Network: A cookie fortune

Every time you visit a Web site, your every movement is being watched - and recorded. Cliff Joseph looks at how the Internet's lack of privacy is being exploited for commercial use

Cliff Joseph
Tuesday 18 February 1997 00:02 GMT
Comments

Big Brother may not be watching you, but just about everyone else is. Every time you log on to the Internet there are people watching what you do, where you go and what you say. And if you have an e-mail address, the chances are that it is available to the millions who use the Net.

The debate about privacy on the Internet has largely focused on the use of "cookies", small data files used by Web browser programs such as Netscape Navigator and Microsoft's Internet Explorer to store information about you and your computer. When you visit a site on the World Wide Web, a cookie can be sent from that site to your Web browser, and then stored on your hard disk. The cookie can record your movements within that site, and store other information about you, such as your e-mail address and any passwords that you might have been given to gain access to the site.

This method of storing personal information about users has caused concern. There is a risk that someone who has access to your computer can obtain personal information about you by reading the contents of cookies on your hard disk. However, there is little chance of cookie information being transmitted across the Internet and being misused.

When browsers began to use cookies, there were fears that they could be used to reach into your computer and obtain personal information without your permission. However, cookies can store only information that has been volunteered by the user, and that information can be read only by the site that originally created the cookie.

Each cookie contains information that identifies the specific Web site that created it. When you return to that site your browser checks to make sure that the cookie and the Web site match up, and only then will it send the cookie back. It's always your browser that sends the cookie - a remote Web site cannot reach out across the Internet and grab it without your knowledge. So if you use your credit card to buy something from a site that uses cookies, no other Web site can get your credit card details from the cookie.

"There's no need to be concerned that cookies are going to pull personal information from your machine," says Chris Lewis, Web master for Ziff- Davis, the computer magazine publisher. However, he acknowledges that cookies are increasingly being used to monitor the movements of individuals within Web sites. This allows companies to compile demographic profiles of users, so they can target you with advertising.

Those advertising banners that appear at the top of most Web pages these days aren't the same for everyone who visits a particular Web site. Cookies allow companies to watch what you do while you're on their Web site, and to send "personalised" adverts to your Web browser.

Internet search engines such as Yahoo and Infoseek use cookies to record the sites and subjects that their users look for. If you regularly look for Web sites of, say, indie bands, that information will be stored in a cookie on your hard disk. The next time you visit the search engine, your browser will send a cookie that identifies you as a bit of a muso, and the search engine will send music-oriented adverts back to your browser. If you use the search engine to find sports-related sites, you'll get ads from sportswear companies or results services.

This is more of an irritation than a genuine invasion of privacy, but if you are still concerned about cookies, the latest versions of Navigator and Internet Explorer can be set to warn you when a cookie is about to be installed on your computer and give you the option of refusing it.

It is not just cookies and the World Wide Web that you have to worry about, though. They don't advertise the fact, but online services such as CompuServe and AOL make their mailing lists available to other companies. You can instruct CompuServe and AOL not to give out your postal address, but neither of them goes out of its way to inform you of this when you take out a subscription.

Microsoft Network (MSN) is the exception. John Linwood, MSN's group program manager in the UK, says that MSN does not give out any subscriber details at all. "Even I can't look at member details," he says. "I'm not authorised."

Furthermore, although some of these services may give out your mailing address, they all insist that they will never release your e-mail address without your permission. All three companies lay the blame for this problem on the Internet's newsgroups.

Every time you send a message to a newsgroup your words are archived by companies that use them to compile directories of information about Internet users. One service, Deja News, has an archive of all the alt., soc. and talk. newsgroups going back to March 1995. Eventually, it intends to archive every message posted since the start of the newsgroup system in 1979.

Newsgroups are intended as public discussion forums, but people often forget that their e-mail address is included within any message that they post to a newsgroup. This information can be used to create lists of e- mail addresses that are available to other Internet users.

Several companies provide directory services where you can look up e- mail addresses, and possibly even the home addresses and telephone numbers of other Internet users. Most of the well-known search engines provide some sort of "people finder" service. Netscape Navigator even includes a "People" button that will automatically take you to the Internet White Pages directory maintained by a company called Four11.

All these services work in the same way - you type in someone's name and they will provide you with that person's e-mail address. Typing my name into the Four11 directory quickly revealed all three of my e-mail addresses. I can understand how two of them got on to the "people search" directory, as I've used them for posting newsgroup messages. But I rarely use my Microsoft Network account and have never used it for posting to newsgroups.

Mr Linwood was unable to explain this. But, like CompuServe and AOL, MSN runs its own discussion forums that are similar to Internet newsgroups.

It is possible that another MSN member could have gone through the forums, compiling lists of e-mail addresses for use by one of the Internet directories. This is illegal, but very difficult to prevent.

One of the most well-known abuses of personal information occurred last year, when the Yahoo Web-searching service added a "reverse lookup" feature to its People Search facility. This allowed you to obtain a person's home address and telephone number by entering their name or e-mail address. It even listed more than 80 million ex-directory telephone numbers that it gathered from a number of commercial mailing lists. An outcry forced Yahoo to drop the service after two weeks, but this illustrates the amount of personal information that is out there on the Web and on other databases. One US service called BigFoot will even display a map showing the home address of the people that it lists.

There are ways of minimising the amount of personal information that is available on the Internet, but there is no escaping the fact that just about everything you do or say on the Internet is being monitored. As one Web site manager said, there's only one thing you can do to preserve your privacy completely: "Turn your computer off".

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in