Advertisers, Web designers, and even the government are using the Net to spy on you. Downloaded software, Web bugs, and cookies target you while you're online, watching and recording your actions and turning that information over to eager advertisers. These spyware technologies gather personal information, such as your IP address and shopping habits, without your knowledge or consent. Ostensibly, the uses of this technology--from direct marketing to helpful cookies that can remember login names or automatically fill in forms--are relatively benign.

Spyware's real threat is not the specter of spam or targeted banner ads, it's a more insidious loss of privacy. Privacy advocates say there are other risks from personal information collection, not the least of which is the potential for abuse once private information is in the wild. Once that data is out of your hands, you don't know where it will end up.

So far, there are discussions about regulation but little real action. Until there is, if you're concerned about privacy, spyware, or spam, follow some of these rules and instructions to detect, recognize, and kick out sneaky spyware.

All About Spyware Spyware generally refers to any technology that gathers personal information, such as your shopping and surfing habits, without your knowledge or consent. From the less harmful cookie to more nefarious data collection software or Web bugs, spyware can enter your computer as a software virus (along with new software) or from a Web page while you surf. That spyware then sends your personal information--such as Web sites you've visited, your IP address, or your computer's host name--back to a parent company or server, where it can be shared with advertisers or used to serve up ads targeted at users like you. Unsavory Cookies Cookies, the small text files a Web server sends to your browser to remember pages you've visited or that fill in information and passwords automatically, spawned the issue of Web privacy. Oddly, however, they're the least of your spyware worries. Most Web sites don't conceal cookies, and you can either set your browser to warn you when you're about to receive one or reject cookies entirely.

Nonetheless, cookies can store personal information such as your name and address, as well as track your surfing habits. Often they're used to personalize Web sites (such as when NBCi.com greets you by name) or to fill in forms when you return to a site (so that you don't need to type in your name and password again, for example), recognize your buying habits (when Amazon.com recommends books you might like), and serve up targeted ads.

Hidden Demons A little higher on the spyware food chain lurks covert software that's downloaded along with programs from companies you trust. For example, last November, RealNetworks, the maker of RealPlayer, was caught gathering listening habits, preferred music genres, and other information from anyone who installed its popular RealJukebox program. Although the company claimed to be profiling users' listening habits in order to customize RealJukebox for each person, those users didn't know they were being monitored. After much public outcry, RealNetworks quickly revised its privacy policy and released a patch that let users block the transmission of their personal information.

Creepy Crawlers Aside from cookies and software-contained spyware, Web-tracking techniques are even more sophisticated--and harder to combat. The latest threat to online privacy in this camp: Web bugs. Unlike cookies, Web bugs show up as tiny image files embedded in a Web page or an HTML-formatted email message. They're usually invisible--so tiny, you'd never notice them--and they gather information ranging from your computer's IP address to your surfing habits, including the type of browser you're using. They're particularly nefarious because you can't see them, and anticookie filters won't catch them. Web bugs are increasingly common. In fact, the White House ordered its own drug policy office to stop using Web bugs to target surfers with antidrug advertising on the government's antidrug Freevibe.com. In addition to capturing surfing information and IP addresses, Web bugs can "talk" to cookies on your computer left by the same site or advertising company. Online ad company DoubleClick, for example, used Web bugs that could communicate with cookies from its Web site. The cookies then revealed past online behavior, even home addresses, IP addresses, and phone numbers to the bugs, and the bugs sent that information straight back to DoubleClick. A company can also use the bugs to tie cookie histories to personal identifying information, such as your phone number and address. In fact, a California woman sued DoubleClick for just that behavior. The company bought another firm, Abacus Direct, which holds detailed consumer profiles on more than 90 percent of U.S. households. DoubleClick cross-referenced its spyware results with that database to compile surprisingly personal profiles.

The Spyware Threat Spyware usually gathers information about your computer's configuration and your surfing habits, but if combined with the right technology, it may even pick up your address or telephone number. So far, there are few, if any, concrete examples of anyone suffering damage as a result of spyware. In fact, the technology isn't even illegal, but spyware remains controversial, and consumers have started to kick up a fuss over the idea of advertisers invading their space. That pressure can be enough to get a company to change its ways, as was the case with RealNetworks. Sites such as OptOut advocate the need for a Code of Backchannel Conduct, which calls for up-front, plain-language disclosure about information gathering and no fine-print funny business.

Is It Secure? In reality, even information as simple as your computer's IP address isn't as harmless as you might think. A malicious and knowledgeable hacker could use it to find and damage your system, especially if you have a static IP address that doesn't change because you have an always-on connection such as DSL or cable. And the fact is, you simply don't know what can happen if your privacy is compromised. Think of it this way: If you choose to keep your home address out of the phone book, you wouldn't want to discover that the information was in the white pages without your permission. It's not necessarily dangerous for someone to know your home address, but it could be, and making it public should be your choice. The potential for abuse is perhaps even more worrisome than the invasion of privacy. There's no guarantee that companies won't sell your personal information to the highest bidder or even inadvertently transmit it to malicious hackers.

Article Originally by CNET.com (Posted on Spycops.com 10/01/03):
CNET