Privacy Threats

Most people browse the web, send email or take part in online chats or irc without realizing how easily their data can be accessed by a third party. In order to understand the need for privacy on the net, its best to take a look at the dangers first.

Sniffing

Your data goes over various lines on its way to a, say, webserver. First of all your phoneline, then the lines of your isp, various transit isp and at the end the isp of the webserver. Many people can theoretically gain access to it while it travels along its way. This includes:

Anybody able to tap the actual lines. (e.g. telecommunication companies, government agencies, in case of cable internet maybe your neighbours)
Anybody with access to any of the hosts/routers. (e.g. your isps sysadmin, the sysadmins at the isp where the webserver is hosted, the admin of the webserver itself)

Email

Your Email travels around the internet in the clear, just like a postcard without an envelope. It costs even less effort to gain access to them than it is to tap your line.

People that can easily get hold of them include:

Anybody with access to either your mailserver or the mailserver on the receiving end. (the sysadmin of your isp, the sysadmin of the recepients isp)
Anybody who can sniff your email while it is being transmitted. (see Sniffing)

Serverlogs

When you access a server, for example a webserver, the server can always see which computer you're coming from and what you're trying to access. When you ftp a file, the server will usually 'remember' your IP (thats the number of your computer) and which file you retrieved. It'll put this in a so-called logfile. Sometimes it'll also log your email address, if you configured your browser to use this as the password for ftp logins. People with access to those logfiles are the sysadmins of the server.

Websites

Websites in particular tend to create even more dangers to your privacy. This is because your browser usually transmits a lot of other information to the website.

This includes things like:

The URL of the website you came from. (referer) If you follow a link on www.yahoo.com to www.xs4all.nl for example, the webserver at xs4all could see that you're coming from yahoo. In this case you probably won't care about it, but I guess there's some more questionable websites you can come from.
The OS (operating system, e.g. windows,linux,bsd) you're running and the name and version of your webbrowser (e.g.netscape)
In some cases your name and your email address if you configured your browser this way.
Any cookies it previously stored on your machine. If you access a website, it will sometimes store some information on your computer, so that if you access it again, it'll know you've been there before etc.

A cookie contains a variable (say name) and a value (say Your Name) and the name of the website it goes with. If you run bsd or linux with netscape, take a look at ~/.netscape/cookies

You might wonder who'd be interested in that kind of information. In most cases it is mainly used for advertisement purposes. If you give out your email address, this is also very interesting for spammers.

12/04/1999 Stephanie Wehner