Anyone who's been on the Internet long enough knows that the phrase "online privacy" is almost an oxymoron. Companies can find out all sorts of personal information in many ways, including spyware, which I discussed in the previous section. But perhaps the most popular method for gathering information is through a user's web browser. Unlike spyware programs, which require a user to have a certain OS for the data-collection to be successful, tracking and gathering information through a users web browser can be done regardless of the platform. The world wide web (www) uses a series of standard protocols which all software and hardware involved must follow. (If they didn't, the www wouldn't "work.") In the past decade, online privacy has become such a large issue that it has the creators of www standards and browsers walking a very fine line between making the web secure and making the web useful and enjoyable. No browser version is ever fully "finished," as new security holes pop up every day. For example, Microsoft attempts to keep up by creating security patches for IE (and all their products), while Mozilla's developers regularly post to Mozilla-related newsgroups with "fixes" for specific problems. Keeping up with all of these "patches" and "fixes" and Anti-Virus updates can be a cumbersome task, but formatting a hard drive and reinstalling everything is even more so.

But aside from that, one of the most obvious and simple ways DCAs can take advantage of a user is through advertising on websites, whether it's through banner ads, sidebar ads, flashy blind-you ads, popups, popunders, fullscreen ads, drive-by download ads, spyware cookie ads, "background monitors," etc. In the early days of the www, adbanners were simply an occasional ugly annoyance. But in the past few years, what with the dotcom "crash," many of these advertisers have joined the personal data industry and teamed up with DCAs in order to make up for "lost revenues." This new, scummier business model is quite unlike anything that ever existed before. Unlike traditional advertising, which is proliferated with only vague demographics in mind (but tailored to best exploit the "consumers" most irrational impulses), www advertisers can receive immediate feedback as to how people view ads, how often do they visit sites with ads, what makes them "click," etc. The concept of "targeted marketing" had existed before the www, but not to the extent that advertisers were able to single out particular users, as they are able to do online. Some companies, such as the infamous DoubleClick, have acquired databases of very personal information, including people's credit card histories and social security numbers, and have, in the past, planned to merge their extensive database of users web-browsing habits with this identifying data. Another infamous company, x-10, who market spycams and plaster the Internet with their popunder spyware cookie ads, has come under such scrutiny by websurfers and lawyers that they created a cookie that, as long as it is stored on a users computer, will prevent their ads from appearing for 30 days. A cooperative collective of advertisers and DCAs, the Network Advertising Initiative (NAI) was formed, supposedly to "protect" users from having their identities stolen, but it really acts as a lobby group to prevent U.S. lawmakers from passing stronger online privacy laws. If you would like to read more about the politics of the NAI, you can go to epic.org's NAI analysis page.

In this section, I will describe some common exploits that few security fixes can address, due to their strange natures, as well as tips on avoiding them.

(Previous Topic)        main        next