I get scores of junk email every day, try as I might to turn off the flow. And at least once a day — no exaggeration — someone tries to break into my computer. I've also been the victim of credit-card fraud not once but twice. Am I jinxed? No. It's just that I use the Internet — a lot.
Just because you don't think about something very much doesn't mean that it's not a problem. You probably think about privacy less than I do, but if you don't take a few basic steps to protect yourself, all kinds of bad things could happen to you too. Confidential contracts and memos could be intercepted, personal medical information could fall into the wrong hands, or you could be the victim of identity theft, which might prevent you from getting a mortgage or a car loan.
Fortunately, a growing collection of easy-to-use hardware tools and software programs is available to protect your privacy — whether that means preventing hackers from gaining access to your hard drive via your cable modem or keeping marketers from monitoring your Web travels. You can even stop your own company, which probably monitors your email, from reading personal missives. So read on — but read (and act) quickly. Somebody may be watching.
Who's out There?
You probably think that your computer and your email are secure. If you want to make sure, check out these two Web sites, which are designed to provide wake-up calls for people who overestimate their online privacy. Steve Gibson designed ShieldsUp! (www.grc.com) to show Windows users just how vulnerable they may be to hackers. The site performs a free security check to see how easy (or difficult) it would be for teenage keyboard jockeys to break into your computer and steal your financial records and passwords, or to plant a virus on your hard drive. Gibson also offers free advice and tips on how to shut your digital doors.
Another site worth visiting is Privacy.net (www.privacy.net) . Your personal information is worth real money, so it's no surprise that marketers try every trick in the book to pry such information out of you online. This site shows you how easy it is to find such information as your Web address, the last site that you visited, and, in some cases, even your home address and phone number. It also tells you how to prevent people from doing just that.
Spend 15 minutes on each of these sites, and you'll think differently about privacy.
The Downside of Fast Access
Those of us who work from home at least part of the time would find it unthinkable to go through life without using a cable modem or a DSL (digital subscriber line) connection for high-speed Internet access. That's just the kind of thinking that hackers love. High-speed hookups make you more vulnerable to incursions that can turn your desktop computer into an unwitting participant in the next Web-site denial-of-service attack. That's because cable and DSL connections are usually on all the time (so-called persistent connections) , making your system an easy target for hackers who are searching for such unbroken connections. To prevent intruders from looking at the contents of your hard drive, consider using at least one of the following three programs.
BlackICE Defender (downloadable for $40) , from Network ICE Corp., acts as a personal firewall, looking for potential attacks, preventing outside entry into your system, and tracking would-be thieves. It also alerts you when hackers are performing scans or attempting to plant or activate viruses on your computer. BlackICE Defender runs only on Windows.
Norton Internet Security 2000 ($60) , from Symantec Corp., also for Windows only, provides similar protection. For an additional fee, you get such features as a virus scanner and parental controls that keep children away from objectionable Web sites. Norton gives you a lot of control over your Web browsing and privacy, but some Net neophytes may find the program's multiple settings a bit overwhelming.
Another Windows-only package that can protect you from hackers is ZoneAlarm ($20; free for nonprofits and for personal use) , from Zone Labs Inc. This program takes a slightly different approach to online security: Not only does it block outside attacks; it also screens for any tracking software that may have already entered your system. Many programs that surreptitiously access the Internet — such as "adbots" — go undetected by users. ZoneAlarm warns you about tracking software and lets you grant or deny permission to those programs.
Coordinates: BlackICE Defender, Network ICE Corp., www.networkice.com; Norton Internet Security 2000, Symantec Corp., www.symantec.com; ZoneAlarm, Zone Labs Inc., www.zonelabs.com
Don't Read My (E) Mail
You probably don't realize it — and it might make you mad if you did — but more and more companies, especially the big ones, automatically monitor email that is sent to and from their employees. There are people in the IS department who scan each message that you send and receive, looking for everything from hot-button words that may cause lawsuits to potential corporate leaks.
Fortunately, for every digital dagger that's aimed at you, there's a digital cloak to protect you. To prevent prying eyes from seeing your personal email, consider using encryption software. One favorite is the venerable Pretty Good Privacy, or PGP, Freeware (downloadable for free) . It uses a combination of public and private key codes that make your messages readable only to your intended recipients. For the software to work, both you and your emailees need to install it, which is easy because PGP is available online and works on Macs, Unix, and Windows systems. Cutting and pasting text into PGP Freeware adds extra, awkward steps, but if you want only your best friend to read that rant about your boss, use PGP.
Have you ever sent a scathing email and then wished that you hadn't? Soon you may be able to take back such regrettable messages. Disappearing Email ($4 a month per corporate user) , from Disappearing Inc., offers a self-destructing email program that shreds messages in cyberspace. (The consumer version should be out this fall.) First, Disappearing encrypts your email so that only the recipient (who has to retrieve a "key" from Disappearing's Web server in order to unlock the message) can read it. Then, you set a time limit — minutes, hours, or days — for that key. When the time's up, the key is deleted, making your message unreadable.
Coordinates: PGP Freeware, http://web.mit.edu/network/pgp.html; Disappearing Inc., www.disappearing.com
Safer Ways to Surf
Folks who worry about surfing safely usually worry about those unsavory sites that target kids. But the Net has plenty of unpleasant practices that are aimed at adults. Perhaps the most abused software on the Web today is the cookie. Cookies are text files that are deposited on your computer's hard drive. They were originally designed to provide Web sites with a record of your personal preferences and passwords. But cookies have become a nuisance that marketers manipulate to track your movements.
One of the most popular cookie-cutting programs out there is Cookie Crusher 2.5d ($15) , from the Limit Software Inc., which works on Windows machines that use AOL, Microsoft, or Netscape browsers. The program can be set to accept or reject all cookies, to reject cookies that don't expire at the end of a session, or to alert you whenever a cookie pops up. You can also set it to accept cookies from some sites and reject them from others. It will even tell you what an incoming cookie is being used for, so that you can avoid certain sites in the future.
Cookies aren't the only privacy concern when you're surfing the Web. Your email address divulges your ISP, for example, and savvy marketers can put that information to good use (good for them, not necessarily good for you) . But relax: There are ways to stay anonymous online — without having to join a witness-protection program.
Applications such as Anonymity 4 Proxy ($45 to $150 a year) and Web sites such as the Anonymizer can cover your tracks. But for total security, check out Freedom 1.0 ($50) , from Zero-Knowledge Systems, for Windows only, which works in conjunction with Zero-Knowledge's Web servers. The software lets you use pseudonyms on the Web, and it routes all of your Web activity through encrypted servers, making you virtually untraceable online. Your personal information is even inaccessible to the folks at Zero-Knowledge.
Coordinates: Cookie Crusher 2.5d, the Limit Software Inc., www.thelimitsoft.com; Anonymity 4 Proxy, iNetPrivacy Software Inc., www.inetprivacy.com; Anonymizer, Anonymizer Inc., www.anonymizer.com; Freedom 1.0, Zero-Knowledge Systems, www.zeroknowledge.com
Spy Versus Spy
Admit it: Once you begin thinking about how vulnerable you and your computer are to snoops, it's easy to go overboard with security. Those of you who like to err on the side of caution should find comfort in the fact that some hardware devices offer a bit more security than even you may need.
How often do you forget a password to an online account — or write it down so that you won't? That's not very secure. A better solution is to use something that you'll never forget and that no one can steal: your fingerprint. U.are.U Deluxe ($149) , from Digital Persona, uses biometric technology to scan your fingerprint, which you can then use as your personal log-in code. The system's scanner, which is about the size of a computer mouse, plugs into a PC's USB port and is the best security on the market.
To set up the system, you "enroll" your finger (or all 10 digits) by touching the scanner four times, which then records an encrypted data template (not a legal print) of your finger on your computer. Later, you can log in simply by touching the scanner. The software lets you protect individual files or your entire system. And you can even create a "password bank" with your own hypersecure biometric-fingerprint log-in code, replacing all of those hard-to-remember passwords.
Protecting your computer and files in your office is one thing, but what about when you're on the road? All of the antihacking and encryption software in the world won't help if someone walks off with your laptop. According to Safeware Inc., a computer-equipment insurer, 319,000 laptops were stolen in the United States last year. If you want to prevent yours from vanishing, take a look at Targus Defcon 1 ($50) , from Targus International.
Targus seems to be the simplest — and loudest — theft deterrent for laptops. About the size of a deck of cards, it has a three-digit combination lock with a built-in motion detector and a steel cable that locks to your laptop or briefcase. Once set, if someone tries to purloin your bag, Targus's motion detector sets off a 110-decibel siren that's guaranteed to turn heads — and to make a thief drop the goods. Cutting the cable also sets off the alarm. A single 9-volt battery keeps the device running for about three months.
One last question, perhaps only for the truly suspicious: Who goes in your office when you're not there? Are coworkers scanning your computer files or rifling your desk for passwords? Remember, just because you're paranoid doesn't mean that they're not out to get you. To find out what's going on when you're out, set up MicroSentinel ($700) , from Security Data Networks Inc.
The device uses a transmitter that connects to your computer and comes with a wireless 2.4-GHz video camera that can monitor your office from up to 100 feet away. You can program the system's software to take snapshots or to record video or audio whenever it detects motion. The system then calls your cell-phone or pager to alert you to the nefarious activity; it can even email you a photo of the interloper.
Security Data Networks also offers a service that you can access on the Internet using any computer, if you want to check up on your office. You can also set the system to upload shots automatically to your own Web site. The system can be connected to four wireless cameras, at $380 a pop. The only drawback: The cameras won't capture images in a darkened room.
Coordinates: U.are.U Deluxe, Digital Persona Inc., www.digitalpersona.com; Targus Defcon 1, Targus International, www.targus.com; MicroSentinel, Security Data Networks Inc., www.microsentinel.com
John R. Quain (firstname.lastname@example.org) , a Fast Company contributing editor, appears often on CBS News and on MSNBC.
Quain's Top 10 Security Tips
1. Be sure never to give out your social-security number, online or off. This information, in the wrong hands, is a license to steal.
2. Use a paper shredder. Don't just toss out those unsolicited credit-card applications; destroy them.
3. Don't use the same password over and over. Think of variations, tough as they may be to remember.
4. Watch your laptop at the airport. Be especially wary of X-ray-security machines; that's where a lot of laptops disappear.
5. Keep your antivirus software up-to-date. Hackers never rest, so you can't either. Every email attachment potentially contains a virus, so scan it before you open it.
6. Use the latest versions and software patches for your email and your browser. New security loopholes are discovered every week.
7. Don't accept cookies. But if you have to, delete them when you're finished surfing.
8. Use a password to log onto your computer. Most operating systems let you set a password. It's a good idea to establish such a password and to change it regularly.
9. Turn off your computer when you're not using it. It's the only sure way to keep hackers out.
10. Never send an email that you wouldn't want your spouse — or your boss — to read. I really can't stress that enough.