Online companies have assured us that even though they could track user’s actions their identity remained anonymous. Many advertisers have for years placed "cookies" on user computer hard disks. They then could tailor their web pages to each user’s specific needs. However, they assured us that the cookies did not identify the specific user.

Advertisers, in their eagerness to promote their products and services, are finding ways to get around the anonymity of cookies. The most recent stratagem is to have the cookie tell the advertiser the user’s e-mail address. From this they can build a profile on each user of the World Wide Web.

This has become possible via a security hole in most e-mail programs. If you want to see exactly how this is done go to the following web page:

http://www.tiac.net/users/smiths/privacy/cookleak.htm

Briefly, the system works like this. Most e-mail programs can accept HTML code and banner ads as part of e-mail messages. The e-mail programs can also accept cookie that are placed in the user’s cookie file. The sender knows the recipient’s e-mail address and can embed it in the cookie file.

Now, when the user uses his browser to access a web page that looks for cookies it can get the cookie and know the e-mail address of the person viewing the web page. Web marketing companies (Exactis, Digital Impact, and Responsys) have appeared serving many different web advertisers that specialize in this activity . They collect the data and develop a detailed profile of the user’s web browsing activities, which they market to advertisers. The following advertisers are already using this data: Barnes and Noble, eToys, Cooking.com, Microsoft, and InfoBeat.

Junkbusters <www.Junkbusters.com> and several advocacy groups including The Electronic Privacy Information Center <www.epic.org> , the Center for Media Education, Privacy International, Ralph Nader’s Consumer Project on Technology, The Consumer Federation of America and the Electronic Frontier Foundation have petitioned the FTC asking that supplier’s of e-mail programs close this security hole in their programs.

It is interesting to note that in Europe the European Union does not permit companies to collect and transfer personal data to United States data gathering companies.

You can protect your privacy to some extent by sending your e-mail through an anonymous service like the Global Internet Liberty Campaign's W3 Anonymous Remailer <www.gilc.org/speech/anonymous/remailer.html>, or a free Web-based e-mail service like Hotmail <www.hotmail.com> or HushMail <ww.hushmail.com>, which offers encryption-based privacy features that other Web-based e-mail services lack. Both ask for personal information when you create an account, but nothing says that information has to be true.

Another way of protecting youself is to limit your cookies file to contain only the cookies you need to surf the web sites you are interested in. Several shareware programs are available for this purpose and can be downloaded from a number of web sites (e.g. Cookie Crusher and Cookie Pal). If you are using Windows 98 and Internet Explorer you can install a VBScript program to manage cookies.

www.zdnet.com/pcmag/pctech/content/solutions/in1801c.htm

A Web Bug is an HTML graphics tag in a Web page or in an E-mail message that is designed to monitor who is reading the Web page or Email message. Web Bugs are often invisible because they are typically only 1 pixel in size. An example of a GIF image HTML tag that collects data on the http:www.quicken.com web page can be found at: http://www.tiac.net/users/smiths/privacy/wbfaq.htm

The tag sends the user’s IP address (in the case of users of Cable modem, DSL, etc.) which tells the advertisers exactly who the user is. It also includes the time the page was viewed, the browser used, and the information in a previously set cookie value. The following companies are already reported to be using the Web Bug technique: Quicken, FedEx, Metamucil, Oil of Olay, and StatMarket. This technique can also be used in HTML newsgroup messages.

Microsoft and Netscape have recently disclosed that their browsers contain potentially serious privacy and security holes. Both have been busy creating patches, which can be downloaded from their web sites to close these holes. For more information go to news.cnet.com/news/0-1005-200-1494316.html and www.winmag.com/fixes/webbugs.htm

Most commercial Web sites, portals, and online businesses ask you to give information about yourself in exchange for the free news, software, and other services they provide. The site may claim that it doesn't share the information with anyone else. However, government search warrants, subpoenas, and marketer’s pressures have in many instances opened these files. Also, Webmasters, who administer these sites have commited errors that make user personal information available.

Protect yourself by giving a made-up name, address, and phone number. Skip the optional fields and look for an option to not receive promotional mailings.

In November, Real Networks was caught collecting musical preference information on users of its Real Jukebox Music Player. Music Player was a web browser plug-in program that a user downloaded from the web. In order to download it the user filled out a questionaire that Real Networks required. What the user did not know was that the player software monitored its use reporting back information on every song the user listened to via the software.

The InfoBeat Newsletter Service also was found to be collecting data on readers and forwarding it to advertisers. Once exposed in the press, both Real Networks and InfoBeat have promised to remove the code from their software and cease collecting this data.

And then there are things such as Comet. Comet is software that can be downloaded from the web that changes your Web browser’s cursor into a cartoon character. Behind the scenes it is also tracking your movements on the Web. For more information on this invasion of your privacy go to news.cnet.com/news/0-1005-200-1474252.html?tag=st.ne.1005-200-148918

There are already several hundred Web browser plug-ins already in use. Who knows what is in the other plug-ins. If asked to fill out a questionaire to get the plug-in, use your judgement when filling it out.

On the software front, Microsoft faced the fury of privacy advocates for collecting data from owner’s systems. Microsoft acknowledged that Windows 98 collected information from each user through an on-line registration process and the "Windows Update" feature on the Start menu.

Earlier in the year, Intel disclosed that their each of their newer processor chips contain a unique serial number which can be transmitted to Internet sites for identification purposes. Most systems currently on the market have a BIOS setting to disable access to this serial number. Check if yours is disabled.

If you are really concerned about maintaining your privacy then there is software available that enables you to create a digital persona, or pseudonym, to mask your true identity as you surf, Browse the web, use e-mail, chat sessions, telnet and access newsgroups. One such product is Freedom 1.0 from Zero-Knowledge <www.freedom.net>. It routes your internet communications through its servers which hides both the source and destination IP addresses.and substitutes a new identity, and allows you to filter cookies that identify you. Similar products and services are available from Lumeria.

We are fortunate that we have several organizations, such as the ones mentioned above that are watching out to protect our privacy. It looks like it will be a never-ending battle. As far as the e-mail security hole we will have to wait for our government to force the companies to close the hole. There does not appear to be any way of preventing Web Bugs except that users can inspect the source code of web pages. If users see an image tag with a 1 bit size then they should stop accessing that page.

For more protecting your privacy on-line you can go to the following web sites:

http://www.ptclub.com/Links.html

http://www.privacyexchange.org/tsi/ptintro.htm

http://cyber.findlaw.com/privacy/anon.html

http://slaughterhouse.com/privacy.html

http://proxys4all.cgi.net/

http://www.ultimate-anonymity.com/

http://www.shadow-chasers.com/shadowknows.html

I wish to acknowledge the following for reviewing this article and contributing information: Jon Abolins, Joel May, Victor Laurie and Lennie Libes.