Online, everyone's an open book -- and an open wallet. Users increasingly wear their hearts on their screens, and security experts say sites are growing more adept at tracking their every move.
Privacy settings clearly aren't enough judging from revelations Friday that Google and other advertisers found creative ways to exploit Apple's Safari web-browsing software. According to a report in The Wall Street Journal, Google disabled code that allowed it to circumvent privacy settings after being contacted by the paper. In a statement, Google says it didn't use these "cookies" -- little pieces of code stored on user computers or mobile devices that tell a company what sites consumers visit on the web and what they do there.
But this latest episode raises an important question for consumers: Can we maintain a healthy virtual lifestyle -- interact with friends, buy products and visit our favorite sites -- and still remain incognito? "The odds are against you as a consumer, your online life is probably already compromised by spyware," says Rick Dakin, CEO of IT security business Coalfire.
SmartMoney.com spoke to some experts about how to remain invisible online to advertisers, market researchers and other businesses who buy and sell information about consumer behavior. Here are there tips.
Act Like a Corporation
VPNs or Virtual Privacy Networks provide virtual offices or desktops for companies, and typically require a token that looks like a key-ring but has a constantly changing secure code that must be inputted into a computer. "That would make it harder for people to snoop," says Graham Cluley, senior technology consultant at online security firm Sophos. It helps protect the files on that computer from being accessed remotely or even physically if your computer is stolen. Companies like Cisco, RSA Security and Verisign have authentication services, but they can cost from $250 to $1,500 for a one year contract. Plus, they're not foolproof. RSA Security, which operates the widely used "SecurID" tokens said last year that intruders had breached its security systems; it subsequently replaced its tokens. "You should never share bank information unless you're in a secure zone," Dakin says.
Be Afraid, Be Very Afraid
A good rule of thumb, say experts: Assume anything you post online or emailed is being read by a criminal. Be judicious about sharing personal information. ("I'm at the airport and ready for my two week holiday in the Maldives," could act as a gold-embossed invitation to burglars). "People show off and want to boast about how happy they are," Cluley says. "Tell you friends about your jaunt in Paris and Hawaii after you come back." Cluley says one woman had $10,000 of goods stolen by a Facebook "friend" after she announced she was attending a concert. He says to post holiday pictures after the fact, don't boast about new electronics -- unless you trust your Facebook Friends 100%, and those who might have access to their accounts, too.
Maximize Privacy Settings
Take time to change web browser privacy settings: It's time-consuming to individually tailor privacy settings for each friend, but it's worth it, security experts say. And take advantage of the "private" or "incognito" features of most browsers, which vastly restrict tracking. Web browser FireFox, for instance, has a "Do Not Track" option. Reputation cleanup sites like Reputation.com can also remove customers' details from the world's biggest direct marketing associations and data brokers. Facebook introduced lengthy privacy controls that allow users to select who among their Friends can view photographs or read their posts -- without the social awkwardness of defriending them. The site also allows users to block their Facebook profile from being searched on the web. Facebook provides a service where users can see what Friends see when they view their profile. For more on Facebook privacy options, read here. "You should do a regular audit of your privacy settings as these sites," says Cluley, who recently closed his Facebook account for privacy reasons.
Use Multiple Identities
Pseudonyms can help "segregate the real you from your virtual self," Dakin says. Facebook's official policy doesn't allow people to set up an account under a false name, but with 800 million-plus users, plenty still do it. "If I called myself Graham Cheese Sandwich, most people wouldn't be able to find me," Cluley says. Some use nom-de-plums to shield themselves from unwanted "friend requests" from high school frenemies -- and to enjoy the benefits of social networking without bearing all to the world online. Experts also suggest using a secondary or easily discarded email addresses with a fake name (as long as it's not a name also used for online passwords; Twitter and Facebook allow users to change their primary email if it needs to be deleted.
If it's too late to remove all those youthful indiscretions -- and your first Google Search result, for instance, shows a drunken picture from college or an ill-advised rant on a public forum -- experts say some have no choice but to heed the advice of Google's former CEO Eric Schmidt: change your real name. For those who want a clean slate, it's not as easy as it sounds. Laws on name-changing vary from state-to-state, but it's a complicated and lengthy judicial procedure and -- in New York -- the name changes need to be published in a newspaper unless there is a risk to safety. Most states recommend enlisting the help of a lawyer. "It's a last-resort solution," Cluley says.