Privacy and security

The issue of privacy

As mentioned earlier, there seems to be a major push by computer (and software) manufacturers (monolithic companies aiming to globalise the world market) to sell you the very latest, possibly with poor quality control checks, and often expensive (i.e. to the level of what the market can bear) IT products using a variety of clever marketing techniques.

Given the somewhat unregulated nature and intense commercialisation of the IT industry, you may be wondering how far has the great marketing sharks in the IT industry gone to get you — the consumer — to buy, buy and buy again.

In other words, are marketing experts becoming so intrusive that your privacy is being compromised?

The bottom line for many businesses and the prime aim of marketing experts

Business professionals are in the business of making money. Generally the bigger the business, the more profit is seen as the bottom-line. As the old saying goes, "Money makes the world go around".

Though how much of a buck, or profit, can be made from the sale of a product or service is strongly determined by how we, as the consumer, perceive a product or service to be and whether we see it as of high quality and something that must be immediately bought.

This is where the skills of a good marketing expert comes into the picture. Using his/her highly trained marketing skills (often grounded in psychology), the expert can create or change the perception of goods or services by first determining who is likely to use the goods or services through effective market research (i.e. profiling and working out the target market) and then turning the product or service into a need for a target group through appropriate pricing, fancy packaging, advertising, and any other factors that help to appeal to the raw primitive emotions of the consumer (e.g. the use of sex, food, rewards etc).

A marketing expert's idea of selling more computers? Or is it just a computer geek's definition of a real dilemma? Source: Mehlman 2000, p.112.

As the chief executive of SYDAC, Adrian Smith, says:

"Understand [and if necessary change] your customer's perception of your value to them. Perception is reality." (1)

To create perception, you need information

Hence business professionals have come to realise how crucial information is to their business. They need to have the knowledge about customers and their needs so their business has a better chance of providing the right product and sell it with the right perception of it.

As Pim Fox commented in the April 2002 edition of Computerworld:

"For business managers who believe that more information equals better customer service, healthier profits and more efficient use of resources, the benefits of rapidly and coherently gluing information together seem obvious." (2)

However, more and more consumers are increasingly becoming aware (although not necessarily through the actions of this web site!) of how the marketing expert is managing to achieve the simple goal of selling products and services in order to maximise the profit of a company.

In particular, is your personal information really safe from the prying eyes of the marketing expert? And what about computer hackers? Can they learn anything about you as well? Well, let us begin by explaining how the marketing experts gather information about you.

The importance of profiling customers

To begin with, let us define the term "profiling". Profiling is the most important tool for the marketing expert. It is a technique designed to help the expert know something of yourself, your habits and the kinds of goods and services you buy and/or use (or are likely to buy or use).

There are many ways a marketing expert can profile a potential customer like yourself. The most common is the market survey where you fill out a form explaining your activities and habits. This is considered the direct form of profiling where you, the potential customer, give clear consent to have your personal information released to a marketing expert.

Another way of profiling a potential customer like yourself, as we shall see, involves surreptitiously snooping about on your computer, your web site and/or your emails for personal information without your consent or awareness of the fact. And what makes this particularly worrying is the speed in which a marketing expert can create a profile on you, your family, and your work and personal habits with the help of the right technological tools!

How does profiling help a marketing expert?

Armed with this profiling information, a marketing expert coupled with a computer guru can potentially create instant and sometimes unexpected tailored-made electronic advertisements on the Internet to target with remarkable accuracy all your needs whenever you visit a certain web site, or have them automatically sent to your mailbox or email address.

Forget about fortune tellers! This is the era of powerful marketing designed to accurately predict your habits now and in the future.

What happens if I don't buy anything?

It is good to see you are a hard cookie to break. But even if you choose not to buy anything, the marketing expert will have the resourcefulness of turning the situation into a benefit to the expert.

You see, even if the marketing expert cannot sell you a particular product or service, there is every likelihood that your information could be sold at a good price to other marketing experts or anyone else for that matter without your explicit consent. Who knows? Perhaps the Department of Social Security, the Department of Defence, or even the more extremist groups in the world may already have a detailed profile of who you are, where you live, and what you do.

So don't be too surprised if, say, your local insurance company is making decisions right now on how much you should pay for your premiums in the coming years. And all thanks to your personal information now being sold by marketing experts without your explicit approval or awareness, and almost all for the sake of profit, cost-cutting or whatever!

The importance of uniquely identifying products

But let us not stop there. Profiling is a particularly useful activity for companies in another area altogether.

According to major software manufacturers like Adobe Systems, Inc., profiling is an essential tool for law enforcement purposes so they can protect their investment in a commercial product being sold to customers. For example, the illegal white-collar crime of stealing computers and software is a major problem in the IT industry, and businesses need to find ways to combat it. So what better way to solve the problem than by profiling their customers.

But for this to work properly in the real world and so help identify the people concerned in this criminal activity, manufacturers have to "mark" their products using a unique identifier such as the use of serial numbers (3). Then, for the profiling system to work, the customers using the products must put their names and the name of the organisation on the products and eventually on the warranty card for sending to the manufacturer. (4)

The problem with uniquely identifying products

Unfortunately, with the use of any kind of unique identification mark comes a method of identifying who you are in a surreptitious manner, irrespective of the law-abiding nature of the consumer. Of course information need not have to be for law enforcement purposes. It can easily be used by marketing experts to make more money or alternatively turn your life into another episode of "Big Brother". Or why not a hacker deciding to use that information to act as an electronic "alias" of who you are so he/she may make unauthorised financial transactions?

In other words, once a computer or software is uniquely identified and personalised by the user, it is now not only possible to track down stolen computer-related goods (5), but business professionals, marketing experts and hackers can learn a lot about you and your habits by reading the personal information stored in certain kinds of files you create on a computer or within the commercial software itself without your consent or awareness of the fact.

And now with the presence of the Internet, your personal information can be instantly sent to anyone and anywhere at the press of a button, or by merely launching a software program like Adobe Photoshop or Aladdin StuffIt Deluxe.

Is this true?

Yes it is. In the old days, there wasn't much of a thing called marketing other than to present a quality product in the shop window and letting customers decide when they needed the product.

Then certain people made the quantum leap in the business world of incorporating marketing techniques to the manufacturing and selling of products as a means of increasing profit. Solid "under-the-bonnet" long-life products of the past were not important. Perception and general good outer appearance of products became the new reality.

But at least in the old days, marketing didn't turn into an uncontrollable monster. Clearly customers had a choice whether or not they wanted to buy a product and to give some of their personal information to marketing experts in various product and customer survey forms.

Then at the turn of this century, the marketing experts realised it is now possible to gather a greater amount of this personal information with greater accuracy in a surreptitious manner and with extraordinary speed thanks to new technologies like the Internet and computers.

Without adequate regulations in place, marketing experts no longer have to tell customers, or potential customers, about what they are doing in say a simple software product like Adobe Photoshop.

So by making products "Internet ready" and forcing people to use them while being connected on the Internet, the marketing experts and anyone else for that matter can gather an extraordinary amount of personal information about you in a quiet and subtle way. (6)

The most dangerous software for jeopardising your privacy are the "commercial" variety of software such as the popular Windows 98, Windows XP, MacOSX (which now essentially forces you to be online given the way the help files are now organised), Microsoft Office 98 (especially the original non-updated installation version), and Adobe Photoshop. The companies who will often do this tend to be the famous and big brand names like Microsoft, Apple and Adobe.

It is the "commercial" files produced on commercial software which usually have these built-in mechanisms and extra information stored in them to help make it easier for commercial software manufacturers to profile you and perhaps even quietly gain commercial advantage through the information you create.

Have marketing experts and manufacturers and everyone else in the digital revolution gone too far?

It is not just the information you type into the applications you install such as your name and organisation you work which can now be secretly accessed online by just about anyone.

There are tools available to download certain seemingly innocent-looking files on your hard disk to another computer. In other words, the manufacturers and marketing experts have found ways to help them electronically peep into any files that you create, or the operating system automatically creates for itself and then program certain applications to secretly send this information over the Internet the next time you are online.

Can they really learn anything about me?

What they can now learn about you and where that information can be found is really quite astonishing. Your files can easily help the manufacturers learn not only who created the files, when they were produced, what applications you used and who owns them, but also what the files contain using special tools available to the manufacturer, and even how to track you down if required (often using the information you store on your computer such as your email address, or your personal name and the place where you work).

So what was it again that they use to profile someone?

The three most important tools used by the marketing expert and manfacturers in profiling users are:

  1. Creating a unique identification mark on computers and software such as serial numbers; and
  2. Allowing the users to personalise the products they've purchased by getting them to place their names, email addresses and other personal information on the products and/or the files they produce; and
  3. Waiting for the users to either sell their files for profit or to get them connected to the Internet continuously so that certain software can be launched and so hopefully automatically send the profile information back to the manufacturer.

Some inside information about computer software and hardware manufacturers

For the curious, the following is a list of known marketing and law enforcement activities currently being implemented by software and hardware manufacturers to help commercialise and protect their products as well as to learn more about their customers and their habits when using the products:

  • A number of manufacturers of the latest microprocessors and memory chips are now inserting a unique serial number inside their products so as to help track down and stop the illegal trade of people selling (or using) stolen computer parts on the world market. Although this may seem like a good thing, the serial number can also be used to identify and learn about individuals and organisations who legitimately purchase these chips and then use the personal information to assist with the manufacturer's own secret marketing activities (i.e. to sell additional goods and services from the same company to the original purchaser and/or to sell the purchaser's personal information to other companies or anyone else for that matter).
  • Many of the latest software from software manufacturers like Adobe, Apple and Aladdin now secretly sends information over the network (including the Internet) from your computer. The purpose for doing this is so that two or more identical serial numbers of a single-user licensed software package can never run at the same time, as well as letting the manufacturers know who is using their software and what kind of software is being used. But it can also be used for other covert marketing purposes which you may not want at all.
  • If you are not on the Internet already, software manufacturers (e.g. Microsoft and Adobe) are now embedding your personal information stored on your computer inside the visible files you create using their software products. For example, with the help of Apple Computer, Inc., Adobe Systems Inc. is now able to surreptitiously grab your private email address from the Internet Config control panel and embed it in the postscript files you create with Apple's Laserwriter driver so that Adobe has some means of identifying who you are and what software you were using to create the postscript (and PDF files). As Chen Jake Zhou, a private software developer, has said:

    "Apple's LaserWriter driver embeds your email address (fetched from the Internet control panel) in every single postscript file that you print. This is nasty and it violates personal privacy." (7)

    Although Chen's freeware utility called Strip A Post 1.0 will remove the email address from postscript files (unfortunately no longer available at least from VersionTracker.com (now CNET); we can only wonder why!) , and Microsoft has now released a patch to remove the unique-identifier details from Microsoft Office 97/98 (and hopefully all future versions of Office) files after people expressed concerns about their privacy, in an age of intense commercialisation, it is difficult to know exactly what kinds of information is being released about you to other companies without your consent.

    NOTE I: While Apple Computers Inc. and Adobe Systems Inc. make no apologies for their tiny indiscretions when using your private email address, at least one manager of another company is prepared to go on record for doing the exact same thing. And this time the manager did apologise. The manager is from the company that made the shareware program called Deputy Download. For further details of the privacy debarcle, click here.

    NOTE II: Your private email address is a particularly powerful means of revealing who you are to others. For example, your email address might reveal your name and the name of your ISP such as MichaelSmith@ISPname.com. Then there are some ISPs who might provide a public electronic database revealing who you are and perhaps your location, telephone number(s), sex, marital status and so on. Also, by having an email account attached to your email address, people can even find out whether you've been sued, what your mortgage payments are, where you travel, who you talk to, and your taste in books, music and other products simply by using special "black-market" software tools to read the email messages in your account (or simply by owning the computer that holds your email account which is what many free ISPs do).

  • After people have found out how Adobe Systems, Inc., can now insert your email address into postscript and PDF files and how easy it is to modify or remove the details (as well as other information), Adobe has introduced the "Create Adobe PDF Online" function on Adobe Acrobat 5.0.5. This means you will never have to see the postscript file generated from your applications. In fact, the type of application and the email address you use will now be stored on Adobe's own online hard disk. In that way, people's private details can be recorded on Adobe's own database for future reference. And all this is done without explaining to you how your private information is bring used.
  • Software manufacturers will also create invisible files on your hard disk with the help of the operating system or other applications. Some of these files will record your everyday activities on your computer and have this information automatically and secretly sent to another computer via the Internet. The classic example of this approach is the small invisible file created by Windows 98 which records some of the applications and areas of your hard disk you visited via the Start Menu button. This information was suppose to help Microsoft learn how to make their next operating system version more efficient and effective for users. Nevertheless, the technology is now already in place to help companies learn a lot more about you;
  • Another way for software and hardware companies to learn more about you is to encourage you (via email) to join up with a research organisation online on the promise of possibly winning a financial reward or other gifts (and/or perhaps providing so-called improved Internet performance). And in return, if you do decide to join the organisation and give them permission to reconfigure your browser (to act as their Trojan horse program), they can have free rein over your hard disk whenever you are online. Just imagine what the companies can learn about you: (i) What type of computer you use; (ii) Where you are located (i.e. your ISP, your IP address, and eventually your place of residence); (iii) The kind of software you use; (iv) How many people are employed at work and/or live in your household and so on (through intranets and via your personal database files). They will do this under the cover of supposedly innocent-looking research organisations who claim to provide minor and non-personal marketing information to other (unnamed) businesses online. To give you an idea of how this might be achieved in practice, check out http://www.netsetter.com/.
  • To help those people who may want to close their membership with Netsetter and reconfigure their Internet browsers to the original state, please read the official email sent by Netsetter. Click here.

    However, from our experience, we have noticed at least one invisible file was added to our hard disk and there is nothing in the email from Netsetter which tells us how to remove the file. We therefore recommend trashing the Internet Explorer and Netscape Navigator preference folders in the System Folder and get a fresh new copy of the software for greater security.

  • Another particularly useful source of information for strangers to learn more about you and your habits when you are on the Internet is to look at the various little cache files stored in the Preferences folder of your hard disk created by your Internet browser. All it takes is for anyone to convince you to download a relatively obscure freeware utility to allegedly store graphic elements and text on Web pages and nothing else while promising the world when it comes to significant improvement in your surfing experience (i.e. the speed of downloading Web pages). But with little or nothing known about the software (i.e. it is not commonly downloaded from major software archive sites like http://download.cnet.com), it is quite easy for the software makers to use their freeware software to have these cache files secretly sent to them or another computer on the network.

    Undoubtedly the storing of information inside cache files can speed up the downloading process of commonly visited Web pages. The browser already does this job quite well. So be wary of those companies who will, quite legitimately, claim they have a freeware software to improve Internet speed by doing just that (i.e. storing information in cache files). The improvement in Internet speed beyond what is already provided by your Internet browser is negligible.

    Like some of those major chip manufacturers (notably Intel) who would like to have us believe that a faster microprocessor chip will make for a faster Internet experience, there is no magic wand of a software nature which will suddenly fix up the network to help you experience a significantly improved Internet speed. We have to leave that job to the real experts like the telecommunication giants Optus and Telstra, and some big ISPs to improve the telephone network.

  • The same is true of people with those malicious Web pages containing a clever piece of javascript which, when activated by your Internet browser, can send your cache files (and potentially any other file on your hard disk) to someone else you don't know about. These javascripts inside a web page is the equivalent of a computer virus being attached to HTML files. Srivats Sampath, president and CEO of one of the world's leading antivirus software maker McAfree.com, has given chilling support for this potentially dangerous information-gathering technique in February 2002:

    "We're going to see an increasing number of malicious Web sites that will try to steal information from you while you are browsing." (8)

    Source: Primary Knowledge and Greenfield Online research. Consumers chosen for this survey in the US were people who have used the Internet for 18 months. Figures are approximate only and relates to the release of personal information (Mason 2000, p.28.).

  • The recent advent of Web-based applications where you must pay a subscription to run certain commercial applications online for a certain period of time (e.g. Microsoft Office XP Professional and Small Business Subscription) are also another serious problem when it comes to your privacy. This is a particularly easy way for a software company to see who a customer is and what the customer is doing when using a web-based application. Subscriptions to online use of commercial applications is suppose to be the answer to the software piracy problem according to companies like Microsoft. However, it is also the perfect way to profile customers who use the applications and thus potentially compromise your privacy. In fact, a serious flaw has recently been found in Microsoft Word versions 97 and up (including the web-based Word application) which would not only allow Microsoft or someone else to view the contents of your Word document, but also attach non-Microsoft files of any kind to the Word document. So imagine the web-based Word application. You won't need to send the Word document to someone on the Internet to compromise your privacy. Microsoft could easily scan through a range of possible filenames and attach the ones found directly to the Word document for Microsoft to observe immediately.
  • And still another cheeky way for commercial businesses to know something about you is how some businesses are now providing (or are working with others who can provide) online hard disks for free to anyone who thinks it is safe to leave their personal files over the Internet on supposedly secure password-protected disks. For more information of how this technology might work, see http://www.xdrive.com. Or given the way Apple now allows Adobe to surreptitiously steal your email address from the Internet Config control panel and inserts it into all postscript and PDF files, Apple provides further assistance to Adobe and other software manufacturers by providing a service called iDisk for all Apple customers. Since the advent of MacOS9, customers can now set up their own online hard disk account at Apple web sites on the belief that it is secure and will make it easier to transfer files to other people (you can already do that using the Web Sharing control panel that turns every Apple computer into an Internet server).
  • Companies may also provide free email and web page services designed for a similar espionage purpose. For example, on page 473 of the February 2000 edition of Computer Shopper, it states that the bookseller Alibris has owned up in a US court case for reading emails destined for Amazon.com. Alibris can do this because they own Amazon's ISP - Valinet. Even though Alibris CEO Marty Manley claims the emails read were not used for commercial gain, it shows how easy it is for certain companies to gather information about almost any individual or company on the Internet.

    NOTE: To have an idea of which free email and web-page service provider does this kind of work, ask the provider is they can set up an SSL security feature for all your incoming and outgoing emails and web forms you create. If they say "No" or "We can't do it" and do not provide alternatives (e.g. Yahoo.com), it is almost certainly because they want to have open access to your information to help with their own undisclosed and secret marketing and/or commercial purposes.

  • Yet another beauty that has just recently come to hand is how companies may deliberately release new computers or software that is bodged up or has deliberate faults with it. By doing so, it is hoped that the purchaser will return the machine (or send details of the software problem) to the manufacturer who will then quickly learn of your address and phone number. Furthermore, some hardware manufacturers may ask for your permission to access the internal hard disk (often) on the false pretense that it is necessary in order to repair the computer properly! A classic example of this is the original Apple PowerBook G3 Series "Wall Street" model (passive screen with its very expensive 700mA Toshiba hard disk) manufactured in March 1998 and sold to those eager first customers (usually the ones who are young, rich and likely to delve into software piracy to save or make money) in May 1998 as a "demonstration model".
  • Another method of trying to legitimately look at people's hard disks is for the hardware manufacturer to design a computer that is not expected to be fitted with a hard disk capacity greater than 10GB and/or uses an expensive and very rare 700mA Toshiba hard disk that can only run on this computer. But most importantly, they don't tell the customer or the computer resellers for as long as possible about this situation in the hope that all the owners of this computer model will complain that their new 18GB or 30GB hard disk or 500mA variety is causing them problems. In that way, the owners would be expected to bring in the computer to the manufacturer for hard disk inspection while the manufacturer pretends not to know anything about the design flaw until they are happy they have got what they needed from your hard disk. A classic example of this is the Apple PowerBook G3 Series "Wall Street" model released in May 1998. Despite regular testing on higher PowerBook models for suitable standard 500mA hard disks, Apple has chosen not to do the same testing on certain models to determine appropriate hard disks that can be used, especially on the original "Wall Street" model. And it was impossible for inexperienced Apple resellers to know whether the original "Wall Street" model has a hard disk problem because the official Apple resellers list of parts and products is not updated.

    NOTE: The official situation regarding the Apple PowerBook G3 Series "Wall Street" computer has now been determined as of 12 December 2001 as follows:

    "The 2.5 inch Hard Drives listed on the Apple Upgrades price list have been qualified from PowerBook G3 Bronze Keyboard onwards. This is to say it has not been qualified for the original PowerBook G3 series (Wallstreet - 233 no-cache/250/292) or PowerBook G3 series (PDQ - 233/266/300).

    To say it is "not qualified" is to mean extensive engineering testing has not been performed by Apple in that configuration. Apple is unable to support such configurations.

    The 10GB 2.5 inch drive used in Service Parts, similar to (T5433IN/S) has recently been qualified for these older units. We will be updating the Apple Upgrades price list to reflect this once we can confirm some additional information. You can use this drive in a PowerBook G3 series (Wallstreet or PDQ)."

    And it has only taken a little over three years to let the Apple resellers to know about this issue.

    NOTE: Looking at other people's hard disks is crucial not only for law enforcement/ copyright agencies, but also for anyone who feel they are legally entitled to know something about you (e.g. marketers) or to copy any program or data they like from someone else's computer (e.g. computer hackers) when given permission to look at the hard disk. By law, no one is entitled to look at the contents of your hard disk unless you give them permission. And even then, they have to do exactly as they say they will do to your hard disk and nothing else. If you find evidence that this is not the case, you can report to the police of data tampering.

    In law enforcement situations, the authorities must first produce a warrant to look at the hard disk of your computer. The warrant usually comes when (i) the authorities have evidence to prove copyright infringement has taken place on your computer; and (ii) you are willing to accept dubious software from anyone, whether it is free or not (i.e. you explicitly accept the installation of software without expecting to receive the original software packaging and installation disks).

    The way the authorities get this warrant is quite simple. For example, you may arrive at a PC shop ready to purchase a new hard disk (or some other product). You happen to notice a bunch of people hanging around the counter as if waiting for your arrival. You ask about your new hard disk. Then you are quickly whisked away into an office to meet a gentleman/woman who is selling the new hard disk. You sit down. You notice the others (except the secretary) all disappear somewhere in the building. The person selling you the new hard disk will show you all the latest gizmos in an attempt to relax you and see how susceptible you are to accepting any kind of offer. Then, in a very friendly and casual manner, you are asked a question like "Would you like me to install System 9 on your new hard disk?" without the intention of supplying you with the original software package and installation disk (NOTE: This could also be a sign of a dubious software supplier having nothing to do with law enforcement). If you say "Yes" and the software is installed and you try to walk out without the original packaging and installation disks, the authorities would have grounds to stop you (i.e. there will be some heavily built guy standing just outside the front door of the PC shop) and inspect your original hard disk.

    There are other ways to determine the legitimacy of your software for law enforcement purposes. This includes giving away for free a program designed to show all your recent applications you have used on your computer. For example, Apple Computer Inc. provides as standard this facility using the Apple Menu Options control panel. Or you can now download for free the ACTION Menus 1.0.3 for a comprehensive version of this feature.

    And even if you choose not to activate the Recent Applications and/or Recent Documents feature, the information needed by software manufacturers can be quietly embedded in the Apple Menu Options preference file (which is why it suddenly gets bloated after a few days with irrelevant "application" information) without your consent.

  • Now that more and more people are learning of the security scares presented by online hard disks, software manufacturers are promoting a utility that will allow you to access the hard disk of your own computer from anywhere in the world using the Internet. But again, anyone who can intercept the password for accessing your hard disk by hackers (or sometimes the software itself will secretly send this information to the software developer, or there is an inherent flaw in the programming of this software similar to the one that occurred with Microsoft Word) can give software manufacturers and anyone else free reign to look at your hard disk from the comfort of their own desk.
  • The next level of looking at what you do is to ask major search engine sites to record and provide information about users to law enforcement agencies and software companies. For example, the world's biggest and most popular search engine is Google.com. This web site is so big and estimated to worth over A$104 billion as of June 2005 that The New York Times described Google in the following manner:

    "God is wireless, God is everywhere and God sees and knows everything. Throughout history, people connected to God without wires. Now, for many questions in the world, you ask Google and, increasingly, you can do it without wires, too." (Stonehouse, David. Searching for gold: The Sydney Morning Herald. 18-19 June 2005, p.6 (pp.6-7).)

    However some privacy advocates are concerned Google is too big and is recording too much information about user activities that it could potentially compromise people's privacy.

    Of particular concern is the way Google is willing to record (or caching) web sites users visit and still make available to all users even when the sites close down, and in the way it can search for keywords in email messages created and sent by users using Google's free Gmail service presumably for the sole purposes of delivering tailored-made advertisements.

    David Vaile is one such person concerned about this. As an executive director of the Baker & McKenzie Cyberspace Law and Policy Centre at the University of NSW, Vaile said:

    "It is a beautiful, simple, friendly, informal fun interface, a brand that encourages confidence in the idea that "this is just a bunch of cool guys doing all this stuff". But this is one of the largest corporations in the world with a global surveillance system and not a great deal of interest, apparently, in resisting attempts of other people who want to piggyback on that." (Stonehouse, David. Searching for gold: The Sydney Morning Herald. 18-19 June 2005, p.6 (pp.6-7).)

    While Google insists it does not link the information it collects to the names and addresses of individuals who use its search and email services, the company does cooperate with anyone having the authorisation to access its information on the cover of law enforcement purposes. As Richard Chen, international business product manager for Google, said:

    "We are a law-abiding company, we do intend to obey all the laws of all the countries where we operate. In each country, laws are very different. But in the US, yes, without there being a proper legal due process we would not be releasing information on any given user." (Stonehouse, David. Searching for gold: The Sydney Morning Herald. 18-19 June 2005, p.6 (pp.6-7).)

    How does Google know for sure the information will be used for law enforcement purposes? Well, basically it can't.

    Actually Google doesn't seem to want to analyse this aspect too closely claiming it is how customers want it. But not everyone agrees. As Texan activist Daniel Brandt has done, he is offering his Scroogle service. This web site lets you search on Google.com except Scroogle performs the task of filtering the searches through Brandt's servers to prevent Google from working out what you are searching for.

    As Brandt said:

    "I don't save the search terms and I delete all my logs every week. So even if the feds come around and ask me questions I don't know the answer because I don't have the logs any more. I don't associate the search terms with the user's address at all, so I can't even match those up." (Stonehouse, David. Searching for gold: The Sydney Morning Herald. 18-19 June 2005, p.6 (pp.6-7).)

    Another issue of concern is how Google is not only giving users of the Gmail service 2GB (enough to create a history of what users are doing), but is also encouraging the users not to delete their messages on its servers. To give extra incentive, Google provides a free search tool for finding information in the contents of email messages kept on Google's servers. And to avoid people filing messages in personal privacy-protected databases (e.g. SUNRISE Contacts 2006), Google lets users choose multiple labels from the More Actions list (i.e. a type of category system) to make it easier for users (and other people secretly observing your messages) to filter the messages later on.

    This kind of arrogance towards the privacy issue could end up being the downfall for Google.com despite its shear size and power in the marketplace. And with Yahoo.com and Microsoft MSN hot on its heels, Google could soon face stiffer competition in the next year or two. In fact, Microsoft has been touted as a late comer in any field it wants to dominate but when it does arrive is expected to blow the competition away. As Brad Hill, author of three books on Google including the Google for Dummies, remarked from his office in New Jersey:

    "Google is definitely vulnerable. Google has appeared to be a juggernault in the last couple of years but it is an extremely young company and it is a newly public company that is beholden to its board and its shareholders for the first time.

    And Microsoft, of course, is to any upstart that 800-pound gorilla lurking in the background that never seems to get what's happening while it's happening but then comes late to the party and drinks everybody's punch." (Stonehouse, David. Searching for gold: The Sydney Morning Herald. 18-19 June 2005, p.6 (pp.6-7).)

Should I be concerned about the intrusive nature of marketing experts on my privacy?

Well, given how more and more people are using their computers in a more personal way than ever before, even when connected to the Internet or when creating certain files using commercial software, marketing experts could be learning a great deal about you with or without your consent. Even if you do decide to give your consent to having some of your personal information released to marketing experts, you are never told exactly how your personal information is being used or what they will do with your information after the marketing firm has gone out-of-business. So yes, we believe people should be concerned about giving away their privacy to marketing experts.

Let's put it this way. How happy would you be in having your credit card details and/or the names of your family members, the salary you earn, or other aspects of your personal life divulged for the world to see? When we combine this with the ease of computer hackers exploiting security flaws in your software and the fact that marketing experts are not of the same league of responsibility in looking after your personal information as police officers or reputable lawyers, then we should be concerned. Marketing experts are strangers whose job it is to make money.

Yet many US Internet users believe their personal information is safe in the hands of marketing experts. According to a research report published in August 2000 by the Pew Internet & American Life Project, it was discovered that 64 per cent of US Internet users have shared, or are willing to share, personal information in order to visit a web site. Of particular interest in the report is the 68 per cent of users who said they were not worried about whether someone else might know where they have visited online.

Fortunately this attitude is changing with a recent survey for MasterCard International entitled "The Australasian Ideals" indicating that 30 per cent of Australian Internet users thought sending private information by email is unsafe, while 23 per cent felt personal information handled by web sites was totally unsafe.

This Australian consumer view of privacy on the Internet is also being supported by the Australian Competition and Consumer Commission (ACCC). After a recent sweep of web sites by the ACCC, it was discovered that only 28 per cent had disclosed their privacy policy. As for the rest, well who knows what they might be doing with your personal information right at this moment.

Even the Australian Federal Government has admitted that one of the major obstables to a successful e-commerce is the issue of privacy.

The Australian Federal Treasury has released a paper called "Building Consumer Sovereignty in Electronic Commerce: A Best Practice Model for Business". The publication is a comprehensive look at the legal obligations and best practice for people involved in running e-commerce sites. The paper can be freely downloaded from the Australian Federal Treasury web site at http://www.ecommerce.treasury.gov.au/.

UPDATE
JULY 2003

Cyber security is now a priority under the Australian Prime Minister's new National Security Division. Secretary of the Department of the Prime Minister and Cabinet, Mr Peter Shergold, said:

"It is the number one agency for the Commonwealth with regards to security matters and IT is a component of that; the division will make sure cyber security is included in policy." (9)

Richard M. Smith, chief technology officer for the US Privacy Foundation, explained the Internet privacy issue in this way:

"What some people don't understand is that the Internet is more privacy-invasive than anything we've had to deal with before. Anybody can get a name and address and put it in a little context. But the Internet lets [marketers] put it in a lot more context, with everything you've bought, everything you've read about, and everything you've looked for in a search engine.

What's also important is what happens to the information later. After companies have collected all this data, even if it's for benign reasons, not only will third-party marketers want access to it, but the police will want it, and lawyers will want it." (10)

Is my privacy really that important?

We believe your privacy is important, more so than receiving any discounts from businesses. As Craig Nathan of MEconomy said:

"People need to understand that the value of their personal information is greater than the discounts they're being offered. Otherwise, companies wouldn't offer those deals." (11)

It is certainly not a question of proving to society that you are doing the right thing by giving away your personal information to marketing experts or anyone else for that matter. It is just that people need their privacy in order to feel secure and to grow into healthy and balanced human beings without being influenced by potentially unbalanced businesspeople selling any kind of product to us. (12)

It is this human development side of life through effective preservation of our privacy and the ability to make our own choices of what we need which brings a greater potential in people to achieve great things in society. So don't be surprised if people like Richard Smith will pursue privacy rights. As Smith said:

"We have rules in our society for how we interact that people don't always think about. We don't spend a lot of time thinking about saying "hi" to people, but if someone doesn't say "hi," we notice and it bothers us. Privacy falls in the same category. We don't always think about it, but when it gets abused, it bothers us." (13)

Microsoft is going to a lot of trouble trying to convince customers to trust the company

Following the release of Microsoft's new subscription-based online (or Web-based) applications and the privacy concerns expressed by customers from previous Microsoft products not to mention the latest new Microsoft Web-based application technology, Microsoft has now sent out into the real world the Director of Privacy for Microsoft by the name of Richard Purcell.

Purcell's aim in travelling the world is nothing more than to go around dispelling the fear, uncertainty and doubt people have over the privacy (and security) issue by educating customers on the top-notch security now present in the latest Microsoft products and to convince everyone it is really okay to use Web-based applications! Yes, and pigs may fly too!

Well, if that's true, why is it that the latest Windows XP has a Windows Update utility to automatically download fixes and patches to help close security holes in the operating system? If we were to accept Purcell's word that the latest Microsoft products are now safe from the prying eyes of hackers and marketing experts, Windows XP should not need updating to fix security-related problems!

Alright, we shouldn't laugh at this. But it seems like Microsoft has not much choice at the moment given the recent privacy and security debarcles with previous Microsoft products such as Microsoft Explorer, Outlook and Office 97/98. As Purcell said to Fiona Angus of Australian Personal Computer (APC):

"Our goal is to give individuals control over their personal information. This is profound. It's a top priority. Microsoft can't say these things and not deliver. People like yourselves are going to hold us to this." (14)

Well yes, only after Microsoft has managed to spend a certain amount of time to see who their customers are, what they are doing, and then quickly plug up the security flaws in their Web-based applications before anyone outside Microsoft has a chance to find out! So while the average person on the street are oblivious to the security and privacy problems in the short term, it is unlikely non-Microsoft personnel will ever hold Microsoft accountable for any goof-ups in this department.

Come to think of it, perhaps customers may never have to worry about privacy and security problems ever again. Just pay for the yearly or monthly subscription to use Microsoft's Web-based applications and all the security and privacy problems will disappear. Why? You will never have to see the problems because they will be hidden away in the safe hands of Microsoft behind closed doors.

We can only wonder whether this is suppose to be Microsoft's answer to the perfect security and privacy system for the future?

What is also interesting to see in Purcell's argument is that people must learn to trade some of their privacy for greater security. As Purcell said:

"Every time you increase security, you reduce privacy. Privacy allows people to be anonymous and that reduces accountability." (15)

Well hold on! Being accountable to whom? Microsoft? What gives Microsoft the right to play God with us through the things we do with their products and the type of people we eventually become?

What about the idea of reducing privacy in order to increase our security? Shouldn't it suppose to be "the higher the security, the greater the privacy"? In other words, whenever you install a security program like Norton Internet Security, your privacy should be increased because there is less chance for someone else learning who you are and what you are doing while you are online?

Greater security should equate to greater privacy. Otherwise the people at Symantec - that is, the makers of Norton Internet Security - should be out-of-business by now? In fact, if what Purcell has said is true, the entire software security business would have collapsed long ago!

Then there is this fascinating issue of maintaining anonymity through privacy. Does privacy really have to mean being totally anonymous? No. It just means keeping information that is not relevant for other companies to know about you when using a service or product. It is definitely not about letting strangers know your name, contact details and everything else about your life, right down to the size of your private parts or whatever!

Perhaps Purcell was thinking in terms of Microsoft's Web-based application where in order to benefit from the higher security features of the latest Microsoft products, you must leave your personal details in the subscription form you send to Microsoft and anything else you do with the Microsoft products when you start creating your files? Is that what Purcell means by being more accountable and less anonymous in the eyes of Microsoft by having your privacy compromised for greater security?

What level of security should I have when using my computer?

If you are only going to play games or anything else that 90 per cent of the population would normally do with a computer from time to time, security should not be important.

But when it comes to our financial affairs like using our credit card number to purchase something, or the developmental side of our work and ourselves when ideas and our personality are being transformed into workable and practical solutions for selling in the marketplace, or when we talk to people in intimate ways, security has to be seen as vitally important.

And this security to protect our individualism and other sensitive aspects of our lives cannot be 99.99 per cent effective. It has to be one hundred per cent effective, or people cannot properly function in society. The whole IT industry has to get this right now, or nothing else will matter.

As David Flynn, editor of Australian Personal Computer said in April 2002:

"In the early days of computing, security was all about stopping unwanted forays into mainframes, either by hackers pushing the boundaries (often computing students) or experts with more malicious intent. And if computing had progressed no further than that, security would have remained the domain of white-coated boffins. But the PC revolution transformed ever-increasing amounts of our lives into digital form, and the Internet changed how we used and shared that information.

It also opened the door to new ways to interact with the world; from a list of your friends on instant messaging to your credit card details.

So security has become something that affects us all on the deepest level. And if the Net is to ever realize its full potential in reshaping our lives, security has to remain at the very top of the agenda.

Here's a personal example. I hate duplication, yet while preparing for a recent holiday I was once again dismayed at the number of times I had to fill out forms with information already on record, such as tickets, travel insurance, visa applications, entry permits, and ATM-friendly international debit cards.

The digital world should be smarter than that. Desktop and handheld PCs, connected on the Internet and using the lingua franca of XML to access related databases, should put no piece of information more than a few clicks away.

But in that vision, the security of my data has to be 100% guaranteed. Not 95%. Not 99.99%. Unless the industry gets that right, nothing else will matter." (16)

How do I protect my privacy?

You don't have to be a conspiracy theorist to know that your every electronic move online and on your computer is being watched or recorded. As we speak, passwords are being cracked, emails are being intercepted, log files and browser cookies are being created on your hard disk and secretly sent to other people's email addresses, and some of your Internet software could be spying on you and sending surreptitiously your personal information to strangers on the Internet.

Also, there is the physical risk of insiders (e.g. family members, friends or colleagues at work) trying to break-in to your computer. As Dr Bruce V. Hartley, technical editor of Internet Security writes:

"According to the ICSA [International Computer Security Association] , insiders cause 60 percent of computer abuse. Eighty-five percent of computer break-ins occur internally, and insiders remain the most serious threat to your intellectual property." (17)

If the abovementioned inside information is making you feel a little queezy, there are several high-tech trickery and simple common sense ways you can implement to help protect your privacy through a variety of simple security measures as we shall discuss in the next section. (18)

Don't get too obsessed with security!

Despite the whoppers you may have heard of serious security breaches of people's personal details by major corporate and/or government institutions or the humble hacker, you should not get too obsessed with security, especially if you intend to start up a business in the e-commerce industry! The last thing you want to do is to frighten off every customers by creating the ultimate super secret and formidable defence system on Earth for your personal computer (or even a Web site)! Otherwise, you may not achieve very much in life.

As Mr Rich Castagna wrote in Web Techniques: Solutions for Internet Professionals:

"Don't treat your [Web] site [or computer] like an exclusive club or some kind of secret-handshake society. Deep-six sign-ins and passwords; just let your customers enter and shop." (19)

The aim when creating any secure environment for working, playing and shopping with your computer is balance. Decide what needs to be secure and what doesn't. Just remember to bring a sense of balance to the security issue.

Should I stop using computers and the Internet because of the serious security and privacy issues?

Tempting! But again, despite the hype and some awesome stories of security breaches and the occasional misuse of people's personal information, using your computer and surfing the Internet is still a relatively safe activity. It is really up to you to ensure your personal information is safe, and to learn to use the technology available to you in a balanced way (i.e. use it when you need to).

What about those people who believe no privacy is good for business as well as law enforcement?

There is a belief going around that anyone who believes in privacy must be hiding something illegal. Therefore, no privacy is good for law enforcement, society and later for businesses (i.e. for the purposes of gathering complete, accurate and easy profiling of anyone). Nothing could be further from the truth.

Privacy is one of your fundamental human rights. It may be unfortunate that some Governments, businesses and law enforcement agencies would like to do away with our privacy altogether thanks to recent global events such as terrorism. But the fact to the matter is that for truly original solutions to world problems to be developed for the benefit of society and for people to be able to relax and be themselves, everyone needs privacy from time to time.

Privacy is essential for the healthy psychological development of every human being and is where true creativity and individualism is developed. People need to know they can have private time to create and develop new and original ideas and a personality outside of any group discussion.

Otherwise we might as well join the Army. Because in the Army, there is no privacy. You behave and look exactly like the person next to you. And you do exactly as you are told just to keep the authorities happy maintaining the status quo and living as comfortably as possible.

To put it crudely, you won't even have the privacy to fart without someone wanting to find out! This is clearly not living! Privacy is therefore a necessity to healthy human development.

Latest insights into privacy concerns for 2013

As technology gets more entrenched into people's lives, more and more technology manufacturers are using cunnings ways to gather your personal details and habits in using any technology.

As a classic example, Scott Andrews wrote in the Apple Support Communities page on 23 May 2012:

"Just updated to Snow Leopard 10.6.8 with the new iTunes 10 so I could install iOS5 on my iPhone. Now, Little Snitch keeps telling me applepushserviced is trying to connect to various subdomains of push.apple.com.

1) I thought this daemon was only on Lion. 2) what could it possibly be trying to push? 3) anybody know of a way I can take a look at what it's pushing?"

The response from one person is quite chilling and worth reading for your awareness. A user going by the name of "ds store" with the motto "At the center of the Dark Zone" (perhaps an anonymous Apple employee working at what he considers to be the Death Star from Star Wars) said:

"Nobody cares, Apple and the entire industry has shown they clearly intend to do what ever the heck they want, whenever they want and the only choice you have is not to use anything they make.

You can't use technology at all anymore without everything being recorded for some "helpful" "geewhiz bang" feature and everyone knowing about it in the process.

It's impossible to keep up with all the "what does this do and why(s)" and all the details because as soon as you get it figured out, they come up with another one. Or it takes a year or so to find out they have been doing something all along, like recording people's iPhone GPS locations and transferring that back to a Mac in a hidden file that people were using software to track others with. Apple got caught on that and called in on the carpet in front of Congress to answer for it.

Let me sum it up (and this is only what I know):

  • Google records all your searches.
  • Google and others use web bugs to track you.
  • SSD drives are not secure eraseables.
  • Cell carriers track your GPS location through tower triangulation 8 times a hour keep it for 6 months.
  • ISP's record all your web traffic and keeps it for a year, some have been selling this data now.
  • HTML 5 has introduced new cookie tracking methods.
  • There are Flash cookies, Evercookies and new forms of cookie tracking popping up all the time.
  • Facebook is recording all the websites you visit even if you log out of Facebook.
  • Apple's Safari respawns cookies, gives your location data to websites.
  • There are log files on Mac's that record all the DNS lookups (aka sites you visited).
  • Apple, Microsoft and Google all have been caught violating people's security and privacy, then give some "opt out" selection somewhere that most people don't know or bother with so eventually it just gets removed from lack of attention and outrage.
  • Devices from Cellbrite can bypass passwords, encryption and download the entire contents of over 3000 models of cell phones SSD drives in a few minutes.
  • There OS X based "nannyware" that can be used by parents, corporations, schools and business that monitor and even watch the screen of others computers, even turn on the microphone and webcam.
  • There is Linux based forensic software that can be booted off a disk/USB on Mac's or PC's and everything a person was doing with the machine laid out like a road map. Delete all you want, it still appears.
  • There is EFI firmware on Mac's that programs can be installed that bypass and work entirely outside of OS X, get online, check your drive and watch your web traffic.
  • Apple Mac's incorportate your personal identification all over the computer, broadcasts it online and over local networks ("Tim Jones computer").
  • Companies, advertising, search engines and otherwise, are in business to profile everyone at a given IP address, supposedly they can classify your personality within the first dozen or two websites you visit, they do this to target advertising at you that your most likely to click on, tugging on your beliefs, political view, age and other factors.
  • Supposedly cell phones can be turned on and into listening devices.
  • OS X 10.6.8/10.7.x [10.8.x, 10.9.x] updates are synching data from Apple for iOS devices and iCloud already.
  • OnStar and TomTom have reportedly been caught tracking users.

I used to advise people how to clean up their machines, but it's been long impossible mission now.

Your only choice(s) is if you have a hard drive:

  1. Zero erase the entire hard drive, reformat and reinstall OS X, your programs from fresh sources and files from (not TimeMachine!) backup; or
  2. Reverse clone from a pristine clone on a external drive already previously preserved in that state.

https://discussions.apple.com/message/16276201#16276201

Treat all technology like the spy/rat/snitch/fink it is and don't tell it anything you don't want the world knowing about, think about that before you click every link. Don't carry anything electronic if you don't want your location broadcasted to everyone and be targeted for advertising and other scams as you walk around a shopping mall.

The war is lost, game over."

Well, this is bit of a defeatist attitude. There is actually a lot you can do right now with just a handful of tools to stop the privacy invasion and snooping around by online strangers. However, the first thing you have to do is set up OS X in the right way the first time you run it. Follow this up by a careful choice of software tools and programs you need to use for your work that won't compromise your privacy. And finally, install and run the tools to help protect your privacy and be prepared to make careful decisions to help these tools do their job properly, then the rest is taking care of.

Of course, one day these technology manufacturers will catch on and try to stop you from making your own decisions that could affect the information these manufacturers want to receive from you. No doubt they will modify their software in such a way as to ensure the tools you use don't work or try to be sneaky. Should it get to this point, it is time to ditch the offending software and use alternatives. Only then will manufacturers start to learn a thing or two about consumer power.

Here are the essential techniques to protecting your privacy on a Apple Macintosh computer (something similar exists for PC users so check online for advice):

  1. When you receive your computer for the first time, use the OS X installation DVD to re-initialise the hard drive and set up several mountable hard disks of your choosing. Do not store personal data on the startup disks even if the OS manufacturer has supplied folders for storing the data (e.g. Documents, Pictures, Music etc). Use the other hard disks you have created to store the data in folders of your choosing and method of organising the data that makes sense to you. If other people are likely to use or access your computer, the most sensitive data should be stored in encrypted.dmg files and do not use the Password Keychain application to store your passwords for accessing these.dmg files.
  2. Always have at least two OS X startup disks (preferably one with the latest OS X in order to run the latest software, and the other and older but stable and more privacy-protected OS X version such as OS X "Snow Leopard"). When installing the latest OS X, make sure you are running from the other OS X startup disk, and before you are required to restart and run the other OS X, make a clone of the startup disk in its pristine state. In future you should never have to re-install OS X again. Just transfer a fresh copy from the backup to a free hard disk.
  3. When you run OS X for the first time, it will ask you for your personal information including your physical location, email address and so on. This information will get stored in Apple's Address Book (or Contacts.app) and will be sent to Apple and collected by other businesses. It is not necessary to give this information in order to run OS X and the software you want. So put in bogus details such as "Any User" for the name, "Any Street", "Any City" and so on for the physical address, and "anyuser@anywhere.com" for the email address. Don't worry, you can still access your emails and do everything you want later. It is just that entering all these personal details right at the beginning is not crucial to your ability to use your computer.
  4. Decide whether you need to use any Apple applications. For example, iTunes may be great to play MP3 music, but then again other third-party applications can do the same and without needing to push your music files through the Apple server allegedly in readiness to be received by your iPhone or iPad. If your life revolves around all these Apple devices and they need to be in "sync", then you might as well expect much of your personal files to be transferred in this way with Apple being the middle man checking on what you've got. But if you don't have these portable Apple devices and merely want to use your computer without "stuff" being transferred willy-nilly to Apple or other companies without your knowledge, ignore all Apple applications. For example, things like Pages.app for word processing, number crunching spreadsheets etc can be replaced by the open source and free Apache OpenOffice 4.0.1 or higher. Safari 6.0 or higher can be replaced by the more privacy-protected FireFox 25.0 or higher. And Mail.app can easily be replaced by numerous alternative third-party email receiving and sending applications that are more privacy-protected. As for the Push Services Apple has implemented in OS X 10.6.8 or higher with iTunes 10.5 or higher, this can be disabled. In the Terminal app in the Utilities folder, type:sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.applepushserviced.plist. In fact, if you have to use any Apple applications, make sure you are not on the internet when you do. All network connections should be shut down before using Apple applications (or any applications that are likely to send your data to strangers online).
  5. Get OnyX, a tool to clean out log files, caches, cookies and many other sources of archived data about where you have visited online, what you do on your computer, etc.
  6. Purchase one of the following tools: Hands Off 2.1 or Little Snitch 3.3 and run it. The only disadvantage in running these tools is that you could be bombarded in the early stages with lots of alerts within various web sites your visit as well as OS X and a number of applications, all of which are trying to send data relating to who you are, what you use, what you are doing and so on to numerous server locations. But you will have no choice if you want to protect your privacy. Eventually you will get to a point where only the essential connections needed to access common web sites you visit will be kept and everything else unnecessary will be blocked. When determining which online addresses to block, the default selection you should take will all applications and OS X while on the internet is deny until quit and see if you can still run OS X and your applications. If you are able to continue using the software, open up the Rules where these server locations are kept and how to handle them by your server-blocking tool. Change the "Deny Until Quit" to the permanent option (i.e., "Deny Forever"). If the applications don't work and you know it is not necessary for the applications to access servers online to make them work, get rid of the applications and use alternative software that will do the job properly. As for web sites you visit, things get more complicated. So here is our advice: Generally if the server location address shown by Little Snitch or the Hands Off tool contains "ads" or "advert" (for servers delivering advertisements), "counter" (for servers collecting data about how often you visit the web site), or servers that do not appear to be related to the web site you are on (probably they are designed to serve additional information on the web page from other web sites), block it until quit. If it turns out certain server addresses are considered important for running the web site in order for you to access the information you need , open the Rules and find the server address(es) and permanently give it access. Later, with trial and error, you can refine this list of servers for the web site you visit until only the most crucial servers needed to operate the web site will remain. Afterwards, any new server addresses popping up by your server-blocking tool are likely to be unrelated or unnecessary, so deny those servers as well.
  7. Set up the preferences for your Internet browser (you shouldn't be using Safari no matter how good Apple claims it is as it won't properly protect your privacy) to block pop-ups, deny sending tracking information to web sites you visit, turn off Javascript (unless you need to do things like access your bank account online), and install selected extensions or Add-ons to your browser for protecting your privacy. Things you should consider for extensions include Adblock Plus 2.4, DoNotTrackMe 2.2.9, Flashblock 1.5.17, and HTTPS-Everywhere.
  8. When doing your work on a computer, most of the time you do not need to access a network, especially the internet. In which case, turn off all network services and do your work as usual.
  9. Take great care about what you download from the internet. Some files may be designed to modify your OS or certain applications in an attempt to open up secret connections to the outside world where strangers can later obtain personal information from your computer. Little Snitch or Hands Off are powerful enough to detect most of these situations and will let you know what's happening. But sometimes you won't know for sure. Therefore, only download files that you can trust (i.e. free of any spyware).
  10. Have a reliable and up-to-date virus checking software tool running on your computer.
  11. Put a piece of electrical black plastic tape over the in-built camera. Some software and web sites can automatically activate the camera and record what you look like.
  12. The same is true of your microphone. Go under the Sound system preference pane, select the Input tab, and choose Line-In for the sound input. Drag the input volume to the lowest setting to ensure no sounds are picked up. Otherwise, the microphone and Apple's default sensitivity setting is still enough to pick up your voice and the people around you and have this data sent to Apple or another location without your consent.
  13. Do not type your name or email address into any software to register it. Sometimes this is not possible as some software require your email address to activate the software. Even so, use a free and disposable email address to activate the software and afterwards keep a copy of the software and related files (use a tool like fseventer to record the files that the application creates or changes at the point of registering and activating the software) in your backup device.
  14. Use a tool to temporarily change the MAC (Machine Address Code) if you intend to go on the internet. It can be useful to help change your IP address (if you are using a DHCP server that automatically sets the IP address for your machine) and prevent online strangers from identifying your true MAC and IP address for your machine. Otherwise, at the very least, if you can randomly change the IP address each time your go online, use the option.