Privacy Scams

Privacy Scams

As you’ll see from the other articles in this section, there are genuine
threats to your privacy on the Internet and your own PC.
However, there are also many scammers that try to worry you about
things that are usually not threats, often through alarmist
ads that look like they are system warnings.
Usually the come-on is to get you to buy their program, which may or
may not solve the “problem” that they have identified.
Let’s take a look at a few of these scams and the real facts behind them.

“Your PC is broadcasting an IP Address” Ads

bad-ad

Have you ever seen an ad similar to the one at right?
That sure looks scary.
Nobody wants to be the target of an attack, so surely this calls for action.
In reality, the best action is to ignore ads like this and avoid sites
that encourage this kind of deception.

Whenever your browser requests a page from any web site, that web site needs to know
where to send the page–it needs to know a return address.
That’s the purpose of the Internet Protocol (IP) address, and your computer
sends out your IP address in every request you make over the Internet.
It is a totally normal part of using the Internet.
Look in the box below, and you’ll see your IP address.

Your IP address: <%=Request.ServerVariables("REMOTE_ADDR")%>

For most people this will be your actual IP address.
There is a technique known as proxying that can
be used to prevent a web site from knowing your IP address.
A proxy acts as a middleman, so that the address the web site sees is that of
the proxy and not of your PC.
Some ISPs use a proxy for all their customers, including some large ones
such as America Online.
The drawback is that these proxies can sometimes make your computer run slower
than if a proxy was not used.
Sometimes people use proxies to “anonymize” their browsing, but see below for
some warnings about these services.

To enhance the scare factor, some sites will add “we know where you live”
information that includes the name of your town or a nearby city.
Again, this is not too difficult and generally is not reason for alarm.
There are even free lookup services
where you can find the geographic location of a particular IP address.

“Your browser is revealing information” Ads

As part of the normal conversation between a browser and a web server, the
browser sends some basic information along.
This usually includes the name and version of the browser, the version of Windows,
and a few other mundane details.
This information is not unique to your particular computer, and it won’t
help anyone tell who you are or where you live.
Yet like the “you are broadcasting an IP address” ads above, these ads
try to scare you into thinking there’s something horrible happening to your PC.
Here is the browser string for your browser:

Your Browser string:
<%=Request.ServerVariables("HTTP_USER_AGENT")%>

This is just another attempt to frighten you so you’ll fall for buying products
and services you don’t need.

“Security Scan” Ads

bad-ad

These ads try to convince you that they have detected serious problems with
your security and (of course) the solution is to purchase their products
to solve the problem.
The image above is from of a series of ads that 180Solutions (an “adware”
company) popped up over security-related web sites during April 2005.
The ads were designed so they were very similar to the sites they targeted,
using the same colors, fonts and layouts.
There is no doubt that this mimicry led some users to believe that these windows
were not ads, but instead were part of the site they were visiting.

Like the “Your browser is revealing information” ads, this ad says that the
target system has Windows XP and this information could be used to hack your
computer.
The extra twist here is the CD-ROM test, which on some systems will open the
CD-ROM drive door.
Older versions of Windows Media Player allowed a web page to open the drive
door, but this feature was removed in later versions.
It does not indicate that a virus has taken over the system, but the warning
that “you have just failed the first security test” may lead you to think so.

Beware of Anonymizing Services

As mentioned above, a proxy service can provide an extra level of privacy
by preventing a web site from seeing your IP address.
Some sites offer services for “anonymizing proxies” that not only hide your
IP address, but also remove some cookies, browser information
and script files that could be used by web sites to track your activities on the Internet.
Although there are legitimate sites that provide anonymizing services,
think carefully about any site you would trust to provide these services.

Be especially wary of sites that offer anonymizing services for free.
What is your guarantee that the anonymizing service itself isn’t tracking
your movements across the Internet?
They are in the perfect position to do that, since all your page requests
go through their servers.
Indeed, this research project
shows the result of setting up proxy servers called “honeyproxies” to watch the shady
activity going through their supposedly anonymous proxy.

Then there are the performance issues of anonymizing proxies.
Sending all your web browsing through another server can make a fast connection
seem slow, and a slow connection seem unbearable.
The amount of performance degradation will depend on the performance of
the proxy server, but broadband users will almost always get better
performance with a direct connection.

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles