Other reader web safety tips

I got the note below in December 2002:

I was reading your article about Internet Security and keeping your identity safe. I work in IT, so I thought I'd pass on what I know in case someone finds it useful.

Running Windows? Try the opera browser (www.opera.com) it can be set to throw away all cookies, what sites you've been to and empy it's own cache when you exit.

Evidence Eliminator is a paid for product, but you can get fully working copies of it from Computer magazines (if you're lucky).
There's also a freeware program that performs a similar function - you can get that from http://www.securitysoftware.cc/apps.html
Have a look for "wipeout".

If you plan on doing a reasonable amount of email - consider an extra email client to Outlook Express. Eudora, Pegasus, etc are all good
email clients and you can hide them away on your computer to reduce risk of being caught in the act.

I received this in August 2003:

Web browsers:

I use Mozilla Firebird (http://www.mozilla.org/products/firebird/) as my web browser. It's cache/cookies/history are easily cleared with a couple mouse clicks.

Web-based email services:

I would NOT use Hotmail, Yahoo, Excite, AOL, or anything else that offers web-based email services. Your login is secure with Hotmail for example, but any email you read can be monitored. (Snort, http://www.snort.org, run that on your computer while surfing the web and all sorts of things will be turned up) I'm sending this from a Hushmail.com account, with an automatically generated email address, reading my email over 128-bit SSL and then further encrypted by 2048-bit security for anyone sending me an encrypted email. The subject line might give something away, however.

AIM, MSNIM, YahooIM, etc.:

These are easily monitored, just like HTTP traffic can be. Jabber (http://www.jabber.org/) can run over SSL can connect to the AIM, MSNIM, YahooIM networks, keeping your side of the communications secure.

Registering your own domain:

GoDaddy.com offers privacy-protected domain name registrations for only $9.00 extra a year. They simply put a valid front company in your WHOIS record. Putting fake information into a WHOIS file for a domain could be grounds to get it removed.

This also came in during August 2003:

Just reading your safety tips, maybe there is another one you could add. It's a very sad case, I corresponded with a woman like myself (I transitoned finally in 1974) and we got to know each other. She was married, and just her husband knew about her.

She liked hopping around the internet and sometimes even disclosing her past. One guy got her even in such a state of believe in his true interest into all things TS, so she sent him a pic of her with minimal blackening of her face. Because, as she believed him, he was from another city several 100 miles away from her own (which she wisely had not disclosed to him).

However, after some days there was something strange goin on in her circle of friends. And on one evening her husband came back full in arms, a friend has not openly told him about his wive being a former TS but had made strange comments.

So, to keep that letter short, finally she found out that this man, she sent the picture, not being from a city far away but living just some houses away from them. He used that city because he was born there and wanted to hide his wherabouts for unknown reasons.

And now my advise: had she put his emailadress into Google, she would have found out his adress, as I have shown her after she has told me all that story.

NEVER EVER believe a stranger ANYTHING online. Check her/his email. put the name(s) into the search form and/or any personal information she/he may have given.

For her it's too late, her husband left her because he could not stand all that whispering around him anymore.

A reader wrote in July 2004, "I just had to offer an addendum to your series on internet safety and privacy, because it comes from personal experience. Please feel free to use it if you can. I think it is pertinent, especially since the 9/11 incident."

Ever since 9/11, the world is a different place. People are more cautious, protective and scared. Governments and Corporations are working harder than ever to stop the flow of important information out of their companies, and also to stop the flow of unwanted items back in. Hackers and cyber spies are working extra hard as well; some to steal government and corporate secrets, others just to break into websites and information storage spots, just for the sake of saying they can (a power play). Some employees are even paid to sneak information out of places. As a result, many organizations have hired information “security specialists,” whose sole purpose is use an arsenal of tools and countermeasures to monitor and stop this type of activity, and hopefully prevent it from happening in the first place. Sounds like international espionage, doesn’t it? It is ;). Specialists are armed with unique tools and certifications, and one of them is called a “sniffer.” These little utilities (usually software programs) are designed to track pieces data flowing in and out of places, and also track where it is going, and where it started. It has been said that Safe Surf sites can avoid this sort of thing, but not entirely.

For example, let’s say you work at the West Coast Widget factory. While they can’t see what you are sending, if you are behind their security firewall, they can see that you spent some time using a safe surfing site, and that could arouse suspicion. What’s more, today’s sniffers and snoopers are getting to where they can actually decipher some of that data, so if you are sending personal information, it might be readable, if they wanted to. This goes back to the notion that any public place is at risk. So we should all surf from home, right? That way all I have to worry about is my family, right? Maybe not. Online services (like America Online), and Internet Service Providers (ISP’s), since 9/11 and the Oklahoma City Bombing incident, have taken steps to make sure that their customers are not going to contribute to that sort of thing in the future. New laws have allowed them some leeway to implement such monitoring to an extent. “Great, you say, this means no place is safe…” Well, yes and no; there is some hope (read on). When you log in from anywhere, you get a unique number (the ubiquitous Internet Protocol, or IP address). This may be just within your internet company, or it may be a unique world number. And if you have one of those nifty router firewall things, you are not immune either, because it still has one that the internet company gives it. Ever had one of those popups that shows you your IP address and tries to sell you some bogus protection software? “WARNING: you are broadcasting 123.456.78.90!” That’s the number (the popups are mostly silly jokes, by the way). You can also visit http://www.whatismyip.com, if you want to know what it is.

Don’t freak out yet, there is more. Safe surfing sites sometimes act as “proxies,” and act on your behalf to send a pretend IP address to make it look like you are in Norway when you are in New York. But remember, the site itself that you are browsing through can see your IP address too, so make sure you trust that safe site as well. IPs are unique out on the net, and specific ranges of numbers are unique to certain companies. So if you are with blahblah Internet, that number tells whoever may see it that you are in that part of the world, IF they can figure it out. If you log into irc or a chat program, it’s sometimes easy to tell generally where you are, because sometimes it will show as blahblah@int.internetcompany.net, or part of your IP address (which is safe) and so forth. Well ok, so that gives a vague, sometimes 10 state range of where you could be since the internet company can be very big, and AOL is everywhere. The problem is if someone has your IP address, programs and utilities that do a thing called route tracing can follow a piece of data over the internet, back to where your IP address is. Suddenly they can see the town I am in, and the internet company I am using. Now consider that and the fact that internet companies can monitor the data going between you and their service, and THEY know exactly who you are (or who is paying the internet bill, right down to the street address). Ack!

Well, remember I said there was hope? While AOL is probably the best at tracking data like this (they can log AIM chats too), as they are an online service, regular internet companies can too. BUT, remember what they are looking for is in relation to matters of national and international security, not our personal health concerns. *phew* AOL simply cannot afford the time and people it would need to watch everything, so you are going to be safe for the most part. Everything on the internet has a trail, but if you don’t arouse suspicion, no one will ever bother to care. Most individuals don’t care either, unless you are doing something suspicious. But maybe there is something to be said for those random internet cafés and libraries after all. This is the most important: especially if you are young, please “Watch what you say,” no matter where you log in from. If you start using words like “Anarchy,” “Bomb,” and “President,” particularly in the same sentence, their little monitoring software might wake up and wonder what is going on. Then again, if you WANT attention, well, that just might be a good way to do it J. But it’s not that likely if you use yer noggin’. You have to decide what you want to share, just don’t get carried away like I did (see below). Also remember that almost all messenger chat programs and emails can be logged by the company or service offering them. This includes, AIM(icq) as I said, but also, MSN, Yahoo Messenger, Jabber, irc, (and others) and even mobile phone TXT messages.

I have always been called “too trusting,” and I realized how much one day. I was lonely, and had wanted soo much to reach out to someone, anyone almost, so I trusted a little when I should have waited. Suddenly I was informed there was a doctored picture of me on a smut site. I had been taken advantage of, and ended up losing my job, not to mention a lot of friends, and ended up going into hiding for a while, all because I was a bit too naieve. I had used a safe surfing site, and an IP proxy, deleted my browsing history, all of it, and I thought I was completely untraceable. I was wrong. Both at home and at work, I was still visible. In fact it was someone (a then friend) who was a moderator on a message board I visited. Turns out this person also happened to work at my then internet service, (I had no idea). Message boards often record the IP number to make sure it’s the right person logging in, which is perfectly in the board’s rights to do so. But in this case, it was over the line, and taking that login and home IP number back to the ISP, got a match. I was humiliated, and the rules of respecting privacy were broken. I could have made something out of it, but I was stuck because I didn’t want or need that kind of publicity. The course in common sense has only one class period, and I learned fast. And this was before 9/11 even happened. Some years later, I still needed people to talk to, and decided that I could trust people here, and so I am back, but a lot more timidly now, and with more street smarts. I have decided to take that risk once again.

More hope to allay your fears: Consider that ANY type of communication can be misinterpreted, gossiped, lied about, etc. That’s just life. The internet does allow for more misleading stuff, but it’s still communication, so the basic common sense rules apply. And when you talk to someone else, phone, in person, or on the net, there will always be some inherent risk. I learned this the hard way, even though it was an extremely rare occurrence. Here is a good rule of thumb, if it feels wrong, DON’T. Common sense is an oxymoron.

From a reader in April 2010:

If you want to leave no trace on your computer of your activities then I would use a live CD version of a Linux operating system. My personal favorite is Ubuntu.

Second, I have always had a passion for writing, but my parents check my computer for innapropiate content every once and a while and them finding my journal enteries would be horrible for me, so I would recommend TrueCrypt. It creates encrypted "containers" that you can disuise as anything, such as a word document. The "containers" are password protected and can only be opened with the program. You can keep any computer file in them and the only way to see a file in the container is to mount it using truecrypt and your password.

In this section:

Transgender web safety

Safely visiting transgender websites

Safely interacting with others online

Putting up your own website: pros and cons

How to minimize an existing web presence

Readers who have been outed online

Reader tips: online safety

Other web resources