privacy on the web

Google Thyself

I have a series of Google Alerts set up to alert me daily on such interesting topics as data theft, data breach, etc., etc., and I have one set up for my full name, or any two parts thereof. I have, as it happens, a very unique name, and should someone decide to post my name and information for sale on any of “those” forums, or otherwise post as me, I will be notified.

It is common these days for HR staff to run a search engine query on potential employees. I still capture emails I sent out in 1999 about a technical issue where I was working that are archived in various places.

So you have a terribly common name - no big deal. Try using your full name in quotes, with a plus sign, then your city and state. So, for example John Smith might start out with Google results of “about 66,500,00,” but use of quotes narrows the results to “about 5,730,00.”

Now add a city, say Atlanta, and the results draw down further to “around `130,000.” Paradoxically, if you add Atlanta, Georgia, the results go up to 150,000, but if you add the state as GA, the results drop further to around 39,000.

If you’re on the web on a regular basis, do yourself a favor and keep an eye on yourself.

Web Bugs and Email

I’m a big advocate of disabling HTML in email messages. The marketing people scream because they can’t run their pretty code to sell products and convey appealing images. Other folks love being able to use those nice fonts you can’t use with Rich Text for signatures.

But a pretty face can’t justify the dangers in accepting HTML email. I’m not talking about Gmail, Yahoo or Hotmail - those are web clients for email. By default they accept HTML email, but you can turn that off.

Virus writers have known for years that the auto-open of Microsoft Outlook will “run” HTML code, including activating embedded web bugs.

The recent report on Web Tracking by the University of California at Berkeley spotlights the use of web bugs on web pages and HTML email messages. HTML Email can be written to:

1. Use a web bug to find out if a particular message has been read by someone and if so, when the message was read.
2. Use a web bug to provide the IP address of the recipient.
3. Use a web bug to report how often a message is being forwarded and read.

Spammers love web bugs, because they can be invisibly embedded in the email HTML code to do the following:

1. To detect if someone is viewed a junk Email message or not. People who do not view a message are removed from the list for future mailings.
2. To synchronize a Web browser cookie to a particular email address. This trick allows a Web site to know the identity of people who come to the site at a later date.

Plus, phishers can use HTML to disguise the link that they send in the email so that it “looks” like a legit site.

HTML in email can be turned off, and frankly, should be turned off.