Privacy and the Internet
The Internet provides a wealth of sources for information, products, and services of all types, making it a convenient place for consumers to research topics and make purchases. Although Internet users know that some personal data will be required to make a purchase, they are often unaware of the personal data that can be collected without their knowledge by simply visiting a Web page or reading e-mail. This paper addresses some of the ways unauthorized personal information has been and is being collected and steps that can be taken to prevent or avoid this collection.
To make an online purchase, an Internet user must provide a certain amount of personal information to the vendor. This information usually includes the user's name, address, telephone number, e-mail address, and credit card data. There have been many reported cases of security failures at online vendors of products and services. Because of this publicity, most Internet users are aware that there is a potential for the information they provide to be exposed to the world whether by human error, careless security practices by a vendor, or a successful attack by a hacker. However, most users are not aware of the amount of personal information that can be collected without their consent when they do such ordinary things as visiting a Web page, opening a document, or reading an e-mail message.
How can personal information be collected without the user's knowledge? Information about an Internet user can be collected in many ways, including the underlying protocol of the Web, “cookies”, banner advertisements,"Web bugs", and hi-tech "toys". A user may also provide information to an online vendor to reduce annoyances. Almost every user has seen a popup ad for the X10 wireless video cameras and some of the ads are almost full-screen in size. The X10 company is aware that people can become annoyed when the same popup ad keeps appearing. Some of the ads have a "Click here to disable this ad" button that takes the user to an X10 page and promises not to show the ad again for 30 days. (X10 popup, October 2001.) This requires that a “cookie” (a small text file recognized by a Web server) be installed on the user’s computer. A small piece of information has been collected about the user: this computer has seen an X10 ad because the usual link to the popup inhibitor page is via an ad for some X10 product. The X10 site also knows the IP address, operating system, and browser version of that computer. If a user visits the popup inhibitor page directly by using the URL in the bibliography, the same information will be collected. This is covert data collection because the user did not intend to give information but simply wanted to suppress an annoyance.
How does a server know so much about a user’s computer? The protocol of the Web requires that a certain amount of information be exchanged between a user’s Web browser and the Web server with...