The Internet provides little assurance of privacy or confidentiality.
The use of firewalls, anonymizers, and encryption can help
mitigate the risks. Major considerations to keep in mind are
There are thousands of rogue actors and infected computers
machines across the Internet at any given second. These bad
apples are almost certainly trying to get control of your machine
through any security fault or unpatched module they can find.
Fortunately, their communications are fairly straightforward
to trap, since by definition they are unsolicited -- it is
easy to tell the difference between a packet from a website
you just accessed from a probe from some site you never heard
of before. The technological solution to this threat is called
a "firewall", a program that monitors all communications
and traps all illicit packets. Most operating systems now come
with a firewall preinstalled. However, some, such as the Windows
firewall, only block suspect incoming communications, leaving
completely open access to the Internet from your machine.
This is a barn-door sized hole that is eagerly used by almost
every program you have on your computer to contact the home
company for all sorts of reasons ranging from automatic checking
for updates to transmission of usage metric data for their
own proprietary purposes. The solution to this is a third party firewall that
protects both incoming and outgoing communications. The free
version of ZoneAlarm is
Surfing leaves tracks. There is little privacy
or confidentiality on the Internet. Websites can track your
surfing on their site by IP address and
related system information, including system names and Internet
network addresses that often uniquely identify your computer.
Search engines generally record your queries together with
your computer identification, building up a profile of your
interests over time. To minimize these threats, you can turn
your default browser settings to exclude cookies,
since they can be used to build up detailed profiles of your
surfing patterns over time (advertising sites with presence
across different sites). You can also use networked or single-point anonymizers to
obscure all your computer's local identifying information and
obtain the maximum available Internet privacy.
Posting is public. When you post anything
to a public Internet newsgroup, mailing list, or chat room,
you generally give up the rights to the content and any expectation
of privacy or confidentiality. In most countries, anything
you post to a public space can be saved, archived, duplicated,
distributed, and published, even years later, by anyone in
the same way as a photograph taken in a public space like a
city park. If you have ever posted anything to the newsgroups,
you might find it interesting to search them
now for the email address you
used at the time, which is one reason you should disguise your email
address when posting to the Usenet newsgroups.
Personal data is cross-referenced. If you
give a site personal data like an email address, home address,
phone number, birth date, or credit card number, be aware that
the information can be easily cross referenced by a range of
large service companies to assemble a detailed database of
your buying habits, surfing patterns, and interests. And it
usually is. If you do give a site personal information, it
to see how confidential they promise to keep it.
Tap, tap. Without speculating on who or why,
Internet communications interception is technically easy to
do at any of the perhaps five and twenty-five routers through
which your packets are switched on
the way to their destination. Software taps are easy to add.
Direct physical interception through tapping into copper network
cable near a house or in a switching station is straightforward
with inexpensive equipment, and enables an eavesdropper to
copy all of the traffic that passes over the line. Radio frequency
interception of the traffic on copper lines is possible. Tapping
into fiber optic line is more difficult, usually requiring
a high angle bend to get a bit of light leakage, but is also
technically possible. Encryption is
the only sure solution.
Governments can do anything. Many national
governments are large enough with enough resources that they
can and do intercept Internet
communications. However, because of the volume of information
if for no other reason, you can be reasonably assured that
no-one is taking the time to look at your specific Internet
packets unless you are connected to an investigation.
The bottom line is that you have little privacy or confidentiality
on the Internet, and unless your communications are encrypted
and/or anonymized, you should assume they can be read by others.
At the same time you need to make a realistic threat assessment
depending on what you are doing -- how much do you (or others)
Resources. The following references provide
3924; F. Baker; B. Foster; C. Sharp; Cisco Architecture
for Lawful Intercept in IP Networks; October 2004.