Tangled Webs
More Security Fearmongering
Feb 26, 1997
Issue 2.3

An Opening Gambit

As someone who receives over 150 pieces of e-mail a day (no, of course I don't read the all), I have seen my share of get-rich-quick schemes, fake legal injunctions, and pyramid scams. Recently, however, I have received automatically generated e-mail from three different companies informing me in panicked tones that my e-mail address was publicly available. According to these companies, this was a grave security risk and I desperately needed their services to rectify the problem.

I contacted two of these companies and their responses were much the same. "Since your e-mail address is public, it is open to abuse. Marketers could use that information to target you. You could wind up getting so much junk mail that you won't be able to use the Internet effectively."

The irony seemed lost on them. "But isn't that exactly what your company is doing? Sending out e-mail to every address you can find to sell your services?"

"Not at all. We are warning people of a problem and giving them a way to fix it."

Their claims are, of course, nonsense. Warning people that their e-mail address is publicly available in this way is no different than dialing phone numbers at random and telling whoever answers that their telephone number is publicly available.

Fearmongering seems to be a cottage industry in our global village. Aside from the e-mail scare, we are now being told that every time we surf, we are giving out tasty bits of information about ourselves to marketers. Things like what software we are running, the type of computer we own and even the city in which we live. These concerns are based on misunderstandings, but they have been written about in publications that should really know better like Wired, MacUser and PCWorld.

How it Really Works
Hypertext Transfer Protocol (http) is the language Web servers and Web browsers use to talk to each other. When you click on a link, your browser sends an http request for that document. That request includes quite a bit of information about your computer and your Internet service provider, and this seems to be a privacy concern to some.

According to the http protocol, a browser must identify itself. When requesting a document, your browser sends the server information that typically looks something like

Mozilla/2.02Gold (Win95; I)

Mozilla is the code name for Netscape, so this tells the Web server that it is dealing with Netscape 2.02 Gold for Windows 95. Using this information, the server can determine if your browser supports frames or ActiveX or Java and send a version of the document that your browser will understand.

When your browser requests a document, it also tells the server the name of your Internet provider. The reason for this is obvious, the server has to know where to send the document you just requested. Furthermore, since all Internet addresses must be registered, it is quite easy to find out the street address of your Internet provider, and by extension, the city you live in.

Does the fact that your browser is giving out all this information constitute an invasion of privacy? Quite a few people seem to think that it does, but in all the articles I've seen written on the subject fail to mention one salient point. No one has any idea who you are. All the server knows is that someone using Netscape 3.0 for Windows NT is requesting a certain document. Since a user's anonymity is protected, his privacy is as well.

So Why Bother Collecting Data?
The information gathered from the http requests is logged and studied by webmasters. It tells them how many people visiting their sites are using Netscape and how many are using Internet Explorer. It tells them how many are using Windows and how many are using Macintosh, and lets them design the site accordingly.

The information your browser gives out as you surf the web is useful for demographics only. It can't be linked to you as an individual. A merchant knowing that someone entered his website using Netscape for Macintosh is no more an invasion of privacy than the same merchant knowing that someone entered his store wearing a pair of Nikes.

[ Home Page] [ Back to Index ] [ Previous Issue ] [ Next Issue ]

© Copyright 1997, Tim Romero, t3@t3y.com
Tangled Webs may be distributed freely provided this copyright notice is included.
The Tangled Webs Archive is located at http://www.dotco.com/t3/tangledwebs/index.shtml