The Search for Ways to Protect Your E-dentity

Although it’s too early in this article to discuss exploding e-mail, suffice to say that crafty new techniques to protect your online privacy are about to make a bang.

And they’re arriving not a moment too soon.

Studies show privacy is one of our greatest fears when we wander the World Wide Web. And for good reason: Like bread crumbs in a forest, every mouse click in cyberspace leaves an electronic trail, revealing bits about our identity, geographical location and tastes.

Online merchants and marketers routinely collect this information using software tools that are widely available to Web site operators. As a result, others may know more about who we are and what we like than we realize--or want.

“We’re starting to see the outlines of what could become a serious privacy problem,” said David Sobel, general counsel for the Electronic Privacy Information Center in Washington. “The whole issue boils down to a consumer’s control of data about them.”

So what can you do to protect yourself?

Plenty. Even as online data collectors race to find out more about you, a growing number of start-ups are swooping in to help you take control of your identity and fend off online snoops.

Of course, privacy advocates caution that the best protection is still common sense.

“All the technology in the world won’t help you if you start giving out your password or e-mail address voluntarily,” said Lance Cottrell, CEO of Anonymizer.com.

But common sense can only do so much. That’s why Cottrell’s was one of the first Web sites to offer a technological solution to the dilemma of online privacy.

Anonymizer.com (https://www.anonymizer.com) does for your online correspondence and mouse trails what offshore banks do for cash: launders them by passing Web pages through its computers, scrubbing away every electronic trace of who you are or where you come from.

Specifically, Anonymizer hides your Internet Protocol address, a unique number assigned to every online computer that offers clues to its owner’s real-world identity and location. It also diverts cookies, small data files that Web sites quietly insert on your hard drive to track you, as well as JavaScripts, programs embedded in Web pages that could be used to peek at the files on your computer.

The service--and more recent imitators such as Aixs Net Privacy--is simple to use: enter the address of the Web site you want to visit into an on-screen address bar.

Customized Cloaking Devices

Anonymous Web browsing comes at a price, however. Using these services is usually slower than surfing directly. Also, cookies and JavaScripts aren’t always bad. Cookies, for example, save you from having to punch in your password repeatedly on a secure Web site and make it possible to customize your Yahoo home page with local weather and the prices of your favorite stocks.

(Anonymizer.com offers a faster service for $50 a year that gives subscribers the option of choosing which cookies they want to keep and which they want to chuck.)

E-mail presents its own privacy dilemmas. Like a postcard, an electronic message can be read by any competent hacker as it hops from computer to computer to its destination. And its journey leaves a trail with your name at the beginning.

To keep your identity secret, you can use a “remailer.” These services--Anonymizer and Replay are two good ones--strip away identifying information in the header of your e-mail and bounce the message through several computers to erase all traces of its origin.

Because of the circuitous routing, remailers are slower than sending e-mail directly. Also, since your recipient has no idea who sent the mail, they may have a hard time replying (which is why this technique is popular among junk e-mailers).

Launched this month, a new service called ZipLip (https://www.ziplip.com) offers an alternative for people who want to keep their correspondence private but want recipients to know who sent it.

To use it, you compose an e-mail on the secure ZipLip Web site. Afterward, ZipLip notifies the recipient that a letter is waiting. To read the message, the recipient punches in a password previously worked out with the sender. After the note has been read, ZipLip digitally shreds it.

Even more exotic technologies are on the way. Remember the tapes Peter Graves listened to on “Mission: Impossible”? Well, a start-up in Austin, Texas, has figured out how to make an e-mail message self-destruct.

“It does everything but smoke,” says Bob Gomes of Infraworks, which plans next month to unveil the free service, called InTether, which allows you to retain control of an e-mail after it arrives at its destination.

The service protects file attachments--anything from a word processor document to a music file. To use it, both sender and recipient need a copy of the free software. Once installed, the sender can specify who can open the file, how many times it can be read or printed--even how many minutes or hours it can be used before expiring. The file is then encrypted and dispatched.

Linking Up While Preserving Anonymity

Once the message expires, or if someone tries to tamper with it--poof! The file goes bye-bye, wiped completely from the recipient’s hard drive using a technique developed by the Defense Department to erase classified disks.

But not everything we do on the Internet has to be so cloak-and-dagger. After all, sometimes we actually want to let a merchant know who we are. How do we e-shop without totally losing control of our name, address and other personal information?

That’s where “infomediaries” come in. Infomediaries are firms that play matchmaker between companies and consumers. It’s a radically different take on traditional commercial relationships--and one that not everyone is convinced will succeed.

Here’s how it works: Say you’re in the market for a trip to Europe. You contact your infomediary, who puts the word out to travel agents and tour companies, disclosing only nonidentifying demographic information such as your age or income level. Based on this data, travel companies dispatch targeted offers to you via e-mail.

If you like what you see, you respond. If not, they’re none the wiser.

“The consumer will be in control of a brand called ‘me,’ ” said Cathy Meister, vice president of marketing at PrivaSeek Inc., a start-up infomediary in Colorado.

But critics wonder whether consumers will trust unknown infomediaries enough to hand over the same information--name, address and credit card number--that they don’t want to give to marketers, notes Beth Givens of the Privacy Rights Clearinghouse.

That’s why some privacy advocates are touting infomediaries such as Enonymous.com (https://www.enonymous.com), a San Diego start-up that plans to connect buyers and sellers while remaining blind to the identity of its customers.

The company is being praised for its new free software utility for checking the online privacy policies that more and more Web sites are posting to ease consumer fears and head off government regulation.

“Just because a site has a privacy policy, it doesn’t mean companies are looking out for consumers,” said David Taylor, chief executive of Enonymous.com. “We found many privacy policies are like a sieve--full of holes.”