It’s no secret—or surprise—that I’ve turned into something of an Internet humbug over the years. I wasn’t in on the whole Net thing from the ground floor, but pretty near. Hint: the first browser I used on a regular basis was NCSA Mosaic.

Since those heady early days, I have seen the Net—and the World Wide Web in particular—transform in a number of ways, most prominently from a loose confederation of outposts into a full-blown commercial theme park. This is not necessarily a bad thing, and there’s certainly plenty of frontier left to explore. (The cool thing about this metaphor in the framework of information networks is that the frontier is in the same place it’s always been, and just as accessible; it just currently resides within a matrix of gift shops, snack bars and “Get Your Picture Taken With Spongebob” photo kiosks. Oh, and dirty book emporiums. 😉 )

But the frontier, with all the potential rewards and risks implied by the term, is still there.

I was taken to task by someone close to me about a week ago for a reply to something her significant other sent me. It was one of those, “Cool Things You Never Knew Your Cell Phone Could Do” email forwards. More specifically, it was this one. I replied with a link to the Snopes article, prefaced by a “*sigh*”. Smartassish of me, perhaps, but I really, truly get sick of these moldy, re-re-re-reconstituted chunklets of Internet lore, and the more of them I get, the less likely I am to be nice about it.

Imagine that a friend told you that Starbucks was giving away free lattes, and you ran down to your neighborhood shop (one of four or five in a ten-block radius, no doubt) only to be told that sorry, Starbucks was not giving out free lattes, that they were not sure from whence this rumor had arisen, but that it wasn’t true, and had in fact not been true the last three times someone had spread the rumor. You’d call your friend and tell them that this unexpected largesse on the part of the Subway of Coffee was a myth, and advise him or her to stop telling people otherwise. The next time someone called you up to tell you about the Big Latte Giveaway, you would tell them that no, Starbucks is not giving away free coffee; don’t bother going down there, tell your friends not to bother going down there.

By the eighth call (or twelfth call [or fourth round of clusters of eight or twelve calls, separated by increments of three to twelve months]), you would be informing the excited bearer of glad tidings that THERE IS NO FUCKING FREE FUCKING COFFEE BEING FUCKING SERVED AT STARFUCKINGBUCKS. This is just human nature; even if the news is new to them, you’re plain sick of hearing it, and it tends to show.

I decided a while ago that I would simply ignore any piece of email sent to me by a friend, family member or coworker that I did not agree with or enjoy; stale Internet humor, political rants, bizarre or distasteful media clips. It costs me nothing to summarily trash them without comment, and a few times I have replied with editorial input have resulted in crossed signals, hurt feelings and worse.

On the other hand, my policy towards mis- or disinformation is to attempt to quash it immediately. There is something really aggravating to me about being sent a forward containing information–information that could easily have been verified online prior to sending–that I plain know is incorrect. (Okay, so maybe this person is not aware that there are Web sites out there dedicated to fact-checking this sort of Net lore; are they perhaps aware of the advent of the search engine? Why is it that normal, intelligent people can use Google a hundred times a day to find interesting movie facts, a new ottoman for the living room or a picture of their own house from space, but when it comes to a piece of questionable information sent by a friend of a friend of a daughter of a coworker’s massage therapist, the impulse to use this indispensible tool for information retrieval never bubbles up to the surface?)

Worse still is the knowledge that this erroneous nugget-O-knowledge has most likely been sent to half a dozen people more gullible than myself, who will then forward it on to a hundred others, and so it goes, and so it goes, and so it goes. The Circle of Lies.

Obviously, the mean damage inflicted upon society by a factually questionable forward about cell phone tips and tricks is negligible. But just as often, the erroneous information being passed along is of a more potentially destructive nature. An outdated call for email Christmas cards to a child long-dead of leukemia could cause untold grief to parents trying to recover from their loss. Warnings about rapists luring women out of their houses with recordings of crying babies (a tactic never, ever reported having been used in the physical world) increase people’s stress level unnecessarily, and may stop someone from going to the aid of a genuinely endangered infant. Gang initiations involving driving with your headlights off and killing the first person who flashes their brights at you. Carcinogenic pet foods or fabric softeners. Boffo or hopelessly outdated computer virus alerts. The latest amazing photograph cropped, Photoshopped or just taken completely out of context for maximum impact. Bogus terrorist plots.

This last one really strikes home for me. In October of 2001 I received a forward from a friend of mine about a terrorist plot to strike in malls all over America on Halloween. She had forwarded the message to perhaps two dozen people, including myself. I normally don’t use the “Reply All” function on emails sent to a large group of people unless I am on a close social footing with all of them; however, this time I made an exception. I emailed the Snopes link to the entire group, including the line, “You might want to check this sort of thing out on Snopes before you forward it: might save you some embarrassment later on.” I received a curt reply back from the sender: “I’m not embarrassed. I’m concerned.” I bit my tongue (or in this case my fingers) and refrained from replying, “Oh, okay. Then if you’re ‘concerned’, you might want to check this sort of thing out on Snopes before you forward it because it might save some poor Arab American from being LYNCHED BY A PANIC-STRICKEN MOB because you were too lazy to check your fucking facts.”

Anyway, the real reason I brought up the whole Snopes thing was to illustrate a point. The person who called me out on my email (about fifty lines of text ago) took particular issue with the “*sigh*” portion of my email. She noted that, when she went to the Snopes article in question and clicked the link marked “Click here to e-mail this page to a friend”, the email that was generated did not include a “sigh”, but instead included a nice, friendly little note to the effect of, “I found this article on Snopes.com and thought you might be interested.” The intimation being that I had stripped the friendly, helpful content out of the email generated by the Snopes Web site and replaced it with my own, more sarcastic input.

It took a couple of back-and-forths for me to figure out what she was implying, due to a simple disconnect between her and my way of thinking about navigating the Web. I had not, in fact, modified the content of Snopes’ prefab message after clicking on their “Click here to e-mail this page to a friend” link, because I never clicked on the link. It would never occur to me to click on a specialized link to send the article to someone. I just copied the address of the article up in the address bar of my browser and pasted it into the body of an email message. Using Snopes’ (or any other Web site’s) handy-dandy mail-this-to-a-friend link goes against the grain of my thinking. It means that, in order to send the link to someone, I would have to surrender their email address to the Web site in question, to be retained and used as their privacy policy allows, assuming they don’t violate their own policies all the time. Not, I hasten to assure you, that I have any reason to assume that Snopes does anything of the kind. It’s just easier and safer to take them out of the equation entirely. To do otherwise would be like writing a letter to my mother and taking it to my local Target, handing them a pre-addressed envelope and asking them to put my letter in the envelope and send it to my Mom. Sure, the person behind the counter might just slip the letter into the envelope, seal it and send it on its way. Or they might decide to copy the address on the envelope and send my Mom a Target catalog while they’re at it, reasoning that heck, everybody wants a Target catalog, don’t they? Or, the person might just copy both the addresses on the envelope to send catalogs to, sell the addresses to two dozen direct marketing firms, and scan the contents of the letter for any other information they can use. After all, I was the one who handed my private correspondence over to a commercial enterprise instead of sending it out myself; don’t I more or less deserve whatever side-effects occur as a result? That’s just the way the world works, isn’t it?

To be honest, I’m not sure if the gulf between my philosophy on the subject and that of my aforementioned correspondent has to do with our mutual levels of computer/Internet/marketing knowledge and/or sophistication, mutual levels of paranoia/mental illness/radon gas present in our living spaces, or a combination of the two. (Is that only two? I’ve lost count.) But I would certainly consider it reasonable to assume that many people are simply unaware or unconcerned about the waves of personal information that Doppler away from them as they meander the Web. Some of those people might benefit from a heightened awareness of same. Some will not. It is for the former that I hereby present a short list of the kinds of things I regularly do to protect my privacy and security on the Internet. This is by no means a complete list, either of my own practices or of the span of Internet safety practices as a whole. Some of these are tried and true tactics; others may be based on pure paranoia. You may find something of merit in here, and if you have your own to contribute, by all means, feel free to do so.

1. The aforementioned tactic of not using site-generated tools for sending links, messages or other forms of communication to people. I don’t like giving the entities who maintain Web sites any more information about myself than I have to. It always kinda irks me to get an email from someone and quickly discover that they couldn’t—or wouldn’t—figure out how to send me a link to a news article/picture of their new puppy/invitation to their birthday party without first giving my contact information to some third party for the privilege. Was the link/photo collage/invite really so incredibly enhanced by the addition of cute border graphics that it made hading over my contact information worthwhile? (And for those of you reading this who have sent me such things: cool your jets. I don’t hate you, I don’t think you’re idiots, I’m not mortally offended, I’m not that big of an asshole. I just don’t super-duper care for it. I’ll get over it.)

   It’s really not that difficult to copy the URL for a specific site out of the address bar and pasting it into a new message in your favorite email program. Some sites, like YouTube, even go out of their way to make it easy for you by making the URL available in a little window marked “URL:” so you don’t have to go allllll the way up to the address bar. Some sites may use frames, that–intentionally or otherwise–obscure the real URL of the document in question. You can easily get around this by right-clicking (Control-clicking, for Macs) somewhere in the area of the information you were hoping to copy the link for. In most browsers, somewhere in the resulting pop-up menu will be a place to deal with the Frames issue, with options like “Open this frame in a new window” or “Bookmark this frame”. Strangely, the new Internet Explorer 7 for the PC does not seem to offer any frames-related options when you right-click. I can’t imagine why; perhaps their design team felt that being able to break up a page into its constituent frames would have a detrimental effect on the overall Web user experience or something.

2. I use a wonderful piece of free software called Privoxy. Not for the complete newbie, but a powerful tool for controlling the flow of information to and from your computer over the Web. Out of the box, Privoxy is configured to manage your computer’s Web connections, making granular choices about what information you really want to send and receive, and always giving you the option to override its built-in filters. In addition, you can use it as a standard Host file-type ad blocker, causing connections between your computer and servers that do nothing but send you advertisements and track your passage through the Web to loop back on themselves. Privoxy can even manage your cookies, which are often used to track your movements across the infoscape. (Ever been to Dilbert online? Used Altavista? Been to one or more of over eleven thousand other Web sites? Congratulations: you are a permanent entry in the data banks of DoubleClick, one of the most insidious and pervasive Web user data collectors in the world, based primarily around cookies.) If you take the time to learn to use it, Privoxy is a fantastic tool for protecting yourself online.

3. My PCs are loaded with a diverse collection of antivirus, anti-spyware and firewall software. I’m far, far less worried about my Macs, and only use OS X’s built-in firewall, Privoxy and a cool little app called GlowWorm that tells me when programs on my computer try to access the Internet–often sending information back to the company that wrote them (known as “phoning home”)–and allowing me to block them if I feel it necessary. There are lots and lots of reasonably priced security software packages out there for the PC. This is not meant to be a review of any of them. I run three different packages on my three PCs, and they all have their advantages and disadvantages. The more expensive packages will include privacy-protection features as well, that help to control many of the same privacy-related problems that Privoxy handles. Pick one from a major vendor like Symantec, McAfee, Grisoft, Trend Micro….chances are it’ll work well for you, so long as you keep it updated. I also run additional free anti-spyware utilities such as Windows Defender and Ad Aware. Unlike antivirus software, where it’s best to only have one product installed on your computer at a time, having two or three anti-spyware utilities is actually a good idea, since no one of them will effectively screen against everything.

   I get the feeling from some folks that the idea of the threat posed by computer viruses, trojans and other malware just doesn’t resonate with them. As in, “Why should I really care if my computer has some sort of program running on it without my permission? there are hundreds of things going on on my computer that I don’t have any knowledge about or control over. If the computer still works, why would I want to spend fifty to a hundred bucks just to keep this stuff at bay?” The answer is simple enough. If you balk at the thought of people selling pirated DVDs out of your garage; if you’re uncomfortable with the idea of your kids being solicited by sex-toy vendors when you’re not at home; if you would never dream of letting some stranger send junk mail out to people using your home mailing address; If you would be openly suspicious of someone who poked their head through your office window and wrote down everything you typed on your computer keyboard; if the idea of anonymous criminals stashing child pornography in your office filing cabinet makes your skin crawl, then you need to use and maintain computer security software to keep the same things from happening on your PC.

4. Everyone who uses email and/or a Web browser should have a basic understanding of how Internet addresses work, and how to spot a bogus one. This is crucial to being able to identify “phishing” scams, both in email and on the Web. Here’s a very, very basic tutorial:

   If you bank at Bank of America, the web site address for your bank will look something like this:

   http://www.bankofamerica.com/

   The Account Login section will begin with “https“, the “s” means it’s a secure, encrypted connection.

   If the address looks like

   http://bankofamerica.someboguswebaddress.ru

   or

   http://www.bankofamerica.com?s=redirect:scamwebsite.someboguswebaddress.cz

   or something similar, it’s almost certainly a scam. Essentially, there had better be only one actual Web address (the part that ends in “.com”, “.net”, “.org”, “.edu”, etc. In the bogus examples above, the “.ru” and “.cz” mean “a Web site in Russia” and “a Web site in Czechoslovakia”, respectively) in the address you are going to, otherwise it is likely you are being taken somewhere else, somewhere you do not want to go. Even if the link provided in an email looks like it goes to the right place, unless you look at the actual, source-code link embedded in the email, you do not know for a fact that the link goes where you think it does. Take this link, for example:

   http://www.nra.org/

   Did you click on it? Did it take you to the NRA Web site? It did not. that’s because the actual link embedded in the HTML had nothing to do with what was written in the text of this page. The two are quite different and separate from each other.

   Here is a more in-depth tutorial on identifying and avoiding phishing scams.

   [Funny: just as I was about to publish this post, I got the worst phishing spam I’ve ever seen. Apparently, my Ebay account has been suspended due to suspicious activity. that’s okay, though: all I need to do to get it up and running again is scan my credit card (front and back), my credit card statement, and my driver’s license, attach them all to an email and send it to a suspiciously Ebay-ish kinda sorta looking address. Oh, I’ll get right on that! It’s a damn good thing that the characteristics of email make it about as easy to send fifty thousand of these messages as it is to send one; I’d hate to think of someone trying to eke out a living with a limited number of targets for scams this dumb. On the other hand, no, I guess I could say that I like the thought of that very much.]

5. In the same vein of general online protection, I use a router on my home network. This tip is no news to the majority of my readers (hi, you two!). To the rest of you: if you have high-speed Internet (cable, DSL) and you don’t already have a router, disconnect your computer from your cable modem, erase the hard drive and start over. It has already been turned into a distributed botnet zombie. (Unless it’s a Mac. In fact, here’s a tip: if you have high-speed Internet at home, don’t currently have a router and don’t know why you would want one, you should do all your computing on a Mac. It’s not that Macs are invulnerable to attack, they’re just much harder for novice hackers to break into.) While the time it takes for hackers to identify and take control of an “exposed” PC has increased over time (from a low point of about four minutes), the likelihood is still quite high that your routerless cable-modem-powered Internet PC is doing someone else’s bidding (see the list of nefarious things your computer might be doing at the end of 3, above).

   In simple terms, a router sits between your DSL/cable modem and the computer(s) on your network. It acts as a single portal through which all your network traffic travels. With a router in place, your computer is—fairly—invisible to the rest of the Internet, which—mostly—only sees the router. This alone can stop a large percentage of the kinds of automated attacks against computers connected to the Internet. It also happens to allow more than one computer to share a single Internet connection, which is handy as well. A modern home-network router is cheap (fifty to a hundred bucks, depending on what features you want), fairly easy to set up (if you aren’t familiar with the concepts behind the use of a router, you’ll need to follow the included instructions to the letter, but those directions have gotten pretty damn idiot-proof over the years) and can be bought at any computer or office-supply store.

6. I tend to avoid “free” online services like LiveJournal, PhotoBucket and Evite. I don’t have any particular reason to feel that these are disreputable or malicious companies (with the exception of WeatherBug, see below); I just feel like I can find other ways of availing myself of the same services without having to first read an exhaustive “Privacy Policy”. In fact, you’re soaking in one right now. 😉

   Same goes for “free” software like Google Desktop, WeatherBug and Yahoo! Messenger. The mere fact that these products/services–by definition–generate a constant stream of data back and forth between the service provider and the end user, while being offered “free of charge”, gives me pause. These two phenomena are mutually contraindicated; the information being gathered by the service provider during this continuous exchange must be helping to provide the revenue stream needed to keep the business afloat. At the extreme end of the spectrum, you end up with things like the now-infamous Kazaa, a popular file-sharing tool that was found to contain code that could be used to turn every computer running the software into part of a massive, distributed-computing network at a command from the mother ship.

   As far as WeatherBug goes, I learned all that I needed to know about this software by trying to remove it from our housemate’s computer. Any software that tries no less than three times to discourage you from removing it, then tops it off by sending your Web browser to an online form asking you to explain why you decided to remove it anyway, is by any reasonable measure a piece of software you do not want installed on your computer.

7. Similarly, I avoid signing up for “members only” sections of Web sites whenever possible. A limited number of news/content providers or specialized bulletin boards, sure; it’s a necessary evil. But I don’t subscribe to every neato service I find on the Web, primarily because a) I think my personal information is more valuable than free weather updates on my mobile phone, and b) chances are really good that someone else is offering whatever the good/service is for free, without having to hand over my email address. Super double maxi ditto for online drawings and giveaways.

8. As a corollary to 6 and 7, I have a special “throwaway” email address I use for all online activity: bulletin boards, online shopping accounts, product registrations, what have you. If ever I feel like this address has been compromised in some way (say, lots and lots of commercial offers start rolling into that address’ Inbox), I delete the addy and create a new one. The truly paranoid will delete the old address and create a new one every few months as a matter of course.

9. This one’s kind of weird, but I never jump from one Web site to another in the same browser window. There are systems out there that allow computers to track the destination of a visitor as they leave one Web site for another (not just the “exit page“, but the actual address to which the browser travels next). I haven’t been able to dig up enough information to determine whether such systems use cookies (obvious, and easily defeated by 2 and 3 above) or other ways of parsing the http requests coming through their portal (possibly with the help of a Javascript? I’m not smart enough to know and not tenacious enough to find out) to determine where you’re heading. But I suspect these systems would require that the new destination address be entered into the same browser window as the site being departed in order to work. By closing down one browser window before entering another, I can—possibly—reduce the tracking of my online activity even further.

That’s about all I have time to offer up. I keep thinking of new ones every time I look this over, but since chances are really good that you stopped reading about a half-hour ago, I don’t think I’ll bother updating the list further. If you have any input of your own regarding these or other security tactics, I’m 72% ears. The rest is gut and a nonfunctional pancreas. 😉