Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don’t intend to be public. You may think of sitting in front of a computer as a private experience, but at some level your activity can be traced. There is always the chance that information you send over the network, or store on a network server, could fall into untrustworthy hands.
As an experiment, see what happens when you search for your name in a search engine. You might be surprised at what appears. If you have a common name, try a search that also includes Cornell, the name of your hometown, or other words that might narrow the search. You should also try different versions of your name.
Any web site you maintain, blog you write, or pages on social networks you set up, like Facebook or MySpace, could give away too much information. You can limit who has access to your information on social networking sites, but people often wind up with a very large circle of “friends,” including people you meet in passing or exclusively on the Internet. Not knowing exactly who you are sharing your information with means you could open yourself, or someone close to you, to harassment and threats.
Online information about you can also make it easier for someone to steal your identity, or set you up for some sort of scam. For example, if you write about plans for an upcoming vacation on a blog or social networking site, you could be telling a thief when to burglarize your home.
You are also at the mercy of how well these sites are protected. On several occasions, programming errors have exposed people’s information on social networking sites.
Where you go and what you do on the Internet today says a lot about where you’ll go and what you might do on the Internet tomorrow. Since this is the case, businesses take significant measures to track everything you do while you are using the web. At a minimum, they may be tracking when you arrive, what you click while you are there, and when you leave. When you shop on the Internet, every time you buy something, it’s comparable to swiping a customer loyalty card at your favorite store.
Reputable companies make their privacy policy available, and it is worth reading. One common practice to watch for is when a business gives you the option to let “selected” third parties send you valuable offers. This means they are going to sell marketing information about you to other companies. Often, you will need to uncheck a box to opt out.
Companies, whose business is to understand the needs and wants of consumers, use a variety of market research techniques to do so. Your privacy can be at risk when you participate in surveys, online communities, focus groups, and other types of market research. To participate, you typically enter into an explicit agreement with a research firm, sometimes in exchange for some sort of reward. Reputable market research firms will be upfront about exactly what information they will gather and what they will do with it, and will provide you with a privacy statement.
For some types of market research, the firm needs special software to be installed on your computer to better track your activities. Do not install such market research software on any computer that you also use for Cornell business.
Market research software gives the market research firm and its customers potential access to everything you do on your computer:
Be particularly wary if you are asked to install software, even if it appears fairly harmless. And, read the end-user license agreement (EULA – the legal statement that you agree to before you can install the software) to assess their actual intentions. Generally, references to market research in a EULA are a red flag.
The fine print in the EULA will probably grant fairly broad access to your computer and your activities, with surprising latitude in what can be done with the information collected. Because of this, people often refer to market research software as “spyware.”
Cascading EULAs are of particular concern; these include EULAs that grant access to a third-party, which in turn can grant access to a third-party, and so on. In this case you could be legally granting access to your computer for multiple unknown parties.
The following diagram, provided by the US Computer Emergency Readiness Team (www.us-cert.gov), illustrates the problem:
For a list of what you can do to protect yourself, download Software License Agreements: Ignore at Your Own Risk, a PDF.
