|
|
|
||||||||
INCLUDING CHILD PROTECTION
Gerard Bowles
©1997. Updated 4/15/00
I wrote this Web page to aid Internet users in safety issues, particularly the personal and small-business user. It might keep someone from acquiring your phone number, a map of your house, your children seeing something you wish they had not, and other communication safety issues. This page was the result of a request for me to speak on Internet safety by a computer group. On the Internet these issues change, and new issues develop on a daily bases. This is only a part of my own notes and experience on this topic. I am available to speak to a group on this and other Internet topics. I am also available as an analyst and strategy consultant. No part of this paper nor it's concepts may be reproduced without my permission, except for home use. This paper will be continuously updated.
|
1. Choosing a Password, and Password Form Information Requests 2. Personal Information About You On the Net 3. I Can Find All Your Web Pages 4. It's Illegal to be a "Imposture" for "Malicious" Intent 5. Buying On the Internet 6. Is Your Email Secure? 7. Viruses from Email and Other Downloads 8. Controlling Child Assess to the Web 9. Exposure to Offensive Material on AOL 10. Internet Relay Chat (IRC) 11. Explicit Adult Banner Ads, and Email for Children 12. Are Cookies a Problem? 13. Never Give Anyone On the Internet Your Password 14. Liabilities for Your Web page Content 15. Inadequacies in Internet Instruction in Schools 16. You Control the Internet 17. Links to Other Resources 18. About the Author and These Pages |
1. Choosing a Password, and Password Form Information Requests
Passwords are used to identify you and allow you access to many types of Internet activities including Web sites (like the NY Times), chat clubs, FTP memberships, and others. Within a year of Internet use you will find yourself with at least 10 passwords. Choosing your password is very important. When a hacker is trying to determine your password, the first thing he will try is your birthdate or similar information that can be found. Sprynet offers their members this guide to choosing a password:
"A password is considered an encryption system, but to make it work like an encryption system there are a few hard and fast rules you should follow:
Sprynet's little guide is very good advice in choosing a password. Password application forms often seek information that is unnecessary for the membership--often marketing information. This information is often passed on to a third party. Omit any information you do not wish to give. When you "submit" the form if you are notified that this information is required, decide if the price of this information is really worth the membership.
2. Personal Information About You On the Net
Don't use your last name in your ISP Internet account name, IRC nick, IRC finger, and elsewhere. If I have your last name, I can probably get your phone number, your address, and even a map to your house. Hackers can get more information that this. The only place I have my last name is the Email account I have for business, some of my business sites, and my resume. There are free Email accounts on the Web you can use for business, and also free Email accounts that automatically forward your Email to your ISP address. Do a Web search for these free services, or see the links below.
You can have your name, Email, phone number, and other information removed from some of the on-line, search engine databases, by using the "remove" or "change information" function in some search engines.
The Lexis-Nexis Database, called P-Trak controversy: News reached millions via. Email and newsgroups about P-Trak's personal information gathering and dispersing on the Internet. I will say a little about what it is, how it affects you, and how you can affect the database. P-Trak offers information to law enforcement, attorneys, and others about you. You can visit Lexis-Nexis statement about P-Trak and remove your name and information from the database at: http://www.lexis-nexis.com/lncc/p-trak/index.html . If you need to do this by mail, write and request you be removed to: P-Trak, PO Box 933, Dayton, OH 45401.
When setting up your Email software, you will see a place to put your name, do not use your full name. On many Email programs you can just leave this blank. The same applies to newsgroup reading programs.
If you have a child with a Web page, as so many children do, comb the page carefully for personal information. I have seen children's pages, including those linked to their parent's pages, that give a last name, what town they live in, what school they attend, etc. This is not a safe practice.
Threats: It is against United States law to threaten someone on the Internet. To find out more about this or, to report a threat, call your local F.B.I. office.
An amazing example: When researching a person in England, I discovered Web pages at Auburn University that included a picture of each student, their full name, and history. This is not responsible Internet use by Auburn. These pages should have been in the University's closed system, and should have not given more than a last name initial. It is obvious Auburn lacks a professional Internet use advisor.
3. I Can Find All Your Web Pages:
Some ISP's, have set up a guide for ANYONE to find all the Web pages you have stored on your account. Netcom is one, and I wrote them asking why they did this. The reply was they thought this was a service. Yes, it's a service that can allow snoopers to find out information about you. For example, you have your resume page, and your child's Web page, on Netcom. They can easily find both with only your account name, and combine information that can endanger your child. Some of the older ISP's, like Netcom, who offered shell accounts, still think they are offering a "community." This is outdated thinking (I am not Netcom-bashing, Netcom is a excellent service). AOL does provide a "privacy" folder for your Web pages, and this helps. Another solution is to let your child create their Web page on companies that offer free Web page hosting. Just choose one that promises not to allow adult banner ads.
Some ISP's claim they have a "secure server." They have implemented technology to deter intruders and give "secure transactions." There are levels of "secure servers," and these will not keep out very knowledgeable intruders. Transactions on these servers are fairly secure, if only due to the speed of the communications signal.
AltaVista search engine is now using a robot that combs the net to list ALL Web pages. This is different from some other search databases that requires that you register for your site to be listed. If you don't want your page to be listed with AltaVista and others that use a similar robot, AltaVista offers a guide to creating a script for your page and a text file to install at your site.
The robot protection script for insertion into your Web page is: XXXX NAME="YYYYYY" CONTENT="NOINDEX, NOFOLLOW". Put "META" (don't use the quotation marks) where the "XXXX" is, "ROBOTS" where the "YYYYYY" is (leave the quotation marks), and a "<" in the front, and ">" at the end of the script. This will protect you from some but, not all robots. Additional protection would include the robots text file AltaVista suggests or, to learn more about protecting yourself from other robots use the resource link at the bottom of this page. The robots are continuously updated, and this, like all information on the Web, might become dated, so I suggest further reading at these links.
4.It's Illegal to be a "Imposture" for "Malicious" Intent
Computing Laws (including networked computers) In accordance with the computer laws of most states it is fraud to "assume a false pose" ("pretender"), for the purpose of "accessing," "removing," "copying" or "transferring" computer-stored data ("information" and "documents") for the purpose of harming the owners of that data. It is also unlawful to "access" computer data for "malicious" intent.
5. Buying On the Internet:
The National Consumers League reported that Internet fraud reports tripled in 1997. The League offers Web pages for its Internet Fraud Watch which includes a list of the top 10 Internet scams. They include "General merchandise; Auction sales; Pyramids and multilevel marketing; Business opportunities and franchises; Work-at-Home; Prizes and sweepstakes; Credit card offers; and Book sales and Magazine subscriptions." See the links below.
When buying with a credit card on the Internet, look for an address and phone number. If the purchase exceeds $20, call the number. Make notes of the conversation and who you talked to. For a purchase over $20, it is usually best to send a check, or postal money order. For purchases over $400, ask if they have a business license, and check on the number. Another solution is to order the item C.O.D.
6. Is Your Email Secure?
Email is an unsecure form of communication. The best solution for sensitive data, text and graphics, is encryption and decryption software. Simple ones are available as shareware. More sophisticated systems are available for important data. The HelpLinks below can help you find more information on encryption, information on software and the software.
7. Viruses from Email and Other Downloads:
Before transmitting data, you are responsible for checking your data for quality, and for viruses, worms, Trojan horses or other destructive code. Failure to do so may make you liable for damage. If you are reported to your Internet Service Provider, you may lose your account, and with it your email address and Web pages. You should daily check all downloaded files for viruses to insure that your other files are not infected. Virus' and other contaminants can be checked by several products. Some are free and most are reasonably proceed. See Guard Dog and HelpLinks in the links below.
8. Controlling Child Assess to the Web:
I am not going to discuss access-control software for children at length, that is sufficiently covered in many areas of the net. There are at least eight software that control child access to Web pages. The software is based on the information the particular search engine database maintains, and/or the sophistication of the software in reading the page prior to access. Child access control software, or this service, is supplied for free by some Internet providers. At the bottom of this page is a link to an excellent site explaining how they work, and comparing their use.
On the other hand, institutions and many adults have Web pages that are not x-rated, but contain language, images or subjects not appropriate or not meant for children. For example, a discussion on education, abortion issues or, even some biblical topics that a child might not understand. The author may be concerned that children may access his or her pages. A popular approach is to hide (so the viewer does not see) words that would trip a child-access control software so the page is not accessed. I do not know of a study on the effectiveness of this approach but, there is a simpler approach for many types of Web pages. This would be to avoid words that a curious child, without child access software, might type into a search engine. A higher vocabulary could also help. I am not going to type in examples, that might attract a child, and bore the poor child to death.
9. Exposure to Offensive Material on AOL:
The greatest danger exposure to offensive language, sexual Web sites and email is on AOL's service. AOL makes many PR statements about their control of this material but, this is more PR than reality. It is true that AOL has put in controls to the access of many of their areas. However, these are not as effective as those available on the direct net including Internet IRC software, and Web control software. AOL's controls are also not user-aware. It's painfully clear that AOL's administrators are not AOL users, and seem to lack AOL experience. For example, when AOL implemented "Buddy Chat," the porn merchants took it over. It was not uncommon for anyone with a nick that might be interpreted as an adult, child or not, to receive instant "Buddy Chat" notices for porn sites. On Christmas eve, one responsible user counted over 200 of these uninvited porn notices. Most were from the same porn site. When the notice appeared, all the child would need to do was click on the link before them, and they would be transported to a porn site. Buddy Chat could be turned off but, only by turning off all Instant Messages--they way many friends communicate. It was thoughtless and irresponsible of AOL to implement this new service without first supplying separate controls to turn it off.
AOL chat users are also wide open to exposure, not only to rude and crude behavior, but illegal behavior. IRC Internet chat has controls for their chat rooms, so persons like this can be kicked out and banned from entering the chat room. AOL has no such controls. I was asked to come into a chat room and be a witness to a typical example. The troublemaker stated in their AOL profile that their goal was to cause trouble in chat rooms. "Intrusion" and "disruptions" are a stated AOL Terms of Service (TOS) violation. I saw this person using obscene language, and disruption. In the chat, the person admitted to previously using impersonation to obtain personal information about a woman in the room. And, in the room released personal information about the woman, and threatened others with a lethal weapon, even naming the weapon, and admitted to stalking. Threats and stalking are illegal activities. This person was reported to AOL, with a copy of the chat screen. Even days later AOL had taken no action, not even a notice. The incident, and the same proof presented to AOL, were reported to the Sheriff of the county and is currently under investigation. On the other hand, AOL's TOS administrators will terminate an account, without warning, for supposedly breaking an undefined and unwritten TOS policy. The TOS administrators will not explain the offense to the user. They can't, not when there are 300,000 others that could be terminated for the same reasons. This arrogant and condescending attitude, and naive and poor communications, is what makes AOL ineffective in solving most of their problems, particularly exposure.
While doing a history research I ran across a "hate watch" page (http://hatewatch.org/position.html) that contained the following: "On March 27, 1997 America Online made the decision to continue hosting the home page of the Ku Klux Klan Realm of Texas (http://members.aol.com/realmoftex/index.html), stating that the site and the ideas expressed therein were not "hateful or inciteful..." I visited this AOL KKK site, and found the above to be very true, and included race hate remarks. I would not want my child to be exposed to this page. I do not know any other ISP that would allow this group to reside on their server.
Overall, AOL is a great service. However, AOL could solve many of its problems by using more experienced administrators, find a more politically and philosophically appropriate (and cheaper) location for it's headquarters, renovate communication and TOS practices, and listen to it's users. AOL also seems oblivious to the resentment and disrespect for AOL that is created by it's TOS department. this department appears to operate in opposition to, and contempt for, AOL's other policies. To solve this problem they need to rename TOS, define the regulations so they are uniformly applied, review reactionary enforcement, and thoroughly clean the corruption in the TOS department by finding wiser and more mature policymakers and enforcers with better communication skills, and providing them with software similar to that used by Internet IRC chat operators.
10. Internet Relay Chat (IRC)
I recently used a script in Internet Relay Chat, to identify the interests of another user, and was shocked to find the user's real first and last name and email address. This is dangerous in IRC use and users need to know how to limit accessible personal information. When you first open an IRC client, (the software is called a "client") many will request you choose a "nick" (nickname), USERNAME, password, and real name. Choose your nick well, it will be the name friends will recognize you by. Do not use your name. The client will also request your "USERNAME." The USERNAME will identify you to the servers, operators and robots, particularly for membership. Keep it short, and don't change it. Your initials will work well. Next it will ask you to choose a password, this is not necessary for most IRC use and can be left blank. Next it will ask you for your "real name." Do not include this information. If filling this blank is required, just use a period.
The next area to check under preferences is CTCP and CTCP finger. Part of this information is your email address. I recommend you delete your email address if it is included. You can put information you wish to convey to others in both these spaces, much like the "profile" used by AOL members. However, few know how to access this information because of the lack of education in using IRC.
I do not recommend IRC's Efnet, Dalnet and Undernet for children. There is a new server just for children called "Kidlink IRC" although, I have not personally used it. According to Kidlink: "KIDLINK IRC is not connected to any of the other 'global' IRC systems like EFnet or Undernet. These IRC networks contain a huge number of users from all different ages discussing many topics to which we would never want to expose our children. KIDLINK IRC provides an excellent alternative, and provides an unique IRC environment..." I have the Web address for Kidlink IRC in HelpLinks below.
Hopefully, soon there will be other IRC organizations that operates just for children. If you have found one, still check the server's in your child's IRC software ("client") to make sure that is the only server listed. New IRC software includes servers, delete those that are not just for children.
Another solution to this is to get an AOL BYOA (Bring Your Own Access) account. This is only $10 per month if you already have an ISP, and AOL has child controls for their chat areas. However, AOL needs to create a chat division just for children, and another for teens. Access control would be easy, and only controlled by the master account screen name..
11. Explicit Banner Ads and Email for Children:
Banner ads that contain explicit, adult images can pop up on Web pages. Also, Email soliciting for X-rated sites is sent to EVERYONE. The solution here is to periodically check the kind of pages your child is accessing. For the Email problem, I suggest checking your child's Email once a day, before your child reads it. I am head of a new organization fighting these practices. If your interested in participating in this fight Email me.
12. Are Cookies A Problem?
Cookies are generated by a script on a Web page and sent to the visitor's computer, where it resides to record private information, web sites visited, online purchases, etc., and sends it back to the Web server. For example, in one "Christian family oriented" site, their first page attempted to download 28 cookies to my computer. Cookies help create marketing tools, whose funds help support the Internet. Unfortunately, cookies are becoming more and more sophisticated, and many worry they are invading our privacy. There are many paranoid articles written about cookies, usually by those who know little about the Internet.
If you don't want cookies, I have a few solutions. When using Netscape, you can change the setting to ask your permission before downloading a cookie. The window popping up is a pain though. A better solution is to get a cookie eater that deletes cookies from your computer. For a Macintosh, CookieMonster and PGPcookie.cutter are available for free in shareware sites (also see below). Cookie Cutter is available for both Mac and PC. If you are an AOL user, you can use a text program to read the "cookie.txt" cookie file. It is stored in your system folder/preferences/America Online/Browser Cache.
13. Never Give Anyone On the Internet Your Password:
I occasionally receive an Email from someone pretending to be an employee of one of my ISPs, requesting my "account verification" including password and other information. The address can look very legitimate. Remember that hackers can create a fake Email address. Never respond to such requests. For example, IBM Posted the following notice about an incident at their ISP service site:
"Important Notice Concerning Unauthorized Request for Personal Information"
"IBM has determined that an IBM Internet Connection Services account has been used to impersonate the IBM Internet Connection Services Billing Department. The email generated from the account was not originated or authorized by IBM and the claims made by the sender of the note are not factual. The return address on the email is notify2@ibm.net and it is signed James Henson, Chief Manager IBM Global Network in Billing Service Department. This person is not an IBM employee and has no authority from IBM to make requests for personal information. IBM has terminated this IBM Internet Connection Services account and is pursuing other appropriate actions. The email is addressed to IBM Internet Connection Services customers and requests the recipient to send back a reply containing personal information such as name, phone number, credit card name and number, and phone number of the bank that issued the credit card. We advise you not to send personal information to the return address of this email. If you have already responded to the email by sending the personal information requested, please contact immediately the financial institution that issued your credit card for more information on how to proceed. It is IBM Internet Connection Services' policy to only request personal information for billing purposes during the registration process or when a customer needs to update their credit card information using the Account Centeržs Update Credit Card function or directly with an IBM customer representative via phone when you have initiated the call via a published IBM help desk number. If you have additional questions, please submit our Request Technical Support form to send your question to Customer Care."
This notice shows IBM's concern for it's customers and contains good advice. This occurs on other ISP's of course. I do not know a single AOL customer who has not received at least one email similar to the above, or an Instant Message from a person pretending to be an employee requesting personal information or password. AOL posts warnings throughout their site.
14. Liabilities for Your Web Page Content:
This section cannot be complete for any legal topic. However, I will add court decisions that I find. For more complete information on any concern, do a Web search on the topic.
According to this ruling, you are not liable for inaccurate information from a third party on your Web page. At the same time, you cannot sue an online service provider for what is on their subscriber's Web page. In a April 22, 1998 liable suite against AOL for information published by one if it's subscribers on the subscriber's Web page (Blumenthal/White House Fellows vs. AOL), U.S. District Judge Paul L. Friedman ruled that the Telecommunications Decency Act of 1996 immunizes Internet service providors from civil liability. He stated in his 28-page ruling "Whether wisely or not, (Congress) made the legislative judgment to effectively immunize providers of interactive computer services from civil liability ... with respect to material disseminated by them but created by others." Friedman also wrote "for instant news, rumors and other information that is communicated so quickly that it is too often unchecked or unverified."
Is this ruling retroactive? In a Florida case a mother is suing AOL because pornography of her undeage son was being distributed in an AOL chat room in 1994 (AOL was warned, but let the trader stay online). AOL contends that Judge Friedman's ruling (above) and the Telecommunications Act were retroactive. (David Cassel, (destiny@crl.com) 04/23/1998, http://www.aolwatch.org)
15. Inadequacies in Internet Instruction in Schools:
In my experience, and a study of school and college programs, Internet use is not being taught adequately in classes teaching and using the Internet. This could create a PR nightmare for the institution, or even result in a lawsuit. This paper alone is insufficient to cover the potentially volatile topic of safety--just one issue at hand.
This is not the fault of the instructors. They are given a couple of seminars, and might even be casual users, and then expected to be able to teach the most complicated form of communication arts, with the greatest number of rapidly increasing issues, developed by man. Would they do this with biology, math, or other subjects? This is not the institution's fault. Who could have foreseen the speed of development or complexity of the issues?
Let's exemplify a responsibility issue in a worst-case scenario: The instructor teaches the student to use the Internet, the student goes home and relay's this instruction to his/her child, and the child is exposed to explicit images. Could the institution be a co-defendant for contributing to the delinquency of a minor? Stranger things have happened in a suit. Worse, the child could be abducted by someone from the Internet. This might seem farfetched but, perhaps not to the public who might ask: Was the student being trained to be a teacher? Isn't the Internet used in elementary schools?
Each institution should employ an Internet communications expert--and, I am not referring to technology. The ability of the student to function competitively in Internet communications and related fields can affect his or her success as a student, achievements after graduation, the reputation of the institution, and the economy of the area.
16. YOU Control the Internet:
According to government policy and Supreme Court rulings the Internet USERS should control their own Internet access. however, some help is needed here. User organizations have been formed for this purpose. You might want to visit the CyberCop site below. If you wish to take a more active stand, this author is a founding member of such a group. This group is different from others, and knows the process for encouraging changes in business and server practices. However, it won't work without a strong membership. If interested, email G. Bowles below, and find out how you can help.
17. Links to Other Resources:
U.S. Government, FTC Consumer Protection site, includes "Identity Theft," "Children's Issues," and "File a complaint online" links.
http://www.ftc.gov/ftc/consumer.htm
Harvard Law School's Berkman Center for Internet and Society site offers Internet news and issues
http://www.berkmancenter.org/
To learn about software to control children's access to the Web go to Chris Meek's C/net site at: http://coverage.cnet.com/Content/Reviews/Compare/Safesurf/
Internet news and resources: http://www.internet.com/
GoPlay is a free Email service, appears easy to use, and offers help if you've been spammed: http://www.goplay.com/home.html
This is a nice free Email service, and the address (yourname@usa.net) appears very business-like. It's slightly more difficult to use than others: http://www.netaddress.com/
Yahoo offers a free Email service: http://edit.yahoo.com/config/mail
Network Associates's security solutions, including PGPcookie.cutter: http://www.nai.com/
A popular virus protection program for the PC, that also protects your computer from Internet intruders is Guard Dog at McAfee http://www.mcafee.com/
National Consumers League, Internet Fraud Facts: http://www.natlconsumersleague.org/ifwfacts.htm
National Consumers League, Tips for Avoiding Internet Fraud: http://www.natlconsumersleague.org/ifwtips.htm
Click Here to Report
Consumer Abuse on the Net.
Additional Articles on Internet Use
17. About These Pages and the Author:
I have 9 years experience in advertising, 13 years teaching college mass-media communications courses while also a college administrator and advisor. I am currently an Internet communications consultant. Links to some of my other papers are located at: Gerard Bowles: Articles for Art Students and Resume..
The page was written October 19, 1997, and continually updated. It is written in minimum HTML to speed loading, reading, and minimize server space. The page was designed to be economically printed.
To Email page