Privacy issues on the Web

The issues around online privacy are complex, and there is no single "solution" because every individual has different preferences about their online identity and privacy.  This article is not meant as an exhaustive discussion about online privacy issues - that is a much larger discussion - but rather is intended to highlight just a few issues that serve as examples of why you need to keep privacy in mind when using the internet.


Unsolicited junk e-mail (spam) can be a real nuisance. In 2009, over 90% of all e-mail sent was spam. There are plenty of anti-spam techniques in use to prevent spam or detect and block it, which is why 90% of the e-mail you receive is not spam (I hope!).  Here are some simple practices you can employ to reduce spam:

  • don't publish your (or anyone's) e-mail address on a website unless you know that site uses anti-spam e-mail obfuscation ( uses sophisticated e-mail obfuscation)
  • don't use your primary e-mail for signing up on websites, entering contests, etc.  Get a second email (e.g., via gmail) for these uses - one that you can throw away if it starts getting spammed too badly.  Use e-mail forwarding to forward messages to your regular address so you only need to check the one.

Data Mining and Profiling

Data Mining on the web is a technique for assembling coherent data and relations on a particular subject by extracting it from a wide set of sources (e.g., web pages, e-mails, document collections, etc.)

Profiling is a suite of techniques used to "discover patterns or correlations in large quantities of data"

As with any technologies, these techniques can be put to beneficial, benign, or malignant purpose, depending on how they are used.

Here's an example:

Say there was a young lady living in Canada who makes frequent trips to the US.  When she comes and goes, she posts ads on the internet with her travel plans to try to arrange ride shares. 
If someone was mining for data about that person, they may be able to assemble a pretty good itinerary of exactly when that person entered and left the country.  Over an extended period, they could use this as a basis to create quite an accurate profile of their lifestyle / living / working arrangements.
This obviously represents a fairly significant invasion of privacy.

Key points:

  • Although any individual post you make on the internet (e.g., an ad on Craiglist, a message to an e-mail list, etc.) may be completely benign, the sum total of many such posts could collectively reveal more about your personal life than you feel comfortable with.
  • This is only a problem is there are useful relations in the data - namely your identity attached to a piece of information about you.  Using a pseudonym or first-name-and-initial online and perhaps even a more anonymous e-mail address for posting in public places (e.g., noneofyourbusiness42 [at] gmail [dot] com) can go a long way to protecting your privacy.

Spear Phishing

Phishing is a well-known technique used by scammers to try to con gullible or greedy people into a confidence fraud.  The famous "Nigerian millionaire" e-mail scam is an example.  These scams typically use a "broadcast" approach - with millions of "tries" needed to "hook" a con - thus, once you know what to look for, these phishing scams are generally easy to recognize.

Spear Phishing is a more sophisticated technique that uses personal information to tailor the confidence scam, making it harder to detect.  In general, the scam targets an individual by using information gleaned from their online activities and/or by masquerading as someone trusted by that individual. 
An example (happened right here on lasqueti) is the "Stranded Friend" scam, where you get an e-mail from a friend in need who asks you to send money to help them out of a jam.  The more information the scammer has about you and your friend, the more personal details they can insert in the scam, thus making it harder to detect as a scam.

Key Points

  • always critically evaluate any offer or plea for help - if it sounds fishy, or too good to be true, it probably is.
  • e-mail addresses can be "spoofed", identities can be stolen, personal details can be mined - so even an e-mail from a friend that contains personal details can't be 100% trusted.