdale, NY, 11735-9014.
When people register with these services, their names will be put on a "delete" file. Registration with these services, however, will not stop mailings or phone calls from organizations not registered with the DMA’s Mail and Telephone Preference Services.
The DMA also recently launched a new E-Mail Preference Service to help people reduce unsolicited commercial e-mails, or spam. To "opt-out" of receiving unsolicited commercial e-mail, use the Direct Marketing Association’s on-line form at www.e-mps.org. The request will remain effective for one year.
America On-line, the largest Internet service provider in the world, estimates that as much as 30 percent of its e-mail traffic is spam, with more than 60 percent of that spam advertising pornography, get-rich-quick schemes and fraudulent offers. As much as 10 percent of a customer’s ISP fee is dedicated to fighting spam, analysts estimate.
Complaints concerning unsolicited mail, telemarketing or e-mail can be filed with the Federal Trade Commission by contacting the Consumer Response Center by phone: toll-free at 1-877-382-4357; TDD: 202-326-2502; by mail: Consumer Response Center, Federal Trade Commission, 600 Pennsylvania Ave., NW, Washington, DC, 20580; or through the Internet at www.ftc.gov by using the on-line complaint form.
WE WILL BE POSTING MORE, LATER.
Your questions and suggestions are welcome. Please include your e-mail address so that we can contact you directly.
Last updated: Ides of September, 2002