Introduction
Today, more than ever before, the Internet has become an important constituent of our every day routine as more and more individuals use countless services offered on the World Wide Web. Indeed, extant literature demonstrates that the Internet has over the years evolved from a basic communication application to an interconnected highway of information sources, facilitating novel forms of social interactions and online marketplaces for the sale of products and services among other features (Egele, Scholte & Kruegel, 2012).
Yet there are people on the Internet with malicious intentions, who exploit human vulnerabilities, not only to commit fraud and deception but also to steal private information and infect computers with spyware and malware (Abbasi, Zhang & Nunamaker, 2010). The present paper looks into the issues of privacy on the Internet by analyzing literature on how to protect your computer and confidential information from such vulnerabilities.
Background
Internet privacy has been defined differentially by many scholars due to its varied nature, and in some quarters it is used interchangeably with the concept of information privacy. The present paper adopts the definition that privacy denotes “…an individual’s ability to control when, how, and to what extent his or her personal information is communicated to others” (Son & Kim, 2008 p. 504).
Internet privacy has been a mounting concern if recent statistics are anything to go by. While a recent survey on Internet privacy indicates that 25 percent of Americans consider themselves victimized by invasion of their Internet privacy (Son & Kim, 2008), another study has concluded that the personal information of 33.6 million Americans has been schemed from online sources and used for malicious and fraudulent agendas since the 1990s (Skoularidou & Spinellis, 2003).
These high statistics only serve to fuel the propensity for stakeholders to develop and implement tools and applications that would guarantee privacy on the internet. The next section samples some of the tools, applications and behaviour orientations that could be employed by users to enjoy privacy while conducting their online interactions or transactions.
Powerful Passwords
Extant literature demonstrates that “…one of the most common control mechanisms for authenticating users of computerized information systems is the use of passwords” (Zviran & Haga, 1999 p. 161).
A password program, according to Henderson (2001), can be as effortless as an entry code name that can be checked and verified before gaining access to confidential information on the Internet, or as intricate and convoluted as a long series of personal questions such as only an authorized user can answer – about parent’s names, most popular football player, birthdays or just about anything else you can think of.
Some malicious people use specific Internet worms and viruses having the capacity to use automated password-guessing techniques to penetrate systems and steal data from unsuspecting Internet users. A computer virus developed by Robert Morris in 1988 (later christened the Internet bug) had the capacity to discover user passwords by exploiting the tendency of users to choose easy-to-remember passwords (Zviran & Haga, 1999).
Such vulnerabilities trigger the urge in Internet users to use powerful passwords that are very difficult to guess but easy to remember. Powerful passwords should not only be long and composed of characters beyond alphanumerics, but should also be changed at regular intervals and not grounded on personal details that are easy to guess.
However, users should exercise caution not to write down the complex passwords as this could only compromise security, not mentioning that they should easily remember the passwords as forgetting them will definitely occasion serious inconveniences (Zviran & Haga, 1999).
Antivirus Programs
Antivirus programs are basically tools and applications that are created to identify malicious software components by applying some sort of signature matching process to identify and remedy known threats (Egele et al., 2012). As acknowledged by these authors, successful antivirus programs require “…the vendor to provide a database of signatures which are then compared against potential threats” (p. 6:2).
People using antivirus programs to protect their systems from software that deliberately fulfils the harmful intent of an attacker (e.g., worm, virus or Trojan horse) should always ensure they perform scan using the latest virus scanning engine and virus definition files as new viruses are detected day by day (Egele et al., 2012). Indeed, updating the antivirus software should be a duty done on daily basis to keep virus definition files up-to-date.
But although antivirus programs are able to detect and alleviate malicious software (malware) by scanning and matching a pre-generated set of signatures against the files of a user, they may not be full-proof in the fight to guarantee privacy because the usage of signatures essentially prevent the detection and remedying of unknown threats for which no signatures yet exist (Egele et al., 2012).
Using Secure Systems
Although rarely used in recent years, secure operating systems employ operating system kernel technology to ensure the computing environment is absolutely impenetrable by malicious programs and agents (Skoularidou & Spinellis, 2003). In general, however, secure systems may imply a supported operating system such as Windows, which provides users with the capacity to update key security features by applying the latest service packs and patches.
Some systems used to conduct financial transactions or store and process sensitive personal data allow users access to the content while making the sharing of this content with unregistered users inherently difficult, thus ensuring privacy on the Internet (Skoularidou & Spinellis, 2003).
These authors are also of the opinion that properly configured firewalls, such as the Windows firewall, can assist Internet users from malicious activities as they prevent the dangers presented by malicious online programs from spreading into the internal network by restricting access at a centrally managed point.
Browsing the Internet Safely
Safe Internet browsing involves a shift in attitudes and behaviour rather than reliance on a software or hardware application (Elovici, Glezer & Shapira, 2005). Users must desist from clicking on random links that they cannot verify, and should always exercise extra caution not to open email or attachments from unidentified people or with a weird subject line.
Additionally, Internet users must desist from downloading unknown software off the Internet merely because it is free as doing so could actually expose them to malware and spyware that not only damage their operating system installations and slow system memory, but also generate disturbing pop-up windows and report their private data back to the organization that develops the software.
Lastly, to guarantee safe Internet browsing, users may use encryption and steganography to hide critical personal information or sensitive data by converting it to an unreadable format (Elovici et al., 2005).
Avoiding Fake Websites
Fake websites, according to Abbasi and Chen (2009), “…are fictional, misrepresentative sites posing as legitimate providers of information, goods, or services used to garner illegitimate revenues by deceiving search engines or exploiting unsuspecting Internet users” (p. 46).
People with malicious intent have created several types of fake websites, including web spam, concocted and spoof sites, and Internet users can only circumvent this challenge by employing lookup systems and classifier systems (Abbasi et al., 2010).
While classifier systems are basically client-oriented tools that apply rule- or similarity-based heuristics to website content or domain registration information to evaluate its authenticity, lookup systems essentially use client-server platform in which the server side maintains a blacklist of known fake URLs, and the client-side device checks the blacklist and evaluation time (Abbasi & Chen, 2009).
Avoiding Websites that takes Personal Information
Phishing, or the criminal act of stealing a person’s digital personal identity such as log in information and device information, can lead to deceptive or malicious activity with costly consequences. Extant literature demonstrates that a common way to phish is for an aggressor to install a key-logging Trojan, which then spreads itself to other programs or host machines on a network and masquerade as a genuine application (Gyorffy, Tappenden & Miller, 2011).
To avoid websites that may expose users to phishing attacks, Internet users should desist from clicking on hyperlinks in e-mails, especially when it is from an unknown source. Users should also verify the “https” and ensure they have a secure lock icon at the bottom right-hand corner of their web browser.
Firewalls, antivirus software, strong passwords, and anti-spam and anti-spyware software are also important in ensuring privacy on the internet, especially when it comes to avoiding websites that encourage phishing attacks (Gyorffy et al., 2011).
Conclusion
As can be digested from the analysis, lack of privacy on the Internet is a serious issue that affects millions of users worldwide. The present paper has evaluated several methodologies through which users can guarantee privacy on the internet.
Some of the methodologies discussed include employing strong passwords, making use of antivirus software, using secure systems, safe Internet browsing, avoiding fake websites and avoiding phishing sites. The challenge now is for users to employ the methodology that best suits their online privacy needs.
References
Abbasi, A., & Chen, H. (2009). A comparison of tools for detecting fake websites. Computer, 42(10), 78-86.
Abbasi, A., Zhang, Z., & Nunamaker, JF. (2010). Detecting fake websites: The contribution of statistical learning theory. MIS Quarterly, 34(3), 435-461.
Egele, M., Scholte, T., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(2), pp. 6:2-6:42.
Elovici, Y., Glezer, C., & Shapira, B. (2005). Enhancing customer privacy while searching for products and services on the World Wide Web. Internet Research, 15(4), 378-399.
Gyorffy, J.C., Tappenden, A.F., & Miller, J. (2011). Token-based graphical password authentication. International Journal of Information Security, 10(6), 321-336.
Henderson, R.P. (2001). Computers and privacy. SAM Advanced Journal, 71(3), 8-12.
Skoularidou, V & Spinellis, D. (2003). Security architectures for network clients. Information Management & Computer Security, 11(2), 84-91.
Son, J.Y., & Kim, S.S. (2008). Internet users’ information privacy-protective responses: A taxonomy and a nomological model. MIS Quarterly, 32(3), 503-529.
Zviran, M., & Haga, W.J. (1999). Password security: An empirical study. Journal of Management Information Systems, 15(4), 161-185.