She had gotten away, but he found her again. He simply entered her name in an Internet search engine, and up popped her E-mail address. He set up an account with a fictitious name on the same Internet service provider she used--and came up with an excuse to write to her. Soon, they were online confidants. She told him about a former relationship that had ended badly, never suspecting he might be the guy. They arranged to meet, and she was enthusiastic. But then, something he said set off an alarm, and she realized who he was--just in the nick of time.

This story may sound like fiction, but it was a real-life nightmare for one woman in cyberspace. While online stalking and harassment occur relatively infrequently, a lot of information is available on the millions of Net surfers, and you don't need to be a hacker to get at it. The scary part is that, in the hands of an ex-lover, competitor, voyeur, or wacko who has targeted you on purpose or randomly, such information can be used against you. More commonly, companies that want to sell you something may pull I.D.s off newsgroups and sketch a demographic profile based on your online habits. The result: You may be ``spammed'' with an annoying barrage of junk E-mail.

POLITICAL SUICIDE. Indeed, anyone can employ search engines to pull up your E-mail and home page addresses, service providers, and phone numbers. You may have long forgotten the musings you posted in a public Usenet forum, but those messages live on in the search-engine archives for anyone to exploit. Spend time in an investment newsgroup, and you may be bombarded with penny-stock pitches. It also helps to remember that postings can be copied and forwarded to others. People with managerial or political ambitions should be careful about what they say and where they say it. What were you doing, Mr. Candidate, in, anyway? ``A lot of people are shocked when I tell them that there's a log being made of everything they post,'' says Andre Bacard, author of The Computer Privacy Handbook ($24.95, Peachpit Press).

Even communications you think are private and anonymous can make their way to many potential snoopers. Indeed, data dispatched over the Net may pass through dozens of computer systems in different countries before it reaches its final destination. At each step, the system operator can capture that information. Moreover, Web site operators may be able to detect where users are coming from, where they're headed next, what kind of PCs they have, and the exact files and pictures they have looked at. Anyone who needs further convincing should visit the demonstration page at the Center For Democracy & Technology Web site ( cdt/, which displays to users the kind of information being collected on them at that moment.

Most Web browsers have a built-in feature that allows a Web site to store information about your visit on your hard drive. The next time you visit that site, it reads the so-called ``cookie'' it left behind and knows something about you. That can be good. If you want to buy a compact disk at an online music store, a cookie can help the store recommend a list of recordings you might like, based on your previous visit. But the technology can also be used to invade your privacy, which is why the latest versions of Netscape Navigator and Microsoft Internet Explorer allow people to turn off the feature.

So how paranoid should Internet users be? ``You shouldn't have to wear dark sunglasses in cyberspace, but you should let companies know whether they're doing a good job or a bad job protecting your privacy,'' says Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington, a treasure trove of resources for consumers ( One way to determine that is to see whether a company prominently displays a privacy policy at its site. So far, not many do, but in June the Interactive Services Assn. and Direct Marketing Assn. proposed principles for dealing with junk E-mail. Among them: ``Marketers who operate chat areas, newsgroups, and other public forums should inform individuals using these spaces that information they voluntarily disclose...may result in unsolicited messages....''

Fortunately, consumers can take a variety of common sense steps to safeguard their privacy. For one thing, think about how much info you provide voluntarily. When you sign on to services such as America Online, Compu-Serve, the Microsoft Network, or Prodigy, you have the option of appearing in a member directory and posting a biography. You may not want to do so.

Moreover, some companies ask first-time visitors to their Web sites to register by filling out questionnaires with their home address, phone number, and credit-card numbers. Proceed at your own risk: The data may well be peddled to marketers. You should also counsel your kids as to how much stuff they reveal. Cyber Patrol, a program from Microsystems Software, includes a feature that prevents children from divulging any information you want kept secret.

You can also ask by E-mail to be removed from a directory such as WhoWhere?, which contains records on more than 9 million E-mail I.D.s. The company recently introduced a free service, Who'sThere, which is like caller I.D. on the Net. Recipients are told each time someone is trying to get in touch with them, and they have the option not to respond.

Privacy experts caution consumers to mind their E-mail messages. The Electronic Communications Privacy Act (ECPA) forbids reading other people's private E-mail--although there are important exceptions. For example, an online provider may peek at your E-mail if it suspects you are trying to harm the system or another member. Under certain circumstances, law-enforcement officials may gain access. What's more, if an employer owns the E-mail system, the company may examine electronic messages. In some instances, Internet providers and network administrators archive your incoming and outgoing mail on a computer disk for months, even after you thought it was deleted. And all this is not to mention the intruders who may intercept messages illegally. ``People have different degrees of sensitivity, but I would not use E-mail for the most sensitive communications,'' says Jeffrey Cunard, a cyberlaw specialist and a Washington-based partner of the New York firm Debevoise & Plimpton.

JOB SEARCH. Bacard advises people who are concerned about their E-mail to use a software program such as PGP (Pretty Good Privacy), which can encrypt and unscramble messages so only the receiver can read them. Moreover, those who want to discuss a controversial issue, admit to an addiction, or seek a new job without their employer finding out might want to use a privacy tool called an anonymous remailer. This free service strips away the header of a message so that recipients don't know where it came from. You can get a list of reliable anonymous remailers at the EPIC site or at Bacard's privacy page ( abacard/privacy.html).

Fortunately, there are other means to keep unwanted parties at a virtual distance. AOL has a feature called buddy lists, which let members see if their pals are online at a given moment. If so, they can dispatch an instant message. But members can block users from adding their names to the buddy lists or receiving instant missives. People who have been stalked online should save copies of the objectionable correspondence and show it to the service provider. Harassment is in the eye of the beholder, of course. Prodigy, for one, has a strict two-strikes policy for kicking members off of its service.

Unfortunately, the nature of cyberspace means an online attack can emerge from anywhere. But if people practice common sense and report trouble immediately, they should be able to maintain a reasonable shield of privacy while still getting all the benefits they want out of the Internet.



Updated June 14, 1997 by bwwebmaster
Copyright 1996, Bloomberg L.P.
Terms of Use