It has become a cliche to talk about the "dangers of the Internet". Ever since its inception the Internet has been branded a safe haven for criminals, perverts, and nutcases of all kinds. Government agencies all over the world talk about protecting their citizens from the dangers of the Internet, about implementing censors in public schools and libraries, about controlling what information and access points their citizens have a right to see. [MENTION CHINA AND OTHER COUNTRIES THAT FIREWALL THE INTERNET.] Certainly, dangers do exist, and in some cases legislation may be necessary to prevent some abuses that do occur. Despite this, we do not need government or corporate intervention to protect us from the vast majority of the dangers. What we do need is to educate ourselves and each other, to be aware of the kinds of the dangers that are out there, to develop good habits when using the Internet, and to develop a sense of when a situation might be an Internet scam. People develop these skills over time -- through trial and error, by being exposed to the scams that are out there, and by being lectured by their Internet-using friends when they fall for a scam. In this section, we will give you a head start on your education. We will outline a few of the dangers that occur when using the Internet, and offer advice about how to protect yourself.
The main thing to remember about the Internet is that it makes communication cheap for all. This means that people without a lot of money or power can publish information and tell their stories to a worldwide audience. It also means that people can spread misinformation, and that a few dishonest people can use lies and tricks to take advantage of the gullible and the inexperienced more easily than ever before. Indeed, most Internet scams can be traced to the spread of misinformation: people try to convince you that they have secret information, that they represent an a bank or a Nigerian prince, that they have specially selected you out of all the people in the Internet, that they are sending you a really neat screensaver (that actually contains a virus) out of the goodness of their hearts.
Given all of the wonderful information out there on the Internet, it is not hard to understand why people fall for such lies. How can one distinguish false claims from true ones? There are some basic principles to keep in mind:
These principles will pop up again and again in the following sections. They are your first defence against getting ripped off.
Many lies and scams spread via e-mail. E-mail is almost free to send, and e-mail is one of the first applications new users of the Internet try out. E-mail is also an open protocol: anybody who knows your e-mail address can send you a letter, and it is not that uncommon to receive unexpected e-mails from strangers or people with whom you have lost touch. All of these features make e-mail a powerful, accessible form of communication, but they also make it easy for a few malevolent people to spread all sorts of lies, scams, and advertising.
In the following sections we will describe some of the threats that can end up in your INBOX, and how you can recognise and protect yourself against them.
Chain letters are messages designed to be spread to as many people as possible. They are usually innocuous -- in most cases the worst they will do is tarnish your reputation when you pass them on. They sometimes contain information about rituals to give you good luck, and sometimes contain hysterical warnings about imminent threats to your computer, your family, or the Internet. Some more sinister chain letters advise you to remove files on your computer to "remove viruses".
Unlike many other e-mail threats, chain letters are usually spread by friends and family members. The distinguishing characteristic of any chain letter is an instruction (or a threat) to forward the chain letter to everybody you know. As soon as you read an e-mail that encourages you to forward that mail to everybody else, alarm bells should go off: this mail is probably a chain letter.
In general, passing on chain letters is a great way to annoy your friends and loved ones. One way to avoid aggravating others is to keep chain letters you receive to yourself. Another way is to verify the authenticity of the letter's message before passing it on. This does take some time and effort, but you will be wasting the time and energy of your friends and loved ones if you forward a hoax on.
Here is a concrete example of a chain letter I received in 2002. It was sent by a well-meaning individual who was subscribed to one of the mailing lists I read. To protect the guilty I have cleaned up the e-mail and removed identifying information:
Subject: (fwd) virus
I just found out that we caught a virus through email. It's a
worm, that automatically sends to everyone in your address
book. It is not detected by Norton or McAfee anti-virus
programs. It sits quietly for fourteen days, before damaging
your computer system.
The directions are below, the bad part is that you MUST send
this email to all of the people in your address book because
if you found it in your hard drive, they get it automatically.
1. Go to Start, then Find or Search.
2. In Files/Folder, write the name jdbgmgr.exe
3. Be sure to search in your "C" drive
4. Click Find or Search
5. The virus has a teddy bear logo with the name
jdbgmgr.exe - DO NOT OPEN
6. Right click and delete it
7. Go to the recycle bin and delete it there also.
NOTE: IF YOU FIND THE VIRUS, YOU MUST CONTACT EVERYONE IN YOUR
ADDRESS BOOK WITH THESE DIRECTIONS.
As soon as I read this e-mail, I was suspicious. A number of warning signs jumped out at me:
As it turns out the chain letter was indeed a hoax. I learned this by visiting the Norton Antivirus website, which lists all of the viruses Norton knows about and had a page devoted to the hoax.
I also found information about the hoax by searching for the term "jdbgmgr.exe" on the Internet. This term (which is the name of the file we were supposed to delete) was distinctive enough that I quickly found websites devoted to this hoax. [MORE INFO. WHAT WEBSITES?] Since I trusted some of these websites already [MORE ABOUT THIS] I convinced myself that the warning was fake.
The person who originally forwarded this e-mail (to over a hundred people!) meant well -- he wanted to protect us from harm and warn us about possible damage to our computers. However, by spending a few minutes verifying the story before sending out the e-mail, he would have saved hundreds of people grief. In this case deleting the file in question caused little harm for most people. However, if the file had been some important system file, many people could have corrupted their Windows installations by following the advice he forwarded. By doing your research you gain credibility, so that if you ever receive real warnings you should pass on, your friends and family will believe you when they receive them from you.
One final word about this case study: after I discovered that the e-mail was a hoax, I wrote the sender of this e-mail a response. I told the sender that the warning was false, and I listed some websites documenting the chain letter. I also encouraged the sender to do his research in the future, and listed some websites to consult. Sometimes it is also worth sending this information to the entire list, but in general the original sender of the e-mail should send an apology and retraction if appropriate.
As you develop a critical eye and learn to identify chain letters better, you will be tempted to send scathing angry e-mails to the poor person who passed the chain letter to you. It is wiser to be polite, and to educate the sender so that he or she does not make the same mistake again. All of us start out as new users, and all of us make mistakes from time to time.
[WEBSITES AND RESOURCES FOR EXPOSING SCAMS?]Spam refers to unwanted, unsolicited e-mail -- e-mail you do not want and that you did not ask to get. Often, spam is sent by strangers trying either to sell you something or to steal your personal information. Spam is the junk mail of the Internet, and it is a huge problem that threatens the usefulness of e-mail as a means of communication. A huge proportion of e-mail transmitted on the Internet is spam -- at some ISPs [CITE?] over two-thirds of all mail received is spam. On a personal level, a large amount of spam can be overwhelming: some people receive a hundred spams a day. This is what makes spam dangerous: hidden in all the junk mail are messages (sometimes from strangers) that you want to read. It is sometimes tricky to distinguish spams from legitimate mail, so sometimes the real e-mail goes unnoticed and unread. Worse, sometimes you might mistake legitimate e-mail for spam, and delete it or run it through a spam filter (which makes it harder for the same e-mail to get to you next time).
Why is there so much spam on the Internet? There are two reasons spam exists on the Internet: e-mail is cheap to send and e-mail addresses are available on the Internet. Spammers depend on volume to make their profits: a spammer can send a hundred thousand e-mails to the world for a few hundred dollars [CHECK]. If a dozen people respond to the spam and purchase the spammer's product, then the spammer can make a profit. If a hundred people respond, then the profits can be large even though the response rate is tiny.
Being able to send thousands of spams cheaply is of little use unless you have a list of addresses to send the e-mails to, however. This is where the Internet comes in. Spammers and their friends harvest addresses that are posted on web pages, to newsgroups, on bulletin boards, and on many other locations on the Internet. Sometimes spammers can buy lists of e-mail addresses from shady businesses. All of these e-mail addresses can be organized into lists, which are then sold on CD-ROM. A spammer buys such a list, and sends the spams of the day to all the addresses on the CD-ROM.
Some of the addresses in a collected list are fake or no longer in use. For this reason, spammers value addresses that are verified as being active e-mail accounts. For this reason some spams are designed to verify e-mail address information: by responding to the e-mail (or in certain circumstances, just by opening it!) you verify that the e-mail reached you, and that your e-mail address is legitimate.
Here is an example spam I have received. There are many, many more: [EXAMPLE SPAM HERE]
Your goals in dealing with spam are threefold:
Unfortunately, you probably will receive some spam no matter how hard you try to conceal your e-mail address. Furthermore, the longer you keep your e-mail address, the more spam you can expect. How do you deal with it? Here are some simple tips that you can follow to reduce the amount of spam you get, and to deal with spam when you do get it.
The first and most important rule is to never respond to spam. The worst thing you can do is be tempted by the offers for cheap Rolex watches or prescription drugs. Not only does your response support the spammers' business model (thus encouraging them to sends millions of more spams to people all over the world), but many spammers are shady operators. Some of the products they advertise are fake -- they are frauds to get your credit card or banking information. Even if the businesses are legitimate, by responding to a spam you have demonstrated your willingness to support the business of spammers, and you can expect to receive many hundreds of spams in return.
Some forms of e-mail advertising are acceptable, but spamming is not. Don't support it!
Be careful of who you release your e-mail address to, and how your e-mail address shows up on the Internet. In general, you do not want to hand out your e-mail address to anybody you do not trust, and if you do give your e-mail address to an organization, you should expect to receive e-mails from that organization.
Unfortunately, many services on the Internet require the use of a valid e-mail address, so it is hard to avoid giving your e-mail address away to anybody. For this reason, some people use multiple e-mail addresses. They give one address only to close friends and family. They use a second e-mail address for legitimate bulk communication, such as mailing lists and web forum memberships. Some have more e-mail addresses which they give to organizations they do not trust, or which they use in situations where addresses are easily harvested.
The advantage of this approach is stability. Your private e-mail address can stay stable -- people will be able to contact you at that address five years from now, and still be able to get to you. The disadvantage is that you have to check multiple e-mail accounts for legitimate mail.
Some forms of Internet communication -- such as Usenet newsgroups -- are particularly prone to e-mail harvesting. For this reason people who communicate using such services often obscure their e-mail addresses. For example, if a person's e-mail address was: <mohammad@somewhere.org> that person might display their address as
mohammad at somewhere dot org
or
mohammadnospam@somewhere.deleteme.org
The goal of such tricks is to make it easy for humans to decode the real e-mail address, but to make it difficult for e-mail harvesters (which are usually computer programs) to do so. If you are sufficiently clever, such tricks can be useful. However, people usually provide instructions on how to decode the address in their newsgroup posts, and some techniques (such as adding the word "nospam" somewhere in the e-mail) are common enough that harvesting programs can recognise these e-mails as legitimate addresses. Obscuring your e-mail address can be a fun and useful trick, but it does not guarantee that your e-mail address will not be harvested.
Spammers have gotten sneakier about verifying e-mail addresses. A favourite trick is to send mails in HTML. HTML is a language used to format web pages, so the e-mail you receive looks like a web page, with pretty colours, graphics, and other doodads.
Many people reject HTML-formatted e-mail on moral grounds: they believe that e-mail is best left as a text-only medium. That aside, HTML e-mail provides a convenient way to check the integrity of your e-mail address. Spammers embed links to images (which are sometimes visible, sometimes not) into the e-mails they send. Each image has a unique identifier associated with the victim's e-mail address. As soon as you open the message, your e-mail client displays the HTML-formatted e-mail by fetching the image from the spammer's web server, which gives the spammer two useful pieces of information: that your e-mail account is valid and that you opened the spam e-mail.
Your best defence against such trickery is to refuse HTML-formatted e-mails. By default, the mail client Sylpheed will not display HTML-formatted e-mail. In general, you want to avoid opening spam e-mails at all.
A related trick does not require the use of HTML-formatted e-mails. Some e-mail programs support the use of [WHAT?] send verification. When you receive the e-mail and open it, your e-mail client sends a response to the sender that you received the mail. [HOW DO YOU DEAL WITH THIS? DOES SYLPHEED SUPPORT IT? WRITE MORE HERE]
Maybe the most popular solution to dealing with spam is to filter it out. A spam filter is a program that looks through your e-mail and tries to separate the e-mail you want from the e-mail you don't. Many spam filters are able to learn about the kinds of e-mail you receive to make their filtering better.
Good spam filters can eliminate almost all the spam sent to your INBOX. If you use web-based e-mail, you probably have a spam filter installed already. If you have the option of marking messages as spam to train the filter, you should use it. The e-mail program Sylpheed [DOES NOT HAVE SPAM FILTERING YET! YIKES!]
The problem with spam filters is that they can be too aggressive, and sometimes they label e-mail you want to keep as spam. Most spam filters sort the mail they think is spam into another folder. In theory you are supposed to go through that folder periodically to look for mail that is not spam. However, this is easier said than done; the best approach I have found to this problem is to look through the spam folder every day.
Eventually, people will find a workable solution to the spam problem. If we are lucky, this solution will keep e-mail cheap and accessible while preventing its abuse. In the meantime, spam is prevalent; your jobs are to prevent it from ruining your e-mail experience and to avoid getting hurt from the truly malicious frauds.
In addition to text and HTML, it is possible to send arbitrary files to others via e-mail. These files are called attachments. In office environments, people sometimes send each other copies of documents via attachments. At home people sometimes send photographs via attachments. These uses can be useful, but attachments have two big disadvantages:
Both of these situations result in aggravation and lost data, and Windows users are particularly vulnerable to the threats attachments pose. For these reasons, you need to treat attachments with caution. If you are thinking of sending attachments to others, a good strategy is to send two e-mails. In the first e-mail, you tell your recipients the attachment you plan to send and how large it is. This will tell them to prepare for your attachment (or to send you a response asking you not to overflow their accounts by sending the mail). The second e-mail you send should contain the attached data. [PICTURE?]
Similarly, you should be cautious of opening any unexpected attachments. If you receive an unexpected attachment from a stranger, you should be very suspicious. If you cannot figure out the reason somebody would send you the attachment, you are better off not opening it. If you trust that the person who sent you the attachment is legitimate (as opposed to a spammer using a fake e-mail address) then you might ask the sender what the attachment is and why it was sent to you. If you don't trust that the person is legitimate then you should discard both the e-mail and the attachment without opening it.
Unfortunately, you cannot even trust attachments sent by family or friends. Some worms are spread through e-mail. Once a victim e-mail account becomes infected the worm sends copies of itself to everybody on the victim's addressbook. If you are on the addressbook of somebody who has been infected, you will receive an e-mail containing an attachment, which in turn contains the worm. This is yet another reason to ask whether the attachments you receive are legitimate when you get something unexpected. [ARE THESE VIRUSES OR WORMS?] [EXAMPLE OF MALICIOUS ATTACHMENT]
In addition to notifying senders of unexpected attachments, there are a few other ways people protect themselves. One is by running attachments through virus scanners. Currently we do not ship our computers with virus scanners, largely because there are currently (in 2004) almost no viruses targetted at Linux. [SO WHERE CAN PEOPLE TURN?]
The other step that people take is to verify that the attachment's name matches its type: that JPEG picture files are actually pictures, that ZIP files are actually archives, and so on. The file command is very useful for determining the true nature of a file. [WHERE? PUT THIS IN SYLPHEED]
Although attachments can be useful, there are generally better ways to transmit data files to others. If you have a website and the data is not confidential, you can post the data to your website, and then send people the location of the file via e-mail. If your data is more confidential then you could encrypt the data, or use other file transfer methods. If your data is confidential then you may not want to transfer it via e-mail anyways: e-mail is notorious for being less private than many people think.
The rule of thumb when dealing with attachments is that nobody should ever receive an attachment unexpectedly. If you practice this rule both when sending and receiving attachments, you reduce the risk considerably.
Phishing is a form of fraud where unscrupulous people try to obtain your personal and financial information by posing as businesses or other authorities. The term is derived from "fishing" -- the scammers cast their nets of convincing e-mails hoping to catch unwary e-mail users.
Phishing scams are scary because they can be fairly convincing. Consider the following example:
From: "eBay" <Billing@eBay.com>
Subject: eBay Account Verification
Reply-To: Billing@eBay.com
Dear valued eBay member,
It has come to our attention that your eBay Billing Information
records are out of date. That requires you to update the Billing
Information If you could please take 5-10 minutes out of your
online experience and update your billing records, you will not
run into any future problems with eBay's online service.
However, failure to update your records will result in account
termination. Please update your records in maximum 24 hours.
Once you have updated your account records, your eBay session
will not be interrupted and will continue as normal. Failure to
update will result in cancellation of service, Terms of Service
(TOS) violations or future billing problems.
Please click here to update your billing records.
http://www.eBay.com/verification/%?6488820019
Thank you for your time!
Marry Kimmel,
eBay Billing Department team.
As outlined in our User Agreement, eBay will periodically send
you information about site changes and enhancements. Visit our
Privacy Policy and User Agreement if you have any questions.
Copyright 2004 eBay Inc. All Rights Reserved. Designated
trademarks and brands are the property of their respective
owners. eBay and the eBay logo are trademarks of eBay Inc
At first glance, this e-mail looks convincing, even professional. If opened in a graphical HTML-capable mail reader, the e-mail looks very much like the real eBay site, because the scammers stole graphics and text from that website to include in their e-mail.
This mail becomes even more convincing when you consider that eBay (a popular online auction site) communicates with its members via e-mail.
Nonetheless, this e-mail is not legitimate. It is a scam. The link labelled http://www.eBay.com/verification/%?6488820019 actually directs you to http://64.156.26.4/*goldtraders.com/httpdocs/eBay/. This website (which also looks legitimate) contains a form that allows you to enter billing information such as your credit card information. Once you have submitted your information it goes straight to the scammers, who can then make purchases and bill them to you.
Other common phishing scams include banks and online payment services such as PayPal.
How can you protect yourself against such scams? Your first defence is skepticism. If you are not a member of the service in question, then you clearly should not be receiving it. If you are a member of the service, then your job becomes harder. A good first response is to ignore the e-mail. If it turns out that your account is really in danger, you should receive followup e-mails.
Your second defence is to understand that e-mail is an insecure medium. It is easy to hide your identity and pretend to be somebody else. For that reason, no reputable online business will ask you to submit sensitive information by e-mail. If any e-mail asks you for your password, or credit card information then that e-mail is almost certainly a scam. In fact, alarm bells should go off if you receive any e-mail that asks you to submit personal information of any kind.
Your third defence is to avoid the use of HTML e-mail. The scam above only works if the user clicks on the link in the webpage. If a user copy and pastes that link into a web browser, the scam website will not come up.
Before taking any action, you need to do your homework. In this case, this would include the folliowing:
The e-mail itself contains some clues that should alert you that it may be a scam:
The following sentences are very strange:
If you could please take 5-10 minutes out of your
online experience and update your billing
records, you will not run into any future problems with eBay's
online service. However, failure to update your records
will result in account termination.
The phrase "If you could please take 5-10 minutes out of your online experience" rings false. It does not sound like corporate language. It sounds as if it is asking you for a favour.
Contrast this with the next sentence, which wields the big stick: if you do not do this favour, your account will be terminated! This dire consequence immediately exposes the scam. For the crime of not updating your information, eBay will cancel your service, thus losing your business and putting you into a bad mood? Furthermore, they will not send you further warnings, and provide no deadline for updating this information? Given that eBay wants to keep your business, this makes no sense.
In general, you should be suspicious of e-mails that threaten you with suspension of your accounts -- especially if they don't identify you by name.
The biggest hint in the e-mail is that the link advertised in the e-mail does not match the actual link, and the actual link does not go to a website on ebay.com. Any link that redirects you to a website location that does not match the website of the service in question is an instant tip-off.
Note, however, that some scammers are becoming clever about this as well. For example, a common Citibank scam points you to a website on citibank.com, which was run by the scammers. The actual Citibank site is citi.com, but you might not recognise that immediately.
The key to spotting fraud in these e-mails is to wait and use your head. Pause, take a deep breath, and read the e-mail carefully and critically. Take some time to think about the mail before responding to it. Check with computer-savvy friends to get their opinions as to whether the e-mail is fake or not. Look on the Internet to find information about whether the e-mails are scams. If you are still unsure, contact a real person (preferably by phone) working at the company and verify that there really is some problem with your account. Scammers depend upon your ignorance to make their money. With a bit of vigilance you can do a pretty good job of protecting yourself.
The World Wide Web offers many of the same advantages as e-mail, and many of the same threats. The Web is easily accessible to anybody with Internet access, and it is fast and cheap for individuals to publish information on Internet servers. These are great strengths: for the first time in history, we can gather information and listen to stories published by ordinary people from all over the world. At the same time, the Internet makes it easy for people to publish lies and misinformation. As always, protecting yourself against such threats involves being aware of the threats, being skeptical, and using good judgement.
In the following sections we will outline a few dangers of the Internet. Much of the advice outlined in the section on e-mail [REF] applies when surfing the Web as well.
Many, many websites ask for personal information in order for you to access their services. Pretty much any online service will require you to enter a valid e-mail address. Some services go further, demanding that you enter phone numbers, names, home addresses, or financial information. Sometimes giving up this information makes sense, and sometimes it does not. For example, it may be reasonable to give credit card information to a business when making a purchase, but giving the same information to an e-mail update service is just asking for trouble.
When you have submitted your personal information, it may be put to many uses. Usually it will be filed in a database somewhere and stored in perpetuity. Some businesses collect information about their customers and use it to gather marketing information. Often organizations will use e-mail addresses to shower you with updates and product offers, and some organizations will sell lists of contact information to others.
Once you have released your personal information, it can be very difficult to regain your privacy. I once made the mistake of releasing my e-mail address to an online music service. I am still receiving spam e-mails from that service and the organizations to which it sold my e-mail address.
It is well worth carefully considering the information you are willing to share with others. Here are some questions to ask when somebody is asking you for some information:
Many websites publish privacy policies which provide some of the answers to these questions. A privacy policy should tell you what information the website collects, whether they identify you personally (and if so, how), and how they use the information they collect about you. Keep in mind that a privacy policy alone does not protect you; without some way to enforce the policy it is nothing more than a set of promises.
Many websites use cookies to keep track of information about you. A cookie is some information issued by a website and stored on your computer for retrieval later. Some cookies keep track of how many times you have visited the site. Others keep track of your status on the website -- if you ever log into a website, a cookie is almost always used to keep track of your identity and your login status. When making online purchases, cookies can keep track of who you are and what purchases you have made. The web search engine Google keeps track of all the searches you ever made using cookies. In general, cookies transmit information to website about you and your surfing habits.
Sometimes, cookies are necessary to use a website properly. For example, it is difficult to log into online mail services without cookies. In some ways, however, cookies are a privacy threat. Even when they do not identify you by name or e-mail address, they can collect a wide range of information that reveals a lot about your online habits.
Unfortunately, it is hard to restrict the use of cookies when using the Internet. Most web browsers provide ways to manage cookies. They allow you to see what cookies are stored on your computer, and give you the opportunity to delete them. Some browsers allow you to confirm each cookie you receive, or to reject cookies completely. Both of these approaches have problems. Confirming each individual cookie quickly becomes aggravating because so many websites use cookies. (It is an excellent exercise to carry out if you want to get a sense of how widely cookies are used, however.) Rejecting all cookies is better for your privacy, but then you will be unable to use certain websites. A good middle ground is to disable cookies by default, but then enable cookies coming from the websites you need to login to. [WHAT DO OUR WEB BROWSERS DO? HOW DO THEY DO IT? PROVIDE INSTRUCTIONS AND A TUTORIAL.]
The Internet makes it easy to download all sorts of goodies to your hard drive. In many cases these goodies are harmless, but you should treat Internet downloads with the same caution you treat e-mail attachments.
Some web browsers ask you whether you wish to download or save strange files off the Internet. [SCREENSHOT] You almost always want to save these files to your hard drive instead of running them from your web browser.
One point to remember from a Linux perspective is that many executable programs you can download will not run in Linux. Sometimes this is a pain but often it is a blessing in disguise. Executable programs are more likely to contain viruses and other nasties than other things you download from the Internet.
As always, use your judgement. If you are not sure where an Internet download came from or what it is for, you may want to think twice about running or viewing it on your computer.
Many people overestimate their anonymity on the Internet. They think that -- so long as they never reveal their real names -- the things they say cannot be traced back to them. In many cases, the opposite is true: when you use the Internet you leave traces everywhere you go. The identity of your computer is logged at each Internet site you visit. Cookies keep track of your surfing habits. E-mails contain header information that can be traced back to your ISP and ultimately back to you.
The other aspect of the Internet that catches people by surprise is that information posted to the Internet stays there permanently. Search engines make copies of websites (called cached copies) to help them index information. People run archives to keep track of old websites. Newsgroup posts are archived in perpetuity. A single embarrassing photograph might be downloaded by thousands of Internet users, and reside on their hard drives for years and years. In general, information just does not disappear.
For these reasons, when using the Internet I make the following two assumptions:
These assumptions are less paranoid than they sound. Although it is possible to make your communications mostly secure, doing so is not a trivial task. Although it is possible to prohibit search engines from accessing the data you post online, you have no guarantees that somebody has not made a copy of the data and is distributing it to others. Furthermore, in the future it will become easier -- not harder -- to associate people with their data. It is totally conceivable that employers will carry out online background checks before making hiring decisions. This could affect your employability either way; an online history that demonstrates you are a good worker and a team player could make it easier for you to get hired, while an online history that gives employers a negative impression of you could make your life difficult. For this reason alone it is worth being careful about your online activities.
Even ignoring the actions of hypothetical employers, it makes sense to behave well on the Internet. Internet communities are like schoolyard playgrounds; if you earn a reputation for being a bully, nobody will want to be your friend.
The Internet provides many opportunities for learning and sharing knowledge with others, and for socializing with other people who share your values and interests. It would be a shame to let the fear of your online record prohibit you from taking advantage of what the Internet has to offer. The thing to remember is that you are as accountable for your actions on the Internet as you are anywhere else; you should be prepared to stand behind what you do and say to the same degree.
Here are some tips and pointers to help you maintain your online reputation.
Be careful how you interact with people. If you would not insult a person face-to-face, do not do so online. Be especially careful when you are angry; if you make some rash or hurtful statement online, it is not easy to retract your words. The best policy to take when you are angry is to step away from your keyboard for a while and calm down.
Civility is always the best policy when conducting online communications. People enjoy calling each other names online, but such behaviour ruins the atmosphere for everybody except the combatants.
Respect the rules and conventions of the communities in which you participate. If people tend to use proper English grammar in their communications, you should as well. If people avoid profanity or explicitly sexual phrasing, you should as well. If the group is focussed on a particular topic, you should be wary of posting off-topic material. If you post something that others find offensive or inappropriate, be humble and respect the dictates of the community.
This advice is particularly important when you are first joining an online community. After you have participated for some time you get a feel for what conventions you can break and which ones you can't.
An excellent rule of thumb is to "lurk before you post". Lurking is the practice of paying attention to an online community, but not posting anything. Lurking is a good way to learn about the rules and social conventions of the community before contributing to it.
Some people take great delight in trolling -- visiting online communities and deliberately aggravating the members there. For example, some goofballs enjoy visiting vegatarianism sites and harassing the members there about their hypocritical eating habits. They insult the members and ask inflammatory questions, then hide behind their rights to free speech when confronted about their rude behaviour.
These goofballs don't really care about the answers to their questions. They are not driven by curiosity or a desire to help their fellows. Rather, they are interested in making people upset for ideological reasons. Don't be one of those goofballs. Disagreeing with the views of others is no crime, and dissenting points of view can add a lot of quality to online discussions. However, confrontational behaviour rarely changes people's minds. If you wish to express your dissent, there are psychologically more effective ways to do so than trolling.
Disagreement and miscommunication happen frequently online. Sarcasm and humour are often misinterpreted as insults. When people misinterpret your words, be gracious. Make amends and don't be afraid to apologise.
Accept that sometimes people will disagree on fundamental principles, and refuse to let those disagreements get in the way of your interactions together. It is not always easy to get along with people who do not share your values, but in the end it can be very rewarding.
If you feel the need to chastise or correct other people who are misbehaving, it is worthwhile doing so using more private forms of communication. For example, if you participate on a web forum and somebody is behaving in appropriate ways, you might consider sending that member a private e-mail or instant message to (civilly!) let the person know that their behaviour is inappropriate. Chastising the person on the board will sour the atmosphere of the community and will often make the offending member hostile. Nobody likes getting criticised in public.
Keep confidential information confidential. If you spill secrets others have entrusted to you, then you will gain a reputation as one who cannot be trusted with secrets. This is particularly important when dealing with sensitive corporate information.
On the other hand, sometimes you need to reveal sensitive information. For example, keeping certain secrets might endanger the well-being of others. In such cases you should be very careful of how and to whom you reveal this information.
Stand behind what you say and do. If you would be ashamed of admitting your online actions to others, then you should reconsider your actions (and maybe your shame).
Be careful about spreading misinformation. If you are unsure about whether some fact or figure is true, admit it. Better yet, check your facts before you spread them. The Internet makes it so easy to find information that it is rapidly becoming expected that people back up the claims they make.
You would be surprised at how frequently people forget some of these common sense rules. It is especially easy to get into trouble when one is involved in a heated, emotional debate. At these times, be particularly careful of your actions.
The Internet is just a network of computers connected together. When you go online to surf the Internet or read your e-mail, your computer becomes part of that network. Your computer is intended to be a client -- a computer that retrieves data from other computers. For the most part it is not intended to act as a server -- a computer that provides information to other computers. In fact, it is possible to reconfigure the software on your computer to act as a server.
One danger of being online is that people use your computer as a server when you don't want them to. These people gain access to your computer, and then take over its resources. They might run strange programs on your CPU. They might store illegal data on your hard drive. Or they might use your computer to commit all sorts of shady activities, such as relaying spam to other computers. People who break into other people's computers are popularly known as hackers, but many computer geeks discourage the use of "hacker" to mean "computer criminal". They prefer the term cracker, because crackers try to "crack" the security on your computer system. Cracking has always been a problem on the Internet, but with the increased use of high-speed Internet access it is becoming even more widespread. Unfortunately, computers running Linux are generally more attractive targets than computers running Windows.
The field of computer security is huge, and securing computers from crackers is difficult work that requires vast knowledge and focussed paranoia. No computer on the Internet is 100 percent secure from cracking; the best we can hope for is to keep the risk of cracking low.
We have preconfigured your computer to eliminate some risks. We have included a firewall and limited the ways others can access your machine. [LINK TO MORE DETAILED INFORMATION?] In addition, there are some good habits you can develop to keep the risk low:
Disconnect your computer from the Internet when you are not using it. [HOW?] An easy way to do this is to unplug the network cable from your machine when you are not using the Internet. Another method is to physically power down your machine when you are finished using it. A third way requires the use of the superuser account: for details see [WHERE?]
The less your computer is connected to the Internet, the fewer opportunities others will have to find flaws in your machine's security.
Some people advocate leaving your computer on at all times to increase the computer's lifespan. I disagree with this position. In addition to wasting power it leaves your computer vulnerable to blackouts and power surges.