Personal Security on the Internet

Introduction to this topic

What people can find out about you on the Net

Steps you can take to protect yourself

What to do if you have problems

Glossary of security and privacy terms

Links to privacy groups and more info

Index to this site

PDF version of this site for downloading

Steps you can take to protect yourself

---

Basic precautions:

• Common sense posting
• Common sense browsing

Extra security:

• Anonymous email names
• Anonymous remailers
• Encryption software
• Web security

Common sense posting

1. The safest policy is to not reveal any personal information on the Internet except your email address. If you want to make it easier for people to contact you by phone or snail mail, use your work phone and address.

    

   • Don't give out personal info if you don't have to.
   • Never give out your social security number, your birth date, or your mother's maiden name. These can be used to access your medical files, bank records, and government databases.
   • Don't make public lists of your possessions.
   • Be cautious when filling out online surveys.
   • Don't send credit card card info over the Net in email, postings, or on the Web. Instead, call or snail mail payment information to the company. Consider using secure payment systems like First Virtual.

    

2. Protect your password. It is possible for someone to forge an email message with your name as the sender without knowing your password. It is also possible for someone to access your account with a found or stolen password, but much harder to prove.

    

   • Use good passwords.
   • Change your passwords regularly.
   • Don't give your passwords to anyone.
   • Don't let others use your account(s).
   • Don't store your password with your Internet software, such as in your POP email program, or your web browser.
   • Don't enter your password at suspicious prompts.

    

3. Be responsible with your account.

    

   • Check your usage history occasionally and make sure it corresponds to your actual usage. Contact your Internet provider to ask how to do this with your account.
   • Don't leave your email account open and unattended so that others may access it.
   • Don't send email from work that you wouldn't want your employer to see.

    

4. Be cautious of people you "meet" online. Take precautions if an Internet penpal wants to meet you in person.

    

   • Try to verify who the person is, where they live, and get their phone number.
   • Get to know each other on the phone before deciding to meet.
   • If you decide to meet in person, do so in a neutral public place.
   • If you decide to meet, try to bring a friend.
   • If you decide to meet, make sure others know about your meeting and what you know about your Internet friend.
   • Don't reveal where you live until you know this person well enough to safely invite them to your home.

    

Common sense browsing

In addition to common sense posting, the following should be observed when using a Web browser such as Netscape or Internet Explorer.

"Because on today's Internet, people do know you are a dog..."

 

 

1. Be wary of your browser's history and cookie files. These files are usually designed to make a Web site easier to use. However, information that you may not wish to share can be stored in cookies and history files.

    

   • Don't browse inappropriate Web sites at work.Your browser's history and cookie files keep track of every site you visit.
   • Install a program to clear the cookie file, such as Cookie Monster for the Mac, and NSClean for Windows.
   • Use an "anonymizer" site to surf the web without revealing any personal information.
   • Don't use your Web browser for email. Your browser will "share" the email address stored in its preferences.

    

2. Be wary of hostile Java Applets.

    

   • Don't respond to requests for your login name and password while browsing. Hostile Java Applets can fool you with a false window asking for login info. Don't fall for it.
   • Don't use Netscape version 2.0. Some of the security concerns recently reported in Java have been fixed in Netscape 2.01.

You may desire security beyond the basic rules of common sense. If you want a higher level of privacy, consider the following:

 

Consider using an anonymous email name

 

You do not have the right to impersonate someone else, or to commit fraudulent acts, but you do have the right to personal privacy and to anonymity.

 

Some people believe that unless you are a criminal there is no reason to use an anonymous name on the Internet. This is not true. Anonymity on the Net is much like having an unlisted phone number. Just as with a telephone account, the company who provides you with Internet service has the right to know your real name, but the rest of the world usually does not.

Your system administrator will need to know who you are. However, you may be allowed to choose whether your real name is accessible to other users. If not, ask your system administrator what your options are.

 

The state of Georgia recently passed a law (April 1996) which denies its citizens the right to an anonymous identity on the Internet. The Electronic Frontier Foundation and the American Civil Liberties Union believe this law is unconstitutional and unenforceable. See the EFF's files for more info on the lawsuit.

 

Consider using anonymous remailers

A remailer is a service which resends an email message or news posting to obscure the originator's name and email address. Some people use remailers routinely for email, but it is most often used for posting ads or responses in the personals section of Usenet newsgroups.

 

If you are interested in using a remailer, there are several references on the links page which will offer you the most up-to date info on which remailers are currently active for public use, and how remailers work (if you are interested).

 

Use remailers responsibly. The availability of remailers is not an excuse to commit harassment or other Internet abuse. A crime is still a crime even if you are anonymous.

 

Encryption software

Encryption software is a means of scrambling your email messages or other files so that they can only be read by someone who has a key to unscramble them. Encryption requires the use of public keys and private keys, and it can get pretty confusing for the average user.

 

PGP (Pretty Good Privacy) is the most common encryption software available. There are a few tutorials and guides available to make PGP a little easier to use and understand, but you might also consider a program which configures PGP for you from within your usual mail program. These are available for several platforms and may make encryption easier to use, although it is still not seamless.

 

Web security

The latest versions of Web browsers have incorporated encryption protocols called SSL (Secure Sockets Layer protocol) to enhance the security of transactions on the Web. Secure Sockets Layer protocol is used by Netscape to deliver server authentication, data encryption, and message integrity. You can read the latest information about this technology at Netscape's FAQ, On Security .

 

Background on this project.

 

<- prev page- top of page - next page ->

 

Personal Security on the Internet

© copyright 1996, Jan G. Hogle

---

Index | Intro | Risks | Protect Yourself | Remedies | Glossary | Links

---