CLEVELAND - The flashing images you see online, popup advertisements and sites that remember who you are without logging in all make browsing easy. However, is this technology doing more than meets the eye?
"It's absolutely tough to surf anonymously, privately and securely," SecureState Senior Consultant John Melvin explained.
Some sites make it easy to figure out what the website knows about you.
For example, Google forms a profile of you based on the sites you visit in the Google Display Network. If you visit a lot of news sites, you may be listed as being interested in news.
Google explains all this to the consumer through its " Ads Preferences" tool.
Google said its "Ads Preferences", "Makes the ads you see on the web more interesting." Websites partner with Google to show ads to their visitors based on your profile.
You can change your preferences or simply opt-out.
Google said it doesn't know your name or any other personal information about you. It simply recognizes the number associated and stored in your browser.
Most sites track this information. Google makes it easy to see, and gives consumers options.
However, security experts said every website is not created equally. On some sites, it's unclear what's being tracked about you and it's raising privacy concerns.
Cookies left on your computer can be used to profile you
Our investigation with the information security management consulting firm, SecureState, found some tracking devices used by various online sites can put you at risk.
Websites form a profile of you based on your surfing and browsing habits. When you land on a site, a "cookie" is placed on your computer. It's a tremendous tracking tool for advertising purposes, but our investigation revealed the cookie can also put your family at risk.
"I see the utility in it. They're just trying to do their marketing, but it's a little weird they can see so much about you and know so much about you. So, that's a little disconcerting," consumer Celeste Asmar said.
With Asmar's permission, we had SecureState's Forensics Team search her Internet files to see if she's leaving behind a digital footprint.
"Is this your daughter's name and grade?" Matt Neely, SecureState Profiling Team Manager asked Asmar.
"Yes," Asmar responded.
"Roughly?" Neely asked.
"Oh exactly," Asmar remarked.
Asmar thought she was taking the right steps to protect her daughter's privacy. But, the security consultants at SecureState know her daughter's school and homeroom teacher's name.
"That I find very troublesome," Asmar said.
Asmar doesn't know the forensics team at SecureState. But, they know all about her after their analysis of her computer's Internet files.
"Pretty much I went through everything you did and saw what kind of information you provide to websites," Neely said.
SecureState said the information you provide during browsing is saved in a dozen locations on your computer. SecureState found little bits of information all over, and then pieced it all together to form a profile.
SecureState even knew Asmar's age.
"You got my weight in there, too?" Asmar questioned.
Not quite, but Asmar's Internet files reveal her age, address, unlisted phone number, her employer, her husband's name and activities he likes, and the car they just bought.
Bits of information lead to a profile
Even information that may not appear sensitive can be dangerous in a hacker's hands. The hacker can use the basic information to gain your trust and then you'll lead them to more personal information.
For example, SecureState knew Asmar bought a car. They knew the type, dealership and the fact it was certified.
"If we wanted to be a hacker and gain some additional information we could call her up at the phone number we discovered in the Word document. We say 'hello we are calling from such and such dealership, and you recently purchased this car. We are working on the extended warranty and we need some additional information from you,'" Neely explained.
Then, the hacker could get more information from you and you may think you're talking to the car dealer the whole time.
That's why it's essential to verify who you are talking to. It's always best to ask for a phone number to call that person back. That will help you verify someone's authenticity when they are asking for personal information.
The profilers use the information they gather to establish trust. Then, they launch their attack.
Sensitive information easy to find
Damage can be done with just basic information if it ends up in the wrong hands. In our test, we found very sensitive information stored in Asmar's internet files that could have led to her identity being stolen.
"Are those two socials of someone in your family?" Neely asked, pointing to two social security numbers.
"Ugh! Yes," Asmar replied.
A social security number is all you need to steal someone's identity. Our findings get worse.
"I have his username and password for Turbo Tax, all based on your Internet history," Melvin said.
"My husband will be horrified," Asmar exclaimed.
Asmar's husband saved a chat session with a TurboTax representative in a Word Document. He emailed the document to himself in case he needed the technical advice later. SecureState found the footprint for that email.
"Any file that is sent through webmail could be saved in the cache and hackers can then gain access," Neely explained.
That's the first tip to protect yourself and minimize your digital footprint. Don't send sensitive information to yourself, or anyone for that matter, with webmail. If you want to save a file for later use, store it on a flash drive or hard drive that you don't leave connected to your computer.
Secondly, log out at the end of sessions and try to avoid using public computers.
Run anti-virus software, and perhaps try several different kinds. Even the best software likely won't find all the viruses or tracking cookies.
Delete your cookies, and go into your tools menu and select "private browsing."
"You go into that mode and any data that's stored during that, when you close that browsing session, will be deleted," Neely said.
You may also want to explore plug-ins like TACO (Targeted Advertising Cookie Opt-Out) for Firefox. It's a plug-in that promises to prevent more than 100 online advertising networks from displaying ads.
These are simple steps you can take to erase your digital footprint. Check out these instructions for each of the major browsers, courtesy of Secure State:
Google Chrome also offers privacy options for users. The company explains the steps to going "incognito."
Hackers find ways around security tools
The hackers are already finding ways around these security tools. There's what's called an "EverCookie" that stays on your system forever.
It's very new, and security teams are scrambling to find a security patch.
Asmar didn't have an "evercookie" on her computer, but SecureState did find she'd be vulnerable to the latest attack.
SecureState was able to log into Asmar's husband's email without knowing his username or password.
They used forensic tools to do this but, "A new tool was released called Firesheep that really automates that whole process of stealing cookies and logging into other people's sessions with them. That's a very valid attack," Neely explained.
It's an attack the security community wants you to know about, because they feel knowledge is power.
"The bad guys know about it already so in terms of keeping that stuff hidden we are not helping the bad guys we are hurting the good guys," Neely said defending why he named the automated program.
Security experts are now scrambling to find a solution.
Security is like a cat and mouse game.
"The bad guys come up with an attack. We figure out a way to stop it," Neely explained.
That's why it's essential users always take precautions.
"You guys have definitely enlightened me," Asmar said. "I intend to share the information on how to lock it down with other people. I think people need to be much better educated."
Trade Groups try to give consumers more protection
SecureState said legislators are trying to address privacy concerns, but it may be years before that's accomplished. The Federal Trade Commission is even considering a Do Not Track list similar to the Do Not Call registry.
In light of the security and privacy concerns, several trade and media marketing associations launched a self-regulated program to give consumers more control over the collection and use of data relating to their web habits. The website, AboutAds, explains the initiative and options for consumers to increase their privacy online.
An "Advertising Option Icon" will be added near online advertisements or on websites that collect data for advertising if they're participating in this program. Consumers can click on the icon and see a disclosure statement that allows them to opt out or simply view the company's policies for data collection.
More safety tips
Here are more security tips from Secure State:
Copyright 2010 Scripps Media, Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Latest News Headlines
A man is behind bars, accused of punching a police officer in the face at a shopping center in Canton.
More from Angie's List
In this Angie's List report, how to restore your home properly after fire or water damage.
In this Angie’s List report, how specialized companies can organize and digitize your memories.
There are so many kinds of Christmas trees to choose from this time of year, so how do you know what to look for in a good tree?