Take steps to protect PC privacy

February 14, 2002|By Mike Himowitz

If there's a lesson to be learned from the flap over Comcast Cable's short-lived practice of recording its customers' Web browsing habits, it's this: On the Internet, nothing is really private.

This isn't the result of any conspiracy, merely the nature of a system that was designed in the open, by people who wanted an open system. As the Internet becomes more important to our daily lives, we increasingly run into conflicts between our desire for access to the information, ideas and opinions that an open system provides, and our desire to keep what we're doing and thinking safe from prying eyes.

A quick recap: Privacy advocates went through the roof yesterday when the Associated Press reported that Comcast was recording the address of each Web page its customers' PCs requested - without notifying its customers about the tracking. Comcast quickly denied that it did anything wrong but said it stopped collecting the information.

In fact, what Comcast did wasn't very hard and doesn't take much in the way of advanced spying technology. The capacity to record our movements is virtually built into the system.

That's because each computer connected to the Internet - whether it's a huge Web server or an individual PC - has a unique numeric address, which takes the form of four numbers separated by periods, such as 24.153.64.7. This is the scheme that the Internet Protocol uses to pass information along, and it's known as the computer's IP address. The number jumble I just mentioned is the IP address of comcast.net.

Every computer on the Internet can communicate with every other computer by sending packets of data tagged with the recipient's IP address. Your Internet Service Provider assigns your computer an IP address when you log on, so he knows where your computer is. He has to - it's his job. And since your computer is using the ISP to request Web pages from other systems, your service provider by definition knows which pages you're browsing.

The question is what your ISP (or anybody else) does with that information.

First, understand that this data is incredibly valuable - to advertisers, private eyes, lawyers, the FBI, the CIA and virtually anyone else who can benefit by prying into Web surfers' private lives.

When someone keeps track of the Web pages you browse, it's like having an invisible spy standing over your shoulder, recording every item you look at on the supermarket shelf, every book you peruse in the library, every article you read in the paper, every health pamphlet you open, and every article in every magazine you thumb through. It's like opening your mind to a universal Peeping Tom.

There are limits to this prying. For example, no one outside of your home knows exactly who's sitting at a computer when it accesses a particular Web page (unless you give a Web site personal information). And most ISPs don't keep records of an individual computer's Web movements.

Often, they do aggregate the information to help route network information flow - much like highway crews put counters on roadways to document traffic patterns. But highway traffic counters don't keep track of license numbers.

Comcast claimed it was only storing the information linking its customers' IP addresses and Web pages temporarily. Ostensibly, the company is trying to balance the load on its new network and decide what popular Web pages to copy, or "cache" on its own servers to improve response time. But it's hard to say why Comcast needed individual IP addresses to do that.

Even if an ISP promises that it will never sell your Web browsing information to third parties, the problem is that it's stored.

Like e-mail, which has virtually no privacy attached to it, these Web browsing records would be "discoverable," which means they can be subpoenaed in a lawsuit or riffled through by police or federal investigators with a court order. Your ISP doesn't have to fight these requests for information about you, or even notify you if someone wants the information.

That means the only way to protect your privacy when you browse the Web is to make sure your wanderings are never recorded in the first place.

End of sermon.

More security woes

If you use the popular Black Ice Defender firewall to protect your Windows XP or Windows 2000 computer against Internet intruders, stop what you're doing right now and pay a visit to the publisher's site (www.iss.net) to download software to patch a security flaw that could allow outsiders to take over PCs running those versions of the operating system.

The flaw, which allows attackers to overwhelm the software by flooding it with "pings," the Internet's basic identification request, doesn't affect Black Ice running on earlier versions of Windows.

For those who don't use them, firewalls are programs that prevent unwanted or unauthorized "packets" of data from intruding on your system. They block hackers' attempts break into, steal information from, or crash or hijack your computer.

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.