You’ve seen how important information is in today’s
society. Businesses depend on it to produce and market the right
products and services to consumers. You depend on accurate
information to make informed decisions. However, while it’s
important to share information in an Information Society, you also
must know when not to share and even when to protect certain
information. In this section we’ll show you how to find out what
information Web sites collect from you as you surf the Web
(cookies) and how you can stop this from happening. We’ll also
discuss how you can make sure you are protecting your information
(encryption) when you do want to share it with certain people.
Finally, we’ll look at ways companies are trying to make it
easier for you to both guard and share your information with them
(identity services). Cookies A cookie is a small text file containing
information about you that’s stored on your computer’s
hard drive. As you surf the Web, Web sites write cookies to keep
important information about your preferences on their Web site. In
Chapter 4 you learned how Amazon.com uses cookies to personalize
your Web surfing and purchasing at its site.
Personalization on the Web is the process of
customizing a Web page or series of Web pages according to a
customer’s preferences. Experts disagree on how much personal information is available
when cookies are written to your hard drive. In most cases, Web
sites can only access cookies that they’ve written. There have
been cases of larger companies tracking users’ movements on
the Web with cookies from banner ads. You should at least be aware that there’s potential misuse
of cookies. To see the cookie files on your computer, do a search
for the word "cookie" on your computer. More than likely,
you’ll find a folder called Cookies in Documents and
Settings/UserID/Cookies. This is where Internet Explorer stores
your cookies. Netscape Navigator has a file called
cookies.txt. Surprised at what you found? Many people are. Here are some
links to help you decipher cookies and learn more about how to
delete or control how your personal information on cookies are used
by Web sites: - CookieCentral: The
premier Web site to learn about cookies and download programs to
help you control your cookies.
-
Cookie Software: More programs to help you control cookie
use.
- JavaScript
Cookies: If you’d like to write cookies, take a look at
these JavaScripts.
- Programming
Cookies: A tutorial on how to use cookies on your Web
site.
- The Cookie FAQ:
Frequently asked questions about cookies and what they can do.
Encryption Cookies send information over the Web in plain text. Anyone who
can get a cookie can read what’s in it. However, sometimes
you’ll want to make sure that only certain people can only
read information you send over the Web. For example, when you
purchase a product during an e-commerce transaction, you want only
the credit card company to be able to read your credit card
number. To protect information sent over the Web, you need to use
encryption. Encryption is technology used to hide
information and make it secure. We discuss encryption in Chapters 4
and 7. Two technologies most used for encryption are Secure Socket
Layers (SSL) and Pretty Good Privacy (PGP). Let’s take a look
at each. SSL When sending sensitive information over the Web, you’ll
want to make sure you have a secure transaction. A secure
transaction uses specific protocols to transfer sensitive
information. SSL is a technology used to protect your information on many Web
sites. You can tell when SSL is being used because the "lock" icon
will appear locked on your Web browser. You can double click on the
lock icon to find more about the security level and the site’s
certificate. This certificate lets you know who will handle the
transaction. You should also check for secure transactions using
SSL and certificates before sending personal information to a Web
site. Otherwise, hackers can intercept and read your information.
To learn more about SSL and certificates, check out the links
below: - OpenSSL: OpenSSL provides
encryption between your Web site and the user’s Web browser so
no sensitive information can be seen as it travels the
Internet.
- Web Site Certificate:
VeriSign provides a Web site with a site certificate. A secure
transaction cannot take place without a certificate. Other
companies (Thawte and SSL.com) can also provide you with
site certificates.
PGP What if you want to send sensitive information to another
person? You could set up a Web site with SSL technology and a
certificate, but this can be expensive for an individual. Instead, you might want to send an encrypted e-mail. With Pretty
Good Privacy, you can encrypt an e-mail message and file with a
personal key. You can then send your e-mail to a friend who
you’ve also given a copy of your key to. That person is then
able to unlock your message and read it. Without a copy of your
key, he or she can’t read your e-mail. Best of all, this software is free to individuals and works with
many e-mail software applications, such as Outlook and Eudora. Here
are some links to get you started using PGP: Identity Services Do you have more than one login ID and password to remember?
Maybe you have a work and a home e-mail account, need a network
login ID at work, and visit Web sites that require an ID and
password to access information. It might seem like a good idea to keep this information written
down in a convenient location, but most security experts urge users
not to do this. There have been many cases of computer break-ins
using passwords taped to keyboard bottoms. How can you manage the password deluge designed to protect
sensitive information? Businesses and technology companies have
teamed up to create identity services. With identity services like
Microsoft Passport and the Liberty Alliance, you will have one
login and password for a variety of information services. Once you
are logged in, you can determine what information you’d like
to share. Microsoft Passport and the Liberty Alliance are presently
working, and competing, to develop the personal identity
standard. You can currently use a Passport to store personal information
like your name, address, and credit card information. Many
e-commerce sites will allow you to purchase products and services
using your Passport. Experts disagree about how secure this
software-based solution and the databases that store your
information are. The Liberty Alliance was started by Sun Microsystems. Companies
such as Bank of America, GM, and Visa also have joined the
alliance. Instead of a software solution, the Liberty Alliance is
working on a standard set of technologies that can be implemented
in computer hardware. No one company would control your
information. Rather, you would share what you wanted with each
company. To learn more about Microsoft Passport and the Liberty Alliance,
check out some of these links: | 
2002 McGraw-Hill Higher Education