Now that your computer is talking to other computers, this is no time to be polite. It’s time to eavesdrop, butt in, try to find out what your shiny little machine is telling other machines—and the vultures who own them—about your address, your buying habits, your Web-surfing routines.
Armed with the new generation of privacy-protecting tools that fight stealth with stealth, I set out to discover who was watching me and what I was inadvertently giving them.
I started with Guard Dog (available at mcafee.com), one of several pieces of software that promise to help keep your secrets. After installing the program, I called up lowestfare.com and sent some desired flight times for a trip to Chicago. Like a rabid terrier barking at a home invader, Guard Dog warned me that my computer was about to send credit card information to an “unsecure” location. Hell, I hadn’t even chosen my flights yet. I told Guard Dog not to hand over the numbers. My browser, which was supposed to warn me when it did things like that, didn’t. But Guard Dog did. Good dog.
But not good enough.
The publicity about last month’s “denial-of-service” attacks on major sites like Yahoo has died down, and the government has stopped its spate of press conferences promising steely-eyed vigilance. The reality is that Janet Reno won’t protect your privacy. You have to do that yourself.
I put Guard Dog out to stud and down-loaded, for free, ZoneAlarm 2.0 from zonelabs.com. “Alarm” is the operative word here, since your computer has more than 65,000 ports possibly open to other computers—and that’s not counting the obvious ones you use for plugging in hardware like printers. Even while you’re trying to install privacy software, you get probed: Unpacking ZoneAlarm, I got a message that thesync.com was nosing around my machine—even though I hadn’t invited it and had never visited that page.
After installing ZoneAlarm, I went to grc.com, a site run by computer pioneer Steve Gibson that offers to test the security and privacy of your computer. The results can be frightening. When I put ZoneAlarm on the “low” setting, Gibson’s Shields UP! revealed that my computer’s port 139 was open. And I didn’t feel a thing. Perhaps even scarier was that a unique identifying number assigned to my cable-modem Ethernet card was easy pickings for any snoop.
But when I ratcheted ZoneAlarm to “high,” Shields UP! said my ports simply didn’t exist.
As Gibson notes on his site, your computer, if asked by another computer to get it on, is supposed to reply with a message that the request is either accepted or denied. But even a message of denial proves that your machine does exist. ZoneAlarm erects a personal firewall to prevent outsiders from seeing you at all. There’s nothing polite about this privacy software.
Does that mean you can’t go about your electronic business while this firewall is up? No. I spent two busy days crawling the Web without a problem, never encountering the infamous Blue Screen of Death.
But don’t get carried away with feeling comfy. For each advance in security, hackers and crackers will find a way to circumvent it, and then the security firms will buttress the firewalls, and then the hackers and crackers will find yet another way in.
Actually, hackers are the least of your worries. Those bright, lively banner ads on AltaVista and other search engines? Many of them were placed there by DoubleClick, the Internet’s leading ad firm, which claims 1.5 billion of its ads appear on the Web every day. And those banners are working behind the scene to chart where you and your browser go. This profiling yields marketable information by the ton. Privacy advocates choke on these tracking cookies, because who knows where such detailed information about consumers will wind up?
The best way of maintaining privacy, practically everyone acknowledges, is simply not to put anything on the Internet that you don’t want other people to know. Good luck finding the time to be so careful. In some ways the wired world is a sucker’s game. A nationwide survey conducted last month by the Stanford Institute for the Quantitative Study of Society found that 36 percent of all Internet users spend at least five hours a week online and that a quarter of them have found being wired has increased the time they spend working at home without cutting back their time at the office. For now, according to the survey, only 15 percent of all Internet users spend more than 10 hours a week online, but that fraction is steadily growing.
Despite relentless advertising by dotcoms, only a little more than a third of all Internet users buy online and fewer than 15 percent conduct other kinds of business. The survey considers this Net commerce at its “earliest stages.” As more and more people make financial transactions online, the problems of security and privacy will become more acute. Public outcry stopped DoubleClick from carrying out its scary plan to track computer users by name and address, but the patches and plugs that behemoths like Microsoft regularly issue prove matching goes on as you read this.
And so does the battle over tools to protect privacy. A little-known provision in federal law makes it a crime to perform some forms of code cracking, especially the kind that white-hat hackers carry out to publicize intentional or accidental breaches in security.
Free gear like Guard Dog and ZoneAlarm is as annoying to online hucksters as the hucksters’ probing is to surfers like me. Sooner or later, everyone on the Net gets invaded, and though privacy software may not allow you to block all spies, at least it lets you find out how frequent, how deep, and how harmful the probings could be.