Contents

• Sending e-mail
• tedsimages.com Privacy Policy
• More About Web Site Privacy
• Web Site Logging
• Cookies and Security Holes
• About “Spam”
• Footnote: Internet provider terms of service

Sending e-mail

The best way to contact me is to use the Virtual Mailbox page. If you prefer to use your favorite e-mail program, the address is

I apologize for using a graphic that you can’t cut and paste. Unfortunately, it is a necessary defense against “robots” that search Web sites harvesting e-mail addresses for spammers. One of those robots got hold of the address I once had here. That caused me so much trouble that I had to change to a new address, and set up my Web host to direct the old address to the bit bucket. Unfortunately, the spam-collecting robots make it inadvisable for anyone to include an intact machine-readable e-mail address on any Web site. Please make sure you have entered this address correctly, since a typographical error might make my mail program filter your message as spam (as I said, I’ve had a lot of trouble with spam). I really suggest using the Virtual Mailbox page, as it will assure that I’ll get your message. You can paste text into the message entry area.

tedsimages.com Privacy Policy

• I do not capture your e-mail address, or any other personal information about you, unless you choose to send me e-mail.
• I do not use “cookies” (see below).
• If you buy a print or license an image from me, or even just send me e-mail, I will never sell, share, or otherwise disclose your name and address (or any other information you might provide) to anyone without your permission. (Note that if you pay me with a check that has your pre-printed name and address, I can’t avoid showing it to bank employees when I deposit it. Consistent with this Privacy Policy, I will thank but not identify the reader who pointed this out!)
• If you download wallpaper versions of my pictures, I will ask for your name and e-mail address solely to indicate your acceptance of the terms and conditions. Consistent with this Privacy Policy, I will not sell, share, or otherwise disclose this information. I will not reply or send you any e-mail, unless you specifically check the opt-in box to receive possible future, infrequent mailings about updates to this site.
  
  There is one exception to this policy: If a law enforcement agent with a lawful warrant or court order demands disclosure of information, I will comply with that demand as the law requires. I include this exception for the sake of completeness. You’ll likely find similar language in just about any Web site’s privacy policy these days. I honestly can’t imagine how such a situation could ever arise in connection with this Web site. But in the United States we now live in a permanent state of “heightened alert,” in a climate of constantly escalating fear that our Leaders believe is necessary for our security. Law enforcement agencies and agents now enjoy broad, arbitrary, and necessarily secretive authority under the blanket of “Homeland Security.” We can never be sure what an agency might be monitoring, or what some officer or agent might decide is “suspicious.” Some people find that very reassuring.

More About Web Site Privacy

Web Site Logging

My Web host automatically maintains a log of all access to anything on this site. This anonymous information includes, for each file you view or access on my site:

• The name of the file (e.g., “tedsimages.com/text/privacy.htm” for this page)
• The date and time
• The link that “referred” you my page. If you got to the page through a link, whether on my site or elsewhere, the log will show the URL (Internet address) of that page. If you got to my page from a search engine, the log will show the search engine’s URL as well as the search query you entered.
• The type and version of your browser, and (usually) what computer operating system you’re using
• The numerical “IP address” of the Internet provider from which you’ve accessed the page. It is often possible to obtain the name of the Internet provider from the IP address, but it is not possible to trace the IP address to an individual visitor’s name, e-mail address, or any other personal information. If you have a broadband Internet connection (DSL or cable) with a “static” IP address (one that’s permanently assigned to you), that IP address will only trace to your Internet provider.

The anonymous information in log entries is the only information I have about you, unless you specifically choose to contact me through my Virtual Mailbox page.

Any Web site (other than free “community” pages or the personal Web space that many Internet providers offer) will automatically collect this same log information, with the same combination of specificity and anonymity. Most webmasters don’t look at their raw logs. There just isn’t time to pore through tens of thousands of entries. Rather, they run tools that read the log files and create reports. The reports summarize aggregate information about traffic patterns, page accesses, and which search engine queries and words lead people to their site. This is all very helpful for making a site more appealing to visitors and increasing traffic. The information can be vital for a business site that sells products or services.

Cookies and Security Holes

Some Web sites (but not this one!) use various means to collect more information than is available through logs. It’s possible to use scripts, Java, or various “security holes” in browsers and operating systems to extract personal information from a browser. The most common technique for keeping track of personal information is the cookie. Cookies are pieces of data a Web site can ask your browser to store on your computer for later retrieval. A cookie could possibly contain information about when you visited a site, the last banner advertisement you were sent, or a user ID or password so that you don’t have to enter them every time you log in.

It is possible for different sites to read and write a shared cookie, letting them keep track of what sites and pages you visit. If one of these sites has personal information about you (such as a business with on-line ordering), the sites that share the cookie can track your surfing individually. You can make this sharing more difficult by setting your browser to reject “third-party” cookies, those that come from a site different from the one you’re currently visiting.

You can also completely disable cookies, which has certain disadvantages. Some sites may refuse to let you access certain pages, features, or even the entire site if you disable cookies.

For all the potential threat to privacy, many Web sites do use cookies to provide genuine convenience for you. For example, it is far easier to let the New York Times automatically log you into their excellent Web edition from a cookie than for you to type your name and password each time you want to read it. If you disable cookies, you’re gaining some measure of privacy in exchange for some inconvenience. It’s up to you to decide which is more important.

There are various programs available that let you browse and edit the files containing your browser’s cookies (the Opera browser has a built-in cookie manager). Periodically reviewing and pruning this file is a always a good idea— you’ll be amazed how many cookies accumulate as you surf. The Opera browser has an interesting option to delete new cookies when you close the browser. It can do that for all sites, or selectively for specified sites. I deleted all cookies from Google, Yahoo, and various other sites, and then set the option to delete any new cookies from those sites when closing the browser. That makes systematic tracking of what I searched for and visited much more difficult, since those sites have to assign new tracking identifiers each time I open the browser.

Because unscrupulous programmers can possibly extract personal information from your browser, I do recommend that you use a separate e-mail program such as PocoMail. An e-mail program is usually much better suited to that task than a Web browser. That way, your browser won’t be storing e-mail address or your address book. Reducing the opportunities for ending up on a spammer’s list is worth the inconvenience of giving up the mail feature of your browser.

Note: I strongly suggest that you avoid Microsoft Outlook and Outlook Express. Outlook Express is now the most common e-mail program because Microsoft bundles it into their monopoly Windows operating system. Criminals have been taking advantage of this fact to create worms and viruses specifically designed to infect machines and propagate themselves using the security flaws in Outlook and Outlook Express. Using a different e-mail program will prevent these malicious programs from infecting your machine, and will stop them from spreading to the people in your address book.

About “Spam”

What’s the best thing to do if you receive unsolicited e-mail advertising a surefire investment, dodgy prescription drugs, genuine replica watches, or a way to make lots of money at home? Delete it immediately! Spammers nearly always use a bogus originating address (possibly yours!), so the formerly-recommended approach of forwarding the message to the “abuse” address of the sender’s Internet provider no longer works. Never reply to the message or follow any instructions in the message purporting to remove you from the list! That’s the equivalent of telling the spammer, “I received your spam. Now please send me a whole lot more. And don’t forget to give my address to every other spammer you know, since I just love spam!”

A very fertile source of addresses for spam lists is the Internet itself. The compilers of lists deploy a “robot” to comb through Web sites and Usenet newsgroups looking for e-mail addresses. You may well receive a torrent of spam a few days after you post to Usenet with your real e-mail address; and you’re eventually asking for spam if you put a machine-readable address on your Web site or blog. You can get around that (for now) by using a graphic form of the address as I have done on this page. Robots can’t read that, but I would not doubt that in the future someone will create a “crawler” with optical character recognition capabilities.

A common way to evade spam robots in Usenet posts, forums, or blog comments is to munge your address— alter it so that a robot can’t harvest it, but a human who wants to reply privately to your posts can decode it.

First, create a “signature” that your news reader appends to the end of each message. The signature should contain the address where you want to receive non-spam replies, but in a creatively modified form. For example, my signature line might include:

A human should have no trouble substituting the appropriate punctuation marks, but a robot looking for addresses would most likely not recognize it, at least for now. (By the way, mail to this address goes directly into the trash without anyone seeing it.)

Then change the name, address, and reply entries in your news reader to a fake address that directs a human reader to your signature. For example:

Be sure the fake address you use isn’t an actual address or domain name (see.my.sig is good because it’s not a valid domain name).

It’s also a good idea to avoid using your real name in Usenet posts, blog comments, guestbooks, or forums because there are now “data-mining” firms that compile profiles of an individual’s Web presence for purchase by employers, law enforcement agencies, insurance companies, or just about anyone else (and remember what I said above about “Homeland Security”). If you don’t believe this, you can go to Google’s newsgroup search page. Enter a name, and you’ll soon get a list of all the posts that person has made, including the newsgroup. A determined snooper can probably find you and compile a profile even if you don’t use your real name, but why should you help him out?

I should point out that “munging” addresses as I have described violates Usenet etiquette (“netiquette”). It may also violate one of the provisions buried in the fine print of your Internet provider’s conditions of use, which you agreed to fully comply with when you signed up for service (you did read it carefully*, didn’t you?). However, this violation can be well justified because of the large amount of unwelcome and annoying mail you will receive if you post with your real address.

*Some of the “terms of service” that Internet providers or Web hosting companies demand of users are unenforceable, and even absurd. For example, one large Internet provider I’ve seen can terminate the service of anyone whose usage of an account violates any law, statute, ordinance, or regulation of any jurisdiction in the world, whether intentionally or unintentionally.

If the company actually enforced this provision, they’d have no customers at all. That e-mail about the week’s Gospel reading violates the Saudi Arabian law against promoting religion other than Islam. Writing a post in a newsgroup critical of human rights practices in China violates Chinese laws against subversive material. And it’s quite likely that many users will download material that is perfectly acceptable where they live, but which violates the obscenity laws and community standards in religiously conservative jurisdictions like rural Mississippi.

Lawyers understandably feel compelled to include provisions like this in the terms of service agreement. The consequences of a lawsuit or an overzealous prosecutor reacting to something a user does may be devastating. Whether these shielding provisions actually work is questionable at best, as to my knowledge nobody has challenged these terms of service in an appellate court. But that doesn’t stop lawyers from going to ridiculous lengths out of a genuine fear that another lawyer might do something even more ridiculous to them.

If you’re reading this outside the United States, you’re probably shaking your head in disbelief. But here in the world’s most litigious society, the lengths to which lawyers (and their clients) too often go in pursuit of “justice” (frequently a synonym for “money”) is truly mind-boggling.

Virtual Light Table Home

Copyright © 2008 by Ted R. Marcus. May not be reproduced without permission.