BT dot.com: Every Move You Make

You are not alone on the Net. Someone, somewhere, has the tech-capabilities to watch and record your on-line behaviour. Welcome to a world where no secret is safe.

Other Stories

What's hot!

6 Steps To Organising For e-Commerce

Will You Give This Man Your Number?

They know where you were last evening. They know what sites you visited; who you sent e-mail to; and what the contents of the e-mail were. They know your name and the names of your wife and children. They know where you work, what you read, what you listen to, and what you think. You are never alone. Your life and thoughts can never be private. They know...

That isn't the paranoid outpouring of a conspiracy theorist; nor is it the creative output of a 21st century Winston Smith. Someone on the Net knows all about you: it could be an ISP keeping tabs of who's visiting what site; it could be innocuous bits of data your browser exchanges with the site it is visiting; at work, it could be your network administrator scanning your e-mail or running a browser-trace; or it could simply be a site where you've registered (sharing loads of information with it, even in the fields marked optional) selling information about you to others, or using it for its own benefit.

The threat is real, and it could get worse. The Internet Engineering Task Force (IETF), an entity that sets standards for the use of the Net, is considering expanding Internet Protocol (IP) addresses to include a distinctive serial number for every computer. An IP address is like a homing signal that guides information to and from a connection (computer or otherwise). IP addresses are implanted within e-mail and other information flowing across the Net and are unique. This is an imperative: otherwise the information that is being transferred from a site you are surfing will end up being displayed not on your pc, but elsewhere.

Today, most people who access the Net through a dial-up connection are assigned a different IP address every time they log on. That will change under IPV6 (which is what the IETF's initiative is labelled). Even today, though, users logging on to the Net through high-speed access lines have permanent IP addresses. And several sites routinely record this data. From doing that, to a simple correlation exercise mapping the name, address, and other personal details-ranging from religious denomination to sexual preferences-of the individual is a small 'software' step.

The IETF's IPV6 won't happen for a few years, but there are enough ways in which anyone who cares to can keep an eye on the on-line activities of individuals and companies. The most well-known of these, of course, is the cookie. These thingamijigs, says Net-lore, derive their name from the story of Hansel and Gretel, who left a trail of bread, as their father was leading them into the forest. A cookie is an identifying tag placed by a web server on your computer; it's usually a serial number long enough to be distinct that the server can use to retrieve your records-what were you looking for on the site? Which area of the site did you spend the most time on?-the next time you access the same site. Some of these sites are affiliated to on-line advertising services (like Doubleclick.com). These services can, thanks to the cookie, track users to other affiliated sites. And push relevant advertising their way.

For individuals at the receiving end of cyber-snooping, the result could simply mean junk e-mail (and snail mail) that seems to know exactly what size shirts they wear, or suddenly-aware employers and regulatory authorities who know everything from the names of the companies to which the individual has applied, to his or her political leanings.

For companies, it could mean a bit more: competitors who have access to confidential information. Avers Sanjay Dhawan, 35, Director (Information Risk Management), KPMG: ''We have not realised how bad things can be. Companies are still not proactive about it. With India getting more wired than before, snooping can only increase.''

The next time someone tells you-and you could be either an individual user or a company-no one could possibly be interested in your e-mail, whisper the word 'carnivore' into his ears. That's the name of a wire-tapping device developed by the FBI that can intercept (and read) all traffic to and from a suspect's e-mail account. A senior officer with one of the Indian intelligence agencies claims that many investigative agencies in India have a software that can perform a similar function. The process just involves sending an innocuous e-mail to the subject. Once that mail is opened, all e-mail transactions from that account can be monitored. Says he: ''I do not know whether this software is legal in India. But it can be used to great effect if you can zero in on the correct e-mail address.'' Think of the havoc this software could wreak in your competitor's hands. Or, for that matter, your own. Cyber-snooping, clearly, takes corporate espionage to a new level. (BT scoured the Net to try and find this software's name, but to no avail; the official, though, claims it exists and that his agency has access to it.)

Companies regularly watch the on-line activities of their employees. This is easily achieved: the network manager can view the logs of each of the machines on the network. If so inclined, he (or she) can even introduce a delay-function into the mail-server: all e-mail sent and received by employees can be accessed by the network-manager. Several people have been fired because they accessed a job-site or a porn-site at work.

ISPs, too, can monitor the on-line behaviour of customers. Explains Atul Kunwar, 37, CEO, Mantra Online: ''We do keep track of the sites people access, and how much time they spend there, but this information is used for our own purposes; it helps us add value to our own portal.'' Still, the information is there; and with India having no guidelines on how subscriber information is to be used, there's no telling what it can be used for. The worst offenders in the privacy game, arguably, are the sites people visit. Remember that detailed form you filled up on-line before you could access the contents of a news portal? That information is now part of a database, the portal is selling to other marketers. Be prepared for spam. Or change your mail address. Says Ramji Srinivasan, 35, a lawyer who works closely with telcos and ISPs: ''In the US, customers can take a company to court over privacy violations. In India, if a company shares your information with someone else, there's very little you can do about it.''

So, is there nothing that can protect your privacy, as an individual, and as a company, on-line? There is. At one level, stringent privacy regulations will. At another, a slew of hardware and software apps that seek to keep customer information inviolate provide the same service. These range from simple proxy connections like Internet Junkbuster (a cookie- and banner ads-disabling browser add-on) to Freedom 1.0, a software from Montreal-based Zero Knowledge that gives users five pseudonymous digital identities through which they can e-mail or surf the Net (for a larger, but not comprehensive, listing of similar tools, see Net Prophylactics).

Eventually, though, some geek will find a way to break through software such as this. And another will develop an upgrade that can resist break-ins for some more time. Companies like Intel believe self-regulation will suffice (they are against government regulation on privacy): Intel, for instance, refuses to advertise on any site that does not follow an above-the-board privacy policy. Still, in the long run, the only permanent prophylactic against cyber-snooping and on-line privacy violations is paranoia. As that sage among tech-mavens, Andy Grove, once put it, only the paranoid survive.