In the last chapter, we saw that there are many ways to collect personal information on the Internet. In this chapter, we’ll look at some proven techniques to protect your privacy when you use the Internet. Most of these techniques are simple, common-sense rules that you can put into effect immediately—choosing a good service provider, using good passwords, cleaning up after yourself online, avoiding spam and junk email, and protecting yourself from identity theft. Then, in Chapter 10, we’ll see how to extend these techniques using a variety of free and commercial programs and services. Finally, if you are interested in understanding the legal framework regarding personal information, see Chapter 24.
The first and most important technique for protecting your privacy is to pick service providers who respect your privacy.
Here are some things to consider when you choose an ISP:
Unless you take special measures to obscure the content and destinations of your Internet usage, your ISP can monitor every single web page that you visit, every email message that you send, every email message that you receive, and many other things about your Internet usage.
If you have a dialup ISP, your ISP can also infer when you are at home, when you go on vacation, and other aspects of your schedule.
If you check your email from work, your ISP can learn where you work.
Many ISPs routinely monitor the actions of their subscribers for the purposes of testing equipment, learning about their user population, or collecting per-user demographics.
Some ISPs will monitor the web sites that you visit and sell this information for the purpose of increasing their revenue. In some cases, the ISPs clearly state this policy and, in fact, use the sale of the data as a way of subsidizing the cost of Internet access. Other ISPs silently engage in this practice.
Equipment is now on the market that allows ISPs to monitor the advertisements that are downloaded to your computer and, in some cases, replace the advertisements with different ones. This equipment is also capable of generating detailed user-level statistics.
Some ISPs have strict policies regarding which employees have access to user data and how that data must be protected. Other ISPs have no policies at all.
Many policies that are in use basically say “we can monitor anything that we want.” However, not all ISPs that have these policies actually monitor their users.
ISPs are in a tremendous position of power with respect to their users, and there are few, if any, legal restrictions on what ISPs are allowed to do. Nevertheless, many ISPs have made a good faith attempt to protect the privacy of their users.
Within recent years most ISPs have written “privacy policies” that broadly outline the ISP’s commitment (or lack thereof) to protecting their users’ privacy. Unfortunately, the ISPs that lack a strong commitment can frequently obscure what they are doing by using carefully-drafted language. For example, an ISP can say that it will protect your personal information “to the full extent mandated under the law,” safe in the knowledge that the law mandates no real protection. Other ISPs simply write no privacy policy at all. For further information about privacy policies, see Chapter 24.