Privacy Concerns on the Internet


Who's Minding Your Business

by Chris and Chuck Cochems.

The Internet is a truly amazing thing. Thanks to it, we can send mail to people on the other side of the globe without paying postage. When we feel that even e-mail is not fast enough, we can converse in real time with talk and IRC. In fact, it is often easier to talk to someone with IRC than in real life, as the worst someone can do in IRC is to ban you from the channel, or (gasp!) ignore you. People cannot punch you in the face through the computer terminal. Also, nobody can listen in on your conversation, because you are not speaking. After all, as long as you shield your terminal screen from view, nobody but the folks on channel can hear you, right?

Well, unfortunately, it is not that simple. Just as someone can hide in the shadows and listen to your conversation in real life, people on the Internet can spy on you, and try to figure out what you are saying and doing. Those people usually don't give many clues that they are spying either. Also, people can try and break into your account, get your files, and send e-mail in your name. They can attempt to destroy your data by sending you programs with viruses, or trojan horses. They can give you seemingly innocuous scripts with "backdoors" in them to let them control your client. Or they can simply harass you on IRC in many ways. However, you are not without countermeasures. By taking proper precautions, you can protect your privacy, your data, and your account from prying eyes.

Note: If you are engaging in illegal activities, all bets are off. Law enforcement officials with a subpoena and/or the cooperation of your ISP can effortlessly monitor anything you do over the Internet. And becoming your own ISP is no protection against a court-ordered tap. If you are unsure of the legality of what you plan to do, wait until you are sure what you are doing is, in fact, legal.

Privacy and Harassment avoidance while Chatting

As you may well know by now, not everybody on IRC is nice and well-behaved. Sooner or later, you will find a person who is just being a big jerk, and doesn't want to leave you alone. Or someone will try and take over your channel. Or someone will start flooding you off of IRC. The IRC FAQ is fairly helpful in this regard, and explains how to handle the usual brand of jerk. However, it does not cover everything, and what IS there bears repeating.

You can keep jerks from messing up your channel by managing it well. To do this, it is essential that you learn about channel modes. So, here are the modes that you need to know, and what they do.

+i: Invite only. This means that unless a channel operator /INVITES a person, he/she cannot join the channel at all.

+n: No external messages. You will see this one a lot. It is a very useful mode to set. If you do NOT set this mode, people can send a message to everybody on the channel at once without being in the channel. If you do not set this, someone will usually start flooding the channel from the outside. By setting this mode, you prevent that. We can think of NO good reason not to use this channel mode on every channel you are an op on, as if you don't people WILL flood the channel.

+p: Private. This means that when someone does a channel listing, they can't see the channel's name. They can see the people on the channel who aren't invisible, but they won't know what the channel is.

+s: Secret. This means that the channel won't show up on a channel list at ALL. As far as they know, the channel doesn't exist. This is more secure than private.

+m: Moderated. This means only channel operators can talk. Unless a channel operator gives you a "vop" (+v) if you aren't an op, you can't talk. This can keep people on the channel from flooding it. If you op everyone involved in a conversation, don't op anybody else, and make the channel +m, nobody can flood the channel at all. This has a real advantage over +b in dealing with jerks, in that you can say anything you want about them, and they are totally unable to reply. They will leave on their own, tail between their legs.

+t: Topic Lock. only channel operators can change the topic. This keeps people from constantly changing the topic and interrupting your conversation. This is almost as common as +n.

+o and +b are technically channel modes too, but almost every script or non Unix client has ways to use these simply and easily. +b is used to ban jerks from the channel, of course, and +o means op. Keep in mind that +b is very confrontational, and can lead to channel wars. Also keep in mind that IRC is anarchy, and any op on any channel is allowed to ban any person for any or no reason.

So, there are many ways to keep people from messing up your channel. You should always make it +n to keep people from flooding it without joining it. If people are changing the topic too much, make the channel +t. If somebody is being nasty to the people on the channel, just ban and kick that person off the channel. Kicking by itself is nearly worthless, as most people just automatically rejoin. However, if you make the channel +i just before you do the kick, the auto-rejoin will fail, and then you can take the invite-only back off. Another good way to keep people from messing up the channel is to make it +m, and only op people who you want to be able to talk. If someone on channel is annoying only to you, the user command /ignore nick all will filter everything from that person from your screen, effectively removing them from your universe.

If people are using clonebots and causing major havoc, you should go and find an IRC-op and ask for help. On Undernet, you can usually find them on #wasteland Be sure to tell the op the whois information on one of the clones, and what channel the clonebots are screwing up. This works fairly well, and you can always keep them from flooding the channel by moderating it (making it +m) until you get them kicked off.

However, not all the jerks are trying to mess up your channel. Some of them are trying to stalk *you* around IRC and make you miserable. They can flood you, or they can send you obscene messages. And often, they can change nicks to dodge ignores, or get a friend to bug you. So the simple "just ignore him" advice in the FAQ isn't enough. To protect yourself, you need to learn about User Modes. These are different from Channel Modes. There is really only one you need to know.

+i: Invisible. This prevents your nick from showing up in /who and /whois commands unless it is specified exactly. Example: If you were BigCheese, and you typed /mode BigCheese +i (or the equivalent command with your script or client) if somebody typed "/who Big*", your nick would not show up in the list unless you were on the same channel he was. However, if someone typed "/whois BigCheese", he/she would see that you are on IRC, and what your login and server are. So being invisible makes it harder for jerks to find you. It prevents people from using your login information to find out your nick. Also, notify will report that you are on IRC if you use the nick the notify is watching for, even if you are invisible.

If somebody is bugging you constantly, the FAQ says to make yourself invisible, change your nick, and then join a new, secret, invite-only channel. This works a lot of the time. However, there is something called /note spy. Most servers on EFnet have it disabled, but there are still servers from which it can be used. Note spy not only finds invisible people, but if the person changes nicks, it tells you what nick they changed to! What can you do about that? There IS something you can do. You need to change your nick a second time. The note spy tells the other person the first nick, but because the note spy works by nick in the same manner as notify, it doesn't automatically switch over and spy on the new nick. It just tells the obnoxious person what it is. So if you switch nicks again, the other person won't be informed of it. Now you do have to change nicks quickly, or the other person might be able to put a note spy on the other nick. And if he is REALLY determined, he will put one on the nick anyway to catch you next time you are on IRC. So you may want to vary your nicks a lot.

If this seems like a lot of work to stop somebody, that's because it is. If someone is really being that mean and nasty, your best course of action may be to make a log of his actions, and send it to root at his system. You can find out his system by doing a /whois . If you see something like

jerk is (i am mean)

he is probably on slip or PPP. In that case, chop off the first bit, and send mail to, in this case, Basically, if you get an error when trying to send to root@(that person's address), try leaving the part from the character after the @ to the first . out, and sending again. If you get an IP address in the /whois info (something like, log it anyway, and talk to your sysadmin about it. You can probably get the guy banned from his IRC server, and then he will have to find a new server. If he does, and starts bugging you again, just report him again. His ISP may even disable his account if you can show them logs.

Now you know how to make sure you aren't bothered on IRC. However, as we noted earlier, people can eavesdrop on your conversations. When you send a /msg to someone, it goes from your machine, to your provider. Your provider can log this plain text with ease. It then gets sent to the IRC server you are connected to. The person who maintains the IRC daemon on the server could set IT up to log the text sent to it. It then works its way across the net to the IRC server the recipient is on. ANY server in the path from yours to his could pick up the message and log it. Finally, it gets to the other person's provider. Root on THAT machine could log the text. So there are MANY places the message could be intercepted, read, and sent on its way. Now if what you said was "hello", you have nothing to worry about, of course. But if you said something like "I think I'm pregnant," you may not want other people knowing this. However, you CAN take the IRC servers out of the loop. You can either use talk (a non-IRC chat protocol where you work with a split screen and can both talk at once) instead, or start a /DCC CHAT with the person. You do this by typing /dcc chat , and wait for the other person to do the same. DCC means Direct Client to Client, so what you send through the dcc chat connection doesn't go to the other servers. It just interrogates the server to find out if the nick is there, and if it is, finds out where on the Internet the other person is, and starts sending the stuff directly to the client. If you do this, only your provider, and the other person's provider can get the text easily. And they probably don't care. You probably don't have to worry too much about IRC servers, but it is well known that many people somehow get logs of people netsexing and post them to newsgroups, so it is not impossible that someone else could intercept it.

There is one other way someone could get your IRC messages. This would be with packet sniffing. This is a very technical process, and is very time consuming. Basically, its not something you need to worry about much. The people who could do this simply don't CARE what you have to say on IRC. They would too be busy hacking government computers to log you netsexing... :)


Whether you have a PPP account or a shell, when logging into your account, you use a password. The point of having a password is to keep other people out of your account. If you choose your password well, it will do just that. However, what makes a good password is not always obvious. We will attempt to clear this up in this column.

There are many things NOT to do when selecting a password. One thing you should not do is pick ANY word in any dictionary for your password. There exist programs like CRACK that can try every word in a dictionary file and guess your password within a reasonable amount of time on modern computers. Sure, it seems like there's a lot of words in the dictionary, but it is actually a very small subset of all of the legal strings of alphanumeric characters that make up a password. Words NOT in the dictionary aren't much more secure either. If you think something is a word, more than likely some crack dictionary writer thinks it's a word too.

One solution many people come up with to this problem is to use two words, separated by a character such as a slash. However, this only works at all if the two words are totally unrelated. It is too easy to unwittingly select two words that have some sort of association with each other so you can remember the password. If you can see an association between the words, so can the crackers. A rule of thumb is that if you think you are being really clever with your password choice, the crackers will already have thought of your idea, and will guess your password very rapidly. One example is entering "password" as your password (it says "enter password" so I'm entering "password".. heheh no one will guess that..). EVERY cracker guesses that one first. Another example of trying to be "clever" is making substitutions of numbers for letters, yielding something like "41w4y5" (always). The crackers have thought of that too, so that password must be considered a word that is in the dictionary. People also may think using wEiRd CaPiTaLiZaTiOn is a good way to make their passwords more secure. It isn't.

So, if you can't use words, and you can't be clever, what can you do? You can choose a random combination of letters and numbers of more than eight characters. Many systems require at least six letters, and that there be both letters and numbers in the password. Now, we know what you are going to say.. you are saying "How can I remember a password like that?" Well, it IS harder to memorize a bizarre string of characters than a real word, but it really is much more secure. Let's do some simple math and see how many nine character passwords there are...

26 letters * 2 (upper and lowercase) = 52 letters + 10 digits (0,1,2,3,4,5,6,7,8,9) = 62 alphanumeric characters that the first character of the password can have. since there are nine characters, we must raise this number to the 9th power to yield the number of nine-character passwords. Now 62^9 is more than one quadrillion passwords to choose from. That's a LOT of passwords, and that is MUCH greater than the number of words in the dictionary. And that doesn't even include use of punctuation characters, which would more than double that figure. So random passwords are much more secure.

Now, there is a compromise that can be made. If you find yourself unable to remember such a random string of characters, you can try writing a sentence, and using the first letter of each word as a character in the password. An example would be "Time to pick the password for my 4th provider." To make this into a password, you would take the first character of each word and type "Ttptpfm4p", thinking "Time to pick the password for my 4th provider". Putting a "4th" or other such number into the sentence ensures that your password has a number to pass the check for a numeric character. Now if you didn't know the sentence, you would probably go "huh?" when you saw the shortened form that is used in the password. But, by memorizing the sentence, you memorize the password.

Now you know how to generate a secure password. One way NOT to generate a secure password that meets length and alphanumeric requirements is to run your fingers along the keyboard and do something like this....


(hey, it's twelve characters, looks random, and I can remember it easily! It's GOTTA be secure..) Again, that's trying to be clever, and the crackers have thought of it.

If your communications software has an auto-password generate function, use it to generate a random password instead. If you are a dial-in user, you can set up your com program to enter your random password for you so you don't have to remember it. This makes your account secure as long as nobody else uses your computer. :)

Now that you have a secure password, for crying out loud, DON'T TELL IT TO ANYBODY! The whole point of a password is that nobody else knows what it is. Telling other people defeats the purpose. Also, don't write it down by the computer unless you never let anybody else near your computer. That's kind of like leaving a hidden key outside your house. If you forget the key, you can get in, but someone else might find the key.

Recently, we were the victim of an interesting attempt at a password hack. Somebody got our email address through IRC, and faked an email from root at our site telling us to change our password to TARDIS. We thought about it, and realized that root never NEEDS to know your password to get at your files, so the request had to be a fake. If we had done what the guy on IRC requested, he would have hacked our account, unshadowed the password file, and caused a lot of trouble. The lesson to be learned here is NEVER believe ANY email telling you to change your password to a specific value. Root at your site doesn't EVER need to know what your password is anyway, and there is no reason to obey anyone else. If your system password file has been compromised, you may receive e-mail from your admin telling you to change your password. By all means do so if this happens, but change it to a new, secure password ... not one anybody else knows.

UNIX Security Holes

You now know how to pick a good password, and what to do to keep it a secret. However, there are ways for people to gain access to your account without your password. One way is to break into the root account, but you cannot defend yourself against that, so don't worry about it. It may happen, it may not, and if it does, it's not your fault. However, there are two files that you need to watch out for in your own directory if you are a shell user. These are .rhosts and hosts.equiv. Some discussion on what these files are for and what they do is in order.

One method of going from one machine to another is with rlogin. This logs you into the other machine. Usually, unless your ISP has set things up so that you can move about from machine to machine within the ISP without requiring one, you will need to re-enter your password. However, if there is a .rhosts file, or a hosts.equiv file, when someone tries to do a rlogin to your account, it checks their userid to see if it matches yours. If it does, it then checks their host against these files. If this host is in these files, then it lets the other person in without a password. This is fine and dandy if the other person is really you. Often people do this to make things more convenient for themselves so they can rlogin from home to work and vice versa without a password. However, this means that if ANY site in those files is compromised, the cracker can get into your account without a password. Using these files makes your account less secure. If you (or your provider) care about security, you should delete them.

Also, some versions of Unix ship with comment lines in those files. The problem there is that instead of functioning as comments, these lines instead allow anyone who hacks themselves a domain of "#" (which isn't hard) to get into your account. Basically, don't use these files at all, or only put other hosts at the same ISP into them (IE,,,, etc.), and don't put comments in the files.

Now, things have changed a lot on the internet, and some new developments have caused us to have to revise our advice some. We still reccomend against usage of .rhosts, but in the age of broadband, packet sniffing to discover cleartext passwords has become a lot more commonplace. As mentioned earlier, plaintext sent over the internet can be captured and read, and rlogin/rsh send whatever is typed over the internet in plain text. So in fact, we recommend that rsh and rlogin never be used at all. And telnet is just as insecure in the way it transmits passwords. But fear not. there is a solution.

Quite some time ago, people realised the security hole in transmitting passwords in the clear, and decided to come up with a solution. The answer is something called Secure Shell, or ssh. This program is intended to be a rsh/rlogin relacement. It works rather similarly. But there's an important difference. The information sent between the computers is encrypted with a unique session key. This means that even if the packets WERE sniffed, they'd only get a bunch of gibberish. Not only is everything you type encrypted, so is the password you send. SO it can't be intercepted either. And it's possible to configure ssh and sshd (the part that runs on the other computer) such that instead of a password, you can use public key ccryptography, similar to PGP to authenticate. The ssh manuals explain it pretty well, but we'll sum up. You create a public/private keypair. You put the public key on the other server, using secure copy (scp), the replacement for the insecure "rcp" program. You then edit the ocnfiguration files, and from now on, as long as you are on your machine, with your private key, you can log on with no password, but no one else can.

If you use Linux or any other UNIX variant, you most likely already have ssh and sshd. If you are using a Windows operating system, you most likely do not have it. But fear not, as you can download it. Many commercial SSH packages exist, and SecureCRT comes highly reccomended. But there are also freely available versions, in various states of completion.

IRC Security Holes

Also, there is the danger of people gaining access to your account in some fashion through IRC. You don't have to worry as much if you are a SLIP/PPP user, but this info is useful to everybody. As mentioned earlier, people can send you a seemingly ordinary script that has a back door in it, to let them control your client. The rule of thumb for IRC scripts is to not load one unless you understand every line of it. If you want to run something like Phoenix or Lice, get it from a well-known archive, not some "nice person" on IRC. The person offering it may have put a backdoor into it, or may himself be using a backdoored version of the script. Even if the person is trustworthy, he might not have noticed the backdoor. If you DO get a script not known to be safe, look at it very carefully. If you understand IRC scripting, you should look at EVERY ON statement, as that's how backdoors are placed in IRCII. In mIRC, you should look in the remotes section, and look over the settings there. An example of a backdoor would be:


or something like that. What this means is that if somebody sends you a CTCP JUPE, everything following the word JUPE is executed by your client. The other guy could do a /CTCP JUPE /say JUPE me! which would make you say "JUPE me!", telling everybody in the channel that you have a backdoor. Or he could do a /CTCP JUPE /exec rm -rf *, which would remove all your files! He could use this backdoor to get your system's password file. If you don't understand the script, either don't load the script, or nicely ask your local IRC guru to look it over for backdoors. It goes without saying that you must be on speaking terms with him, or he might just not warn you of the backdoor..

Another thing people may try to do if you are on a shell account is to tell you that they need you to compile a program for them. This is utter baloney, as programs compiled on one UNIX box cannot run on another one. What the person is trying to do is to trick you into compiling and running a C program to unshadow your password file and e-mail it back to them. This is not a smart thing to do, as it lets the other guy run CRACK on your system's password file, and maybe break into some accounts. If somebody tells you that they need you to compile a program for them, simply tell them that it wouldn't run on their system anyway. If they say "oh, sorry", then they probably are just ignorant, and you can't help them anyway. But if they go on to say that they want you to run it, DON'T! Get it if you want, but don't compile it, and DON'T even think about running it. Instead, get the person's email address, and inform root at their site about the other person's hack attempt, being sure to email a copy of the C program the person sent to you.


Now is as good a time as any to talk about viruses. First, as to Unix viruses that oculd magically infect your windows PC, there aren't any. End of subject. For those of you using Unix shell accounts, you are virus safe unless you download something to your PC, because the programs you run on UNIX are either protected system files, or compiled by you. Many of you have heard rumors of viruses attached to gifs. THERE IS NO SUCH THING! Viruses are attached to executable files (files that end in .bat, .com or .exe) and nothing else. The file containing the virus can, of course, be zipped along with other files, or emailed as an attachment. A virus is dormant until it is executed.

Most viruses are spread from computer to computer on floppy disk. Many viruses are set to go off at a certain time, and the person who gives it to you may not even know they have it. Viruses have even been spread on distribution disks of legally purchased software. They are also commonly attached to shareware programs by cybervandals. To make things even more difficult, new viruses crop up every day. Some cybervandals have even circulated a virus construction kit. Viruses range from annoying to something that will cause you to lose everything on your hard drive. There is at least one virus that is known to cause damage to your monitor as well.

The first step in virus protection is being prepared. Make an emergency diskette with system files, an image of your CMOS, FAT, config files, and a good virus check and virus clean program. Keep it handy. A good suggestion for virus protection software would be F-Prot, which is available free of charge for personal use. Update your detect and clean software regularly to keep up with the new viruses.

Run a virus detect program on your system. Never run a file from a diskette without performing a virus scan. While this may seem like a lot of work, it is far less of an inconvenience than losing everything on your hard drives. Only download software from well-known archives, and check it before you run it. Never execute a file received via DCC without a scan. Even then, the virus could be newer than your detection software. We practice safe computing, and have still had 4 different viruses, one of which did severe damage. Chris also inadvertently passed a virus on to his boss on distribution diskettes. The boss was not amused.

Despite all of your precautions, a virus may slip by your detection software. If that happens, you may not notice for a while as it lies dormant waiting for its activation key to kick in. However, often there will be signs that can tip you off to the presence of a new virus before it attacks. For example, if the mem command says there is less than 640k main memory total (not the amount free, the amount total), you almost certainly have a boot sector virus, which became resident in memory before DOS did. Sometimes a BIOS shadow will remove main memory, but if this is the case, we suggest you free the memory by turning the shadow feature off in CMOS. If a DOS command like MOVE or DELTREE suddenly stops working, we can guarantee that you have a resident infector virus. DOS commands ALWAYS work when they are clean. If they don't work, you can be sure they are infected. If the sound support in a previously working program suddenly stops working, no matter what you do, that is also a sure sign of a resident virus. To sum up, if something that has generally worked on your computer suddenly stops working, assume a virus. Of course, with the advent of Windows, notorious for it's instability, we can't rule out other things, such as registry corruption, or botched installs, but if nothing else helps

Once you have disinfected memory by turning off your computer for 30 seconds and booting from your emergency write-protected floppy, then disinfected your hard drive with your detection and cleaning software, be sure to scan EVERY floppy disk that has been in your disk drive. The best way to rid yourself of a virus is not to catch it in the first place.

New Developments in Viruses

AS the times change, bad people keep discovering new tricks, and virus writers are no different. There are a few thing worthy of discussion. The first new trick was the "macro virus". Many popular office programs have the ability to store macros, or sets of instructions that can be executed y the software inside of document files. It was only a matter of time before people decided to start exploiting this. Word documents, word perfect files, Excel spreadsheets, powerpoint presentations, all must be scanned now to catch macro viruses. Relying on Microsofts security fixes to attempt to disable these hostile macros is not very wise. Raw picture formats, such as GIF, jpeg, or PNG are still completely virus safe, as they contain no executable code.

Another technique is the new, and yet also very old, self propogating "worm". A virus attaches itself to other programs, and replicates that way. A worm is different in that it does not attach itself to other programs. These have long been used to target insecure UNIX servers. However, soem features of consumer operating systems allow them to be targets of worms as well.

One feature is "file and printer sharing for Microsoft networks". If yo uhave multiple computers, and a network card in each, this is a handy way to get files from on ecomputer to another, without the slow access time, unreliability, and size limits of floppy disks. However, this same feature can, if improperly configured, leave you wide open on the internet. Depending on your networking setup, you may have fiel sharing bound to the internet protocol, TCP/IP. In this case, people can access your files from the internet. Fortunately, this is possible to stop. The process is a bit technical, but well documented. If you only have a modem, and no network card, you don't need fiel sharing, and can simply remove it. However, if you have both a modem and a network card, or a broadband connection, it's not so simple. Typically, you want your other home users to be able to access your drives, but don't want anyone on the Internet to do so. One way is to assign secure passwords to your shares, and never try to access them from away from home. However, it's much better to unbind File and printer sharing from tcp/ip, beause there is a well known exploit that lets people steal your share passwords if you click on a malicious web link. Also, Windows XP home edition will refuse to let you password protect a share at all! The process depends on yor OS version, but is fairly well documented on a number of sites. This site has good information for Win95/98/Me, and instructions are here. The process is more complex under NT, though. With sharing unbound, people can't peek at your cmputer without tricking you into using a trojan.

The other major way worms spread to consumer PCs is by exploiting security holes in e-mail software. Some programs have helpful "auto preview" functions, that can not only open the e-mail you ahve highlighted in a seperate panel (fine) but they can automatically open attachments as well. Now, as you well know atttachments can have viruses, and need to be scanned before they are opened unless they are pure data. Additionally Active X controls can be automatically activated by certain e-mail programs, as part of their HTML mail viewing features. This is bad news. To date, there is one e-mail program that has allowed many famous worms to spread the instant a person click on the e-mail to read it. This is Microsoft Outlook. We do not reccomend the use of that particular e-mail software. Also, if your e-mail program has ANY option like "Use Microsoft's viewer" (some version of Eudora) disable it! If you must insist on usage of Outlook (or your company insists on it!), disable all of it's auto-preview features, and apply all Microsoft security patches.


Recently, a number of nasty programs have started to show themselves. Going beyond simple fake programs that wipe your hard drive, they now open your computer up to access, and can even make your PC do bad things to other people's computers! A lot of what has been said about viruses also applies to trojans. They can attach themselves to other programs, or propogate themsleves as worms. Because they propogate the same ways, they can also be defended against with the same methods used to block viruses. However, the consequences can be much worse if one slips through. Your computer can be commandeered for illegal activities, such as crashing other computers, or preventing them from being accessed. A second line of defense is needed to prevent that.

A good personal firewall is the best thing for stopping a trojan and alerting you to it's presence. Zone Alarm is the simplest effective solution. The inner workings of a firewall are complicated, but the idea behind them is not. What a firewall does is sits between your computer and the internet, and only lets the stuff you want through. A fireall can stop people on the internet from peeking at your computer. This is another way to keep your network shares safe. But it can also block bad stuff from coming FROM your computer, and this is what makes them so useful when dealing with trojans. If a trojan does get onto your computer, the firewall will block people from controlling it, and when it tries to phone home, the firewall will alert you to it. This allows you to trap it, deny it permission, and continue to operate your computer. Zone Alarm is simple to configure, especially if you aren't involved in online gaming, and their web page has a lot of useful information on dealing with problems. Also, it is free for personal use. It is not a replacement for a virus scanner, but it's a very good second line of defense against the current breed of popular trojans.

Firewalls will also help you detect something called "Spyware." Spyware is sofware that sends back information about you to it's creators without warning you about it. Such software usually has something buried in the boring license agreement stating that you are authorising this activity. Most commonly, spyware is put in free programs that show advertisements, which will keep track of the ads you click, and send info back to them, so they can sell it. But your .mp3 player might have spyware in it that tells the company what songs you liek to listen to, for example. Sometimes they are buried completely within the software, but other times they are seperate programs. Anyway, if you are concerned about your privacy, as we are, you have a right to be angry at these sneaky tricks. A firewall can alert you to suspicious activity on the part of spyware as well. When a program you don't expect to try to access the internet suddenly does so, Zone Alarm will tell you about it. There is software to let you remove spyware, such as Ad-ware. Spyware has been known to make computers more unstable, so it's usually desireable to only run spyware-free software.

Logs and Snooping

For someone who wants to keep track of what you do on the net, your home dir in a shell account is a good place to start. Most people have a .newsrc file which shows the newsgroups that you are subscribed to, and which posts you have marked as read. Other files will tell them what Gopher sites you have bookmarked (.gopherrc), what ftp sites you have bookmarked, and who you have on your IRC notify and ignore. This data is, of course, always accessible to you, and to anyone with root access at your site. If you have set the Unix permissions on the dir and files to allow it, many more people could read these files. Even making your home dir readable, and permitting finger can tell someone your real name, whether or not you have unread mail, and the last time you logged on.

Unix permissions (similar to DOS filespecs) are a little tricky to understand. If you were to request a long form directory listing in Unix with a ls -la command, the settings of these permissions will be displayed at the far left of each entry. The permissions will look something like this:


The d in the first position indicates that this item is a directory, not a file. The next three positions relate to the things you can do in the directory. They are the owner permissions of read, write and execute. The next three positions are for the group owner of the listing. In most commercial shell accounts, the group is comprised of every shell user at your ISP. The final three apply to the rest of the world. On the example above, the Owner has read, write and execute, the group owner has read and execute, and the rest of the world has read and execute.

Each directory and each file has its own set of permissions, (We know this is pretty dry, but it is important), and the file owner can set them using the Unix command chmod (Change Mode). To protect your .newsrc and other configuration files from prying eyes, make sure that the group and world permissions are turned off. A file set this way would like like this:


The command syntax to set your .newsrc file this way would be:

chmod 700 .newsrc

To learn all about the chmod command, go to your Unix prompt, and type man chmod.

Site Logs

ISP's can log virtually anything that happens on their machine. Examples include xferlog (for ftp activity), failed login attempts, WWW access logs and many more. The number of things logged varies widely from ISP to ISP, as does the policy for access to these logs. Some providers believe in privacy, and don't log many things. They also restrict access to the logs they do keep. The other end of the spectrum would be some universities that keep a secret machine to log everything that occurs on all of their other machines. These universities are under no obligation to tell you about their secret logging machine, so unless you know for a fact that no detailed logs exist, treat everything you send from a university account as a postcard. On most systems, the xferlog is world-readable, which means that anyone can search the log for your address, and find out if you have been there and what you have been doing.

The only recourse you have with this logging is to find out what your ISP's policies are. For those who have a choice of providers, we recommend that privacy be one of the criteria you use in making your selection.


Many people realize that posting to a Usenet Newsgroup exposes them to flames, ETC. and use an anonymous remailer service. Keep in mind that the Anonymous remailer service might be owned by someone intent on snooping into your business. Also remember that including your email address in a Usenet post or a maillist reply exposes you to email harassment, and possibly inclusion on junkmail lists.


We have seen how our privacy can be invaded via our shell account, in logs and in learning our email addresses. It is also possible to record your activities on your own hard drive, and to read them at a later time. This is done with something commonly known as "cookies." Most WWW browsers support the creation of a file called cookie.txt which can be written to and read by a site that you visit. The intended purpose was to keep your preference information for the next time you visit. We have two problems with this practice. First, it feels like an invasion for someone to write to the hard drive on our computer without even asking us. Second, it would be possible to inadvertently fall prey to a law enforcement sting operation simply by following the wrong link sometime. The information in your cookie.txt file would be the "smoking gun." At best, it would be a hassle to fight the attempted sting and win. The possibility that you may lose the fight is not to be ruled out either. Netscape was concerned enough about this privacy issue that they have allowed users to disable the cookie feature in version 2.0. For those using other browsers, your only defense is to periodically erase your cookie.txt file until you get a version that allows you to disable cookies.

A somewhat similar feature has been developed by Microsoft and others to combat software piracy. When you use the on-line registration for Windows-95, it also sends an image of your hard drive directory to Microsoft. The US Department of Defense (DoD) was concerned enough about the security and privacy issues here to require Microsoft to make a special government build of Windows95 that did not have the registration wizard before any staff member could install it. The people at the DoD considered it a national security risk to allow Microsoft to retrieve information about the contents of their hard drives. It is possible for Microsoft to read anything on your hard drive via this on-line registration, and may also be possible for them to do the same thing anytime you access the Microsoft Network.

One more word on the subject of deleting data you don't want to be seen. If the file has not been overwritten, undelete will, of course, recover it. If you enable deletion tracking in your version of DOS, that's a risk you take. Many programs such as Xtree can "wash" the deleted files, and make use of undelete impossible. However, if your opponent is the intelligence community, simply overwriting the file is NOT going to be able to stop them. They can often recover the last 15 values a sector on a disk held. Now, unless you were in possession of classified information, you have nothing to fear from the intelligence community. However, commercial data recovery firms can use similar techniques, so if you are worried about something such as industrial espionage, you might want to spend the time and take the required precautions to truly erase the files on your drives you don't want found again. We won't go into detail on this process, but suffice it to say that it takes a large amount of time, and in the case of floppies, it's best to destroy them instead.


As a curiosity, and for the sake of completeness, we would like to mention an eavesdropping technique that is known as using "TEMPEST" equipment. The principal involved here is that any electrical signal passing through a wire radiates an electrical signal that passes through the atmosphere. Is is possible, with a sensitive enough receiver, placed close enough to your computer (up to hundreds of yards away) to receive this radiated signal, and by using a device called a spectrum analyzer, to reconstruct the data. In the case of a computer system, this data would be the picture on your monitor, every keystroke you type, and any data in the computers memory. This is heavy duty spy stuff, and isn't something your home computer is going to be subjected to.


As we have seen, anybody using a shell account is vulnerable to snooping on the part of their sysadmin. Even if you use SLIP or PPP, the modem traffic can be logged. Also, the machine the mail is stored on before you download it can be monitored just as easily as it could be on a shell account. If you are really concerned about your privacy, there IS something you can do to prevent snooping around in your e-mail. That would be to make use of a program called PGP.

PGP stands for Pretty Good Privacy. What it is is a system for encrypting messages. This means that even if somebody intercepts the message, they won't be able to figure out what it says. It is based on something called public key cryptography. As opposed to private key cryptography, which uses the same key to encrypt and decrypt, public key cryptography uses two separate keys. One key is your public key, which you give to everybody, and the other is your secret key. To send a message to someone, you get the person's public key. You then run your PGP software and tell it to encrypt the message you wish to send with the recipient's public key. Then, when the person receives this message, the secret key is used to decrypt it. Nobody else ever needs to know your secret key, so there is no chance of it being intercepted without heavy duty intelligence work.

This is a good time to define what secure means. There are two tests that you can apply to determine if something is secure. One test is that if it costs more to decrypt the information than the information is worth, the information is secure. The other test is if the information would be useless to would-be snoopers by the time they manage to decrypt it, it's secure. Basically, if something takes too long to crack, or isn't worth the money spent to crack it, nobody will try. But if the information that is being protected is priceless, and not time critical, it is nearly impossible to make it secure. However, almost everything a home user would want to safeguard passes at least one of these tests if PGP is used to encrypt it.

How secure is PGP, exactly? Well, as opposed to simple substitution ciphers, which can be broken by means of frequency analysis (the letter that appears most often is probably E..), there is no way to break PGP short of trying all possible keys until you find the one that works. Now, PGP keys are pretty big, so there are a LOT of keys to try.. When you choose your keys, you can decide how big to make them. The bigger the keys, the more secure your message is. Generally, unless you have a really slow computer, you will want to use a 1024 bit key. This means that it will take even the intelligence community YEARS to crack it. So PGP is indeed strong cryptography, capable of making most classes of communication secure. Besides encrypting text, PGP can also encrypt data files, such as spreadsheets or executables. We will not go into more detail on the inner workings of PGP, as there are much better sources for this information. Suffice it to say that PGP lives up to its name.


We have presented the worst case information regarding privacy and security in this article. Most of you will never have a problem with most of these things, but now, at least, you have some knowledge on your side. We wrote this article because we firmly believe in the individual's right to privacy. It is our hope that others will help us in safeguarding this right. We have listed some sources below to further explore the information we have presented.

Workshop | Home Page
HTML by Chris and Chuck Cochems. Last updated 3/20/96.