Netwire For anonymity's sake ....

Berlin, Germany
November 22, 2000
Der Spiegel, 47/2000
by Christiane Schulzki-Haddouti "I'm in," simple as that. Now here I go. Just click on the search engine. Click on news. Click on book dealers. Click on my private home page. Those who think these clicks are not being monitored are deceiving themselves.

Cookies record clicks and know which internet addresses are finally accessed. They record the IP number from which the user has dialed into the network.

Anyone who wants to know exactly what on-line providers are doing with their personal data used to have to agonize laboriously over fine print, often in a foreign language [i.e., English]. The World Wide Web Consortium (W3C) has therefore worked out a new standard which enables more transparency in matters of data security: the Platform for Privacy Preferences (P3P).

Over 30 corporations, including not only Microsoft, AOL and AT&T, but also European data security delegates, have cooperated. Using P3P, web surfers will be able to select their personal preferences in their browsers. As of today, cookies can be blocked out via a browser option.

Using P3P entire web sites will be able to be evaluated as far as their data security policy goes; that is because under XML-based policy, the instructions for handling customer data is programmed into the pages. Users may quickly find out whether their data is being handled according to European data security law. Then they can decide whether they want to trust their data on that web site.

However the software does not check to see if the company actually does what it says. That would require legislative measures.

Providers currently are mercilessly exploiting user data to their heart's content. For example Microsoft collects GUID numbers in all "Word" and "Excel" files. The "Globally Unique Identifier"

(GUID) is the serial number which can be read from your computer's network card. The music player Realjukbox even covertly transmits the GUID with much other information, such as the number and formats of the music titles stored on the computer.

The leading internet marketing company "Double-Click"

exchanges information about users with other on-line agencies.

The goal of the advertising network is to present each individual user with the appropriate ad banner. Search engines Altavista and Yahoo cooperate with the ad companies - now you need not wonder why a related ad banner shows up in your browser after making a search entry.

Additional information is provided by little web beetles, invisible pictures in the size of 1x1 pixels. They send IP addresses, the internet address of the web site visited, browser type and cookie information to the marketing companies' servers. Not before they see to it that information about various remote sites can be correlated.

US American data security advocate Richard Smith has found out that not only things like e-mail addresses, names, snail mail addresses and telephone numbers are transmitted, but also transaction data and search terms. Data banks process this information and produce individual user profiles.

Many users are not pleased that these data are being covertly collected. Only a few providers, Firefly web service for instance, obtain the express permission of the user. Other web services, like "Free" from the Canadian company "Zero Knowledge Systems"

enable users to remain anonymous by using diverse anonymized and encrypted servers, called "mixers."

Unlike an anonymizer, "Free" does not transmit all the files through a central computer. The operator cannot be forced to reveal the identity of a pseudonym by a court, such as what happened with the pseudonymous e-mail service anon.penet.fi and the Scientology sect.

[comment not in article: Scientology sued an anonymous e-mail service to find out who had sent some material copyrighted by Scientology over the internet. The service provider, anon.penet.fi, was forced by the courts to provide the account name through which the e-mail had passed. It was the name of another anonymous account. Sometimes it pays to be paranoid.] Identity manager Nevertheless surfing anonymously reaches its limits when anonymity no longer serves a purpose. For instance a shipping address has to be typed in to buy something on-line. It is primarily for those cases that companies are currently developing tools based on P3P.

A sort of identity manager is supposed to note down which information has been given out under which conditions. After all, who can remember who he has told what to after a year? And what passwords he had to set up to do it? That type of software could also be used for purposes of identification. Additionally, such a manager could administer different pseudonyms which are used by a user.

Data security experts Mark Koehntopp of the Independent State Center for Data Security in Schleswig-Holstein and Andreas Pfitzmann of the Technical University of Dresden have even proposed that the identity manager use interfaces to all possible applications. A new type of chip or a new device would not then be needed for every application. Ultimately that would enable the intelligent ID manager to be integrated not only in PCs, but also in intelligent digital telephones or hand-held computers.

German book suggestion: Helmut B=E4umler (Hrsg.): E-Privacy, Vieweg 2000.

On the internet see - Zero-Knowledge-Systems http://www.zks.net - Free http://www.freedom.net - Doubleclick http://www.doubleclick.com - Richard Smith http://www.tiac.net/users/smiths/privacy/banads.htm - Platform for Privacy http://www.w3.org/p3p - Anonymizer http://www.anonymizer.com --- Unofficial translations of German media, For non-commercial use only Recent events - http://cisar.org/trnmenu.htm Informational publications http://members.tripod.com/German_Scn_News Over 1200 articles sorted by date http://cisar.org/sortdate.htm

Go Back