2008

BOOT CAMP ARCHIVE 2009

BOOT CAMP 575 (06/05/09) – Privacy and Paranoia, part

I was surprised to discover that it has been two years since we last looked at the highly contentious issue of privacy, personal computers and the Internet. Since then the situation has not improved, if anything it has got worse, but lets begin with some positive news.

Provided you take a few simple precautions the chances of you falling prey to hackers, identity thieves, scammers, and net-based ne’er do-wells is actually quite small. With a little effort plus some simple and mostly free programs and procedures that we’ll be looking at over the next few weeks, the risk can be reduced to almost zero.

However, the first thing to understand is that the Internet is not private, and to be fair, it has never purported to be so. It is a very public domain and almost all of the information that you send and receive through it, from emails to the web page you are looking at now, is open to scrutiny by anyone with access to the network’s infrastructure, from ISPs and government agencies around the world, to well-equipped hackers, your next door neighbour could even be at it, hijacking into an unsecured wireless connection.

That’s not to say web connections cannot be made reasonably secure. Websites involved in on-line shopping, banking and so on routinely encrypt the information that passes between PCs and the site. You can also encrypt your emails and send secret messages that almost no one could intercept; this is something we’ll be looking at in more detail later on in this short series.

Powerful encryption tools can keep your data safe from all but the most well-resourced organisations and it’ll certainly keep the street-level bad guys at bay but since we last looked at internet privacy there’s been a new development, called Phorm, and it is worrying a lot of people.

In a nutshell Phorm is a way for Internet Service Providers (ISPs) to track your web surfing activities, with a view to sending you ‘targeted’ advertising. It’s not a new idea and you may even have been a victim of attempts to spike your browser or email inbox with ads, based on your surfing habits. Most of them are fairly crude and involve the use of ‘cookies’ or ‘adware’, picked up from web sites and installed on your PC but these methods are relatively easy to avoid, control or eliminate.

What makes Phorm different is that ISPs are behind it. They are in the privileged position of being able to directly analyse the data sent to and from your computer. This also means the traditional methods of protecting your privacy, using anti-malware and spyware programs, simply do not work on Phorm.

There’s no installed software to remove, though Phorm does make use of cookies, ostensibly as a way of identifying your PC or as a means of allowing the user to opt-out of the scheme. There are ways to block or scramble these cookies but in the end there’s very little you can do to stop your web traffic being scrutinised by your ISP, aside from switching to another ISP or going to the considerable effort of connecting to the web through an exotic intermediary, like a virtual private network (VPN) or an anonymous proxy server.

There are still plenty of questions over the legality of Phorm, not to mention the privacy implications, but this hasn’t stopped several ISPs from conducting trials, in at least one instance without the subscriber’s knowledge or consent. If you want to learn more about Phorm and make up your own mind there is plenty of information online, from the official line at Phorm.com and an extensive Wikipedia article at http://tinyurl.com/37zkwv. A quick Google search will turn up a host of anti-Phorm sites that include links to petitions and browser add-ons that claim to be able to disable or block Phorm intrusions.

Phorm may or may not become a widespread concern but right now there are many more tangible threats to your privacy, and it starts with the most basic security measures to keep your computer safe. I’m not talking about protection against sophisticated cyber crime, that’s to come; the first and most important question is what is to stop anyone in your household or office poking around your PC? What would happen if someone broke in? How easy are you making it for a thief? If you have a laptop, what steps have you taken to protect your data if it is lost or stolen?

If all anyone has to do to access your files is switch your computer on then you’ve fallen very badly at the first hurdle. Even if you’ve set up a password protected User Account don’t think for a moment that it will keep your files safe. A PC password can be neutralised in around ten seconds, maybe a bit longer if the intruder doesn’t want you to know that your computer has been interfered with. If there is any sensitive or private data on your computer it should be encrypted – see this week’s TopTip -- and don’t forget any backups that you have made. Data on laptops is especially vulnerable, and it goes without saying that you are just asking for trouble if you don’t protect data stored on USB pen drives and memory cards.

Next Week – Privacy, Part 2 3 4 5

JARGON FILTER

COOKIES

Small text files stored on a PC by web sites that can contain a wide range of data such as preferences and personal information

ANONYMOUS PROXY SERVER

Internet server through which web pages and email messages can be relayed making the user difficult or impossible to track or locate

REMOTE VPN

Private computer network with Internet links that can be remotely accessed

TOP TIP

It’s not difficult to encrypt your files and facilities are built into Windows XP Professional (http://tinyurl.com/57wphz) and the Enterprise and Ultimate versions of Vista (http://tinyurl.com/cvmyro). Even if you are using one of the home or consumer versions of Windows there are plenty of simple to use third-party encryption utilities available, such as EncryptOnClick (http://tinyurl.com/cwzsde), which is also completely free, so there’s no excuse!