Human beings can spy on you. Through such spying, they can discover your identity, track your movements, or even catch you in a criminal act. Of all forms of intelligence, human intelligence is the oldest. (In fact, spies often muse that human intelligence is the world’s oldest profession.)

Human intelligence comes in two flavors, collective and penetrative:

The Internet is a superb tool for collective intelligence. For example, consider your posts to Usenet. These are available to the public, to persons known and unknown. Others can track your messages closely and can learn a great deal about you by doing so. Naturally, this presents law-enforcement agencies with a unique opportunity. Simply by using search engines, they can conduct collective intelligence at a whim.

This is completely different from the situation 25 years ago. To illustrate how different, let me take you back to the early 1970s. Here in America, the ’70s were filled with political turmoil. Many radical organizations emerged, and some advocated violent overthrow of the government. U.S. intelligence agencies responded by conducting collective and penetrative operations. These operations were carried out by human beings. For example, to identify supporters of the Students for a Democratic Society, the FBI would send agents on foot. (These agents might have been employed by the FBI or they might have been civilian informers. It didn’t really matter.) Such agents would mix with the crowds at political rallies and record license plate numbers or gather names. Later, field agents would connect faces, fingerprints, and addresses to those names by running license plate files, retrieving criminal records, or questioning still other informants.

Those methods are no longer necessary. Instead, the Internet enables intelligence agencies to monitor public sentiment from the comfort of their own offices. Furthermore, they can do this without violating any law. No search warrant is required to study someone’s activity on the Internet. This means any agency can freely utilize tools and software available on the Internet to collect data on anyone. Likewise, no warrant is required before using the Internet to compile lists of people who might be involved in illegal or seditious activity. A warrant is only required when the data needed resides on private systems, such as an ISP. After obtaining a subpoena, an intelligence agency can then gain access to ISP log files, any email traffic (if available), and any other digital data pertaining to the individual.

If you harbor radical political views, you should keep them to yourself. (Either that or gain a decent education in cryptography.) Here’s why: Today’s search engines can be used to isolate all Usenet traffic between a particular class of individuals (militia members, for example). You can bet your last dollar that Kirk Lyons (a white supremacist lawyer whose clients have been a “Who’s Who” of the radical right) has been monitored closely by the FBI.

Be forewarned: Usenet is not a forum to exercise your right to free speech. Instead, it’s a place where you are exposed, naked to the world. Usenet is just the beginning. Six out of every ten Web sites you visit track your movements. (Probably eight out of ten big commercial sites try to.) Advances in digital snooping make it possible for nearly anyone with a computer to become an electronic Peeping Tom.

In 2000, the FBI introduced DCS1000, a system that, when plugged into a computer network, captures and tracks all network communication through that system. DCS1000, formerly known as Carnivore, has created a large controversy with privacy advocates. One of the biggest reasons for this is simply that DCS1000 is not designed to monitor just a single individual (or select individuals) whom the FBI might be legally wiretapping. It captures all communications on the systems that the investigators plug it into. With the help of the Freedom of Information Act, about 600 documents relating to DCS1000 were released. From this information, SecurityFocus.com has put together an interesting overview:

This is fine for tracking and monitoring illegal activities of people suspected of criminal activity, but what about all the innocent users that have unknowingly had their privacy violated? The FBI doesn’t let the public know what it does with the data gathered from DCS1000.

Beyond DCS1000, the FBI has been working on another system called Magic Lantern. Magic Lantern is known as a keyboard sniffer that logs every keystroke. What is not known is how it gets on the suspect’s computer. Some rumors say it is a virus, whereas others say that the FBI can get a court order to install it on a machine by entering a home without the owner’s knowledge. In either case, it’s a scary proposition that the FBI could be watching your every computer action without your knowledge.

I’ll begin by making a blanket statement and one you should never forget: The Internet’s architecture was not designed with personal privacy in mind. In fact, there are many standard Internet utilities designed specifically for tracing and identifying users.

In a moment we’ll examine some and how they work. First, however, we need to cover how user information is stored on servers.

There are two universal forms of identification on the Internet: your email address and your IP address. Both reveal your identity. At a minimum, both serve as good starting places for a spy.

Your email address in particular can reveal your real name. Here’s why: Even if your Internet service provider uses Windows to host a few Web sites, almost all ISPs use Unix as their base platform. That’s because Unix (coupled with a protocol called RADIUS) makes management of dial-up accounts very easy. (It also provides better mail support than Windows if you are dealing with hundreds or even thousands of accounts.)

On the Unix system, user information is often stored in a file called passwd, which is located in the /etc directory. This file contains user login names, usernames, and occasionally, user passwords (although only in encrypted form). An entry from the passwd file looks like this:

jdoe:x:65536:1:John Doe:/export/home/jdoe:/sbin/sh 

If you examine the entry closely, you’ll see that the fields are colon-delimited. Here you should be concerned with fields 1, 5, and 6. Using the entry as an example, those fields are as follows:

This information is vital, and Unix uses it for many tasks. For example, this information is double-checked each time you log in, each time you receive mail, and each time you log out. Unfortunately, the information is also usually available to the general public through a utility called finger.

finger is a service common to Unix systems. Its purpose is to provide user information to remote hosts, and like all TCP/IP services, finger is based on the client/server model.

When a Unix system first boots, it loads nearly a dozen remote services (for example, a Web server, an FTP server, a Telnet server, and so forth). The finger server is called fingerd and is commonly referred to as the finger daemon.

The finger daemon listens for local or remote requests for user information. When it receives such a request, it forwards whatever information is currently available on the target. (The target in this case is you.)

On Unix, a finger request can be issued from a command prompt. The results from the finger server are then printed to the local terminal. Here’s what a command-prompt finger request looks like:

$finger -l [email protected] 

The command translates into plain English like this: “Look up jdoe and tell me everything you can about him.” When a user issues such a request, the finger daemon at john-doe.com is contacted. It searches through the system for jdoe, and ultimately, it returns this information:

Login name: jdoe                        In real life: John Doe 
Directory: /                            Shell: /sbin/sh 
Last login Tue May 18 19:53 on pts/22 
New mail received Mon May 18 04:05:58 1997; 
  unread since Mon May 18 03:20:43 1997 
No Plan. 

For years, this information was available only to Unix and VAX/VMS users. Not any more. Today, there are finger clients (programs that perform finger lookups) for all platforms. Windows NT/2000/XP has one built in that can be accessed from a DOS window. Table 8.1 lists a few.

These days, most system administrators deny remote finger requests to their networks, even internally. When network finger requests are allowed, they are often unrestricted and unregulated. This permits remote users to identify not only you, but also everyone on the system. To do so, remote users issue the following command:

finger @my_target_host.com 

The @ symbol works precisely as an asterisk does in regular expression searches. In plain English, the command says this: “Tell me about all users currently logged on.”

When writing this chapter, I wanted to give you an example, so I fingered all users at Reed College in Portland, Oregon. Here is the result from that query:

finger @reed.edu 
[reed.edu] 
Login       Name              TTY Idle    When            Office 
copeland D. Jeremy Copeland   *p1   12 Tue 19:24  Box 169     775 6945 
boothbyl Lawrence E. Boothby   p3 121d Sun 09:05 
mab      Mark Bedau            p4      Tue 19:32 
copeland D. Jeremy Copeland    p6    4 Tue 19:29  Box 169     775 6945 
slam     Greg (don't call me   p7  13d Wed 08:36  Box 470     or Coleman 
slam     Greg (don't call me   p8  18d Fri 07:29  Box 470     or Coleman 
mayer    Ray Mayer            *p9   2d Mon 16:59  (fac) 
mcclellj Joshua J McClellan    pf   4d Fri 14:45  (813) 
slam     Greg (don't call me   pe   6d Wed 08:19  Box 470     or Coleman 
mcclellj Joshua J McClellan    q0   4d Fri 16:12  (813) 
moored   Dustin B Moore        q2 6:32 Tue 13:05  (1172) 
obonfim  Osiel Bonfim          q3 3:02 Mon 16:07 
rahkolar Rahua Rahkola         q6   46 Tue 18:34 
obonfim  Osiel Bonfim          q9 2:59 Tue 09:45 
mcclellj Joshua J McClellan    qb   4d Fri 15:00  (813) 
jwitte   John Witte           *qc 4:00 Tue 15:14 
lillieb  Ben Lillie            r3   58 Tue 13:11  P04 
szutst   Tobi A. Szuts        *r7    5 Tue 14:51  (819) 
mcclard  Ron McClard          *re 1:22 Mon 10:55  (x218) 
queue    Print Queue Display   qd   8d Mon 15:42 
jimfix   James D. Fix         *qf   32 Tue 13:04 
mcclellj Joshua J McClellan    r6 3:50 Mon 10:47  (813) 

It doesn’t look like these folks have much privacy, does it? Well, here’s a fact: 99% of listings I checked around the Internet revealed the users’ real names. If you think that listing only your company name will hide your identity, think again. Take a look at the first line of the preceding output:

copeland D. Jeremy Copeland   *p1   12 Tue 19:24  Box 169     775 6945 

Here, as you can see, we already have this person’s full name, his login name, email address ([email protected]), and a phone number. Using Google (http://www.google.com), I found his personal Web site at Reed College. I can also safely assume from the location of the college that he is in Portland, Oregon. A search on WorldPages (http://www.worldpages.com) gave me four individuals matching this person, all with home phone numbers and personal addresses. Not a lot of personal privacy here, is there?

In many cases, by starting with finger and ending with WorldPages, you can find someone’s home address (along with a map for directions) in fewer than 30 seconds. If someone tells you that finger doesn’t present a privacy issue, give her a copy of this book. finger can bring a total stranger right to your doorstep.

grep your_username /etc/passwd 

ypcat passwd || cat /etc/passwd | grep your_username 

niscat passwd.org_dir | grep your username 

jdoe:x:65536:1:John Doe:/export/home/jdoe:/sbin/sh 

MasterPlan (written by Laurion Burchall) takes a more aggressive approach by identifying who is trying to finger you. Each time a finger query is detected, MasterPlan captures the hostname and user ID of the fingering party. This information is stored in a file called finger_log. MasterPlan also determines how often you are fingered, so you can detect whether someone is trying to clock you. (In clocking, user A attempts to discern the habits of user B via various network utilities, including finger and the r commands.)

In clocking, the snooping party uses an automated script to finger his target every x number of minutes or hours. Reasons for such probing can be diverse. One is to build a profile of the target: When does the user log in? How often does the user check mail? From where does the user usually log in? From these queries, a nosy party can determine other possible points on the network where you can be found.

Here’s an example: A cracker I know wanted to intercept the email of a nationally renowned female journalist who covers hacking stories. This journalist had several accounts and frequently logged in to one from another. (In other words, she chained her connections. In this way, she was trying to keep her private email address a secret.)

By running a clocking script on the journalist, the cracker was able to identify her private, unpublished email address. He was also able to compromise her network and ultimately capture her mail. The mail consisted of discussions between the journalist and a software engineer in England. The subject matter concerned a high-profile cracking case in the news. (That mail was later distributed to crackers’ groups across the Internet.)

MasterPlan can identify clocking patterns, at least with respect to finger queries. The utility is small and easy to configure. The C source is included, and the distribution is known to compile cleanly on most Unix systems. One nice amenity for Linux users is that a precompiled binary comes with most distributions. The standard distribution of MasterPlan is available at the following address:

ftp://ftp.netspace.org/pub/Software/Unix/masterplan.tar.Z

The Linux-compiled version is available at this address:

ftp://ftp.netspace.org/pub/Software/Unix/masterplan-linux.tar.Z

After you shield yourself against finger queries, you might feel that your name is safe from prying eyes. Wrong again. finger is just the beginning. There are a dozen other ways your email address and your name reveal information about you.

Even if your provider forbids finger requests, your name is still easy to obtain. When snoops try to finger you and discover finger isn’t running, they turn to your mail server. In most cases, servers accept Telnet connections to port 25 (the port that sendmail runs on). Such a connection looks like this:

220 shell. Sendmail SMI-8.6/SMI-SVR4 ready at Wed, 19 Feb 1997 07:17:18 -0800 

If outsiders can reach the prompt, they can quickly obtain your name by issuing the following command:

expn username 

The expn command expands usernames into email addresses and real names. The response will typically look like this:

username <username@target_of_probe.com> Real Name 

The first field will report your username or user ID, followed by your email address, and finally, your “real” name.

System administrators can disable the expn function. If the expn function is operable, nosy individuals can still get your real name, if it is available. Again, the best policy is to remove your real name from the passwd file.

As you can see, finger poses a unique privacy problem—but that’s just the beginning.

Each time you visit a Web server, you leave behind a trail. This trail is recorded in different ways on different servers, but it is always recorded. A typical log entry on Unix (running Apache) looks like this:

153.35.38.245 [01/May/1998:18:12:10 -0700] "GET / HTTP/1.1" 401 362 

Note the first entry (the IP address). All Web server packages are capable of recording visitor IP addresses. However, most Web servers can also record other information, including your hostname and even your username. To see what a Web server can tell about you, visit this site:

http://www.anonymizer.com/snoop/test_ip.shtml

This site will do a seven-part analysis on your vulnerability. It can detect your IP address, the last Web site you visited, how many Web sites you have visited, where you are physically, your browser type, OS, and even possibly grab your clipboard if you are using IE.

Using these logs and scripts, Webmasters can precisely pinpoint where you are, what your network address is, and where you’ve been. Are you uncomfortable yet? Now quickly examine cookies.

Cookies. The word might sound inviting to you, but not to me—I value my privacy very much. In the past, many reporters have written articles about cookies, attempting to allay the public’s fears. In such articles, they minimize the influence of cookies, dismissing them as harmless. Are cookies harmless? Not in my opinion.

Cookies (which Netscape calls Persistent Client State HTTP Cookies) are used to store information about you as you browse a Web page. The folks at Netscape explain it this way:

The cookie concept is like getting your hand stamped at a dance club that serves cocktails. You can roam the club, have some drinks, dance the floor, and even go outside for a few minutes. As long as the stamp is on your hand, you will not have to pay again, nor will your access be restricted. Similarly, cookies enable Web servers to “remember” you, your password, your interests, and so on. That way, when you return, this information is automatically retrieved. The issue concerning cookies, though, isn’t that the information is retrieved. The controversy is about where the information is retrieved from—your hard disk drive.

The process works like this: When you visit a Web page, the server writes a cookie to your hard disk drive. This cookie is stored in a special file.

Here are some typical entries from a cookie file:

www.webspan.net    FALSE    /~frys    FALSE    859881600    worldohackf    2.netscape.com    TRUE    /    FALSE    946684799 NETSCAPE_ID 
1000e010,107ea15f.adobe.com    TRUE    /    FALSE    946684799    INTERSE 207.171.18.182 6852855142083822www.ictnet.com    FALSE    /    FALSE 946684799    Apache    pm3a-4326561855491810745.microsoft.com    TRUE    /    FALSE    937422000    MC1 GUID=260218f482a111d0889e08002bb74f65.msn.com    TRUE    /    FALSE 937396800    MC1    ID=260218f482a111d0889e08002bb74f65comsecltd.com FALSE    /    FALSE    1293753600    EGSOFT_ID 207.171.18.176-3577227984.29104071 
.amazon.com    TRUE    /    FALSE    858672000    session-id-time 855894626.amazon.com    TRUE    /    FALSE    858672000    session-id  0738-6510633-772498 

This cookie file is a real one, pulled from an associate’s hard disk drive. You will see that under the GUID (field number 6), the leading numbers are an IP address. (I have added a space between the IP address and the remaining portion of the string so that you can easily identify the IP. In practice, however, the string is unbroken.) From this, you can see that setting a cookie generally involves recording your IP address.

Advocates of cookies insist that they are harmless, cannot assist in identifying the user, and are therefore benign. That is not true, as explained by D. Kristol and L. Montulli in RFC 2109:

Today, cookies are routinely used for user authentication. This is disturbing and was immediately recognized as a problem. As expressed in RFC 2109:

Despite these early warnings about cookies, mainstream Web browsers still ship with the Accept Cookies option enabled. Worse still, although most browsers have an option that warns you before accepting a cookie, this option is also disabled by default. Netscape Communicator 4, for example, ships this way. If you use Netscape Communicator, take a moment to go to the Edit menu and choose Preferences. After you have the Preference option window open, click Advanced. In Netscape 6 and higher, as well as Mozilla, the settings can be found in the menu File, Preferences, Privacy & Security, Cookies. Microsoft Internet Explorer ships in basically the same state. To disable cookies in Internet Explorer, click Tools, and then select Internet Options from the list. A new window will open. Click the Security tab. You can change the security level to High, or click Custom Level, where you will find the options to disable cookies in Internet Explorer.

Think about that for a moment: How many new computer owners are aware that cookies exist? Shouldn’t they at least be informed that such intelligence gathering is going on? I think so.

<script language=javascript> 
    function Get_Browser() { 
     var appName = navigator.appName; 
     var appVersion = navigator.appVersion; 
     document.write(appName + " " + appVersion.substring (0,appVersion.indexOf(" "))); 
     } 
</script> 

You’ve no doubt visited plenty of Web sites with advertisements. The Internet has become a marketing executive’s dream come true, with nearly unlimited methods of tracking and recording information on consumers. Today, nearly every popular Web site is littered with annoying banner ads, pop-up ads, Web bugs, and targeted marketing. The only cost is your own personal privacy. Whenever ads are mentioned in this section, it is referring to both banner ads and popup ads. The major difference is that pop-ups are more annoying. Ads are a necessary evil of the Internet economy, but did you know that these innocent images can also be used to track users and transmit demographics back to the advertising companies responsible for them?

The methods vary, but it generally works like this: A user visits a popular Web site with an ad that has the capability to track. As the page loads, it will grab the required image directly off of a Web server run by the advertising company. Every time this happens, the ad server has the capability to log a great deal of information about who is loading that image. Using cookies, sophisticated JavaScript, and CGI, the unwitting visitor might be sending nothing more that her IP or every piece of personal information she might have previously submitted to another Web site. It is also possible for the remote ad server to set a cookie on the user’s computer to help it track that person in better detail.

The latest trend in violating your Web-surfing privacy comes from Web bugs. A Web bug is usually a small, transparent .gif, 1×1 pixels in size, that works in a similar manner to a tracking ad. When the page loads, the invisible Web bug also loads, triggering the same transfer of information that the ads can send. The biggest difference is simply stealth. You can’t see or detect a Web bug, unless you look at the source for that particular Web page. Take a look at this example from the ZDNet Web site:

<img src="http://ads3.zdnet.com/i/g=r001&c=a56998&idx=2001.01.04.21.48.58/ 
http://images.zdnet.com/adverts/imp/dotclear.gif"> 

This is the HTML code to display an image on the ZDNet Web page. This, however, is no ordinary image. It’s a Web bug used to track people visiting the Web site. Notice the height and width parameters, and the lack of a border or an ALT entry. This invisible image, when loaded, triggers the ad server at ZDNet to record whatever information they programmed it to retrieve. ZDNet is not alone in this behavior. I simply loaded the first Web site that came to mind and found this Web bug.

What do these companies need this information for? Why do they violate your privacy without your permission or consent? Marketing. Marketing and selling products to consumers requires detailed demographics and statistics. With this information, the advertising companies are better able to target a specific group to sell them something. If you visit a lot of Web sites related to computers, for instance, you will notice that the ads you see will be designed to get you to buy computer-related products and services. Also, a high-traffic Web site can make a good sum of money by enabling advertisers to post ads and Web bugs on their pages.

The newest trend in Internet privacy invasion is spyware, also known as adware. Spyware is software that is usually included in some free software you have downloaded. The spyware component monitors your computer activity and periodically sends reports back to an advertiser about your behavior, so they can target their ads better to you. It’s obvious, in theory, that the spyware could read your private email or do anything else it wants on your system.

If you have loaded software such as RealPlayer, Kazaa, or GoZilla, you might have spyware on your computer. The good news is that you can do something about it.

The first strategy is to become knowledgeable about what you have loaded that might be spyware. A couple of Web sites can help you: SpyChecker (http://www.spychecker.com/) and SpyWare List (http://www.tom-cat.com/spybase/spylist.html). Both sites have lists of spyware. However, it makes sense to check both. SpyChecker says the RealPlayer 7 is not spyware, whereas SpyWare List says it is.

If you would prefer a program that can search your computer for spyware, try Ad-aware from http://www.lavasoftusa.com/. Ad-aware is a little more advanced. Most programs that include spyware buy their components from a handful of vendors. Ad-aware will search your computer (much like an antivirus program) and detect what spyware components are loaded on your machine. It then gives you the option of removal. You can also register Ad-aware, and when you do, you get a program called Ad-watch, which watches your computer in real-time and lets you know when some spyware has been installed on your machine.

By having Ad-aware remove the spyware, the programs that included the spyware might not work any longer. Likewise, if you find the package you are using on the lists mentioned previously, you might be faced with a tough choice. The good news is that it is almost always possible to find a similar free package that does not include spyware. The Ad-aware people have a partial list at http://www.lavasoftusa.com/more.html.

Although I’m not sure of the legalities, there is another option if you want to use your favorite software without the spyware. Some hackers out on the Internet grab spyware-enabled programs and then disable the spyware components. One prime example is Kazaalite (http://www.kazaalite.com), which is Kazaa with the spyware removed.

Personal firewall software, such as ZoneAlarm (http://www.zonealarm.com) can help as well. Most personal firewall packages can be configured to block the outgoing messages from spyware. In some cases, it may break the spyware-enabled program.

Finally, there is my personal favorite. The Kazzalite site also has a special hosts file in which you can add to the hosts file on your machine. This hosts file contains the domain names for many spyware and banner ad tracking sites. However, instead of containing their correct IP address, every IP address is set to 127.0.0.1, which means the local computer. Therefore, whenever the spyware tries to contact the spyware site with your information, it will fail. Also, after loading this file, you’ll notice error messages and block images on some Web pages as well, because banner ads and Web bugs are failing.

The DejaNews search engine was a specialized tool designed solely to search Usenet. In early 2001, Google purchased the DejaNews service and renamed it Google Groups. The archive goes back to 1981 and contains 700 million messages.

DejaNews has advanced indexing functions as well. For example, you can automatically build a profile on the author of a Usenet article. (That is, the engine will produce a list of newsgroups that the target has posted to recently.) In this way, others can instantly identify your interests. Worse still, they can actually find you.

To recap, assume that although your real name does not appear on Usenet postings, it does appear in the /etc/passwd file on the Unix server that you use as a gateway to the Internet. Here are the steps someone must take to find you:

Having gotten that information, the snooping party next needs to find the state you live in. For this, he turns to the WHOIS service.

The WHOIS service contains domain registration records of all American, nonmilitary Internet sites. This registration information contains detailed information on each Internet site, including domain name, server addresses, technical contacts, the telephone number, and the address. In the past, the WHOIS information was all in one database, but since there are now multiple domain registrars, it is distributed.

The first thing you’ll need is a WHOIS client. If you are on Unix, it mostly likely will already be available to you. If you are on Windows, you’ll need to download one such as WHOIS for Windows (http://www.compulink.co.uk/~net-services/spam/whois.htm). On the Mac, you can use WhatRoute (http://www.mac.org/internet/whatroute/).

I am going to show you how to use WHOIS by looking at the ISP Netcom. First, you’ll need to go to the WHOIS page at InterNIC (http://www.internic.net/whois.html) with your Web browser. Enter the domain name (that is, netcom.com) and submit. One of the fields you will see is the Whois Server. In this case, it is whois.networksolutions.com.

Now you’ll use your WHOIS client to query whois.networksolutions.com for netcom.com. If you are using the Unix WHOIS, type whois –h whois.networksolutions.com netcom.com . You will get the following response:

Registrant: 
NETCOM On-Line Communication Services, Inc (NETCOM-DOM) 
   1430 West Peachtree St 
   Suite 400 
   Atlanta, GA 30309 

   Domain Name: NETCOM.COM 

   Administrative Contact: 
      MindSpring Abuse  (MA127-ORG)             [email protected] 
      MindSpring Enterprises 
      1430 West Peachtree St NW 
      Atlanta, GA 30309 
      US 
      404-815-0770 
      Fax- - 404-815-8805 
   Technical Contact: 
      Hostmaster  (HOS272-ORG)          [email protected] 
      MindSpring Enterprises, Inc. 
      1430 West Peachtree Street NE 
      Suite 400 
      Atlanta, GA 30309 
      US 
      404-815-0770 
      Fax- 404-815-8805 

   Record expires on 03-Feb-2003. 
   Record created on 01-Feb-1991. 
   Database last updated on 15-Sep-2002 09:19:12 EDT. 

   Domain servers in listed order: 

   SPEAKEASY.EARTHLINK.NET      207.69.188.200 
   HEARSAY.EARTHLINK.NET        207.69.188.201 

Take a good look at the Netcom WHOIS information. From this, the snooping party discovers that Netcom is in Georgia. (Note the location at the top of the WHOIS return listing, as well as the telephone points of contact for the technical personnel.)

Armed with this information, the snooping party proceeds to http://www.worldpages.com/. WorldPages is a massive database that houses the names, email addresses, and telephone numbers of several million Internet users.

At WorldPages, the snooping party uses your real name as a search string, specifying California as your state. Instantly, he is confronted with several matches that provide name, address, and telephone number. Here, he might run into some trouble, depending on how common your name is. If your name is John Smith, the snooping party will have to do further research. However, assume that your name is not John Smith—that your name is common, but not that common. The snooping party uncovers three addresses, each in a different California city: One is in Atlanta, one is in Athens, and one is in Plains. How does he determine which one is really you? He proceeds to the host utility.

The host utility will list all machines on a given network and their relative locations. With large networks, it is common for a provider to have machines sprinkled at various locations throughout a state. The host command can identify which workstations are located where. In other words, it is generally trivial to obtain a listing of workstations by city. These workstations are sometimes even named for the cities in which they are deposited. Therefore, you might see an entry such as the following:

chatsworth1.target_provider.com 

Chatsworth is a city in northwest Georgia. From this entry, we can assume that chatsworth1.target_provider.com is located within the city of Chatsworth. What remains for the snooper is to re-examine your Usenet post.

By examining the source code of your Usenet post, he can view the path the message took. That path will look something like this:

news2.cais.com!in1.nntp.cais.net!feed1.news.erols.com!howland.erols.net! ix.netcom.com!news 

By examining this path, the snooping party can now determine which server was used to post the article. This information is then coupled with the value for the NNTP posting host:

grc-ny4-20.ix.netcom.com 

The snooping party extracts the name of the posting server (the first entry along the path). This is almost always expressed in its name state and not by its IP address. For the snooping party to complete the process, the IP address is needed. Therefore, he telnets to the posting host. When the Telnet session is initiated, the hard, numeric IP is retrieved from DNS and printed to STDOUT. The snooping party now has the IP address of the machine that accepted the original posting. This IP address is then run against the outfile obtained by the host query. This operation reveals the city in which the machine resides.

Having obtained this information (and having now differentiated you from the other names), the snooping party returns to WorldPages and chooses your name. Within seconds, a graphical map of your neighborhood appears. The exact location of your home is marked on the map by a circle. The snooping party now knows exactly where you live and how to get there. From this point, he can begin to gather more interesting information about you. For example:

Many people minimize the seriousness of this. Their prevailing attitude is that all such information is available through other sources anyway. The problem is that the Internet brings these sources of information together. Integration of such information allows this activity to be conducted on a wholesale basis, and that’s where the trouble begins.

As a side note, complete anonymity on the Internet is possible, but usually not achievable by legal means. Given enough time, for example, authorities could trace a message posted via anonymous remailer. (Although, if that message were chained through several remailers, the task would be far more complex.) The problem is in the design of the Internet itself. As Ralf Hauser and Gene Tsudik note in their article, “On Shopping Incognito:”

Then there is the question of whether users are entitled to anonymity. I believe they are. Certainly, there are plenty of legitimate reasons for allowing anonymity on the Internet. The following is excerpted from Anonymity for Fun and Deception: The Other Side of “Community” by Richard Seltzer:

This is a recurring theme in the now-heated battle over Internet anonymity. Even many members of the “establishment” recognize that anonymity is an important element that might preserve free speech on the Internet—not just here, but abroad. This issue has received increased attention in legal circles. A. Michael Froomkin, a lawyer and prominent professor, wrote an excellent paper on the subject. In “Anonymity and Its Enmities,” Froomkin writes

However, not everyone feels that anonymity is a good thing. Some people believe that if anonymity is available on the Internet, it amounts to nothing but anarchy. A rather ironic quote, considering the source, is found in Computer Anarchy: A Plea for Internet Laws to Protect the Innocent, by Martha Seigel:

You might or might not know why this quote is so incredibly ironic. The author, Martha Seigel, is no stranger to “computer anarchy.” In her time, she has been placed on the Internet Blacklist of Advertisers for violating network policies against spamming the Usenet news network. The Internet Blacklist of Advertisers, now defunct, was intended to curb inappropriate advertising on Usenet newsgroups and via junk email. It worked by describing offenders and their offensive behavior, expecting that people who read it will punish the offenders in one way or another. The following is quoted from the docket listing on that Blacklist in regards to Cantor & Seigel, Ms. Seigel’s law firm:

However, all this is academic. As we move toward a cashless society, anonymity might be built in to the process. In this respect, at least, list brokers (and other unsavory information collectors) had better do all their collecting now. Analysis of consumer-buying habits will likely become a thing of the past, at least with relation to the Internet. The majority of electronic payment services being developed (or already available) on the Internet include anonymity as an inherent part of their design.

What I have a hard time understanding is how these systems can provide anonymous transactions. The reason I bring this up is simply that records must be maintained, log files generated, transactions authorized, and people involved to ensure the system works. Therefore, these “anonymous” transactions really aren’t—and that brings you to my warning.

Finally, here are some good sources concerning privacy on the Internet.