@internet -- Private Eye

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Home Articles STARK REALITIES About This Site My PGP Public Key

After Hours Reality Check Magazine A Season in Methven Our Host Send Me Mail

Writing a regular column -- or, rather, writing this column -- is something of an extended exercise in selectively compromising my own privacy. And everything that happens to me is potential grist for my confessional mill.

Over the years -- as I've evolved what passes for a writing style -- I've developed the habit of approaching my topics via an indirect route that often begins with a revelatory anecdote I draw from personal experience, with the "real" topic coming as a digression from that disclosure. Eventually, I get around to tying the two topics back together and, if I'm lucky, I manage to bring the essay to a satisfactory conclusion.

But -- almost always -- I start out with that initial kernel of personal disclosure.

It's something like being a professional ecdysiast. Which is to say that, just as an exotic dancer does, I reveal myself to anonymous strangers for money. And, just as is the case with most of them, my decision to make my living as a stripper is strictly a voluntary one.

Nobody puts a gun to my head. To the contrary: I do what I do the way I do it because I like doing it that way and because I'm good at it -- not because I'm being forced to do it.

I make a conscious decision to give up another piece of my privacy each time I relate another personal story or reveal another intimate detail about my life. But, I alone make those decisions and I alone choose what to disclose and what to keep secret.

I alone decide what to take off and when -- and that's what makes bearable the awareness that anonymous spectators are watching me disrobe. So to speak.

I know I'm kind of an oddball in this regard. Most folks are a good deal more circumspect about exposing themselves to complete strangers than am I -- and I'd wager that a goodly number would think that opening my life to the gaze of outsiders the way I do is more than a little foolhardy.

Which is pretty ironic, considering how little attention so many of those same people pay to safeguarding their own privacy on the Web. In fact, I think it's safe to that that I'm a whole lot more careful about manning the ramparts of my own privacy than is your average Netizen. And that some of the folks who are concerned about the issue misunderstand the true nature of the threat.

There's been a lot of hullabaloo raised over the FBI's Carnivore system, for instance. As I understand the thing, I think that's been a whole bunch of hyperventillation over practically nothing.

Consider, just to begin with, that the G-men are obliged to obtain a search warrant before they make use of Carnivore. That's a non-trivial bar to its casual use. Then note that, as the Feds explain it, their proprietary widget scans only selected headers for certain key words.

For this, the wannabe defenders of free speech have risen up in arms? It is to laugh:


The plain, unvarnished truth of the matter is that any competent Unix admin can, with a simple grep command, probe users' mail folders far more thoroughly than Carnivore is capable of doing. And your admin -- because we're talking about your users here, after all -- needs no search warrant to issue that command, if your contract with them reserves for you the right to that kind of access.

It does, doesn't it? It certainly ought to. Like a landlord, you really need the right to enter and inspect the premises. Otherwise, even routine acts of account maintenance -- verifying your filesystem's backups, for instance -- could, given a creative and determined lawyer, be construed as illegal entry on your part.

And that, in turn, means that you're the clearest and most immediate potential threat to your users' privacy that's come down the pike.

But you're one of the good guys, right? You don't abuse your users' trust in you -- you don't sell their names and addresses to evil marketeers or collude in spamming them or use your proxy logs to track them on the Web and fink about it to the Morlockian data miners -- do you?

But others do.

I'm not just talking about the cookies that DoubleClick and its like-modeled brethren inflict on users. Yes, what they do is irritating and intrusive, but at least they're not especially stealthy about how they do it. You can't miss seeing a banner ad and, these days, it's pretty much a given that any banner ad comes with its very own cookie.

No, what I object to is the increasing proliferation of so-called "Web bugs" -- tiny transparent GIFs linked to third-party servers -- and the Javascript and Java code that seems invariably to accompany them.

I Spy

Mind you, I dislike cookies to begin with. They're way over-used and, half the time, they serve no practical function in the first place -- the admin has simply turned them on because he/she can.

But those cases are merely nuisances. It's the ones where they're employed to track users across multiple sites that are active menaces to everyone's privacy. And adding Javascript code to euchre naive browsers into betraying their owners' names and email addresses makes them truly evil, in my book.

Not just obnoxious. Evil. And the moreso, because most of these pieces of digital treachery are embedded in sites that require you have Javascript turned on in order to access their content. Essentially, the sites that employ them strongarm their visitors into compromising their own privacy -- and none of them explains what it's doing in its privacy policy.

The scumbags that have created these scurrilous things possess exactly the same mentality as spammers. Which is to say that they regard everyone else not as persons -- like themselves -- but as marks. Rubes. Suckers.


It's a sociopathic personality disorder given expression in code. The bad guys regard the rest of us as provender which the natural order of things has thoughtfully provided for them to prey upon, and our aspirations to a little personal privacy are laughable to them. They have no empathy, so they are incapable of empathizing with us.

They're wolves in geek's clothing -- and it's up to us to stop them.

If you send out an email newsletter to your users -- always a good way to keep them informed about system maintenance events, additions or changes to their service and so on -- tell them about the problem. Then point them to WebWasher, version 2.11 (www.webwasher.com) and urge them to install and use it.

The latest bake of WebWasher -- which is free for personal use and modestly priced for other applications -- not only eliminates banner ads and the cookies that accompany them, it also blocks Java applets and Javascript code that send information to third-party servers or manipulate cookies. It's pretty configurable, too, so you can give permission for sites you trust to set useful cookies without compromising your defense against malefactors attempting to break into your cookie jar.

That'll reduce the swelling and inflammation -- but it doesn't go to the heart of the problem. Which is, in a nutshell, that the current Internet business culture is overly accepting of casual invasions of user privacy.

Everybody runs banner ads from Doubleclick. Everybody. And, as a consequence, everybody who runs Doubleclick's ads is personally responsible for validating Doubleclick's methods -- including the use of cookies to track users across multiple sites.


And anybody who permits advertisers or industry "partners"" to place Web bugs on his/her site is -- ipso facto -- personally responsible for validating that methodology and mindset.


So that's the second thing you can do. Don't accept Web bugs on your own site. Period. Hell, for that matter, show Doubleclick the door -- yes, it will cost you, but you'll likely get it all back in cost savings from decreased user churn.

Want to do more? Try setting up proxy services for your users -- and set your proxy to reject images from Doubleclick, Pharmatrack and all the other slimeballs that would like nothing better than to embed a tracking device in every individual on the planet.

If we don't take responsibility for cleaning up this mess, then we'll have only ourselves to blame when the Feds start throwing their weight around -- and they will. There hasn't been a politician born yet that could resist as big and juicy an issue as consumer privacy is going to become over the next few years.

And I'm certain they'll do exactly as thorough and thoughtful a job on privacy as they did on spam.

Think about it.

Meanwhile, I've reached the end of another show. If you'll be so kind as to hand me that feather boa, I think I'll head back to my dressing room, now. November is a little chilly to be standing around with no clothes on, you know?

I hope I'll see you at ISPCON in San Jose. I'll be twirling my tassels there, too.

And don't forget to tip your waitress.

(Copyright© 2000 by Thom Stark--all rights reserved)