Home > Privacy
E-Mail and Privacy

Contents


Sending e-mail

The best way to contact me is to use the Virtual Mailbox page. If you prefer to use your favorite e-mail program, the address is graphic

I apologize for using a graphic that you can’t cut and paste. Unfortunately, it is a necessary defense against “robots” that search Web sites harvesting e-mail addresses for spammers. Spam-collecting robots make it inadvisable for anyone to include an intact machine-readable e-mail address on any Web site. I really suggest using the Virtual Mailbox page, as it will assure that I’ll get your message. You can paste text into the message entry area.

tedsimages.com Privacy Policy


More About Web Site Privacy and Security

Web Site Logging

My Web host automatically maintains a log of all access to anything on this site. This anonymous information includes, for each file you view or access on my site:

The anonymous information in log entries is the only information I have about you, unless you specifically choose to contact me through my Virtual Mailbox page.

Any Web site (other than free “community” pages or the personal Web space that many Internet providers offer) will automatically collect this same log information, with the same combination of specificity and anonymity. Most webmasters don’t look at their raw logs. There just isn’t time to pore through tens of thousands of entries. Rather, they run tools that read the log files and create reports. The reports summarize aggregate information about traffic patterns, page accesses, and which search engine queries and words lead people to their site. This is all very helpful for making a site more appealing to visitors and increasing traffic. The information can be vital for a business site that sells products or services.

Cookies and Security Holes

Some Web sites (but not this one!) use various means to collect more information than is available through logs. It’s possible to use scripts and various “security holes” in browsers and operating systems to extract personal information from a browser. The most common technique for keeping track of personal information is the cookie. Cookies are pieces of data a Web site can ask your browser to store on your computer for later retrieval. A cookie could possibly contain information about when you visited a site, the last banner advertisement you were sent, or a user ID or password so that you don’t have to enter them every time you log in.

It is possible for different sites to read and write a shared cookie, letting them keep track of what sites and pages you visit. If one of these sites has personal information about you (such as a business with on-line ordering), the sites that share the cookie can track your surfing individually. You can make this sharing more difficult by setting your browser to reject “third-party” cookies, those that come from a site different from the one you’re currently visiting.

You can also completely disable cookies, which has certain disadvantages. Some sites may refuse to let you access certain pages, features, or even the entire site if you disable cookies.

For all the potential threat to privacy, many Web sites do use cookies to provide genuine convenience for you. For example, it is far easier to let the New York Times automatically log you into their excellent Web edition from a cookie than for you to type your name and password each time you want to read it. If you disable cookies, you’re gaining some measure of privacy in exchange for some inconvenience. It’s up to you to decide which is more important.

One of the reasons I prefer the Firefox browser is an add-on called Self-Destructing Cookies. As the name suggests, it automatically deletes cookies soon after leaving a Web site or closing the browser. That greatly complicates the ability of Web sites to track your activities. In particular, deleting Google’s cookie prevents Google from compiling and archiving your search history. The add-on lets you “whitelist” specific sites for which it retains cookies. It’s available for the desktop and Android versions of Firefox.

I am not aware of any comparable capability for other browsers. But the Ghostery add-on is available for all the major desktop and mobile browsers. It notifies you of the “trackers”— cookies, scripts, and other techniques— a Web site uses to follow your browsing, and blocks them. It provides the option of pausing its blocking (some sites and features won’t work if you block the trackers) or “whitelisting” trustworthy sites. Ghostery complements the Self-Destructing Cookies add-on by blocking “trackers” that are active while you’re browsing a site; Self-Destructing Cookies only works after you’ve left a site. I use and recommend both add-ons.

Most modern browsers include a “private” mode that does not maintain a browsing history or cookies. This can be useful for hiding your browsing history from other household members, but by itself it won’t protect you from Web sites tracking you with cookies or other techniques placed on your computer before you started “private” browsing. And neither “private” mode nor the add-ons block the records of your browsing and search history that your ISP maintains (and possibly sends to the NSA). Caveat surfer!

Secure Web Site

tedsimages.com is a “secure” Web site, as indicated by the green padlock icon in front of the URL in your browser’s address bar. That means any data traveling between the site’s server and your browser is encrypted in both directions, so hackers, criminals, or your Internet provider can’t intercept or alter it.

This encryption is absolutely necessary for any Web site that collects sensitive or personal information, such as passwords or credit card numbers. If you’re visiting the Web site of a bank, insurance company, merchant, or anyone else that handles your personal or financial data or lets you pay by credit card, it’s essential to look at the address bar to make sure the green padlock icon is present before you enter any information. If it’s not there, or particularly if the browser displays a message that “this site is not secure,” that’s a red flag telling you not to trust the site with your Social Security or credit card number!

As noted above, this site does not collect or transmit any personal or sensitive information. But I have gone through the expense and hassle of securing it mainly because of Google’s campaign to secure the entire Web. As the owner of the world’s dominant search engine, Google has been actively “encouraging” Web site owners to secure their sites, even if it’s not otherwise necessary: Their search algorithms penalize non-secure sites. In 2017, Google decided to give reluctant Web site owners a friendly nudge by increasing that penalty.

A secure Web site does have one potential advantage, even if it does not handle personal or sensitive information. When you visit a non-secure site, your Internet provider, a hacker, or the United States National Security Agency can track and log every page you view, every file you download, and every comment you left on a message board. With a secure site they can see that you visited tedsimages.com, but not which pages you viewed or anything else you did here. (I could still see what pages you visited if I wanted to dig through the site’s log files. But I would see only the numeric IP address of your computer or router, which I have no way of associating with you. Nobody else has access to those logs, absent a lawful warrant or court order.)

One more advantage of a secure site: Some greedy operators of Wi-Fi access points at airports, hotels, and other places “inject” ads into the pages users browse. The ads are not only unwelcome and annoying, but the “injection” mechanism can potentially carry malware. A secure site is immune to these “injections.”


About Spam, Malware, and Social Media

What’s the best thing to do if you receive unsolicited e-mail advertising a surefire investment, dodgy prescription drugs, genuine replica watches, mail-order degrees, or an urgent request to update your account at a bank you’ve never heard of? Delete it immediately! Spammers nearly always use a bogus originating address (possibly yours!), so the formerly-recommended approach of forwarding the message to the “abuse” address of the sender’s Internet provider no longer works. Never reply to the message or follow any instructions in the message purporting to remove you from the list! That’s the equivalent of telling the spammer, “I received your spam at a valid e-mail address that accepts spam. So please send me a whole lot more. And don’t forget to give (or sell) my address to every other spammer you know, and let them all know that I’m eager to receive as much spam as they care to send me!”

If your mail-reading program asks for permission to display images or “remote content,” do not click that button if the e-mail is from an unknown sender. The “remote content” may include a “beacon” that has the same effect as replying to the message. Similarly, never allow the mail-reader to send a return receipt if an unknown sender has requested it.

Never click on any attachment to a spam e-mail. It is almost certainly a virus or other “malware” that can steal or damage data on your computer. If you receive any e-mail from an unknown address with an attachment, delete it immediately, preferably without opening it.

And above all, never click a link to respond to what the spammer is “offering,”, even if you’re just curious. I call spam e-mails spamatozoa, since the analogy with fertilization is appropriate. A male releases millions of gametes with each procreative act, which cost him almost nothing to produce. But he’s successful if only one of them ever yields an offspring. Spam e-mails cost next to nothing to create and send, making spam economically viable even if only one rube takes the bait from a spewing.

Clicking on a link in a spam e-mail may to a Web site that infects a user’s computer with malware. One common form of malware surreptitiously drafts computers into a “botnet,” an army of hijacked computers that do the spammers’ dirty-work of spewing Internet pollution. The malware also ransacks the infected user’s address book and adds the contents to the lists of valid addresses that circulate among spammers. A friend’s infected machine may be what signed you up for a flood of spam! Keeping your Windows computer updated with Microsoft’s continuing security patches— Macintosh and Linux computers are less vulnerable to malware, at least for now— running updated anti-virus and anti-spyware software, and using non-Microsoft applications will reduce your vulnerability to malware, but it’s always best to avoid the most notorious sources of infection.

Another very fertile source of addresses for spam lists is the Internet itself. The compilers of lists deploy a robot to comb through Web sites looking for e-mail addresses. You may well receive a torrent of spam a few days after you make a forum post or blog comment with your real e-mail address; and you’re eventually asking for spam if you put a machine-readable address on your Web site or blog. You can get around that (for now) by using a graphic form of the address as I have done on this page. Robots can’t read that, but I would not doubt that in the future someone will create a “crawler” with optical character recognition capabilities.

(OCR may not even be needed. A spammer can pay someone in India a few rupees to search Web sites for graphical addresses or contact forms. That probably explains the “offers” I periodically get from outfits in India, Russia, China, or Vietnam to “professionally” redesign my Web site at remarkably affordable prices. Many of those e-mails are hand-pasted into my Virtual Mailbox form. They occasionally are addressed to the owner of an entirely different Web site, thus proving the adage that “if you pay peanuts, you’ll get monkeys.”)

It’s also a good idea to avoid using your real name in blog comments, guestbooks, or forums because there are now data-mining firms that compile profiles of an individual’s Web presence for purchase by employers, law enforcement agencies, insurance companies, landlords, mortgage lenders, or just about anyone else (and remember what I said above about “Homeland Security”). If you don’t believe that, try Googling yourself! A determined snooper can probably find you and compile a profile even if you don’t use your real name, but why should you help him out?

Social media is another balancing act. If you use LinkedIn for business networking or job hunting, use a dedicated e-mail address for your contact information. That way you can discard it and change to a new one when it inevitably becomes overwhelmed with spam. If you use Facebook, it’s definitely a good idea to restrict your posts and profile to “friends only.” That will limit access by spammers and scammers, as well as making it more difficult for employers, landlords, creditors, and others to snoop on your personal life. Again, that won’t probably won’t stop determined snoopers, and definitely won’t hide you from the NSA’s All-Seeing Eyes (or from the other agencies with which it most likely shares the bounties of its ever-expanding dragnet). But why make their job easier?

tedsimages.com Home