The most common method of tracking users is the "cookie", a small text file placed on your computer by most websites visited. The default setting in both Netscape and Internet Explorer is to accept all cookies without telling you. Generally, cookies fall into three broad categories. First is the type of cookie used by sites such as "My Yahoo", other news sites, and some shopping sites to store personalized or registration information. I use "My Yahoo" as my startup page on my browser as my personalized newspaper, listing current news, weather, stocks, etc. By accepting the "My Yahoo" cookie, I can view my newspaper each time, and the Yahoo server tracks updates. Some sites, such as Microsoft, require that you accept these cookies so they can (allegedly) provide a more personal service. Other sites use this type of cookie to simply track how many visits you have made to their website.

The second type of cookie is the "shopping cart" cookie. This is a small text file placed on your computer typically only for as long as you are online, which tracks items placed in your online shopping cart until you checkout, and then they expire. Most shopping sites require that you accept this type of cookie.

The third type of cookie is the one that worries privacy advocates - that is the advertising cookie. These small text files are typically only read by the company that places them there, but many can be read by other companies and sites as well. These are used to track sites visited, ads seen or clicked on, or otherwise compile a profile of the user. The largest of these advertising cookie companies is DoubleClick. DoubleClick recently won a federal court case when the judge dismissed a case, stating that the placing of cookies on a users computer is not an invasion of privacy (In re DoubleClick Inc. Privacy Litigation, 00 Civ. 0641 NRB). The plaintiffs objected to the fact that cookies placed by DoubleClick could track user names, e-mail address, searches performed, sites visited and other information about the user. Even though the case was dismissed, DoubleClick allows surfers to "Opt Out" of having DoubleClick track them, by simply connecting to a DoubleClick site, and accepting an "Opt Out" cookie from http://www.doubleclick.net:80/us/corporate/privacy/opt-out.asp. Another site that has comprehensive cookie opt out links is http://privacy.net/OptOut/adnetwork.asp.

I recommend that most Internet surfers decide which cookies they want to receive, and that they remove any cookies that the user feels uncomfortable with.

With recent versions of Netscape, click on the top tool bar EDIT - PREFERENCES - ADVANCED - and then check both "Accept All Cookies" and "Warn Me Before Accepting A Cookie" and then "OK". Netscape will show the cookie information in the window, and give the user the opportunity to accept or reject the cookie.

With recent versions of Internet Explorer, click on VIEW - INTERNET OPTIONS - ADVANCED - SECURITY - then check both ALLOW COOKIES and PROMPT (some versions have slightly different command prompts). If set as shown, IE will show that a cookie was received, but initially not the contents; the "More Info" button must be clicked to find the content of the cookie. With a little practice, it becomes apparent what types of cookies are being received, and gives the user some control of his privacy.

There are several utilities that can be used to manage cookies, and delete any unwanted cookies. There is a directory at http://tucows.exp.net/cookie95.html, which lists cookie utilities for Win95/98, and links to cookie utilities for other operating systems. A freeware cookie manager, "CT Cookie Spy " is available at http://camtech2000.net/Programs/ctcspy10.zip (this is a ZIP compressed file, and requires a compression utility to uncompress it).

What many see as a more intrusive method of tracking and sometimes selling user information is referred to in the trade as "SpyWare", software that tracks almost all surfing activities, and sends that information to a site which compiles this information, sometimes along with personal demographic information that is individually identifiable. A major trend recently has been for some software, both free and commercial, to supplement the authors' income by tracking the users' activities in the background, and then selling that information. Two of the most popular programs that can detect and kill SpyWare on your computer are LavaSoft's Ad-Aware, and Gibson's OptOut. Ad-Aware is available free from http://download.cnet.com/downloads/0-10106-100-5055149.html and OptOut is available free from http://grc.com/optout.htm. Some of the most common SpyWare programs are Comet Cursor (that cute utility that changes your cursor as you surf selected web sites), and Aureate/Radiate (used by many free and commercial programs. Even such popular programs as the new versions of Print Shop, Quicken Family Lawyer 2001, Mattel, and other commercial software may contain a version of SpyWare.

Your browser also sends out information about you, typically without your knowledge. Look at http://privacy.net/Traced/ and see what your browser can send without your knowledge. Commonly sent are the browser name and version, the registered email address, operating system, monitor settings, IP address (location of computer on the net), referring site name, and a variety of other information.

A fairly new method of collecting additional information from surfers is the "1 pixel gif file" or "Web Bug". This tiny file, only a few bits, can gather much information. A recent news release by CNET (http://news.cnet.com/news/0-1005-200-5008849.html) stated, "…Many site operators and Net advertising companies place Web bugs on their pages to collect information, such as which pages are being read most often… the bugs also can be used in more invasive ways, capturing a visitor's (IP) address or installing pernicious files…The bugs can also be matched with "cookies," the electronic files that are stored on a PC and can contain personal information such as name and e-mail address." Even more devious, in a recent demonstration by the Denver based Privacy Council, a one pixel gif can be used to steal a computer user's entire e-mail address book merely by clicking on a bugged web page. Other examples were tiny executable files placed by the web bug on the user's hard drive that collects online information tracking web visits, or monitoring documents for specific words such as "financial", without any notice to the user. Another form of one pixel gif can be attached to an email, enabling the sender to retrieve information from the recipient, or secretly send copies back to the sender when the e-mail is replied to or forwarded. Some anti-virus and firewall software can protect computers from some web bugs, but they can be very difficult to detect, and the antivirus publishers are working to enhance their protection. Specialty software, Personal Sentinel, to protect against web bugs is now available from http://www.Intelytics.com. This software functions similar to a firewall, protecting from many forms of web bugs.

Many of the new threats to personal privacy are insidious, but should not be so threatening that users stop surfing the net. As had been stated in previous columns, it is imperative to have a frequently updated antivirus program running at all times. In addition to protecting from viruses and Trojans, the antivirus program may screen out some web bugs. Surf, but surf cautiously.

Ira Wilsker is an Instructor IV of Management Development at Lamar Institute of Technology. Ira has been working with computers since 1965 when he took his first computer class at the Illinois Institute of Technology, in Chicago. A past president of the Golden Triangle PC Club, and a board member of the Association of PC Users Groups, Ira is a frequent guest on the local television news, and has lectured locally to internationally on a variety of computer topics ranging from computer and Internet basics, to CyberCrime, and Community Oriented Policing. Ira is the host of the Computer Information Hour on KLVI 560AM every Tuesday, 6-7pm

For more information on the Tulsa Computer Society click here