CBS Radio News Tech Analyst Larry Magid offers some advice about protecting one's privacy while online.
A lot of people worry about their privacy when they go online and, indeed, they should. There are threats to your privacy when you're online, but they may be different from what you think.
Yes, there is the possibility that a hacker could invade your computer, stealing credit card numbers, financial data and maybe even taking a peek at the digital photos on your machine. But, as bad as those hackers are, many Internet users have become their own worst enemy by unwittingly disclosing information.
I'll get to those self-imposed risks in a moment, but first let me suggest that it is a good idea to run anti-virus software and use an Internet firewall, especially if you have a full-time Internet connection such as a cable modem or DSL. Some hardware, called "routers" or "residential gateways," comes with built-in firewall protection, but for peace of mind I recommend that you download the free version of ZoneAlarm firewall software at ZoneAlarm.com.
But even ZoneAlarm won't protect you from your own lack of discretion. For example, you should never choose a password that is easily guessed, such as a pet's name or a birth date. Also, there are many Web sites that ask you for a user name and password, and if you're like most people, you'll supply the same user name and password to every site that asks. That can be a dangerous practice for two reasons. First, by giving out the same password to multiple sites, you're disclosing that information to people who may or may not be trustworthy. An unscrupulous Web site operator or even a dishonest employee at a reputable company would then have access to the same password and user name that you use for your bank account, credit cards and other online sites. Second, if hackers do get hold of that information, the damage could be quite extensive because they will have the keys to all your sites, not just that one.
There are a number of programs that allow you to store passwords on your computer in a password-protected file. One of them, Password Keeper (http://www.gregorybraun.com/PassKeep.html), stores frequently used passwords in an encrypted format so that unauthorized users can't access and view them.
Another common security mistake is to leave your password where others can see it. A Government Services Administration security audit of federal agencies found that an alarming number of workers left their passwords out in plain sight such as on a Post-it note stuck to their monitor.
Kids need to be reminded not to share their passwords with their friends -- even their best friends. I know of one middle-school student who almost got into serious trouble after a classmate complained that he had sent her harassing e-mail. It turned out that someone else sent the message, by logging on to AOL with that student's user name and password.
People who send you spam (unsolicited e-mail) aren't necessarily hacking away at your personal information, but they are invading your privacy by inundating you with junk mail. I don't know of any way to completely eliminate the problem, but there are some things you can do to avoid becoming a mega-spam magnet.
First, never reply to spam notices. Definitely don't buy anything advertised in spam. Don't ask for information, and don't click on links contained in unsolicited mail. They could lead you to a dangerous back alley in cyberspace, including the possibility of a Web site that could attempt to plant a virus in your computer or spy on you.
Many spam messages invite you to write to them to be removed from the list, but even that can be a trap. It verifies that your e-mail address belongs to a real person, which makes that address even more valuable to other spammers. Legitimate organizations and businesses that send out commercial e-mail will clearly identify themselves and respect requests to be removed from the list, but the vast majority of them don't send e-mail to people who haven't already expressed some interest.
Unlike passwords, e-mail addresses aren't meant to be kept secret. Friends, associates and organizations need your address to send you legitimate mail. But try to keep your e-mail address away from spammers. As I've discovered from personal experience, anyone whose e-mail address appears on a Web site is a sitting duck. That's because spammers use software that combs the Web, looking for addresses. Before you cry "hypocrite," let me admit that -- on this one point -- I don't practice what I preach. But, as a columnist, I'm a bit of a public figure. Most people don't need to be that exposed. Still, I've found a way to cut down on e-mail harvesting from my own site. If you click on the "E-mail Larry" link at the bottom of my Web site at www.pcanswer.com, you'll notice that it links to a graphical representation of my e-mail address. Most spammers are too lazy to go through the trouble of re-typing the information. There are more than enough addresses that they can harvest automatically.
One trick that some people use is to have two e-mail addresses -- one that they give out to friends and associates and another -- perhaps a free one from Hotmail or Yahoo -- that they use when they need to disclose their e-mail on Web sites.
If your employer has given you an e-mail address, be aware that you may have no right to privacy on incoming and outgoing mail from that account. Courts have ruled that company e-mail accounts are the employer's property, which means companies have the right to pry into them unless there is a written policy to the contrary. If you must send or receive private personal e-mail at work, use a Web-based account such as Hotmail or Yahoo.
If you do a Web search for privacy tips, there are many other suggestions you'll come across, including the use of encryption software that scrambles your e-mail and other information so that it's virtually impossible for an unauthorized person to read it. Encryption is indeed essential for certain users -- such as financial institutions, the military and others engaged in highly classified activities. It's also popular among criminals. But programs such as Pretty Good Privacy can be a hassle to use, and most people just won't bother.
It's also important to remember that there are plenty of offline ways to jeopardize your privacy. Don't go to great lengths to protect your computer data and then fail to tear up or shred paper documents that you place in trash or recycle bins in front of your house. Be aware that any waiter or gas station attendant can easily steal your credit card numbers, and be careful what you say on a cell phone. I'm not talking about hackers using sophisticated equipment to eavesdrop. I'm referring to people who might be nearby. I live in Silicon Valley, and you'd be amazed at what I've learned about companies just by sitting in cafes overhearing other people's cell phone conversations.
A syndicated technology columnist for nearly two decades, Larry Magid serves as on air Technology Analyst for CBS Radio News. His technology reports can be heard several times a week on the CBS Radio Network. Magid is the author of several books including "The Little PC Book."
Got a PC question? Visit www.PCAnswer.com.
Lawrence J. Magid, Distributed by Los Angeles Times Syndicate
Copyright 2002 CBS. All rights reserved.