Some people say never send anything conﬁdential or private over the Internet. This may have been good advice ﬁve years ago, but things are changing quickly on the Internet. Privacy has been added to many programs and features so that only the recipient of the communication can read it. Thus there are times when it’s perfectly safe to send credit card numbers, resumes, and other sensitive information over the Internet.
It’s not all that difﬁcult to assess the risks and make a judgment whether or not to send the information encrypted or not. Let’s ﬁrst talk about where the risks of compromising your information really are. First and most important, there is your own machine. If people have access to your machine, there are trails of your activity in different ﬁles in your machine. Your machine may contain documents, spreadsheets and other kinds of sensitive data you would not want prowling eyes on. Your e-mail program may keep a record of mail that was received and sent.
Your web browser keeps a cache of recently accessed web pages. I.R.C. Chat has logging functions that could be left on. The point is that your machine contains a lot of sensitive data that may need to be physically or software password secured.
While it is possible for people to illegally tap your phone lines, it usually requires equipment and to be in an open place. Although many people have heard clicks and pops when talking about sensitive information over the phone, the actual likelihood of it being an illegal wiretap is actually quite negligible. In the telephone company switching ofﬁce, it is possible to tap communications, and read the character based communications using a modem and a communications protocol analyser. However this can only be done under court order.
From there to the Internet Service Provider is a trip over local or long distance trunk lines to another telephone switching ofﬁce or directly to their ofﬁce. To tap these trunks, although possible, is difﬁcult. Once at the Internet Service Provider, the incoming lines go to a collection of modems. From the modem, the signal is routed in the I.S.Ps internal network to one of maybe several connections to the Internet. Your I.S.P. can easily attach a protocol sniffer and read any of the trafﬁc going through. With a little more sophisticated equipment, the I.S.P. can read most anything you do on the Internet. However, they have little time to spy on their customers.
From there, the information goes out over the Internet. Again, these are big trunk lines owned by the backbone Internet Provider. It is difﬁcult and complicated to tap these lines. So in short, what I am telling you is that the biggest risk in your privacy is probably your computer, garbage can or someone looking directly over your shoulder.
If you are concerned with transmitting conﬁdential information over the Internet, make sure that you secure your ofﬁce or home and use only secure forms of transmission. Keep your sensitive data on removable media, which you can lock up. You may also want a polarised glare screen to keep prying eyes from seeing passwords and sensitive information.
For web browsing and purchases online, I would suggest using sites that use a secure server. With Netscape, you will notice the golden key on the lower left is no longer broken on a secure site. With Internet Explorer, there is an annoying pop-up warning you that security mode has changed, but there is no indication. I have already ordered several items online with secured connection using my credit card and the items received and nothing happened so far.
For e-mail I would suggest PGP 5.0 which uses public key encryption. It is available at http://mail.telstar. net/mirror/pgp/downloads.html for International Users.
Protect Your Computer
Before you address the issue of online privacy, consider protecting something even more fundamental: your P.C. Remember, your ofﬁce computer and its contents don't belong to you. Your employers can track your movements on the Net by using sophisticated U.R.L. tracking snoop ware. They can intercept and read your e-mail, back up the data on your system, remove your hard disk, or take away your computer altogether.
And as soon as you leave your ofﬁce for the night, nosy coworkers can start poking around, if they haven't already done so over the network. Here's what you can do to avoid ugliness and embarrassment in the ofﬁce.
BIOS Passwords Are Best
Though it's not an entirely foolproof method, the best way to prevent people from using your P.C. when you aren't around is to change the system password in the BIOS setup program. Because this tactic halts the computer's boot-up process before it loads the operating system, it works every time. You should be aware, however, that some hardware manufacturers provide "backdoor" passwords that enable your employer to bypass your security measures; moreover, a knowledgeable system cracker can defeat any BIOS password by opening the computer case and disconnecting the battery that powers the BIOS settings chip.
Screen Saver's No Savior
Here's another bit of false security. You can password-protect Windows' screen saver, so your colleague in the next cube can't peek at your sensitive memo to H.R. But he can bypass this barrier by rebooting your computer and logging in as the default user (unless you've blocked access with a third-party security tool, System Policy Editor, or a BIOS password).
Wipe Out All File Traces
If you want to eradicate something that's currently stored in a ﬁle on your computer, deleting the ﬁle isn't enough. The ﬁles that you thought were gone may still be sitting in Windows' Recycle Bin. And deleting ﬁles doesn't remove them from the drive--they're still there, and readable with special tools, until another ﬁle overwrites the space the "deleted" ﬁle still occupies.