Just as the Internet makes it easy for you to find all sorts of information, you risk others finding out things about you that you don't intend to be public. You may think of sitting in front of a computer as a private experience, but at some level your activity can be traced. There is always the chance that information you send over the network, or store on a network server, could fall into untrustworthy hands.
As an experiment, see what happens when you put your name into Google or another search engine. You might be surprised at what is out there. If you have a common name, try a search that also includes Cornell, the name of your hometown, or other words that might narrow the search. You should also try different versions of your name.
Any web site you maintain, blog you write, or pages on social networks like Facebook or MySpace you set up could give away too much information. You can limit who has access to your information on social networking sites, but people often wind up with a very large circle of "friends," including people you meet in passing or exclusively on the Internet. Not knowing exactly who you are sharing your information with means you could open yourself up, or those close to you, to harassment and threats.
Online information about you can also make it easier for someone to steal your identity, or set you up for some sort of scam. For example, if you write about plans for an upcoming vacation on a blog or social networking site, you could be telling a thief when to burglarize your home.
You are also at the mercy of how well these sites are protected. On several occasions, "programming errors" have exposed people’s information on social networking sites.
In the News: Pillaged MySpace Photos Show Up in Massive BitTorrent Download
Where you go and what you do on the Internet today says a lot about where you’ll go and what you might do on the Internet tomorrow. Since this is the case, businesses take significant measures to track everything you do while you’re using the web. At a minimum, they may be tracking when you arrive, what you click while you're there, and when you leave. When you shop on the Internet, every time you buy something, it's comparable to swiping a customer loyalty card at your favorite store.
Reputable companies make their privacy policy available, and it is worth reading. One common practice to watch for is when a business gives you the option to let "selected" third-parties send you valuable offers. This means they are going to sell marketing information about you to other companies. Often, you will need to uncheck a box to opt out.
Companies whose business is to understand the needs and wants of consumers use a variety of market research techniques to do so. Your privacy can be at risk when you participate in surveys, online communities, focus groups, and other types of market research. To participate, you typically enter into an explicit agreement with a research firm, sometimes in exchange for some sort of reward. Reputable market research firms will be upfront about exactly what information they will gather and what they will do with it, and will provide you with a privacy statement.
For some types of market research, the firm needs special software to be installed on your computer to better track your activities. Do not install such software on a computer that you also use for Cornell business.
If you are considering participating in this kind of research using a computer you personally own, ask yourself if you really want to give the market research firm and their customers potential access to everything you do on your computer. You may be surrendering control over your computer and may not have any way of knowing what information the research firm is gathering about you. For example, the software might record not only where you go on the Internet, but also everything you type, including passwords, credit card numbers, and emails. Such software, if poorly designed, could break other software on your computer, or make your computer vulnerable to downloads of other more dangerous programs.
Be particularly wary of a questionable practice used by some market research firms in which they ask you to install software that may appear fairly harmless, and use the end-user license agreement (EULA)—the lengthy legal statement that you to agree to before you can install the software—as the method for informing you about their actual intentions.
If you read the fine print in the EULA, you will probably find that it grants fairly broad access to your computer and your activities. You might also be surprised at the latitude in what can be done with the information collected. Because of this practice, people often refer to market research software as "spyware."
In the News: Come See the Softer Side of Spyware
In early 2005, Cornell took strong measures against one particular market research effort called MarketScore. At the time, this company, ComScore, was taking such intrusive actions that Cornell felt it necessary to warn our community about the security risk this posed to Cornell business data. For more information, see http://www.cit.cornell.edu/security/marketscore/.
It should be noted that while this company has changed their name several times since 2005, it remains in business today collecting information from the participants and selling this information to their customers.
