TELECOM Digest OnLine - Sorted: Surfing in Secret


Surfing in Secret


Lisa Minter (lisa_minter2001@yahoo.com)
Tue, 28 Dec 2004 12:31:29 EST

by Michael Fitzgerald - ExtremeTech

A famous cartoon from the early days of the Internet featured a dog
surfing his computer with the caption, "On the Internet, no one knows
you're a dog."

That cartoon implied a level of anonymity that doesn't really exist
online. You might tell your online pals you aren't a dog, but it
doesn't take much work for someone to figure out you visit
puppylove.com, have "Cat Marauder" on your Amazon wish list and spend
a lot of time in the DogzChew chatroom.

Now, you might be thinking that in truth, no one cares if you're a
dog. In fact, at a holiday party, a friend of mine asked me why
GhostSurf, a software package that helps you shield your online
privacy, was a selling point for his new PC. He didn't think he was
doing anything interesting online. Except shopping, checking out
various types of news sites, sending e-mail to clients and letting his
kids check out their favorite sites. All of these things could prove
very interesting, if not to governments and marketers then to bored
geeks and more malicious types.

But don't get paranoid. It's unlikely that you're being a victim to
keystroke logging or some other form of cyber-wiretapping. And most,
if not all, e-commerce sites use encryption software to protect their
orders. So, chances are slim that someone will capture your credit
card data as you type it in online.

But the IP address your computer has is tantamount to your home
address. It goes with you to every site you visit and gets recorded
along with all of your actions there, every time you go there. It's a
simple fact of Internet life that "sites do log stuff," says Simple
Nomad (Mark Loveless), a well-known white-hat hacker who is a senior
security analyst at toolmaker Bindview Corp. You actually may want
them to log at least some things about you, in order to get quick
access to a site or to place an order.

But Simple Nomad warns that you aren't just flitting around the
Internet unwatched. He impresses his teenage son by sitting in coffee
shops with his laptop and telling his son which joke in a chat room
made someone laugh or what their credit card number is. He uses a tool
called a sniffer to do this, in unsecure wireless network
environments.

Sniffing You Out

Sniffers do make it easy for others to find out whether you're a dog,
but they aren't all that common. They're generally not a threat to
someone on a home network with a firewall and good common sense about
what files not to open. But malicious hackers can break into logs of
Web sites and Internet Service Providers, which might contain things
such as your mother's maiden name, your passwords, your date of birth,
your credit card numbers and other types of personal
information. These can be used to build profiles of you, either for
identity theft or for other purposes.

Spyware

Then there's the scourge of spyware. You can read John C. Dvorak's
take on spyware and its various guises in PC Mag's 'Panic Over
Spyware.'

Typically, spyware is some innocuous-looking toolbar that lets you,
say, change the background color of sites you visit and is in fact
tracking what you do and sending information back to another
site. Spyware can be distributed automatically and even downloaded to
your computer without your knowledge, says Chris Wysopal, director of
development at Symantec Corporation. He warns that spyware spreaders
actually "are just throwing out a wide net and going after thousands
and thousands of people. That's more the way it goes on the Internet."

Foiling Criminals

So, how to avoid having your IP address become some criminal's window
into your life?

There are a series of tools to consider, and some simple, common-sense
steps to take that can help immensely.

First, the tools. Surf anonymously, which protects your privacy and
may help you reduce your spam levels and limit the amount of junklike
cookies that get dumped on your system. There are a wide variety of
tools available. A good sample can be found at the Electronic Privacy
Information Center. It covers 16 categories, including ways to
e-mail anonymously, surf anonymously and instant message securely.

Surfing anonymously might sound geeky, but it's not all that hard. The
basic premise involves using software to have your server mask your IP
address. It does this by taking, say, the URL you've typed into your
browser and sending the request via a different computer, which acts
as a proxy for the request; a go-between that cloaks who you
are. Good anonymizer tools will also use encryption, so that online
snoops can't just grab whatever traffic is going back and forth
between you and a Web site.

The main drawback to anonymizers is loss of surfing speed. Masking
your IP address will slow down your Web surfing, although it's less
noticeable in broadband environments.

Tools of the Trade

Three tools we like are Anonymizer 2004, Bypass Proxy Client 0.78 and
GhostSurf 2005 Platinum. All have encrypted communications, and all
use their own, company-controlled servers to keep your Web surfing
secret. Each is featured in 'Surf in Secret'.

The most basic is Anonymizer 2004, which sends any Web request you
make; going to Google, say, or buying a book on Amazon.com; first to
its own servers and then out to the Web, with a proxy IP address that
isn't yours. The service works well, but you are dealing with a single
source of servers; all Anonymizers; and it doesn't give you much else
than anonymous surfing for its $29.99 a year. You can, however, get a
series of other kinds of privacy tools for $99.95 a year.

At $49.95 a year, GhostSurf 2005 Platinum costs more than Anonymizer
2004, but it gives you a lot more, too. It's our favorite tool for
anonymous surfing, because it offers other tools, such as protection
for your instant messaging, and also a way to let you mark sites that
you want to allow to see your identity, such as a paid news site you
subscribe to.

Bypass Proxy Client 0.78 is also an excellent tool, but it's more for
advanced users. It requires some skill with software to use, and is
best for people who are unable to use Anonymizer or GhostSurf, perhaps
because their company IT department decides to block those
programs. One nice, though complicated, Bypass feature allows you to
route your Web traffic to a proxy server of your choosing.

If you're concerned about having your site requests going through
servers belonging to just one company, you might try software that
uses public servers to route your Web requests. Steganos Internet
Anonym Pro 7 is a good tool in this category.

This app does take more time to set up than an application like
GhostSurf, since Steganos has to go out and search for public servers
to use as proxies, but it accelerates with use. It costs $59.95 a
year, and that nets you a spyware blocker, an Internet trace eraser
and a "shredder" feature.

The downside to software such as Steganos is that since the servers
are public, pieces of your Web surfing could be tracked. You also
can't encrypt your communications, so you could be tracked. There are
also free anonymizer tools available, though it's worth checking out
the background of any such free service.

Now, the habits. Wysopal notes that there are several simple things
people can do to protect themselves online:

Avoid the cookie monster. You can use your browser to set up a list of
the sites that can give you cookies. Don't let any other sites have
them, and don't accept their cookies.

Don't talk to strangers. Use pseudonyms for your e-mail and chat
accounts. Don't give your real name or information about yourself to
people you don't know well. Same goes for sites you're unfamiliar
with.

Don't fill out Web forms. The fewer places that have your personal
information, the more protected you are.

Use encryption where you can, and finally, when in doubt, fax. Wysopal
notes that no one has yet developed spyware for fax machines.

And that's just dog-gone good sense.

Michael Fitzgerald is an award-winning technology writer and
editor. His writing on technology appears in The Economist, Inc., MIT
Technology Review and a number of other publications. He's spoken at
numerous industry events and frequently appeared on CNN and other
major television networks.

NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . New articles daily.

*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance ExtremeTouch and Michael Fitzgerald.

For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml

Post Followup Article Use your browser's quoting feature to quote article into reply
Go to Next message: Lisa Minter: "Tracking Techniques"
Go to Previous message: John Levine: "Re: USTA Sends Strange Letter to Wal-Mart"
TELECOM Digest: Home Page