Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Cover Your Tracks

Can Internet “Washer” Programs Keep Web Surfing Private?

By Robertson Barrett

This just in from DontBeCaught!, the flagship privacy product from a plucky Australian software maker called NetDreams:

“You have probably been in a situation at home or at work where you have started typing a Web address into your browser, and the auto-complete feature automatically brings up a whole list of sites that have been visited before,” its online brochure says.

“You have no control over what is shown, and the person sitting next to you looking at the screen can easily see you have been visiting www.goingbald.com when you start typing www.google.com …”

The cautionary tale comes under the heading “Embarrassing Moments,” and it’s just one of several kinds of privacy-eroding predicaments that online consumers can face because of electronic trails generated by Web surfing and e-mailing.

At home, family members who share a PC often have a hard time keeping their surfing histories from each other because of browser features like “auto-complete,” which helpfully divulge all recently visited sites that begin with the letter a user types into the browser’s “address” window.

“There are many everyday reasons people want to clean out their [surfing] history,” says Megan Kinnaird of the non-profit Internet Education Foundation, which offers online privacy advice. “If your fiancée comes over and types M to look up Mercury cars and it comes up Marvin’s Diamonds, you don’t want her to see that. It could be a grandparent looking up information about a medical problem.”

In the workplace, meanwhile, 80 percent of major U.S. companies now monitor online browsing or e-mailing, according to the American Management Association. While managers might catch employees who violate company policies against, say, visiting porn sites, they also end up logging innocuous online commerce such as buying a plane ticket and know who’s been running job searches on Monster.com.

Finally, there’s the possibility that your Web and e-mail history can end up in the hands of third parties. Out in cyberspace, Internet Service Providers (ISPs) and many commercial Web sites can keep records of pages you visit or access old Web page content stored in “temporary” directories on your hard drive. So could identity thieves, who may try to use your Internet connection to scour those directories for personal information such as Social Security numbers, billing information and passwords.

Numerous software companies have leapt into the breach with products — sometimes called Internet “washers” — that promise to cover consumers’ Web tracks as they surf. (See sidebar.) Consumer advocates point out that most of the programs, including better-known ones such as Surf Secret Privacy Protector, merely simplify a process that is available through their browser’s advanced settings.

“There are a lot of tools out there that do make this easier,” says Kinnaird. “We’ve been very happy that browsers can do this. We think it’s great that there are both options.”

Mix It Up

Privacy protection that does more than solve cosmetic problems (like the “auto-complete” scenario) requires a mix of products.

“There are two basic categories of privacy aids available — those which are software and those which are services,” says Scott Hardy, a security consultant and privacy officer for Mendocino County, Calif. “In most cases, neither one alone gives a very complete degree of privacy. It always amuses me when I see employees browsing porn sites at work, then looking over sites which sell software which supposedly erases all sign of their Internet activities. Such claims are not, and cannot be, true.”

Online experts say washer programs can help avoid privacy problems among non-technical users sharing a computer. But they warn that washers alone offer no reliable way to shield most personal data and Web habits from advanced users, network administrators, commercial Web sites and hackers. Many privacy advocates suggest also using anonymous surfing and e-mail services that can keep third parties from tying Web behavior to personal information. Finally, for technically adept users, experts strongly recommend personal firewalls, which advanced users can use for all of the above, plus safeguarding their identity from hackers.

Washer programs essentially provide a supercharged version of what Web users could do manually with their browsers. (In Internet Explorer, for example, you can eliminate the list of previously visited sites by clicking on Tools, then Internet Options, then Delete Files and Clear History.)

Some programs, such as Aladdin System’s Internet Cleanup, automatically cleanse your computer of your Web surfing history at selected intervals and delete files that non-technical PC users would miss. SurfSecret Privacy Protector throws in bells and whistles such as clearing transcripts of instant-messaging applications. And some competitors, including Webroot Software’s Window Washer, have add-on plug-ins that go one step further by clearing the histories of other browser-like content-viewers, such as RealPlayer and Adobe Acrobat.

For the real worriers, it’s not over there. While clearing a browser’s history and cookies will likely keep other PC users in the dark, that information still resides deep on the computer’s hard drive — as makers of deletion programs like Robin Hood Software’s Evidence Eliminator like to point out. “Deleting” files generally means leaving them in place but disguising their whereabouts, so these applications try schemes like endlessly overwriting them with untraceable random patterns.

“Your PC is storing deadly evidence,” the company Web site says. “Even FORMATTING the disk won’t work. You could go to jail!” Evidence Eliminator, Webroot and a handful of competitors promise to render PCs safe from sophisticated forensic software like Guidance Software’s EnCase — a favorite of employers who need to retrieve employees’ deleted files or e-mail messages months or years later for personnel matters or lawsuits.

Even erasing local files with industrial-strength shredders only goes so far. When you visit Web sites or send e-mail, those Web sites, the ISP or an employer generally keep logs of your trail on their own servers, where you can’t delete them.

One way to minimize this problem, Hardy says, is to conceal your computer’s Internet (IP) address with an “anonymous” proxy — a program on a remote server which will act on your behalf, getting files for you, without telling the world who you are. (Note: Dial-up Internet users often already have this kind of anonymity, because ISPs give them a different IP address each time they log on. But the ISP itself could retrieve records that make the connection between user and content.)

The easiest proxy services for average consumers to use are subscription services that provide users with a temporary IP address, so their surfing habits can never be connected back to their own computers.

Outside the Home

Used together, washer programs and anonymous proxy services can keep your identity and habits from third-party Web sites. But if you’re surfing from your office connection — or any large network, such as a university’s — privacy advocates say you should expect to play by the network owner’s rules.

“It’s like a lock and a lock picker — a reasonably good lock will stop an incompetent lock picker,” says Lewis Maltby, president of The National Workrights Institute, a non-profit workers’ advocacy group. “But if people think anything will protect them, they’re in for a rude awakening. Most bosses who find this software can simply ask you to take it off. And you have no choice but to do it.”

An alternative is using a fully encrypted proxy service (the same SSL or “https” technologies that commercial Web sites use to keep credit-card numbers secure), which can frustrate even government surveillance programs. Anonymizer offers this service.

But either service might draw notice from a workplace IT department. “An employee can use an anonymizing service so that the employer can only see the employee is surfing ‘from’ that site,” says Richard M. Smith, a leading Internet security consultant based in Cambridge, Mass. “But the employer can turn around and block the anonymizing service, the way they can block access to a porn site. It’s a little bit of an arms race here.”

A final, and often overlooked, piece of the privacy puzzle is e-mail. Web-based e-mail services like Hotmail broadcast a Web user’s IP address, e-mail address and other identifying information. Common e-mail programs such as Outlook Express do the same, and they can also erode privacy by transmitting information as Web browsers do.

“A piece of HTML e-mail can violate your privacy at least as effectively as a piece of HTML on a Web site,” says privacy officer Hardy. “This is particularly problematic with Microsoft Outlook and Outlook Express, which are inextricably linked with Internet Explorer, Excel and other programs.”

For example, if you receive a graphical e-mail with a sweepstakes offer, it might ask you to click on an embedded link to see more information. That’s not much different from surfing to the sweepstakes site in a browser, and the action (along with your e-mail and IP addresses) can likely be tracked as Web surfing can be. The same goes for clicking on embedded Web links in Excel, Word and other programs that now act like (or call up) browsers.

To address the e-mail issue, Smith and other experts also recommend using the e-mail equivalent of Anonymizer – services such as HushMail, MuteMail and ZipLip that can hide an e-mail-sender’s identity in any situation. That level of privacy, he adds, is effectively not available for Web-browsing.

“I think these e-mail services are an appropriate compromise,” says Smith. “We all do a certain amount of personal stuff at work, and that’s a way to separate out the personal from the rest.”

Keeping your Web surfing private is inevitably going to require some compromise, but consumers don’t need to become privacy experts to figure out where to draw the line. If you surf at home and others use your PC, washers can ward off sensitive situations. If you’re surfing at work, accept that surveillance is possible — and in most cases, legal. And if you’re worried about third parties seeing any of your information and tracking your habits, it’s worth taking time to understand firewalls and other advanced products that require a little patience.

Washers, Shredders and More

Privacy experts recommend using a leading “washer” program to make Web surfing histories inaccessible to others who use your PC. “Shredders” can greatly increase the chances that snoops cannot recover the data from your hard drive. Anonymous surfing and e-mail services can keep third parties from tying Web behavior to personal information. Higher up the scale are personal firewalls, which advanced users can use for all of the above, plus safeguarding their identity from hackers. And ad-busters and spyware removers can keep out most “Web bugs” that download themselves onto your hard drive, then track your Web movements without your knowledge.

WASHERS: System “cleaners” that remove surfing history trails, temporary file directories and cookies deposited by Web sites. Leading programs include SurfSecret Privacy Protector (www.surfsecret.com, $39.99), Aladdin System’s Internet Cleanup (www.aladdinsys.com, $29) and Webroot’s Window Washer (www.webroot.com, $29.95). Webroot also offers a Mac version, Macwash.

SHREDDERS: Higher-powered (and more expensive) washers that use more complex methods to permanently delete temporary files from Web browser directories, e-mail programs and other applications. Evidence Eliminator (www.evidence-eliminator.com, $134.95 for a single license) handles the largest variety of files, while White Canyon Software’s SecureClean and WipeDrive (www.whitecanyon.com, both $49.95) offer more affordable alternatives for targeted and general hard-disk cleaning, respectively.

ANONYMOUS SURFING: Anonymizer Private Surfing (www.anonymizer.com, $29.95 a year), provides more than a million users with a temporary IP address, so their surfing habits can never be connected back to their own computers. Free alternatives exist, without technical support, at grassroots pages such ashttp://anonbrowse3.cjb.net/. To see whether an anonymous proxy service is working, and to see how Web sites can determine much else about your computer, visit http://www.privacy.net/analyze/ and

check whether it reveals an IP address from your Internet provider, or one from the anonymous proxy service.

ANONYMOUS E-MAIL: Most of the well regarded services (www.hushmail.comhttp://www.ziplip.com/www.s-mail.com andwww.cryptomail.org) offer free versions, then more options with paid subscriptions. One, MuteMail (www.mutemail.com), starts at $14.95 a month.

AD BLOCKERS: To keep external programs like “Web bugs” and rogue cookies from downloading and reporting Web surfing behavior to third parties, you can use programs that also block various sorts of advertisements as well. (Ads are the way many bugs arrive.) Internet Junkbuster (http://www.junkbuster.com/) is free but can be difficult for novice Web users to set up, while Guidescope (http://www.guidescope.com/home/), also free, is less powerful but better suited to the average Windows user. “Spyware” removers are a good add-on here, as their makers account for a slightly different range of pests. Good programs are Lavasoft’s Ad-aware (http://www.lavasoft.de/) and Webroot’s just released Spy Sweeper ($29.95 after a 30-day free trial).

PERSONAL FIREWALLS: Windows users should also use a personal firewall to keep hackers from entering and tracking behavior via Internet connections. The traditional pick of the free programs has been ZoneAlarm (www.zonealarm.com), which also blocks pop-up ads and manages cookies. Another lesser-known free option favored by experts is Agnitum Outpost (www.agnitum.com).