COMPUTER COLUMN: Privacy? The cookie monster lurksCOMPUTER COLUMN: Privacy? The cookie monster lurksThe explosive growth of the Internet has raised many legal and ethical issues, some of which may not be apparent to novice computer users. One of the most important issues is privacy. While there is so much information available in cyberspace, there are no clear laws governing the rights to information.
For example, after a user visits a Web site about dog care, the user's e-mail address could be stored and sold to dog food advertisers. If an e-mail address is fair game, telephone and mailing addresses may also be fair game. Newsgroups are the bulletin board-like areas where users can post messages about thousands of subjects. Most of these messages are stored in various electronic filing systems. One of the most comprehensive of these storage sites is "DejaNews" (http://www.dejanews.com); a visitor to the site can review postings from long ago or far away.
Most posts are fairly innocent or just irrelevant. But the perception of anonymity often makes people write about controversial, highly emotional and potentially illegal activities. And people posting messages - even if from a home personal computer - should remember they are leaving an electronic trail of personal information. This information could potentially be viewed by others - including employers.
For many computer users, their own Web browser is the main culprit for disseminating and storing personal information. This recently became more of an issue after a modification of a major piece of Web browsing software. The current version of "Netscape Navigator (3.0)" is among the first Web browsers to include a check box allowing users to "Show an alert before accepting a cookie." A cookie file acts like a passport, getting stamped at certain destinations with personal information by the host computer and storing information on a user's hard drive.
In the past, cookie activity was hidden from users of both "Navigator" and "Microsoft Internet Explorer." Users who are curious about what information about themselves is stored on their own computer need only search for the text file typically named "Cookie" or "MagicCookie" on their hard drive. Be prepared for a shock about the amount of information stored. I knew something about cookies for a while, but never gave them much attention until an odd thing happened. I noticed something amiss when I visited the Web site of the Yahoo search engine (http://www.yahoo.com) and clicked on the "Local Yahoo" link. Yahoo knew my home ZIP code, yet I had not typed it in. I was puzzled as to how it knew this information. Then, it occurred to me that I had typed in this information several weeks ago and Yahoo had somehow remembered.
It had remembered because it had stored a cookie on my hard drive. Cookies are one type of privacy concern, but software bugs that can be found and exploited by devious hackers are another. Fortunately for Netscape users, Carnegie Mellon University doctoral student Justin Boyan found a bug in the popular Web browser software and brought it to the company's attention. "I discovered a trick whereby any Web page could learn the e-mail address of the person looking at the page," Boyan said. "`Netscape' eliminated this trick in version 2.01 - and gave me a sweatshirt as a reward for discovering it, oh boy!"
Boyan also knew of another potentially dangerous bug. "Older versions of `Netscape' also had the lovely feature that any Web page you visit could - without your knowledge or consent - send e-mail from your computer to anywhere else in the world," he said. "For example, any Web page could have sent a death threat to the president from your e-mail address and your computer, completely unbeknownst to you," Boyan said. "Recent versions fix this, too, but who knows what future privacy bugs will emerge?"
Reach us via e-mail at computer@tribune-review.com
Return to More Computer News ...