Personal
Security
on the Internet

Introduction to this topic
What people can find out about you on the Net
Steps you can take to protect yourself
What to do if you have problems
Glossary of security and privacy terms

Links to privacy groups and more info
Index to this site

PDF version of this site for downloading

What people on the Internet can find out about you

Common uses of the Internet and what these activities may reveal about you:

Sending email
 
Email can reveal a lot about you. Usually an email message includes information about:
 
  • Your real name
  • Your login ID (the first half of your email address)
  • The computer where your account resides (the second part of your email address)
  • The computer(s) you were connected to when you sent the email message
 
Depending on how you sign your email and what you include in your message, it may also reveal:
 
  • Your address
  • Phone number
  • Other personal info
 
This is usually fine if the only person who reads your email message is the person you meant to send it to. However, email is not a sealed message like a US Postal Service letter. Many opportunities exist for unintended recipients to read your messages.
 
You may have heard that you should never put anything in an email message that you wouldn't put on a postcard, and you may wonder why. After all, email seems secure. You are sending a message directly to someone's password-protected account, and no one else should be able to see it without permission from the recipient, right? Wrong.
 
Even from a password-protected account, email is not a secure means of sending messages:
 
  1. Email is sometimes addressed incorrectly and may reach one or more people who were never intended to receive it.
  2. Email may be sent to or from a computer that more than one person has access to. Some people leave their email programs connected all day at work, and when they are not at their computers, anyone can come along and read their incoming or outgoing mail.
  3. Email messages sent from your workplace can be intercepted and read by one's employer or a coworker. This is also true on the receiving end. Not everyone agrees that this practice is ethical, but it happens.
  4. Email messages from work or home can be intercepted off a network during transmission using software known as "packet sniffers."
  5. Email can be intercepted from a telephone transmission if your computer is connected to the network through a modem. Admittedly, this is rare, but it is a surprisingly easy procedure for a stalker to perform.
  6. Email can be forged, or "spoofed," by another user who pretends to be someone they are not. Although forged mail is usually sent as a joke, it can be destructive.
  7. Email can be forged by hostile Java Applets, which are also capable of obtaining your username and password.
 
Warning signs of problems:
What to do:
Email which never arrives, or is very slow in arriving at destinations.

Inform your network administrator, or your Internet provider.
Frequent interference with your Internet or telephone connection.

Inform your network administrator, your Internet provider, and possibly your telephone company.
Unusual or unauthorized use of your Internet account (especially noticeable with accounts that are charged by the hour/minute).

Inform your network administrator or Internet provider as soon as you suspect problems.
Email with your account name as the sender, which you didn't send.

Inform your network administrator or Internet provider as soon as you suspect problems. If the messages are harmful, report it to the police as well.
Tampering with telephone connection box (rare, but it happens).

Report the problem to your local police and telephone company as soon as you suspect problems.

Precautions to take:

Anonymous email names
Anonymous remailers
Encryption software
 
More Information:
email and remailers
E-Mail Privacy FAQ
encryption software
Hostile Applets
Java FAQ
privacy tools and links
phoney-mail.txt
Sniffer FAQ
 
 
- top of page -
Newsgroup and mailing list postings
 
Posting to newsgroups and mail lists can seem a lot like using email, and you may even use the same program to send email and postings. However, posting to a list or newsgroup is very public. Messages may be intercepted just as with email, but it isn't really necessary because in most cases your posts are being published for the whole world to see anyway.
 
If you would like to see just how easy it is to look at postings on newsgroups, check out the DejaNews profiles page. This search engine lets you look up your (or someone else's) Usenet posting history.
 
I tested the DejaNews profiles page with a friend's email address, knowing he posted regularly to at least one list. He is probably an extreme case, but I found that over the past year he had posted 56 messages to over a dozen newsgroups and lists. The posts revealed information about where he lived, how he commuted to work, the kind of security system he used, where he had been and was going on vacation, where his daughter would be traveling in the coming year, and details of expensive possessions!

Your postings can reveal the same info as an email message and is just as insecure. The contents of your posts are limited only by what you decide to write, so you need to think carefully about what you include in your messages.

 
 
Warning signs of problems:
What to do:
Unusual or unauthorized use of your Internet account (especially noticeable with accounts that are charged by the hour/minute).

Inform your network administrator or Internet provider as soon as you suspect problems.
Posts with your account name as the sender, which you didn't send.

Inform your network administrator or Internet provider. If the posts are to a list, report it to the listowner.

Nasty responses to your postings

Try to ignore it. If that doesn't work, contact your network administrator, or the postmaster at the offending party's email address. If you feel threatened, contact the police as well.

Responses that indicate too much knowledge about you.

It could be innocent, but if the person makes advances that are unwanted, make sure he or she knows it. Report it to the police if it gets strange.

You've posted a message to a newsgroup and now you wish you hadn't!

You can cancel your posts. Read the Cancel FAQ on how to do it.

You posted a message to a newsgroup and it never showed up, or it was there and disappeared.

If it never showed up, it may have been lost in Cyberspace or it may have been canceled by someone else. Read the Cancel FAQ for more info.

Precautions to take:

common sense posting
anonymous email names
anonymous remailers
 
More Information:
Cancel FAQ
email and remailers
E-Mail Privacy FAQ
privacy tools and links
phoney-mail.txt
 
 
- top of page -
Chat rooms
 
Chat areas can be very similar to newsgroups and listservs because they are often public forums. Chat is a little safer than newsgroups or lists in the sense that chat activity is not archived or available for later review. On the other hand, chat is less safe from the standpoint of being a "live conversation" with people who you can't see and who you know nothing about.
 
It is usually easy to hide your identity in chat areas. Most chat rooms encourage you to use an alias, or screen name. Since you are typing to the screen and not your email program, you don't have to worry about an email header revealing your name and email address.
 
Chat areas are more likely than other online communications to bring you into contact with people who are not what they appear to be. People often assume an "online personality" which can be very different from their real life persona. Remember to think carefully about what you are telling people online, and be cautious about agreeing to meet your online friends in person.
 
Chat encounters
to be wary of:
What to do:
Requests for money

Don't send money to a stranger. Asking for money after pretending a friendship is a common scam on the Net.
Too much knowledge about you

It could be innocent, but if the person makes advances that are unwanted, make sure he or she knows it. Report it to the police if it gets strange.
Very personal or inappropriate questions

Don't answer questions that make you uncomfortable. If the person makes advances that are unwanted, make sure he or she knows it. Complain to the person's postmaster if necessary.
Request to meet in person

Try to verify who the person is, and get to know each other on the phone before deciding to meet. If you decide to meet in person, do so in a neutral public place. Don't reveal where you live, do try to bring a friend, and make sure others know about your meeting.
Unrealistic proposals, like marriage!

If you only know each other from the Net, be realistic. You need to seriously consider learning more about each other offline.

Precautions to take:

Common sense posting
Anonymous email names
 
 
More Information:
Usenet Personals FAQs
IRC Undernet FAQs
IRC FAQs
 
 
- top of page -
Online surveys
 
Surveys may be available on Web pages, or distributed in newsgroups and mail lists. Some folks like to answer surveys, perhaps because they like to believe someone cares about what they think. Others may participate because something is offered for free in exchange for filling out the form. Keep in mind that surveys are often used for marketing purposes, to compile lists for junk mail and advertisements, or even for scams.
 
Even if you don't mind sending your personal data to a marketing firm, remember that survey info can be intercepted or sniffed off the network. Try to send only basic information, like work address and phone rather than personal details. Never give out your social security number or birth date. Try to send data using encryption such as PGP or SSL where you can.

Obviously, the info you reveal in a survey can be very personal, depending on the topic. If you don't have a clear understanding of the purpose and sponsor of a survey, don't answer it.

 
Warning signs of problems:
What to do:

Personal or inappropriate questions.
Don't answer it.

Lack of info about the purpose & confidentiality of the survey responses, the sponsor, etc.

Precautions to take:

Common sense posting
Common sense browsing
Web security
 
 
- top of page -
Purchasing products online
 
When you make purchases online from a Web site, you have to consider how you will pay for the product or service. Most sellers on the Internet are honest, but some are con artists trying to illicitly obtain cash or credit card information. Sending cash to the perpetrator of a scam is bad enough, but revealing your credit card account is far worse.
 
Most buying and selling on the Internet is through newsgroups, and is like buying and selling through a classified ad. Methods of payment are usually checks or money orders. For larger purchases, COD is often used. You might want to read the The Usenet Marketplace FAQ for advice.
 
Methods are now being offered to make credit card purchases from a Web site with some security. Most involve using encryption such as Netscape 3.0 with SSL. Others, such as First Virtual offer a means to make the transaction over the telephone instead of online.
 
Warning signs of problems:
What to do:

Requests for detailed personal info, such as social security number, mother's maiden name, or birth date

Don't give out this info, and don't do business with folks who ask for it.

Unusual or unauthorized charges on your credit card

Follow your bank's procedure for reporting credit fraud.

A business with no physical address other than a PO Box

Verify the company's existence (physical address and phone number) before making any transaction. Check with their local Better Business Bureau and Chamber of Commerce if necessary. If in doubt, do business with someone else.

A business that asks for large payments in advance

Precautions to take:

Common sense browsing
Web security
 
More Information:
Blacklist of Internet Advertisers
First Virtual
Usenet FAQs
Usenet Marketplace FAQ
Web security
 
 
- top of page -
Web surfing and Internet connections
 
Even if you never participate in email, newsgroups, chat areas, or online purchases, you can still reveal information about yourself just by being connected to the net.
 
Finger is an Internet software program used to locate people and gather information from other Internet sites. Although many Internet service providers are now limiting incoming Finger requests to protect their account holders, it is still a common method of finding out:
 
  • if you are currently logged on
  • when you were last logged on
  • when you last read your mail
  • your real name
  • other details, such as address or phone number (not commonly available, however)
 
Web surfing also reveals information about you, even if all you do is connect to a Web site and leave. You may have heard about MagicCookie and history files, which are created if you browse the Net using Netscape or Internet Explorer. Cookie and history files log information in files on your computer about:
 
  • specific sites you have visited
  • when you have visited specific sites
  • how often you have visited specific sites
  • the site you just came from
  • the type of computer you are using
  • who you are
  • where you are connecting from
  • email addresses you correspond with
 
To see for yourself what other computers can find out about you through an Internet connection, check out the Center for Democracy and Technology's Privacy Demonstration Page.
 
You should also be aware of hostile Java Applets. As noted in the section on email, Java Applets can forge email, steal your username and password, and all you need to do to activate the applet is to log on to a Web site. You may not even be aware that the applet is running.
 
Warning signs of problems:
What to do:

While visiting a Web site, a window pops up and asks you for your network login and password.

Some sites require a password, but don't confuse that with your network info. Don't type your network login info at a web site prompt. This may be a hostile Java applet. If in doubt, make sure you are logged off your network, then log in again.

While visiting a Web site, a window pops up and asks about sending or writing a cookie.

Cancel it, shut off the warning in your browser options, or say yes. You can delete your cookie file regularly, or get a program that will do it for you. [more]

Precautions to take:

Common sense posting
Common sense browsing
 
More Information:
Web browsing tools and info
Web security links and info
 
 
- top of page -
Putting up your own Web page
 
What can a personal Web page reveal about you? Many folks include the following personal info on their pages:
 
  • email address
  • real name
  • home address, telephone number, other personal details
  • work address, telephone number
  • photos of self, home, pets, possessions
  • list of possessions
  • vacation dates, times the person will be out of town or away from home
 
Personal Web pages are fun, and a great way to share info with people who share similar interests. Be cautious, however, in publishing a page which advertises personal details that may be seen by a burglar, stalker, or other mischievous folk.
 
Warning signs of problems:
What to do:

Inquiries from your web page that show too much knowledge about you.

Report it to your network administrator, or to the postmaster at the offending party's email address. If you feel threatened, contact the police as well.

Inquiries that ask personal or inappropriate questions.
 

Precautions to take:

Common sense posting
Common sense browsing
 
 
Background on this project.
 
<- prev page- top of page - next page ->
 
Personal Security on the Internet
© copyright 1996, Jan G. Hogle
Index | Intro | Risks | Protect Yourself | Remedies | Glossary | Links