How to Take Back Your Privacy

Keep spammers and online snoops at bay with these 34 steps culled from the advice of privacy pros.

In April of this year, Visa, JP Morgan, and other top financial firms met with major information brokers and tech companies to discuss a bold new proposal: using consumer databases to identify national security risks. If the idea becomes a reality, background checkers could scrutinize a huge mass of your personal info--your buying patterns, your religious affiliation, your medical history, even your magazine subscriptions--every time you board a plane.

Collecting consumer data for one purpose and then using that information for another is "a fundamental privacy violation," says Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center.

Unfortunately, the trend toward sharing collected data appears to be accelerating. And increasingly, what you do online can affect you offline, and vice versa.

What can you do? We polled privacy experts and came up with 34 steps you can take to lower your public profile and reclaim some, if not all, of your privacy.

We've divided the steps into three parts based on the level of security they provide.

Essential Guards

These tips give you an excellent start in regaining your privacy, and they require little sacrifice or effort.

>>TIP Opt out early and often. If a Web site offers you the opportunity to receive "special offers" from "valuable sponsors," politely say no thanks. Though most sites are unlikely to abuse contact information, they may share data with third parties, get purchased by a company that has less regard for your privacy, or file for bankruptcy and be forced to sell their customer lists, as Garden.com and Webvan did.

>>TIP Don't get personal at work. If you use your employer's PC or Internet access to send a personal note, your boss has the right to read it. A survey by the American Management Association says nearly half of U.S. corporations monitor employees' e-mail. For personal messages, use a private Net account on your own system.

>>TIP Surf smarter. Your boss may also watch where you go on the Web. So save online games and chat rooms for your own time. "My basic advice is, don't do anything on your computer at work that you wouldn't do if you knew someone was staring over your shoulder," says Andrew Schulman, a Santa Rosa, California-based researcher for the Privacy Foundation.

>>TIP Learn what's allowed. Ask your boss if your company tracks employee Internet use. Corporations should provide a written policy outlining how and when they monitor employees' online activities, and what they do with this information.

>>TIP Use a front. Establish a second e-mail account with Hotmail or Yahoo Mail, and use this address when registering at Web sites. Spam will go there instead of clogging your primary in-box.

>>TIP Remain unlisted. Don't publish your private e-mail address on your personal Web site or in online discussion forums where spambots can harvest it.

>>TIP Keep it to yourself. Most sweepstakes, surveys, and product warranty cards are merely cheap ways of gathering your data. "Giving personal information is like spending money," says Robert Gellman, a privacy consultant in Washington, D.C. "Make sure you're getting something of real value in exchange."

>>TIP Be antisocial. Guard your Social Security number jealously; few entities beyond the IRS and your employer really require it. "Your SSN makes it all too easy to cross-reference databases that should never come near each other," notes John R. Levine, author of Internet for Dummies.

>>TIP Tell off telemarketers. When telemarketers ring at dinnertime, ask to be put on their "do not call" lists. Get a free copy of Enigma Anti-Telemarketing Software to keep track of who called you.

>>TIP Check your credit history. Order an annual credit report. "If you're a victim of identity theft, you'll have a better chance of catching it early and you'll minimize the hassles in recovering your financial health," says Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. For about $9, you can order reports from Equifax, Experian, or Trans Union; it's free if a lender has recently turned down your credit request.

Heightened Alert

The following tips take more effort, but they can buy you a lot more privacy.

>>TIP Ease your pane. Leaving open the preview pane in your e-mail program could allow malicious spam messages to launch JavaScript apps on your PC. To close it in Outlook Express, select View, Layout and then uncheck the Show Preview Pane box. In Netscape Mail, highlight a message in your in-box, open the View menu, and uncheck Message.

>>TIP Engage in counterespionage. Many free applications (especially file-sharing programs) install so-called spyware--software that tracks your movements online and sends ads based on your perceived interests. To detect and delete spyware, use a utility such as Lavasoft's Ad-aware. For further information, see "Stealth Ad Invasion" (November 2001 News and Trends).

>>TIP Install a firewall. Essential gear for broadband users, a firewall such as Zone Labs' ZoneAlarm is useful for anyone who logs a lot of Net time. Besides fending off hackers, firewalls can tell you if any program (such as a Trojan horse or spyware) is trying to send data to the Net behind your back.

>>TIP Be wary of attachments. A good antivirus app like Norton's (see "Net Toolbox") is essential, but common sense also helps. For example, never open attached files unless they're from someone you know and you were expecting them. Friends could unwittingly send you a virus, so check with them first before opening dubious attachments.

>>TIP Lower your profile. Ask to be removed from online directories--that is, unless you want everyone to have access to your name, address, and phone number. The site's privacy policy will usually tell you how to do this. For example, look at the policies for Switchboard and Anywho.

>>TIP Crumble third-party cookies. Some cookies make it easier for you to log on to your favorite sites or to purchase items; others can track where you surf. Use a manager like Cookie Crusher, or set your browser to block third-party cookies (ones sent from a source other than the site you're visiting). In Internet Explorer, select Tools, Internet Options, Privacy, Advanced; then set it to override automatic cookie handling and to block third-party cookies.

>>TIP Unsubscribe with caution. Some unsolicited e-mail is sent by legitimate groups that honor unsubscribe requests. But spammers use such requests to verify e-mail addresses--and send you more spam. How do you tell the difference? If the e-mail tries to drive you to a Web site, look up the site's domain registration on Whois. Does the record list a valid phone number and street address? (Most spammers use fake addresses or mailboxes.) Is it coming from overseas? (Many spammers operate offshore.) Is the administrator's e-mail address from a free account? (Legitimate businesses typically don't use them.) If you're still unsure, delete and don't unsubscribe.

>>TIP Get delisted. Tell the Direct Marketing Association to take you off its members' lists. You can do this for $5 online, or free via postal mail. This will reduce (though not eliminate) the junk mail, spam, and unwanted calls you receive, but you may not see a difference for about six months.

>>TIP Disapprove credit offers. Opt out of getting preapproved credit offers by calling the credit reporting agencies' toll-free automated line at 888/567-8688. You'll need to give your address, phone number, and Social Security number. This cuts down on junk mail and makes identity theft harder for crooks who might steal such offers from your mailbox.

>>TIP Get phone-smart. "List just your phone number, not your address, in the phone book," says Robert Ellis Smith, of Providence, Rhode Island, who publishes the monthly newsletter Privacy Journal. "It's free, and marketers aren't interested in you if there's no zip code attached."

Maximum Security

If you've ever been the target of a stalker or an identity thief--or worry that one day you will be--you're probably willing to trade convenience for confidentiality. These steps show you how.

>>TIP Scramble your messages. If you must send sensitive mail (such as salary details or trade secrets), encrypt text with free tools from PGPfreeware or Sigaba. To read such mail, recipients must also use these tools.

>>TIP Lock your files. When you lose your laptop or PDA, someone else is likely to find it; but if you encrypt your files, the finder can't get your data. CenturionSoft's $60 SoftClan E-Cryptor secures files on your laptop with 128-bit encryption; LinkeSoft's $19 Secret 2.7 shareware does the same for Palms; and Applian's $20 PocketLock program works with Pocket PCs.

>>TIP Protect your plastic. Call your bank, obtain a credit card with a low limit, and use it only for online purchases. If someone fraudulently misuses it, you can dispute the charges and close the account with minimum hassle. And consider getting "disposable" credit cards--numbers linked to your account that are valid for only a single purchase (see Home Office, January 2002).

>>TIP Don't get fresh. Let your data go stale, says Larry Sontag, author of It's None of Your Business. If you don't update address, telephone, or other personal data as it changes, he says, "your data will eventually grow old and obsolete."

>>TIP Be circumspect. Tony Soprano never spills the beans on a cell phone, and neither should you. Wireless communications are notoriously insecure, so never transmit sensitive data wirelessly from your PDA or laptop.

>>TIP Use a P.O. box. Rent a post office or private mailbox to help keep your address private and thwart identity thieves.

Contributing Editor Daniel Tynan has won numerous awards for his coverage of Internet privacy issues. For security-related utilities, go to our Downloads library.

Step-by-Step: How to Filter Out Spam

Suffocating under a landslide of spam? >>TIP Use your e-mail package's mail filters--they won't keep every spam out of your in-box, but they can reduce the volume. Here are directions for setting up e-mail filters in Outlook Express 6.x and Netscape Mail 6.1/6.2.

Outlook Express 6.x

1. Select Tools, Message Rules, Mail.

2. If you already have one or more rules, click the New button.

3. In the New Mail Rule dialog box, select conditions for applying the rule: For example, check the box next to conditions pertaining to 'Subject line'.

4. Select the action that you want the filter to perform: Check the Move it to the specified folder box.

5. In the Rule Description box, click the underlined phrase in 'Subject line contains specific words' and fill in text commonly used in spam--such as nude viagra sex money. Click OK.

6. Click the underlined word in 'specified folder'. In the Move box, select New Folder and type in a name for it (like spam-o-matic). Click OK twice.

7. Create a name for your rule, and click OK twice.

This rule should filter some of the spam you receive into a folder where you can examine it before deleting; check before deleting to be sure that you really want to trash the filtered e-mail. Periodically tweak the filter's keywords to catch more of what's clogging your in-box.

Netscape Mail 6.1/6.2

1. Select Edit, Message Filters.

2. Pick your e-mail account from the 'Filters for' drop-down list, and click New.

3. In the Filter Rules dialog box, name the filter, select Any of the following, and set the drop-down list buttons to Subject and contains. Click the text box to the right, and type keywords (like sex viagra IRS money).

4. Click the More button. Using the second set of drop-down list buttons, select Body and contains, click their text box, and type more keywords.

5. Under 'Perform this action:' select Move to folder and the appropriate e-mail account; then click New folder. Type a name, and set 'Create as a subfolder of' to the e-mail address. Click OK three times.

Check the spam folder daily for legitimate mail that may be trapped there, and delete the rest. Periodically tweak the filter rules to catch more spam.

Want more weapons to fight unwanted e-mail? >>TIP Consider an antispam utility such as SpamKiller ($30) or AvirMail (free). Their more-sophisticated tools include the ability to scan mail and delete spam before it reaches your computer.

Software: Net Toolbox

Here are our favorite products in four essential categories. Don't go online without them.

Antivirus: Norton AntiVirus 2002. Easy setup and automatic updates make choosing this package a no-brainer. $50

Cookie Manager: The Limit Software's Cookie Crusher 2.6. This shareware package makes crumbling Web cookies a snap. $15

Personal Firewall: Zone Labs' ZoneAlarm 3. Simple to use, highly effective, and free--what more could you ask for? Free

All-in-One Solution: Norton Internet Security 2002. A top antivirus package, an effective firewall, an ad blocker, a cookie manager, and more. $70

Take My Advice: You Don't Say!

>>TIP I don't have a second e-mail address just for spam. If I don't want a Web site to have my real e-mail address, I give the site an address that is completely fictitious. It just has to conform to the "aaa@aaa.aaa" format. The sites I've dealt with seem to accept it with no other quality check.

Whenever I shop online, I go as far as I can through the checkout screens using completely bogus information. For some reason, sites don't want to tell you the shipping fees and other costs up front. If a site won't tell me the bottom-line price before it requires that I provide personal information, I shop elsewhere.

--"Oddbit," who values privacy, Anywhere, USA

More Privacy Tips

>>TIP Update your antivirus software weekly.

>>TIP Don't give credit info to people who call you.

>>TIP Limit your e-mail address to friends and colleagues.

>>TIP Read privacy policies carefully; most require you to opt out.

>>TIP Don't give Web sites your friends' or family's e-mail addresses.