No one should decide how your personal data is used except you. Here's what you need to know to protect yourself online.

If you use the Internet, your privacy is under attack. Every time you view a Web page with an advertising banner, submit your name to a site, or enter registration data into software that works with the Internet, the information you provide can be catalogued, compiled, correlated with your movements throughout the Internet, and sold to any number of willing buyers. We'll explain what you can do to preserve your privacy.

Personal data: a big business
Before we discuss how your personal information is gathered and what you can do about it, you should understand the reasons why this data is being collected in the first place. Who is after your personal data? And why is it valuable to them? To find out, you need look no farther than the Web sites of the many advertising firms that post banner ads throughout the Inter net. DoubleClick, a huge online advertising network, reported the following in its 1998 annual report:

"DART (Dynamic Advertising Reporting and Targeting) insures that advertisers reach their ideal consumers from among the tens of millions on the Internet. It can target prospective customers by dozens of characteristics, including geographic region, LANguage, and business."

By reading individual users' IP (Internet Protocol) addresses, DoubleClick's dart program anonymously delivers targeted advertising to consumers and then provides comprehensive campaign reports to monitor the effectiveness of the ads. For example, dart allowed IBM's corporate recruiters to reach college students nationwideââ,¬"with messages targeted specifically to each college.

Naviant, another Web marketing company, claims even greater knowledge of consumers' personal information:

"At the heart of e-List Services is Naviant's High Tech Household File, the largest and only 100-percent-verified resource for today's most dynamic buying market of Internet-enabled households. With access to over 17.5 million households already, and hundreds of thousands more coming on file each month, it's the only source you need to meet your future marketing and targeting possibilities with precision."

In short, these Internet advertising firms pride themselves on being able to collect precise, detailed information about you. They may then sell this information to other companies, use it to identify you as you browse the Web, or use it to select what sorts of advertising to display on your screen. (In the example of IBM mentioned above, the ad agency could even recognise college students and cozy up to them by customising ads with their schools' colors, symbols, or mascots.)

Advertisers will pay more for space if they believeââ,¬"rightly or wronglyââ,¬"that they're more likely to show up on the screens of potential customers. Unfortunately, this means that someoneââ,¬"either the advertiser, the site, or the agency that delivers the adsââ,¬"needs to know sensitive information about you: your age, where you live, your spending habits, your marital status, whether you have kids, and other information you'd probably feel uncomfortable revealing to strangers.

Direct mail: Better than Spam?

Another reason why companies want to know not only what Web sites you visit but who you are stems from Internet users' nearly universal distaste for spam, or junk e-mail. Advertisers realize that if they send spam messages to potential customers, they're likely to turn them offââ,¬"permanentlyââ,¬"rather than get a sale.

But many Netizens who abhor spam are nowhere near as resistant to paper junk mail (or direct mail advertising, as it's called in the trade). If a company sees that you're browsing its Web site and it can find out your mailing address, it can send you a snail mail sales pitch, which you may be less likely to reject out of hand.

How they do it
How do sites snoop on your browsing habits and identify you online?

One of the simplest methods is via your IP addressââ,¬"a 32-bit number that serves as your computer's telephone number on the Internet. Whenever your computer sends a packet of information across the Net, it includes its IP address so that the recipient will know where to send a response. If your system has a permanent connection to the Internetââ,¬"for example, via a cable modemââ,¬"its IP address is likely to be constant. So, as you move through the Net, snoops can follow your every step.

Although the IP address is a good way to identify some Web users, it isn't foolproof. Users with dial-up connections to the Internet may get a different IP address each time they call, depending on which of the ISP's phone lines they happen to reach. And all the machines behind a firewallââ,¬"a device designed to keep intruders out of a networkââ,¬"sometimes appear to have the same IP address. (This happens if a mechanism called Network Address Translation, or NAT, is used.)

So, to uniquely identify users and their computers in these situations, Web sites use cookies.

Cookies: The Good, the Bad, and the Sneaky

Cookies were originally designed to solve a practical problem that arises from the design of the World Wide Web. When you browse a Web site, your computer doesn't really stay connected to the site for the entire time you're there. Instead, your PC makes a request, receives an answer (usually in the form of a Web page), and disconnects right away. If, after reading the page, you decide to click on a link or a button, your computer makes a new connection to carry out your request. Because the connection doesn't stay open, the Web server doesn't need to devote resources to keeping it alive while youââ,¬"the slow humanââ,¬"decide what to do next.

The downside of this method is that carrying on an ongoing conversation becomes tricky. Let's suppose you're making an online shopping trip in which you place half a dozen items in your cart and then check out. Each time you click, the Web server needs to remember who you are and what you've selected so far.

Because the server would need massive amounts of storage to keep this information around for tens of thousands of shoppers (an estimated 75 percent of whom will leave their carts in the virtual aisles and never check out), it's best to have the client, rather than the server, store information about the state of the transaction. So the server may place a cookieââ,¬"a bit of text identifying you and describing the transactionââ,¬"on your machine.

The cookie also contains bookkeeping information, such as the domain from which it was sent and an expiration date. There are two kinds of cookies: session cookies, which vanish each time you shut down your browser, and persistent cookies, which can stay around for months or years. An e-commerce site might use both kinds; for instance, it might use a session cookie to remember information about a particular shopping trip, and a persistent cookie to recognise you when you come back another day.

Each time you move to a new stage of your online transaction, the merchant's server asks your computer to send back the cookie that's been stored on your machine. This reminds the server of who you are and what you were doing, and the conversation continues where it left off.

Cookies are handy for many legitimate purposesââ,¬"for example, to allow a Web site to recognise you as an authorised user without requiring you to log on every time you access the site. But they can also be used for nefarious purposes.

Web pages as "Paste-Ups"

One thing about the Web that isn't obviousââ,¬" except to techies and Web page designersââ,¬"is that a single Web page can be composed of material that comes from many servers throughout the Internet. A page on your favorite news site might have text from one server, pictures from a second, and ads from several more. The Hyper Text Markup Language (html) in which the page is written tells your Web browser how to call for the images from different places and paste them up to make the page that appears on your screen.

Trouble is, unless you've installed cookie management software or turned off cookies altogether, any machine that supplies any part of a Web page is capable of feeding your machine a cookie and retrieving it later. Thus, if you visit two pagesââ,¬"even on different sitesââ,¬"that contain ads from the same advertising company, that company can see via its cookies that you traveled from one to the other. What's more, if the advertising firm has acquired personal information about you from the owner of any one of those sites (perhaps because you filled in a form or made an online purchase), it can apply that information when you visit the other.

Sometimes, an image that allows you to be tracked is not even visible to the naked eye. Last year, computer security expert Richard Smith, founder of Phar Lap Software, reported that many Web pages contain Web bugsââ,¬"tiny images that are only one or two pixels in size and are designed to blend into the page's background. Why are these invisible images there? Because they allow Web servers to log your access to the page and to place cookies on your computer.

Special delivery: a cookie
Snooping via cookies isn't limited to the World Wide Web. Because the rendering engine that's used in Web browsers is also woven into e-mail clients and Usenet news readers, it's possible for someone who sends you e-mail or posts an HTML article to a newsgroup to cause your machine to access images on his or her site when you read the mail or article. (If the program has a preview window, the access may occur automatically before you can stop it.) Instantly, the sender's Web server can tell that you read the message.

What's more, if the sender customises the URL in the message so that it contains your e-mail address, he or she will also know exactly who you are. (This technique has been used by spammers to verify e-mail addresses.) Finally, unless you have a very recent browser that closes this security hole, the server can leave and retrieve a cookieââ,¬"again, possibly containing your e-mail address.

Even software you install on your computer can gather information and place it in cookies for later retrieval. The Registration Wizard in Windows 98 places unique id numbers that identify you and your computer into cookies without your knowledge or consent. When you later log onto the Internet and invoke Internet Explorer, the browser jumps to Microsoft's Web site, which retrieves the cookies. Each time you visit Microsoft's site thereafter, the cookies are sent again, letting the company know you're back. More worrisome still is the fact that the Registration Wizard ActiveX control has a bug that allows any Web site to retrieve your registration information at will.

Cookie countermeasures

Some Web advertising firms, such as Double Click, have responded to user complaints about tracking by providing users with the ability to opt out of their databases. But others have notââ,¬"and many users believe that trusting any such firm to protect privacy is akin to allowing the fox to guard the henhouse. Your best bet, therefore, is to take matters into your own hands.

The most foolproof way to keep yourself from being tracked via cookies is to disable them entirely. In Netscape, you can do this by selecting Edit | Preferences and selecting the Advanced item in the left-hand column. In Internet Explorer, select Tools | Internet Options and disable cookies by customising the security settings.

Unfortunately, disabling cookies can prevent you from using many e-commerce Web sites. And asking your browser to prompt you before accepting or sending a cookie can be equally annoying. A single Web page may contain dozens of images, each of which may come with a cookie; you may have to click dozens of times just to get past all of the prompts and see the page.

A better approach, therefore, is to install third-party software that blocks or disables cookies more selectively. Software that blocks advertising banners, such as WebWasher (free download, www.webwasher.com), has the pleasant side effect of blocking cookies associated with ads while not affecting cookies from other sites. The powerful Internet Junkbuster Proxy (www.junkbusters.com) is a combination advertising blocker and cookie blocker, and has many useful features. This product lets you block or allow cookies by domain name and gives you the power to feed sites vanilla wafers (cookies set by you rather than by the site).

None of these programs is foolproof, though. Although the Internet Junkbuster Proxy blocks cookies that are sent directly by a Web server, it doesn't stop cookies from being sent via JavaScript, Java programs, or HTML constructs called metatags. And each time a method of setting and retrieving cookies is blocked, you can be sure that enterprising advertisers and Web page designers begin a hunt for more.

Other utilities also let you choose which sites can feed your browser cookies, and some can help you sort through your cookie files and eliminate cookies from sites you do not want to track you.

If you want to avoid cookies that are fed to your machine via e-mail, do not use an e-mail program that automatically invokes the rendering engine of a Web browser when you view mail. If you use Outlook or Outlook Express, you have no choice but to use Internet Explorer's rendering engine; the two are inextricably tied together. But Eudora, one of the most popular e-mail clients, gives you a choice. If you uncheck the box marked Use Microsoft's Viewer in Eudora's Tools | Options | Viewing Mail dialog box, ie will not be invoked to view your mail.

Software that snitches

Another threat to your Internet privacy is software that literally spies on your system from within, feeding the information to an outside observer. Some viruses, Trojan horses, and worm programs do this. PrettyPark, a Trojan horse program that propagates itself via e-mail, is designed to seek out sensitive data within your system and transmit it to the program's creator via IRC (Internet Relay Chat).

Even legitimate applications can gather or reveal personal information about you under certain circumstances. For example, mIRC, a popular IRC client, implements the identd (Identification Daemon) protocol, which allows any system on the Internet to ask your computer who you are. Many ISP systems likewise implement identidy.

Late last year, news came out that the Comet Cursor utility, which changes a Windows system's cursor according to the Web site that it's browsing, was sending information about users' browsing habits to its creator. (The vendor claims that individual browsing habits are not logged, but the fact that the program was doing this at all was unsettling to many.)

Similarly, Netscape's "What's Related" feature sends some information about your Internet browsing back to a Netscape server. (Netscapeââ,¬"now part of AOLââ,¬"claims that it uses the information to compile statistics but not to track individual browsing habits. Privacy-conscious users will want to disable this feature anyway.)

Consumers harshly rebuked Real when they discovered that the company was monitoring what they viewed via the ubiquitous RealPlayer multimedia playback software. (A patch on the company's Web site can disable the snooping.) And Steve Gibson, of Gibson Research, recently discovered that advertising banner software published by Auriate Media(now Radiate) sends information about which banner ads you click, and the amount of time you spend reading them, back to the company.

Anonymous browsing
Because your online privacy is so easy to compromise, entire businesses have been created to offer anonymous browsing capabilities. Our sidebar "Anonymous Browsing Services" describes several such services.

The granddaddy of these is Anonymizer (www.anonymizer.com). Anonymizer runs a proxy server that attempts to hide your identity and filter cookies as you browse. (Unfortunately, as with blocking software, enterprising snoops are constantly striving to find ways around these filters. So at any moment, you can never be 100 percent sure that they're working.) Anonymizer's service costs US$15 per quarter, and its site offers free trials. The free proxy causes a delay, however, and it displays ads at the top of every page.

Encryption: Not a panacea

Encryptionââ,¬"scrambling data so unauthorised parties have a hard time listening inââ,¬"is a useful process. Virtually every browser has encryption capabilities. (Most e-mail programs don't have built-in encryption, but we strongly recommend that you obtain it as an inexpensive add-on.) But it's not a panacea; you must understand when to trust encryption to protect your privacy.

First, you should get the most secure version of your browser.

Netscape Navigator, for instance, comes in two versionsââ,¬"one that uses 40-bit encryption keys and one that uses 128-bit keys. Low-security, 40-bit keys are good enough for mildly sensitive information, but anyone who has a serious desire to break the encryption can do so easily. (These weak keys are used in the default version of the browser due to u.s. government export restrictions; the government considers the export of effective encryption programs to be a threat to national security.) For real security, take the time to download a browser with 128-bit keys.

Second, make sure that encryption is really active when you need it. When you place an order on an e-commerce site, you'll almost always see a claim that entering your credit card number and other personal information is safe because the site is "secure"ââ,¬"that is, the information will be encrypted as it travels from your keyboard to the merchant's site. But is it really as secure as the merchant claims it is? When you get to the page that requests sensitive information, look carefully at the tiny lock icon at the bottom of your browser window and make sure it's really in the locked position. (In Netscape Navigator and Internet Explorer, the icon turns to a gold color when it's locked.) If the page claims that your information is secure but the icon is not in the locked position, leave the site immediately and shop elsewhere.

Third, remember that the presence of encryption doesn't mean that your data can't be monitored before it's encrypted or after it's decoded again. Let's say, for example, that you read your Yahoo! mail at the local cybercafe or public library. You see the little lock icon at the bottom of the screen. Think that the encryption in the browser will protect you? Think again. Computers in public places are easily subverted by clever hackers, who can install programs that monitor your keystrokes before they're encrypted. These keystrokes are then sent surreptitiously across the Net to a computer that logs everythingââ,¬"including your account names and passwordsââ,¬"for later use. For this reason, reading e-mail on a machine that does not belong to you or to someone you trust is not a good idea.

Your personal data can also be stolen once it reaches its destination. Many e-commerce sites use custom-built programs, or scripts, which are not carefully audited for security problems. Some use software ââ,¬"such as Windows NT, SQL Server, or Internet Information Serverââ,¬"that have hundreds of well-publicised security holes that the vendor may not have closed. Encryption does little good if the decoded data is filched from a merchant's site.

Finally, remember to remove your browsing history when you finish browsing at a public terminal. (In ie, select Tools | Internet Options, then press the Clear History button on the General tab. In Netscape, choose Edit | Preferences and press the Clear History button in the Preferences dialog. The URLs left behind in a browser's history file can let a subsequent user get back into your electronic mailboxââ,¬"especially if they're used fairly soon after you've departed.

And depending on the browser's settings, subsequent users may be able to see what you were doing online for days or weeks afterward.

Common sense

Other measures you can use to protect your privacy are just good common sense.

Be stingy with your personal information; don't automatically fill in a blank on a Web form just because it's there.

If you feel that the proprietor of a Web site has no business knowing who you are or something personal about you, a white lie may be in order. (Ima Nonymous is a frequent visitor to many Web sites that require registration.)

Opt out of tracking (DoubleClick, for example, lets you obtain an OPT_OUT cookie from its Web site) as often as you can, but do not rely on this to keep your movements from being watched.

If you're concerned about spam, or if Web sites insist upon sending you a password only after you've furnished an e-mail address, set up free e-mail accounts and supply those addresses instead of the one provided by your ISP. Although nothing we've mentioned here is foolproof, you will be able to controlââ,¬"at least somewhatââ,¬"who knows how much about you and your loved ones.

There oughta be a law
Many of us would thinkââ,¬"or at least hopeââ,¬"that the government would protect consumers from having such dossiers compiled about them. But unlike European countries, which require citizens to give explicit permission before their data can be shared, bought, or sold, the U.S. has few laws restricting what businesses can do with personal information.

And the laws that do existââ,¬"for example, the Fair Credit Reporting Act (FCRA)ââ,¬"are notoriously lax. According to the fcra, anyone who does business with you is entitled to call a credit bureau and ask for a credit report that lists your credit cards, loans, home address, telephone number, Social Security Number, and more. (Even companies that have not done business with you can obtain some of this informationââ,¬"hence the unsolicited credit card offers that flood the mailboxes of consumers with good credit records.)

Your personal information is your own business; how much to divulge, and to whom, should be your decision. Until and unless the government swings into action to protect consumers, preserving your privacy is your own responsibility.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.