Monday, November 14, 2005

Wherever You Go, There You Are

Wherever you may roam on the Internet, you leave a trail of information dust behind you. Usually this is done without your explicit knowledge or consent. Each and every website you visit can collect a raft of information about you, including your approximate location, your language, your browser, your operating system, your screen resolution, and most of your IP address. All this information and more is given to the website by your computer, gratis, no questions asked. All the site has to do is bother to write it down.

Here for example is a complete listing of the information collected on a YARGBY reader picked at random, visitor number 17,502, made public by Sitemeter.

Domain Name: verizon.net ? (Network)
IP Address: 138.88.60.# (Verizon Internet Services)
138.88.60.89
ISP: Verizon Internet Services
Location
Continent : North America
Country : United States (Facts)
State : District of Columbia
City : Washington
Lat/Long : 38.8955, -77.0199 (Map)
Language: English (United States)
en-us
Operating System: Microsoft WinXP
Browser: Internet Explorer 6.0
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Javascript: version 1.3
Monitor
Resolution : 1024 x 768
Color Depth : 32 bits
Time of Visit: Nov 12 2005 3:26:13 pm
Last Page View: Nov 12 2005 3:26:41 pm
Visit Length: 28 seconds
Page Views: 3
Referring URL: http://www.washingto...1833_Technorati.html
Visit Entry Page: http://yargb.blogspot.com/
Visit Exit Page: http://yargb.blogspot.com/
Time Zone: UTC-5:00
EST - Eastern Standard
EDT - Eastern Daylight Saving Time
Visitor's Time Nov 12 2005 5:26:13 pm
Visit Number: 17,502

We can see that this reader uses Internet Explorer on Windows XP, lives in Washington, DC, and came in through a link from the Washington Post. Sadly, he or she only stayed with us for 28 seconds. While such information is no doubt innocuous, the fact remains that there is a sufficient quantity of it to more or less identify you personally, and hence to tie you to all the web sites which you have ever visited. By perusing such information I was able to determine that Rick Ballard was actually visitor number 10,000 to this blog.

Google is known to tie all this information into their database so that they are able in principle to match all of your queries on Google to you personally. Principle has become reality: there are at least two recent cases in which searches on Google have been used as evidence against the accused in a murder trial. Through the Google Mail program Google can tie even more information to you personally, to wit, everything you have written in your emails, or received in your emails. One wonders how far this can be pushed. Can searching on "France" and "Muslim" be considered legitimate evidence against you in a hate crimes case?

The problem extends further. Some years ago I was horrified to discover, using special monitoring software, that a simple visit to www.microsoft.com using Internet Explorer was causing huge amounts of information about me to be pulled out of my Windows machine's registry and transmitted back to the mother ship, again without my knowledge or consent. This is apparently programmed-in behavior. The registry is the central repository of local information in the Windows system, It contains your name, your machine identity, your address, and basically anything else which any of the manufacturers of the software you have installed have decided to collect about you. Sony for example recently got caught installing secret software to monitor information about you and put it in the registry in hidden locations. No one knows what Microsoft is keeping on you.

Data is the name of the game these days. Hardware is cheap and software is becoming free. Data is the commodity of value. Those companies that are able to tie all the data about you together and sell it to interested parties will pull ahead in the marketplace. Even if Google and Yahoo and Microsoft and the like are pure as the driven snow, your data can be used by governments or organized crime to take further actions against you should you come for some reason to their notice.

What can you do about this gross invasion of your privacy?

There is a service called Anonymouse to be found here. It is advertising-supported, popping up small ads in front of the page you wish to access. I discovered it accidently by looking through the logs on Sitemeter for YARGBY. It seems to block the personal information available to websites so that your Internet activities remain only your own business. I have been trying it for a couple of weeks and it seems to work well.

There is, though, no guarantee that I can see that Anonymouse itself is not collecting this data in order to use it against you for its own purposes. Sigh.

Do you remember the Gene Hackman character in Enemy of the State? I'm starting to think he had the right idea.

8 comments:

Jamie Irons said...

MHA,

OK, this is my last visit ever to this site!

It's enough to make you paranoid! The word verification letters for my entry here were "rnousc" which, in the peculiar way these appear in the word verification script, looked like "mouse"!

;-)

PS: Give us an update on your Anonymouse experiences in a month or so.

Anonymous said...

Creepy, kinda like a cyper peeping tom.

Have any of you guys ever heard of Internet 2?

Someone told me that it was supposed to be another and newer internet and perhaps more restrictive.

flenser said...

In the two criminal cases mentioned, prosecutors sized the computers of the suspects in the cases, and were able to tie them to internet searches, probably by checking cookies.

While I agree it's disturbing how much info is collected, I don't think its quite fair to say that it can be traced back to an individual person.

Many ISP's dole out a different IP to you each time you log on, so that is not truely a unique identifer.

There are various search toolbars on the market, from Google and others, which I believe pass back to the search engine a unique id specific to that PC with each search. If I was going to search on how to commit a crime I'd be sure not to use one of these.

Very interesting post.

Syl said...

What flenser said.

BTW, I have specifically given Microsoft permission to check more on my machine than they check on others and I allow them to run an experimental malware check in memory periodicaly.

Paranoiia is an effective defense only if you are realistic as to whom/what you should really be paranoid about.

Syl said...

Someone from the WaPo is checking out your site.

I think they were getting material for an editorial the other day. The one that mentions how al Qaeda is turning off the muslim world with their cruel tactics, and mentions Zawahiri's specific fear of that. :)

I read that editorial and thought I could have written it (well, theirs was much better writing). Though it did have something in it I hadn't specifically brought up, it tracked my thoughts so well I was stunned.

Syl said...

Oh, silly me, here it is.

vnjagvet said...

Man I'm glad I subscribe to this webservice. You never know what you are going to learn.

Just because I'm paranoid doesn't mean they aren't really out to get me!!!!

Anonymous said...

mark:

If we did not read them we would not be in any position to criticize them, now would we?

I think you would be surprised how much and what... some of the people here do read.