At the tender age of eight, Kon Leong learned a valuable lesson about privacy. He was living with his Chinese parents in India when the Indo-China War broke out in 1962, shattering diplomatic relations between the two countries for the next 16 years and placing Chinese who lived in India under suspicion for espionage. With every move his family made subject to surveillance, Leong realized the less others know about you, the better.
For Leong, who now lives in Mountain View, Calif., the lesson of his youth still holds -- especially when it comes to protecting privacy on the Internet. As an expert on online privacy, he notes that most e-mails bounce through dozens of Internet hubs before reaching their destinations, meaning they can easily be intercepted.
MONITORED AND TRACKED. You might believe that no one cares about the harmless chatter in your messages. Yet whenever you browse the Web, it's likely that hundreds of marketers are tracking your every move using cookies -- tiny programs that hook onto your browser and track your surfing habits, reporting them back to the originating site.
Thus, it isn't beyond the realm of possibility that an employer bent on holding down health-care costs could find out that you've been researching cancer treatments and decide you're expendable. Never mind that you might have been trying to help a friend rather than looking for information for yourself.
Knowing how exposed they are via the Net, most privacy buffs go to extremes to protect themselves. Leong limits his shopping online, as he believes it offers the greatest risk for privacy breaches. For instance, hackers could steal your credit-card number from retailers (though the same info might be purloined from department-store trash bins). By gathering a few basic bits of data such as your name and Social Security number, they could also sign up for new credit cards in your name.
"SOMETHING TO HIDE." Valerio Capello, who from his home base in Italy runs ElfQrin.com, a site on hacking and security, has 11 programs on his personal computer to repel Web bugs and information gatherers. "I am proud to say I have something to hide," he jokes in an e-mail.
You, too, may have things you would prefer to keep to yourself -- and with a few simple tools, you could significantly reduce your exposure to info thieves. Start by signing up for a secure e-mail service, such as SafeMail.com, HushMail.com, or ZipLip.com.
Fee-free ZipLip comes with a 5-megabyte mailbox and has hundreds of thousands of users, the company says. Unlike most other e-mail sites, ZipLip doesn't require you to answer any personal questions when you register And it secures each session with Secure Sockets Layer (SSL), one of the best encryption programs available. All messages stored on ZipLip's server are also encrypted in Triple DES, an algorithm that's virtually unhackable, swears Leong -- who created the service in his spare time three years ago. (ZipLip helps make ends meet by selling corporate e-mail services.)
TRAILLESS MAIL. What's more -- attention, Bill Gates! -- e-mail sent by ZipLip's users likely wouldn't be admissible in court, claims Leong. The reason is that instead of sending a message itself, ZipLip.com simply sends the recipient a note saying that a message is waiting, along with a link to the ZipLip site. Clicking on the link provides access to your message -- the only copy of it -- on ZipLip's server. That makes lawyers' job tough: To prove that a message has been sent, they have to obtain the copies of the e-mail from the different Internet service providers it hopped through.
And, in the case of ZipLip, no ISP would have a copy of the message. Once viewed and deleted, the lone copy is thoroughly "shredded" so as to be nearly impossible to resurrect. This may not protect you from your company's systems administrator if you're trafficking in inappropriate images or language from your PC at work. Your employer could have many different ways for tracking your Internet usage, such as taking "snapshots" of the screen you view. On the other hand, would-be hackers who want to see your mail can't use their normal interception methods as it flies from one ISP or another.
If you're really paranoid, you might want to sign up for the anonymous e-mail service provided by Anonymizer.com. Even the recipient can't tell by the address who sent the message, since it comes from email@example.com. In your message, you might tell the recipient who sent it, but any hackers who intercept it en-route shouldn't be able to trace the e-mail to you and your computer.
SPAM SENTRIES. Once you've protected your e-mail account, you can also start filtering out unsolicited e-mails that deliver product offers, links to porn sites, and promises of instant winnings. What's the harm in these, except that they clog your mailbox and harass you with unwanted information?
Nowadays, most viruses, including the infamous "I Love You" strain, arrive through e-mail, explains Srivats Sampath, CEO of security services provider McAfee. His company's SpamKiller program, available for $29.95 from mcafee.com, analyzes incoming e-mail by keywords and headers, and deletes unwanted messages before they reach your mailbox. The software can also be used to create custom filters and to monitor and filter multiple e-mail accounts.
Rival Symantec's Norton Internet Security 2002, available for $69.95 at symantec.com, also has an antispam feature: It both filters out viruses and can block unwanted e-mail addresses. Norton's other features include a firewall, which protects your computer from hackers, and parental controls, which allow parents to block sites with adult content.
INTERNET INCOGNITO. To shield your moves online from the prying eyes of marketers and hackers, you also can disguise your Internet protocol (IP) address -- a unique number that identifies your computer in somewhat the same way that your Social Security number pinpoints you. For $49.95 a year, the Freedom WebSecure service, offered by Zero-Knowledge Systems at zeroknowledge.com, provides electronic cloaking. It encrypts and reroutes connection requests as you click from one Web site to another, essentially hiding your IP address. Freedom, which also protects its users from cookies, works only on computers with Windows 98 or newer operating systems, and requires a modem that runs at a speed of at least 56 kbps.
Alternatively, you could disguise your IP address using The Cloak, found at The-Cloak.com, or the Anonymizer, at Anonymizer.com. The latter, which works on most versions of Windows and has about 500,000 corporate and individual users who pay $49 a year, automatically strips all outgoing data of your IP address as it flows through Anonymizer servers, explains company President Lance Cottrell. The service can also encrypt all Web-page requests your browser makes, so that only you know which sites you visit.
As you surf, moreover, a free program available at guidescope.com can block all cookies -- while at the same time stripping ads from the Web sites you view. Both functions appear on a tiny pop-up bar where they can be turned on or off -- much easier than reconfiguring your browser every time you want to change your cookie settings.
COOKIE CLEANUP. Reconfiguring your browser can be relatively simple: In Netscape, go to the "Edit" menu, then click on "Preferences," and finally on "Advanced." There, you can choose to accept all cookies, block all cookies, or individually approve all cookies that sites are trying to deposit in your browser. You would need to accept cookies, even if only for one session, to make purchases online. It might make sense to install an extra cookie-tracking program to make sorting useful and harmful cookies easier, though.
The main benefit in getting rid of ads is to speed up your Internet access, says Jason Catlett, president and founder of privacy advocate Junkbusters in Greenbrook, N.J. A Guidescope user sees a condensed version of a Web page, with all the places that typically are taken up by ads filled up instead with content. Guidescope, which is free, comes with easy-to-follow instructions and, even via a dial-up connection, can be downloaded in a matter of minutes. The program works on most versions of Windows, Linux, and Sun's Solaris operating system.
If you have kids, you may also want to use content-filtering tools. The Freedom Security & Privacy Suite, also available from Zero-Knowledge for $69.96 a year, can remember certain keywords -- such as credit-card numbers and names -- and stop them from leaving your computer. Thus, a child won't be able to disclose her address to a stranger in a chat room.
"TOOLS TO DECIDE." Like Norton Internet Security 2002, Freedom Security & Privacy can also prevent children from seeing inappropriate sites, such as those that peddle porn or offer gambling. "We give customers tools to decide what they want known about them," says Hamnett Hill, chief operating officer, who co-founded the company with his father and brother. The program also includes a firewall, an antivirus program, and an ad blocker.
Of course, it takes effort on your part to make these tools do their job. Web surfers intent on protecting their privacy should spend as much as a half-hour a week sorting through cookies. Even sporadic use of online commerce necessitates using cookies.
Trying to place a total wall of privacy around your online activities isn't a practical goal. If a Web site you buy books from sells your name and e-mail address to other marketers, a privacy program won't help much. If a site to which you give your credit-card number gets hacked, your information could be stolen. Still, the programs mentioned here can provide a measure of security, if not complete peace of mind. By Olga Kharifi in Portland, Ore.