BOOT CAMP 575 (06/05/09) – Privacy and Paranoia, part
I was surprised to discover that it has been two years since we
last looked at the highly contentious issue of privacy, personal computers and
the Internet. Since then the situation has not improved, if anything it has got
worse, but lets begin with some positive news.
Provided you take a few simple precautions the chances of you
falling prey to hackers, identity thieves, scammers, and net-based ne’er
do-wells is actually quite small. With a little effort plus some simple and
mostly free programs and procedures that we’ll be looking at over the next few
weeks, the risk can be reduced to almost zero.
However, the first thing to understand is that the Internet is not
private, and to be fair, it has never purported to be so. It is a very public
domain and almost all of the information that you send and receive through it,
from emails to the web page you are looking at now, is open to scrutiny by
anyone with access to the network’s infrastructure, from ISPs and government
agencies around the world, to well-equipped hackers, your next door neighbour
could even be at it, hijacking into an unsecured wireless connection.
That’s not to say web connections cannot be made reasonably
secure. Websites involved in on-line shopping, banking and so on routinely
encrypt the information that passes between PCs and the site. You can also
encrypt your emails and send secret messages that almost no one could
intercept; this is something we’ll be
looking at in more detail later on in this short series.
Powerful encryption tools can keep your data safe from all but the
most well-resourced organisations and it’ll certainly keep the street-level bad
guys at bay but since we last looked at internet privacy there’s been a new
development, called Phorm, and it is worrying a lot of people.
In a nutshell Phorm is a way for Internet Service Providers (ISPs)
to track your web surfing activities, with a view to sending you ‘targeted’
advertising. It’s not a new idea and you may even have been a victim of
attempts to spike your browser or email inbox with ads, based on your surfing
habits. Most of them are fairly crude and involve the use of ‘cookies’ or
‘adware’, picked up from web sites and installed on your PC but these methods
are relatively easy to avoid, control or eliminate.
What makes Phorm different is that ISPs are behind it. They are in
the privileged position of being able to directly analyse the data sent to and
from your computer. This also means the traditional methods of protecting your
privacy, using anti-malware and spyware programs, simply do not work on Phorm.
There’s no installed software to remove, though Phorm does make
allowing the user to opt-out of the scheme. There are ways to block or scramble
these cookies but in the end there’s very little you can do to stop your web
traffic being scrutinised by your ISP, aside from switching to another ISP or
going to the considerable effort of connecting to the web through an exotic
intermediary, like a virtual private network (VPN) or an anonymous proxy
There are still plenty of questions over the legality of Phorm,
not to mention the privacy implications, but this hasn’t stopped several ISPs
from conducting trials, in at least one instance without the subscriber’s
knowledge or consent. If you want to learn more about Phorm and make up your
own mind there is plenty of information online, from the official line at
Phorm.com and an extensive Wikipedia article at http://tinyurl.com/37zkwv. A quick Google
search will turn up a host of anti-Phorm sites that include links to petitions
and browser add-ons that claim to be able to disable or block Phorm intrusions.
Phorm may or may not become a widespread concern but right now
there are many more tangible threats to your privacy, and it starts with the
most basic security measures to keep your computer safe. I’m not talking about
protection against sophisticated cyber crime, that’s to come; the first and
most important question is what is to stop anyone in your household or office
poking around your PC? What would happen if someone broke in? How easy are you
making it for a thief? If you have a laptop, what steps have you taken to
protect your data if it is lost or stolen?
If all anyone has to do to access your files is switch your
computer on then you’ve fallen very badly at the first hurdle. Even if you’ve
set up a password protected User Account don’t think for a moment that it will
keep your files safe. A PC password can be neutralised in around ten seconds,
maybe a bit longer if the intruder doesn’t want you to know that your computer
has been interfered with. If there is any sensitive or private data on your
computer it should be encrypted – see this week’s TopTip -- and don’t forget
any backups that you have made. Data on laptops is especially vulnerable, and
it goes without saying that you are just asking for trouble if you don’t
protect data stored on USB pen drives and memory cards.
Next Week – Privacy, Part 2 3 4 5
text files stored on a PC by web sites that can contain a wide range of data
such as preferences and personal information
server through which web pages and email messages can be relayed making the
user difficult or impossible to track or locate
Private computer network with Internet links that can be remotely
It’s not difficult to encrypt your files and facilities are built
into Windows XP Professional (http://tinyurl.com/57wphz) and the
Enterprise and Ultimate versions of Vista (http://tinyurl.com/cvmyro).
Even if you are using one of the home or consumer versions of Windows there are
plenty of simple to use third-party encryption utilities available, such as
which is also completely free, so there’s no excuse!
Don't forget, there's a full archive of previous Boot Camp Top
Tips at www.pctoptips.co.uk/
© R. Maybury 2009, 0804