Privacy Online

Security, privacy and private information are separate ideas.

You need a good defense system to protect both your privacy and your private information online. It's an online security issue.

Private information is passwords, credit card numbers, social security numbers, and things like that.
Identity theft is the ultimate loss of private information.
Privacy is something entirely different. It is not nearly as critical. Privacy is basically the right to be left alone, free from snooping.

What's the threat to privacy online?

When you fill out a "Warranty Card" that asks for a bunch of personal information, your privacy is invaded under the implied requirement to give it or loose your warranty. This particular intrusion, and many like it, has been around for a long time. Why does the phone company need your social security number, for example.

Massive computing power makes it possible to correlate and catalog every scrap of information. It's now simple to build a complete dossier on anyone. It might include what you've bought, where you bought it, your credit card habits, when and where you travel, civil or criminal action against you, your spending habits, the books you read, the DVDs you watch, etc.

"Cookies" and "Web bugs" are two major ways of collecting information online. Cookies record the sites you visit and the pages you view. If they can connect that with your personal information, they can add that to the picture they're building of you. There's a lot of hullabaloo about this, but it doesn't present a real threat to most people in my view.

Web bugs are invisible images placed in HTML messages. When you open the message, the bug goes out to a Web site to get the image, and deposits your email address at the same time. That way they can verify that you opened the mail, and of course that it is real. The defense is to not read your email when you're online.

It's all too easy for this snooping to go over the line. Medical records, financial account details and personal communications are also a target. Insurance companies want to know how much of a risk you are. Employers want to know if you could be a problem for them. Government and law enforcement increasingly want to know everything about everybody.

Protecting your privacy online

Be on guard against the growing threat of spyware. The most insidious aspect of spyware is that you don't even know your computer is leaking information.
Develop multiple personalities: When I have to give personal information I usually give them fictitious information and a "throwaway" email address. A name like Arroz Conpollo or Robert Johnson works as well as your own. Sorry, Bob. There's more of you than there are John Smiths.
Be careful who you give sensitive information to. Do you really need to give it out to get what you want? Try searching the rest of the Internet to see if you can get it somewhere that doesn't want your personal information.
Read and understand the privacy policies of sites that you're thinking about giving personal information to. "Call 12 For Action" at Channel 12 has an excellent privacy section plus links to more, and advice about preventing identity theft.
Don't read your email while you're connected online. Download it, close your connection, and then read it. That will defeat Web bugs and malicious downloads.

Protecting private information

I'm sure you want to do all you can to keep your private information secure -- your address, credit card numbers, date of birth, social security number, mother's maiden name and financial account information. You also probably have sensitive information that you don't want spread around: For example, phone numbers, business transactions, health records, and your email.

You could keep this information secure by never putting it on your computer. That's becoming less practical every day for many of us though. If you're going to put it on your computer and also go online you need effective precautions. Your private information is more likely to be left open to compromise by some organization, but that's another matter.

Be on guard against fraudulent email and websites -- the kind used for phishing.
You need strong defense against hackers, Trojans, spyware to prevent direct access to your private information.
Use strong passwords, and use a different password for each sensitive account. If someone gets your password for one account, you don't want all your other accounts to be vulnerable too.
Protect your critical passwords with strong encryption. Do not let your browser or garden-variety password utility store your critical passwords. Utilities like Password Safe that use strong encryption are a good way to store passwords on your computer though. There are many password utilities to pick from, but many have weak encryption that is easily broken.
Do not send sensitive or critical information on the Internet unless you're connected to a secure Web site. Secure Web site addresses start with https, not http. There will also be an icon, like a closed padlock, down in the status bar when you're connected to a secure website. [more]
Encryption is not all that's required to keep private date private. Learn why and keep it in mind when reading the next paragraphs. ;-)
Consider encrypting your sensitive files or folders or even your entire hard drive. Even though you have a strong Internet defense, encryption is good backstop defense against intrusion. And it prevents anyone who has physical access to your computer from getting at the information as well.

I use TrueCrypt because it is seasoned, it has been fully examined to see that there are no backdoors, and it is universally recommended. [review]
Never send sensitive or critical information by ordinary email. Email is notoriously easy to intercept, and ordinary email is not encrypted. That means the contents are in plain view. Either use secure email (https://), or encrypt more sensitive data with a stand-alone program.
Purge your hard drive before you sell or give your computer away. Don't just erase your sensitive files, and empty the Recycle Bin. The data will still be there, perhaps even in clear text (decrypted). Even formatting the drive won't remove your sensitive data.

Identity Theft

If you do all the things above, the chances of someone stealing your identity from your computer are remote. There are lots of other ways to steal your identity though. If it does happen to you, it will be a "nightmare from hell."

More on the Web

Spyware-Guide.com -- How to Stop Spies -- Product Reviews -- General Privacy Tips

"The Great American Privacy Makeover" tells in narrative style what you need to know to maintain your privacy. (Click the "Printer Friendly Version" link at the end of the first page to read it as one page.)

Eric Howes' excellent article -- "Internet Explorer Privacy & Security Settings" -- gives extensive how to instructions. (May take a while to load, but worth it.)

• map of security section

• email security
• web smarts
• catalog of threats
• elements of defense
• security software
• strong passwords
• 7 steps to security
• bullet-proof security
• WiFi and hotspot security
• how to wipe your hard drive
• how to remove malware

• attack vectors: deception: the #1 threat; spam and scams; phishing; bogus and booby-trapped webpages; poisoned ads, comments, etc.; popup warnings; drive-by email; attachments; downloads; social and p2p networks; hackers and worms
• malicious content: spyware; viruses and worms; trojans

"You have zero privacy anyway, get over it." --Scott McNeally, Sun Microsystems, January, 1999