The Dangerous Internet, Part 1
The content on this page is contributed by our member families. Opinions do not represent those of Inglemoor Cooperative Preschool. Due to the continuously changing nature of the web and of life in general, we cannot guarantee the accuracy of the page.
I've written this article to help parents understand the dangers inherent in allowing children to use the Internet. Please feel free to contact me with any additional questions or comments. The ICP Webmaster
I’m going to talk about some of the scariest stuff about your computer and the internet. And I’m going to be totally worst case scenario here. But this should give you a taste of what your child will face if left unsupervised on the Internet.
And since you’re reading this, perhaps you’re thinking “I don’t know much about computers or what’s happening on the Internet so how can I help?” Well, as an adult, you can be suspicious of sending information, running programs or trusting a website. Cynicism is very important when on the Internet. You’re much more prepared to be suspicious and judge credibility than your children. As the X-Files taught us: Trust No One.
The first thing to know about computer security and Internet safety is that security is not a product, it is a process. Just like we wish good parenting (or patience) could be bought at a store, computer security can't be simply bought and installed. Security must be learned, practiced and followed through every day. And children must follow these rules. Sure there are some products which we must buy to help keep us secure, but none of these products will keep us secure without discipline and process.
Quick summary
For those of you who just want a quick summary of what to do or not do, this section is for you. You really should read the rest of the article to understand why I make these recommendations.
- Don't allow your children to send pictures over the Internet.
- Do educate your children on being Net smart.
- Don't download or buy any software from a company that you can't trust. Read reviews on software from reputable sources.
- Don't visit any Internet websites you don't trust.
- Don't let your children use the Internet without a thorough education about talking to strangers. And that everyone on the Internet should be considered a stranger. Warn them to never give out any personal or confidential information out to anyone.
- Do teach your children to be suspicious of everything they see on the Internet and to ask you before they do anything out of the ordinary. Because it's so easy to get accidentally moved to an "obscene" website, you should discuss what your family considers "obscene," untruthful or just plain mean spirited and invite them to discuss websites they see with you. If your children aren't old enough for this conversation, consider your children too young to use the Internet.
- Don't write anything into an email that you wouldn't send on a postcard. I had to tell my accountant that he should never email me a copy of my taxes.
- Do purchase Internet security software for all your computers. You need a firewall, anti-virus, and anti-spyware at an absolute minimum.
- Don't view pictures in any emails you don't trust.
- Regularly delete your cookies or use a spyware remover to delete adware cookies.
What kinds of danger are your kids exposed to?
I actually had no idea of the variety of crimes that can happen to your children. I have not read any of these informational links in great detail, so parents please read them yourself and use at your discretion. For example, how bad would it be for your child to send a school yearbook photo to a chat friend? According to the United States Department of Justice, this is a terrible idea. It turns out that it is very simple to take that picture and seamlessly graft it onto some child pornography. Suddenly your child is a victim of child pornography. It may not really be his/her real body, but it is pornography just the same. Fake or not, this would really hurt a child’s feeling if their schoolmates found it.
I’m betting even the United States Department of Justice doesn’t really know how many ways your child can be taken advantage of, so be extra careful. The FBI has a parent’s guide to your child’s Internet safety. They also link to an organization called NetSmartz who appear to have educational information for parents, teens and kids. There is much more information also available at the National Center for Missing And Exploited Children. In addition, WiredSafety.org has a lot of information for parents, children, educators and even law enforcement professionals.
Here’s another easy way for your child to fall victim to the Internet. Let’s say that a “reputable” website runs a contest to win a free Xbox 360 (or Nintendo GameBoy or Playstation3 or iPod; whatever toy your child will want) and all your child has to do is give them their email address. Once they give their email address away, they will soon find themselves getting unwanted commercial email (spam). And that email will inevitably be undesirable in many ways. Pornography is one of the most profitable businesses on the Internet, closely followed by phishing schemes and identity theft. All those businesses send spam mail by the billions every day.
And even for parents of teenagers, take a look at this NBC Dateline investigation into MySpace.com and the problems that even security minded teenagers ran into giving away too much personal information. It's not a problem with MySpace.com specifically. Any website or friend making game encourages teens to give out personal information in order to make more friends. The Dateline article talks about ways that predators can get personal information from children and ways predators take advantage of children.
Here's a rule that you should think about. If you think it's a good idea to not have your child talk to a stranger, then don't let them use the Internet without supervision. Everyone on the Internet should be considered a stranger. Especially if you think you know who is on the other side of the conversation.
Every email and instant message is an open letter
You should know that every email you send can hop from server to server trying to find your email server. And it leaves copies of itself as it hops. Instant messages can do similar hopping. So this means that whenever you send a message, you're effectively sending a postcard for everyone to read. Even if you're talking to somebody you know, a stranger could be listening into every message you send.
Napolean complex: Every little program wants to take over your computer
How would you like it if strangers took control of your computer and read everything on it? Or perhaps steal your identity and ruin your credit. Or maybe just use your computer to send hundreds of thousands of pornographic spam mails especially to all your closest friends? How exactly can this be happening?
Anything that runs on your computer is a program. And almost all programs can take complete control of your computer. So when you download programs from the Internet, you are letting some unknown programmer take control of your computer. Any one of these programs could install “hooks” into your computer so somebody else on the Internet could take over your computer. Or send out pornographic spam email. Or insert a keystroke logger (which records every keystroke and mails the results to someone; think about recording every password, even your credit card numbers, your password for online banking, etc). So you’d better trust the programmer. This doesn’t mean that you can’t trust free programs, but you’d better be very careful who you trust.
Strangely, things that don’t seem like programs are also potential programs. In some cases, a picture on a webpage can be a program (JPG and WMF picture readers had flaws which allowed people to take over your computer). And modern web pages are absolutely a bunch of programs inside. So if you don’t trust the website, don’t even look at it.
Malware is the latest name for all kinds of program that do things you don’t want. These programs take away your computer and turn it into a weapon against you. And they get on your computer either without your permission or websites fool you into installing malware on the computer by pretending to be either entertaining or useful (“This utility helps you increase your computer performance for free!”).
It started out as programs which would take control of your computer. Then there were programs which just displayed ads on your program. And then there were programs which spied on where you went and what you typed. Nowadays, everything has the potential to put malware on your computer. Downloading a free program is absolutely a high risk scenario. Only download programs you can trust.
Recently just playing an audio CD became a security problem. Sony Music and BMG Music Club released millions of CDs which, when played on your computer, basically installed a rootkit virus which would prevent you from pirating their music (this is their idea of copy protection - it was meant to stop computers from converting the songs to MP3s). Unfortunately, virus writers all started hiding deep inside the Sony virus. Sony recalled the discs but the damage is already done. People’s computers are compromised and they likely don’t know about it (How many Ray Charles or Celine Dion listeners check the Internet about a music CD recall?). By the way, to listen to a CD and NOT load any software like this, hold down the left shift key while the CD is starting to spin (keep it down for at least 20 seconds).
A couple years ago, keystroke loggers became a big deal. People would install keystroke loggers to snoop on their significant others (to catch spouses writing love notes to online lovers or to watch their children interact on the family computer). Then they would read the keystroke logs (it just records which keys you hit and in what order). Now these loggers are being installed by nefarious “hackers” all over the place as a great way to find out credit card numbers, social security numbers, usernames and passwords to your banking website, etc. It's likely that computers that are rented at Internet Cafes have keystroke loggers installed. That way, whenever people log onto their banks, corporate networks, or buy stuff online they will type in their username, password or credit card information and the person who recorded all those keystrokes will have all the information they need to break in and steal your money (to foil these guys, use the mouse to click around and type in everything usernames and passwords out of order).
In the last couple years, the most ironic malware is a program which masquerades as an anti-virus, but which is actually a virus itself, which immediately tries to disable your anti-virus so it can hide in your machine. A lot of other “helper” programs have turned out to be various forms of malware, so NEVER download or run any programs that you can’t trust.
Tracking cookies
Even though cookies have been around for thousands of years, leave it to the Internet to make them intrusive and dangerous. Cookies are little bits of data that websites leave on your hard drive. Generally, they are helpful. They allow a website to remember who you are when you go to your website (and also allows One Click Shopping). And sometimes the cookie makes it so you don’t have to log in with a password.
But now cookies are being used to spy on where you visit on the Internet. Often ads that appear on reputable websites will drop a cookie on your machine. And similar ads will check for them. You are usually only identified as a number (but it’s not impossible to match it to your name or even your credit card), but that still means that people are watching where you go. And it also means that websites you visit can raise the price before you buy (noticing that you’ve been visiting their competitors). In fact, Amazon.com was doing something similar, where they would quote higher prices for people who kept buying from them, giving you the opposite of a good customer discount. Amazon has promised not to do it again, but many shopping websites do variations of this scheme (look at a product for more than 2 times and watch the price go up suddenly). Knowing how to purge your cookies is a great thing. It happened to me while online shopping and I figured it out when using a different browser (each browser stores cookies in a different place, so a different browser on the same computer looks like a different user to the website).
Tracking pictures
You know how sometimes you read an email, but you really want to pretend you didn’t read the email (like letting the answering machine answer your telephone to screen calls). Well tracking pictures can tell the sender that you read their email. And if the spammer knows you read their spam, he’ll send you even more spam (though even if you don’t read it, they’ll send you spam). That’s why good email programs will not show you any pictures in your email until you click the button allowing the pictures to be downloaded. Never show pictures unless you trust the person who sent the email. Actually read the text to make sure it seems like your friend sent the message (worms send spam or themselves through your friend’s actual computer and it seems like your friend sent the email, when actually, it’s a worm).
How does this work? A picture in the email isn’t actually included in the email. It needs to be downloaded from somebody’s website. The name of the picture is slightly different for each mail sent. So Oreo.gif is changed to Oreo_234383523fasdf.gif on your email. When the webserver sees that name, it returns Oreo.gif but remembers that email recipient 234383523fasdf actually read the email. And now your email reading habits can be tracked.
Is there anything you can trust?
Questionable websites by the millions … and more every day There are billions of websites on this planet, with millions more being added every year. Tens of thousands of these are created by scam artists and criminals. They are very sophisticated operations often located in foreign countries so US law enforcement can’t get to them. You’d think it would be easy to avoid these websites, but phishing scams and website indirection makes it very easy to get sucked into reading these sites. Organized crime is now getting involved into internet fraud, so it's only going to get worse.
Website hijacking
Incorrectly typing www.disney.com as www.diney.com brings you to a website which links to naked women and playboy. I’m sure you can find much worse and get hijacked straight to a porn website. It used to be that typing in www.superbow.com led straight to a hardcore pornography website with nudity on the front page. And don’t assume that just asking the kids to use Favorites or Bookmarks buttons will make you safe. It’s simple to trick people into adding new Favorites or Bookmarks onto their browser.
Even carefully looking at the address where you end up is tricky. It turns out that there are unusual characters used in foreign languages which are VERY close to our English characters. For instance, what’s the difference between Citibank and Ctbank. Look very closely. As of 2005, people can create web addresses with the very unusual or or any number of other hard to discern characters. So now when people send you to another website, it could be a total fraud which is there only to collect your passwords (and in Citibank’s case, your banking account information or credit card).
In some cases, hackers have actually taken over the “backbone” DNS servers that run the Internet. DNS is what converts www.yahoo.com into the actual IP address where Yahoo’s servers are located. If somebody hacks those servers and changes the IP address to their own servers, suddenly you are talking to their servers and a trusted website is no longer trustable. Usually a hack like this is found quickly and corrected, but you can see the risk.
Reputable websites can give you viruses, too
Hackers have taken over and defaced all kinds of websites from major dot com websites to banks to the federal government itself. And theft of credit card information has been done all over the web as well. So even if you trust your credit card company or bank, is it too hard to believe that somebody may have hacked your bank’s website, then installed malware on your computer? While you may trust their business scruples, if their website security isn’t good, you shouldn’t visit their website.
Ad websites must get hacked, putting all ads at risk. I’m just going to make a wild guess here, but if some of the best websites in the world get hacked, I’d say that ad websites must get hacked. Do you know how big websites like MSNBC or CNN work? They carry all the news and content on their own servers, but the advertisements are actually on a separate bunch of websites called ad servers. You may even see this in action when you look at the status bar at the bottom of the browser screen. You may see stuff like ads.doubleclick.net or ads.msn.com flashing on the status line. Those are all the ad servers.
If somebody hacks those ad web servers, these ads can be changed into malicious viruses using the latest tools. And now everyone who goes to any reputable website is vulnerable to viruses and malware.
All computers are vulnerable Just because there are no viruses now (for Macintoshes, for example), it’s absolutely certain that there will be one tomorrow or the next day. The only way to combat this is to use anti-virus software and keep up to date on software patches. But remember, anti-virus only catches viruses after they are discovered. And until somebody reports the virus, the anti-virus software can’t find the virus. So at any given time, there are bound to be undiscovered viruses and other malware on your computer right now.
This article is not just to scare you
I'm told this is a sobering article, in fact, downright scary. I wanted all parents to realize that the Internet is a very complex and dangerous place. And even if you think your kids know more about computers than you, your job as a parent is still very important. Always be suspicious because in the world of the Internet, you really should Trust No One.
And this is just the beginning . . .
Computer security is a very complex topic. In the next article, I'll explain the dangers in email and website content and more