Security and User Safety

Note! Some software programs to help keep your children from accessing XXX pornography web sites are... Net Nanny Cyber Patrol

Especially for parents with children, user safety is a very real concern. Obviously, someone you bump into on the Internet can't reach out and knock you over the head, steal your wallet, and take off in your car. It does occasionally happen that people are defrauded over the Internet, however. And as in any place that offers some measure of anonymity, a few antisocial types are out there.

Much has been made in the popular press of "cyber-rape," something that has occurred in the course of interactive role playing in at least one Multi-User Dungeon game. Unpleasant though such events must be for those involved, there is a simple solution to any kind of "cyber-attack" attempted on your person or gaming character when you are online: Pull the plug on the session.

Another kind of annoyance is the online masher, a guy who notices that a woman is present in an interactive forum or chat room and sends her unwanted romantic or sexual overtures. I have yet to have this happen to me in a decade of online activity, but I do know others who have been sexually harassed electronically. It seems to be more prevalent on commercial online systems than on the Internet per se, since commercial systems often display data about persons online, including their age, gender, and perhaps a description. Just because a company asks you for such information doesn't mean you need to provide it, of course, and not doing so may offer you a measure of invisibility. Some women choose names that do not telegraph their femaleness, and I don't think that's a bad idea, although I wish we lived in a world where it wasn't necessary.

I don't like to be hassled on the street, and when it happens there I'm pretty forthright about telling Mr. Offensive where to go. I recommend that any woman (or man--it could happen to anyone!) who is the recipient of rude or raunchy overtures online take the same tack. Most other users do not find this behavior acceptable, so embarrass the jerk if you can. Hopefully, he or she will go away. There are technological solutions too, which can be especially useful for filtering out the boors who occasionally infest a favorite Usenet newsgroup. Known by the colorful name of "Bozo Filters," these programs can tell your computer to automatically delete any message posted by Mr. or Ms. Pottymouth. Ah, sweet relief!

If the behavior is carrying over into your e-mail box, try simply deleting every message until the sender gets the message. Responding may only exacerbate the problem. In extreme situations, you might ask your service provider--or theirs--for help in pounding it in.

In a very few cases people have had the misfortune to encounter outright psychopaths online. This type of person may use his or her manipulative personality to worm personal details out of you, such as your name, address, or phone number. I recommend never giving out such information except under controlled circumstances. You don't want some weirdo to show up at your door next Wednesday night, right? It has happened a couple of times, and I'm sure we can all imagine how frightening it must have been for the person who had to face down the cyberweirdo in the flesh.

Even worse, there are some real creeps who prey on children online. Pedophiles have found that the Net's anonymity and easy access to kids computing alone can be a powerful combination. They may represent themselves as someone the child's own age, perhaps a virtual "pen pal," or as an adult mentor with access to cool software or other treats. Teenagers are generally aware enough to steer clear of these hazards, but I think a lecture on the possibility for danger is in order. In particular, you should make it clear that any first meetings with new online friends are to take place under your supervision. Younger kids really need more adult involvement than a one-time lecture can provide. Why not spend most of your online time together if you're worried about their vulnerability?

I don't want to make too much of these "dangers." Because fear sells, many magazines, newspapers, and TV news programs have run scare stories about the Internet and about computer BBS s. You are probably less likely to run into a dangerous character on the Internet than you would at a real-life gathering of a similar size, such as Mardi Gras in New Orleans or the World Cup soccer finals. And in most cases the remedy is simple, instantaneous, and requires no lethal force: Just break the connection.

Online Cons

Con artists and the Internet are a truly dangerous combo. Flim-flammers are already realizing the Net's potential, much as they have with the telephone and the fax machine. It's a real annoyance to have to wade through messages inviting you join some pyramid sales scheme--I mean scam--or to buy condo time shares, stocks, commodities, or what have you, sight unseen. Obnoxious sales pitches are not as uncommon as they should be on newsgroups, and they occasionally come by way of e-mail, too. Con artists are even putting up glitzy Web pages, inviting you to spend your dough on their dubious invention or venture.

Many business people are legitimately trying to leverage on the Internet's popularity by using it as a sales tool. As long as no sales pitch comes to you unbidden, as long as you are not harassed by repeated e-mail inquiries after you check out and discard such pitches, and as long as the transaction is on the up-and-up, hardly anyone has a problem with this. Even though the Internet was conceived of as a non commercial entity, it's a given that some measure of business activity will intrude over the next several years. All of the regular laws apply, there's just no online fraud investigators or cops to enforce them. This fact puts you in charge of your own financial well being.

As with the shady salesman at your door, don't invite anyone into your online life who seems to be selling a too-good-to-be-true dream. If you are considering an investment of some sort, insist on receiving the proper documentation in writing, by "paper" mail, and go over it with a professional financial advisor. Don't give out your home or business phone number without thinking twice. Check out the credentials of a company before sending them a nickel. Even job offers or what appear to be "for sale" listings by private parties online can be a rip-off.

Business people who do cross the line have found that Internet users have a tendency to retaliate, flooding their e-mail boxes with nasty complaints, and even resorting to old juvenile stand-bys like ordering unwanted pizzas delivered to their offices. It may be immature, but I'll bet it's effective.

Security

There are impediments to running a legitimate business online, and these problems also affect consumers. The most crucial of these is that the Net is not a secure channel for distributing personal financial information or credit card numbers without first hiding your data from prying eyes. These eyes are out there. And they are looking for credit card numbers or other information they can use to get their hands on your money. Large corporations have been burned by hackers who set up programs in their networks, including their Internet connections, that searched out and snagged credit card transaction information. Don't let it happen to you!

To avoid getting ripped off in this way, you can learn from the big corporations. When they want to transact important business online or send sensitive documents, they use encryption.

Encryption software translates your message into a code that only a recipient with the proper code key can break. An often-used metaphor for an unencrypted Internet message is that of a postcard--and as one of my former room mates learned to his chagrin when his girlfriend sent him a spicy postcard and I thought it was for me, you'd better not send anything sensitive in a way that any postal employee or passer-by can read! An encrypted message, like a letter in an envelope, is safe from most snoops. Even the government's supercomputers have a hard time cracking the codes of the latest public-key encryption software, which requires two "code keys" to open.

Which leads us to a delicate problem. The Internet needs secure data transfer, but encryption is considered to be a "weapon" by the National Security Administration of the United States. That means that heavy-duty encryption software is not to be exported, although the paradoxical reality is that, due to illegal export, such programs are even more widely available abroad than they are here. The result? Companies and individuals are forced to use weaker, less safe encryption programs for any message that goes outside the borders of the United States. Software developers are reluctant to invest in building better encryption software, because sales will be limited to the domestic market. And Internet crooks and Nosy Nellies continue to have a field day.

Whether and how you use encryption is up to you. I personally would not purchase anything with a credit card over the Net unless I was sure that the number would be encrypted for its entire journey. Online sales systems under development will do just that. In the meantime, perhaps it's best to shop by Net, then pay by mail or phone. (Phones aren't secure either, particularly the cellular variety, but there are fewer listeners to worry about.)

If you are interested in adding encryption to your software arsenal, one of the most popular and widespread programs in use on the Internet is Pretty Good Privacy, better known as PGP. Written by a fiercely independent programmer named Phil Zimmerman, who is having some problems with the government as we speak, PGP is a highly secure public-key encryption system. For information on how to get and use PGP, which is available for many computer types, see the listings under "Encryption and Privacy Issues" in Part 2.

I understand that Zimmerman is currently working on a version of PGP that can encrypt phone calls made via computer as well--maybe someday he will get around to solving the cellular security problem, too!

It is illegal to distribute PGP outside the United States, although it was available for sale on floppy disks at street kiosks in Moscow when a friend visited there many years ago, and it is routinely found on overseas Internet servers.

I wish I could say that PGP is easy to use, but it's not: Explaining the intricacies of setting up a PGP key ring and encrypting messages is beyond the scope of this book. I highly recommend downloading the readily available PGP documentation file.

Protecting your Privacy

Credit card numbers and love letters aren't the only thing you might want to protect online. Many people do not want their names, addresses, work affiliations, and other personal data displayed to the world, and perhaps added to electronic databases for advertising or more sinister purposes.

If you don't want your e-mail address to be visible on your mail, you could try using an automatic remailer. These are computers that strip out all the identifying address information from a message, then send it on to its destination with the remailer's address where the sender's used to be.

Lest you think that anyone who tries such a ploy is up to no good, there are many reasons that someone might wish to use a remailer. If you are Bill Gates, billionaire owner of Microsoft, you certainly don't want your private Internet address appearing on the Net. It's a sure bet that you'd be greeted the next day by umpteen notes begging for a share of your cash. The same goes for people who have good reasons to avoid being listed in any kind of directory, such as former spouses of abusive partners, lottery winners, and political refugees.

Many automatic remailer users simply want to avoid having their e-mail address gathered for commercial purposes without their permission. And some truly do have nefarious purposes, such as evading Interpol (the international police force) or the FBI. It should be noted, for anyone who fits into the latter category, that the operators of remailers can be (and have been) sub opened to get the name and true e-mail address of a criminal

Privacy laws governing the use of information gathered online differ from nation to nation, and the few that exist are new and untested. Some service providers have tried to sell information about their customers, and have been met by a great deal of flak. If your privacy is truly important to you, you'll think twice about volunteering information via online questionnaires and the like. Developing a database is usually what these are there for.

A Word about Viruses, Hackers, and Crackers

The word virus makes everyone nervous, whether you're talking about computers or the common cold. Viruses are out there, although most are fairly benign. But why take chances? You can't get a virus from a text file, but a binary file (a computer program) could carry one. It's prudent to have the latest virus-protection software installed on your computer, and to run any downloaded programs through it before they go on your hard drive. My computer once "caught" a virus called WDEF right in the middle of a crucial project, and it ended in a tragedy of lost files, missed deadlines, and sobbing editors. No fun.

Until recently, when a newbie asked if hackers could invade your home computer when you were hooked up to the Internet, the standard answer from old timers was derisive laughter. However, events in the spring of 1995 proved that it can, in some special cases, be done. Infamous computer cracker Kevin Mitnick (a hacker is an enterprising programmer; a cracker is a malicious enterprising programmer) used a sneaky technique called spoofing to gain access to the home workstation of a well-known computer security expert, then ransacked files and left boastful messages in his wake. He didn't boast for long, though, because the wronged party immediately joined the manhunt for Mitnick, already on the run from the FBI, and helped them make the arrest. Mitnick'll be cooling his heels for a long time, but there are more where he came from.

The typical home user has little to worry about regarding "home invasion"--style cracking. Crackers are more interested in stealing corporate data for competing companies, or in making a very public spectacle of themselves, than in rummaging through your hard drive.

Security and privacy are in many ways the hottest issues on the Internet right now, with the spectre of censorship and, as Internet personality John Perry Barlow so eloquently put it, "Jackboots on the Infobahn" giving these issues an essential push. A number of newsgroups cover these topics in depth, and concerns have even spawned a movement of sorts, whose members are known as "cypherpunks." These advocates of privacy and encryption are leading the charge for your ability to choose who sees your files and who gathers files on you, and what they have to say bears listening to.