Privacy Scams

As you'll see from the other articles in this section, there are genuine threats to your privacy on the Internet and your own PC. However, there are also many scammers that try to worry you about things that are usually not threats, often through alarmist ads that look like they are system warnings. Usually the come-on is to get you to buy their program, which may or may not solve the "problem" that they have identified. Let's take a look at a few of these scams and the real facts behind them.

"Your PC is broadcasting an IP Address" Ads

bad-ad

Have you ever seen an ad similar to the one at right? That sure looks scary. Nobody wants to be the target of an attack, so surely this calls for action. In reality, the best action is to ignore ads like this and avoid sites that encourage this kind of deception.

Whenever your browser requests a page from any web site, that web site needs to know where to send the page--it needs to know a return address. That's the purpose of the Internet Protocol (IP) address, and your computer sends out your IP address in every request you make over the Internet. It is a totally normal part of using the Internet. Look in the box below, and you'll see your IP address.

Your IP address: 162.158.79.151

For most people this will be your actual IP address. There is a technique known as proxying that can be used to prevent a web site from knowing your IP address. A proxy acts as a middleman, so that the address the web site sees is that of the proxy and not of your PC. Some ISPs use a proxy for all their customers, including some large ones such as America Online. The drawback is that these proxies can sometimes make your computer run slower than if a proxy was not used. Sometimes people use proxies to "anonymize" their browsing, but see below for some warnings about these services.

To enhance the scare factor, some sites will add "we know where you live" information that includes the name of your town or a nearby city. Again, this is not too difficult and generally is not reason for alarm. There are even free lookup services where you can find the geographic location of a particular IP address.

"Your browser is revealing information" Ads

As part of the normal conversation between a browser and a web server, the browser sends some basic information along. This usually includes the name and version of the browser, the version of Windows, and a few other mundane details. This information is not unique to your particular computer, and it won't help anyone tell who you are or where you live. Yet like the "you are broadcasting an IP address" ads above, these ads try to scare you into thinking there's something horrible happening to your PC. Here is the browser string for your browser:

Your Browser string:
CCBot/2.0 (http://commoncrawl.org/faq/)

This is just another attempt to frighten you so you'll fall for buying products and services you don't need.

"Security Scan" Ads

bad-ad

These ads try to convince you that they have detected serious problems with your security and (of course) the solution is to purchase their products to solve the problem. The image above is from of a series of ads that 180Solutions (an "adware" company) popped up over security-related web sites during April 2005. The ads were designed so they were very similar to the sites they targeted, using the same colors, fonts and layouts. There is no doubt that this mimicry led some users to believe that these windows were not ads, but instead were part of the site they were visiting.

Like the "Your browser is revealing information" ads, this ad says that the target system has Windows XP and this information could be used to hack your computer. The extra twist here is the CD-ROM test, which on some systems will open the CD-ROM drive door. Older versions of Windows Media Player allowed a web page to open the drive door, but this feature was removed in later versions. It does not indicate that a virus has taken over the system, but the warning that "you have just failed the first security test" may lead you to think so.

Beware of Anonymizing Services

As mentioned above, a proxy service can provide an extra level of privacy by preventing a web site from seeing your IP address. Some sites offer services for "anonymizing proxies" that not only hide your IP address, but also remove some cookies, browser information and script files that could be used by web sites to track your activities on the Internet. Although there are legitimate sites that provide anonymizing services, think carefully about any site you would trust to provide these services.

Be especially wary of sites that offer anonymizing services for free. What is your guarantee that the anonymizing service itself isn't tracking your movements across the Internet? They are in the perfect position to do that, since all your page requests go through their servers. Indeed, this research project shows the result of setting up proxy servers called "honeyproxies" to watch the shady activity going through their supposedly anonymous proxy.

Then there are the performance issues of anonymizing proxies. Sending all your web browsing through another server can make a fast connection seem slow, and a slow connection seem unbearable. The amount of performance degradation will depend on the performance of the proxy server, but broadband users will almost always get better performance with a direct connection.