Home > Privacy
E-Mail and Privacy


Sending e-mail

The best way to contact me is to use the Virtual Mailbox page. If you prefer to use your favorite e-mail program, the address is graphic

I apologize for using a graphic that you can’t cut and paste. Unfortunately, it is a necessary defense against “robots” that search Web sites harvesting e-mail addresses for spammers. Spam-collecting robots make it inadvisable for anyone to include an intact machine-readable e-mail address on any Web site. I really suggest using the Virtual Mailbox page, as it will assure that I’ll get your message. You can paste text into the message entry area.

tedsimages.com Privacy Policy

More About Web Site Privacy and Security

Web Site Logging

My Web host automatically maintains a log of all access to anything on this site. This anonymous information includes, for each page and picture you view or access on my site:

The anonymous information in log entries is the only information I have about you, unless you specifically choose to contact me through my Virtual Mailbox page.

Any Web site will automatically collect this same log information, with the same combination of specificity and anonymity. Most webmasters don’t look at their raw logs. There just isn’t time to pore through tens of thousands of entries. Rather, they run tools that read the log files and create reports. The reports summarize aggregate information about traffic patterns, page accesses, and which search engine queries and words lead people to their site. This is all very helpful for making a site more appealing to visitors and increasing traffic. The information can be vital for a business site that sells products or services.

Cookies and Security Holes

Some Web sites (but not this one!) use various means to collect more information than is available through logs. It’s possible to use scripts and various “security holes” in browsers and operating systems to extract personal information from a browser. The most common technique for keeping track of personal information is the cookie. Cookies are pieces of data a Web site can ask your browser to store on your computer for later retrieval. A cookie could possibly contain information about when you visited a site, the last banner advertisement you were sent, or a user ID or password so that you don’t have to enter them every time you log in.

It is possible for different sites to read and write a shared cookie, letting them keep track of what sites and pages you visit. If one of these sites has personal information about you (such as a business with on-line ordering), the sites that share the cookie can track your surfing individually. You can make this sharing more difficult by setting your browser to reject “third-party” cookies, those that come from a site different from the one you’re currently visiting.

You can also completely disable cookies, which has certain disadvantages. Some sites may refuse to let you access certain pages, features, or even the entire site if you disable cookies.

For all the potential threat to privacy, many Web sites do use cookies to provide genuine convenience for you. For example, it is far easier to let the New York Times automatically log you into their excellent Web edition from a cookie than for you to type your name and password each time you want to read it. If you disable cookies, you’re gaining some measure of privacy in exchange for some inconvenience. It’s up to you to decide which is more important.

I use and recommend a browser add-on called Cookie AutoDelete. It’s available for Chrome (it should work with other browsers based on Chromium, including the new version of Microsoft Edge) and Firefox. As the name suggests, it automatically deletes cookies after you close a tab or the browser. That greatly complicates the ability of Web sites to track your activities. In particular, deleting Google’s cookie prevents Google from compiling and archiving your search history. The add-on lets you “whitelist” specific sites for which it retains cookies.

The uBlock Origin add-on is available for Chrome and Chromium-based browsers and Firefox. It blocks “trackers”— cookies, scripts, and other techniques— a Web site uses to follow your browsing, as well as many ads. It provides the option of pausing its blocking (some sites and features won’t work if you block the trackers) or “whitelisting” trustworthy sites. uBlock Origin complements the Cookie AutoDelete add-on by blocking ads and “trackers” that are active while you’re browsing a site; Cookie AutoDelete cleans up anything left behind after you’re done browsing that site. I use and recommend both add-ons.

Modern browsers include a “private” mode that does not maintain a browsing history or cookies. This can be useful for hiding your browsing history from other household members, but by itself it won’t protect you from Web sites tracking you with cookies or other techniques placed on your computer before you started “private” browsing.

DNS Logging

When you enter the URL (address) of a Web site in your browser, the browser contacts a domain name server (DNS) to translate that URL into the site’s numerical IP address. The computers that make the Internet work use IP addresses to contact each other. Most often, your browser contacts your Internet provider’s DNS.

Internet providers usually keep logs of each translation request, effectively compiling a complete history of every Web site you visit. Since your Internet provider also has your name and address, they can readily match it with your IP address to sell your browsing history to advertisers or forward it to the NSA. Even with your browser’s “private” mode and the add-ons to block cookies and trackers, your Internet provider still records every Web site you visit. Their DNS may also redirect requests for nonexistent URLs (including typographical errors) to their own advertising site, a practice called “DNS hijacking.”

A way around that security hole is to use a third-party DNS that does not keep logs. That may also speed up your Web surfing by returning translated URLs faster, but that speed improvement may or may not be enough to notice. Google operates what they claim is the world’s largest public DNS. They log your IP address and translation requests, but delete them “within 24-48 hours.” If you’re leery of Google, Cloudflare claims to have the world’s fastest public DNS. They also insist that they do not maintain logs of anyone’s IP address and translation requests. Setting up a computer to use one of these DNSes requires some technical knowledge. The linked Web sites provide the information needed for configuring various operating systems.

Secure Web Site

tedsimages.com is a “secure” Web site, as indicated by the green padlock icon in front of the URL in your browser’s address bar. That means any data traveling between the site’s server and your browser is encrypted in both directions, so hackers, criminals, or your Internet provider can’t intercept or alter it.

This encryption is absolutely necessary for any Web site that collects sensitive or personal information, such as passwords or credit card numbers. If you’re visiting the Web site of a bank, insurance company, merchant, or anyone else that handles your personal or financial data or lets you pay by credit card, it’s essential to look at the address bar to make sure the green padlock icon is present before you enter any information. If it’s not there, or particularly if the browser displays a message that “this site is not secure,” that’s a red flag telling you not to trust the site with your Social Security or credit card number!

As noted above, this site does not collect or transmit any personal or sensitive information, so secure encryption is not necessary to protect you. But I have secured it as my obeisance to Google and its campaign to secure the entire Web. As the owner of the world’s dominant search engine, Google has been actively “encouraging” Web site owners to secure their sites, even if it’s not otherwise necessary: Their search algorithms penalize non-secure sites. In 2017, Google decided to give reluctant Web site owners a friendly nudge by increasing that penalty.

A secure Web site does have one potential advantage, even if it does not handle personal or sensitive information. When you visit a non-secure site, your Internet provider, a hacker, or the NSA can track and log every page you view, every file you download, and every comment you left on a message board. With a secure site they can see that you visited tedsimages.com, but not which pages you viewed or anything else you did here. (I could still see what pages you visited if I wanted to dig through the site’s log files. But I would see only the numeric IP address of your computer or router, which I have no way of associating with you. Nobody else has access to those logs, absent a lawful warrant or court order.)

One more advantage of a secure site: Some greedy operators of Wi-Fi access points at airports, hotels, and other places “inject” ads into the pages users browse. The ads are not only unwelcome and annoying, but the “injection” mechanism can potentially carry malware. A secure site is immune to these “injections.”

About Spam, Malware, and Social Media

What’s the best thing to do if you receive unsolicited e-mail advertising a surefire investment, dodgy prescription drugs, genuine replica watches, mail-order degrees, or an urgent request to update your account at a bank you’ve never heard of? Delete it immediately! Spammers nearly always use a bogus originating address (possibly yours!), so the formerly-recommended approach of forwarding the message to the “abuse” address of the sender’s Internet provider no longer works. Never reply to the message or follow any instructions in the message purporting to remove you from the list! That’s the equivalent of telling the spammer, “I received your spam at a valid e-mail address that accepts spam. So please send me a whole lot more! And don’t forget to sell my address to every other spammer you know, and let them all know how eager I am to receive as much spam as they care to send me!”

If your mail-reading program asks for permission to display images or “remote content,” do not click that button if the e-mail is from an unknown sender. The “remote content” may include a “beacon” that has the same effect as replying to the message. Similarly, never allow the mail-reader to send a return receipt if an unknown sender has requested it.

Never click on any attachment to a spam e-mail. It is almost certainly a virus or other “malware” that can steal or damage data on your computer. If you receive any e-mail from an unknown address with an attachment, delete it immediately, preferably without opening it.

And above all, never click a link to respond to what the spammer is “offering,”, even if you’re just curious. I call spam e-mails spamatozoa, since the analogy with fertilization is appropriate. A male releases millions of gametes with each procreative act, which cost him almost nothing to produce. But he’s successful if only one of them ever yields an offspring. Spam e-mails cost next to nothing to create and send, making spam economically viable even if only one rube takes the bait after spewing a few thousand messages.

Clicking on a link in a spam e-mail may to a Web site that infects a user’s computer with malware. One common form of malware surreptitiously drafts computers into a “botnet,” an army of hijacked computers that do the spammers’ dirty work of spewing Internet pollution. The malware also ransacks the infected user’s address book and adds the contents to the lists of valid addresses that circulate among spammers. A friend’s infected machine may be what signed you up for a flood of spam! Keeping your Windows computer updated with Microsoft’s continuing security patches— Macintosh and Linux computers are less vulnerable to malware, at least for now— running updated anti-virus and anti-spyware software, and using non-Microsoft applications will reduce your vulnerability to malware, but it’s always best to avoid the most notorious sources of infection.

Another very fertile source of addresses for spam lists is the Internet itself. The compilers of lists deploy a robot to comb through Web sites looking for e-mail addresses. You may well receive a torrent of spam a few days after you make a forum post or blog comment with your real e-mail address; and you’re eventually asking for spam if you put a machine-readable address on your Web site or blog. You can get around that (for now) by using a graphic form of the address as I have done on this page. Robots can’t read that, but I would not doubt that in the future someone will create a “crawler” with optical character recognition capabilities.

(OCR may not even be needed. A spammer can pay someone in India a few rupees to search Web sites for graphical addresses or contact forms. That probably explains the “offers” I periodically get from outfits in India, Russia, China, or Vietnam to “professionally” redesign my Web site at remarkably affordable prices. Many of those e-mails are hand-pasted into my Virtual Mailbox form. They occasionally are addressed to the owner of an entirely different Web site, thus proving the adage that “if you pay peanuts, you’ll get monkeys.”)

It’s also a good idea to avoid using your real name in blog comments, guestbooks, or forums because there are now data-mining firms that compile profiles of an individual’s Web presence for purchase by employers, law enforcement agencies, insurance companies, landlords, mortgage lenders, or just about anyone else (and remember what I said above about “Homeland Security”). If you don’t believe that, try Googling yourself! A determined snooper can probably find you and compile a profile even if you don’t use your real name, but why should you help them out?

Social media is another balancing act. If you use LinkedIn for business networking or job hunting, use a dedicated e-mail address for your contact information. That way you can discard it and change to a new one when it inevitably becomes overwhelmed with spam. If you use Facebook, it’s definitely a good idea to restrict your posts and profile to “friends only.” That will limit access by spammers and scammers, as well as making it more difficult for employers, landlords, creditors, and others to snoop on your personal life.

Again, that won’t probably won’t stop determined snoopers; and it won’t protect you from an employer that demands your social media passwords so they can log in and see everything you post and follow. (If you’re job hunting and a prospective employer makes that demand, they could be telling you they’re a company you don’t want to work for.) Locking down your Facebook profile definitely won’t hide your personal data from whoever Facebook itself might sell it to, or from the NSA’s All-Seeing Eyes (along with the other agencies with which it most likely shares the bounties of its ever-expanding dragnet). But you have no obligation to help any of them surveil you.

tedsimages.com Home