We don't disseminate any of the details below to anyone outside the N^әtzâr•im′  . This information is used strictly internally by the N^әtzâr•im′  to help us relate to our many visitors from different cultural and religious backgrounds, who have very different perspectives and frames of reference, to make our web site more relevant to more people, and to fine tune the material in our web site to be more easily found, and understood, by other visitors like yourself.

To an advertising net, cookies can leave a trail, creating a "profile" of you. Here's how it works. The advertising net is used by a large number of web sites. At each web site, the net—for example, 'DoubleClick'—stores a cookie with the name of the web page and ad link you visited. At the next web site you visit which is also served by the same ad net, they retrieve the cookie—seeing what web site you last visited and the ad you responded to—now appending the current web site and ad you've responded to. In this way, the ad net creates a "trail," and a "profile" of your surfing activities. Obviously, this requires extensive tentacles by an advertising network. The N^әtzâr•im′  aren't affiliated with, and don't employ or cooperate with, any outside agency, and don't participate in any web ring or similar scheme.

Currently, according to Dan Tynan, contributing editor of PC World (in a CNN interview by Rick Lockridge, 2000.06.05), cookies are anonymous. They don't store your name, or address or eddy (eddress, email address). However, some companies have been attempting to store this information, along with what you bought, in your cookies. The N^әtzâr•im′  tell you (below) how can inspect all of your cookies to check for this.

The CNN interview recommended "Freedom" software by Zero Knowledge as a way to maintain your anonymity and privacy while surfing the net.

Your on-line profile (i.e., trail) can be potentially damaging. For example, a potential employer might like to know if you've been reading up in web sites about cancer—indicating that you could be a bad risk employee who will incur above-average medical expenses to the company. For no apparent reason you're aware of, you then begin getting bad employee reviews and, soon, fired. Your profile may also be subpoenaed in court.

Regarding credit cards, recently a hacker stole thousands of credit card numbers from "CD Universe." The N^әtzâr•im′  don't store credit card numbers. We encrypt them as you enter them, before they even leave your computer.

According to the same CNN interview, you're typically liable for $50 in case of on-line credit card fraud. If you notice charges you haven't authorized it's crucial that you notify your credit card at once.

Never give out your social security card number on the Internet.

Two tactics for eliminating companies from tracking your surfing activities are:

• Set up a second, free, email acct for use with sites you give an eddy (through Yahoo, etc.)
  
  
• Set up a second credit card with a low credit limit exclusively for on-line transactions
  
  

Finally, the CNN interview recommended you read the 2000.06 issue of PC World, featuring the cover topic: Net Privacy Now! Who's tracking you? How do you stop them?

That some major corporations, even your boss (not to mention criminals or hate-mongering cultists), may track your movements and activities using unscrupulous "spy" software is chilling, and perhaps dangerous.

"‘Today, there is greater protection for your video rental receipts than for your most intimate medical information,' [US Vice-President Al] Gore said in a speech at New York University two weeks ago. ‘I've seen cases where people's presecription drug histories are sold freely to direct mail companies without their permission; where hundreds of employees at an H.M.O. have access to patient's records….'" (The New York Times supplement to The Jerusalem Post, 2000.06.04, p. 9, 12).

Privacy "touches day-to-day anxieties triggered when people are asked to divulge their credit card number over the telephone or when they retrieve cash from an A.T.M. machine. It is always a draw for press coverage. And as Internet use burgeons, so will fears…

"The challenge is… that there are no easy remedies for protecting privacy. Even if consumers clamor about their rights, no politician wants to be seen taking steps that could hobble the new economy—or provoke the Internet industry, which has become increasingly generous in doling out contributions…" (ibid.)

Nevertheless, there are a couple of things which can, and should, be done:

• Publishing this kind of ‘Internet Privacy & Security Policy' in every web site is one measure everyone involved in Internet security agrees on. If a web site has no stated policy, don't deal with it. Read the statement of policy. If you're not satisfied with their policy, don't deal with them.
  
  
• Require a privacy protection statement from every doctor, H.M.O., specialist, therapist, psychologist or dentist who has access to any of your medical records. Find out everyone to whom they may grant (or have granted) access to your records, track down all of them, and require similar statements from them.
  
  
• Require a privacy protection statement from every bank and financial institution you deal with. Find out everyone to whom they may have granted access to your records, track down all of them, and require similar statements from them.
  
  
• Notify every one of your government representatives of your views concerning protection of your privacy
  
  
• Notify the news departments of newspapers and TV stations of infractions and, if you can afford it, institute legal proceedings, against the perpetrators.
  
  
• Study and apply the recommendations in our Security policy.
  
  

Security in the Internet

(Last update: 2000.06.05)

The most common means of protection on the Internet today are anti-virus programs. Anti-virus programs, however, are entirely limited to reacting to known viruses. They have no built-in intelligence to effectively prophylaxize against new viruses. And new viruses—far more than old viruses—are, after all, the real problem. Anti-viral programs are useful even in this limited application. But Internet users who feel secure because they use a ‘good' anti-viral program take refuge in a false sense of security, blissfully unaware of Internet dangers.

Electronic greeting cards are another danger, far more dangerous than viruses. According to leading security expert Ofer Elzam (Aladdin Knowledge Systems), "Many people use them and they are one of the most common ways for people to get trojan horses. About 60% of trojan horses are downloaded from greeting cards sent over the Web." (Jerusalem Post, 2000.05.28, p. 8)

"Chatting with computer security expert Ofer Elzam leaves you chilled. Holed up in Haifa, protected behind several layers of security, Elzam readily admits that everything you feared about security on the Internet is either true or will be true in a very short time.

"What he describes, in graphic detail, is a frightening e-world where hackers and computer buffs, however young and inexperienced will create an increasing number of viruses, worms and vandals that can wipe out major systems all over the world in a matter of hours.

"But, says Elzam, the security expert at Israeli Internet security solutions company Aladdin Knowledge Systems, viruses such as the Love Bug, which caused an estimated $10 billion in damage when it hit the world recently, are just the tip of the iceberg. Out there, lurking on the Web, is something far more lethal and threatening—the Trojan Horse.

"Like its Greek namesake, Trojan horses are weapons hidden within a friendly exterior. They come as seemingly innocuous emails or lurk in Web sites on the Net.

"A user may receive an innocent looking email, but embedded within the attachment, or in some cases even the HTML message itself, is a coded page which connects your PC to a Web site. From there a small trojan horse, often as little as 6k, is downloaded into your computer and the hacker, blackmailer, competitor or just good old fashioned enemy is alerted…

"The hacker can then add however many programs he wants to the victim's computer, allowing him access to the most personal files…

"The same can happen to a user while surfing the Internet. A user might be lured to a particular site by promises of a free holiday or entry into a sweepstakes and while they are visiting a trojan horse or a virus is downloaded to their computer…

"What makes [Trojan Horses] lethal is that they can be installed on a computer for months, or even years without the victim knowing and during this period the hacker can steal any information he wants.

"'Trojan horses are smart spying machines or engines that can sit in a PC for years and give anyone access to the most personal information stored on the computer,' says Elzam…

"'With Trojan horses people don't know they've got them so they aren't alarmed and the press doesn't talk about it much.'

"If this sounds disturbing now, be prepared, according to Elzam things are going to get much, much worse in every field of Internet security…

"Already governments all over the world are using [Trojan horses] to develop systems for electronic warfare." (Jerusalem Post, "Forget viruses, the Trojans are coming," 2000.05.28, p. 8).

In other web sites, outside advertisers, designers, and/or programmers surreptitiously, and routinely, collect private information about you—often even without the knowledge of the web site's owners (who may be well-intentioned and confident). Recent TV documentaries have demonstrated that this includes even the most "secure" and big-name financial web sites, demonstrating that there's far more to security than mere encryption of data transmissions. No outside advertisers, designers or programmers have been involved in the ‘Netzarim Quarter' web site. So there is no possibility of external agendas in our code, introduced by any other agency, which has been concealed from us.

So that we can know to test our web page on the browser most people use (and debug our web pages when necessary), we note the operating system and browser you're using. This is the only information the system notes automatically. We collect no other information other than what we straightforwardly ask in our survey. What you share with us is by your choice, not by devious means. We're looking for serious searchers, and we have no interest in, or time for, those who prefer to be anonymous or secretive. For your own information, your three greatest exposures to unauthorized exploitation of your private details are:

1. Your eddress (email address)—Several widely-available, and ethically questionable, "Investigator" programs are advertised by questionable sources on the Net. Some of this software is capable of tracking down personal information about you from your eddress (which is contained in the properties area of all of your email messages). We advise you to impede this invasion of your privacy (see Your Profile, below). Unless you're operating through an anonymizer, or eliminate your eddress from your messages' properties, they can, surreptitiously, find this information in the properties section of your email—without you volunteering it to them. So you don't fool them by refusing to give your name and basic details. However, we aren't interested at all in people who hide their names.
   
   
2. Your Profile—In the Microsoft Explorer, go to Tools, Internet Options, Content, "My Profile" to see what information is readily available to snoopers. My advice, blank out everything you can there. Instead, fill in first and last name as "Main" and "Identity" respectively (or something on that order and your eddress as "Hate@Spam" or the like). Leave all spaces you can blank. While your there, check what information is in the "Wallet." (We don't access this information, but there are others who do.)
   
   
3. Cookies—are unable to collect information or do anything at all besides storing limited information in a text-formatted text file. Cookies are small text files for storing information a web site needs to remember about you from one visit to the next—most notably things like your password and security code which you need to access their secure site (such as your bank). The use of cookies is so widespread and safe that banks, virtually all secure web sites, and a host of other web sites use cookies routinely without even advising you.
   

   The first time you enter the information, your browser (not a stranger) writes the information to a small text file on your hard disk. Your browser allows only text-formatted data when it writes this file. Only your own browser can write this text file, and your browser can only write this file in text format, and as a text file. Text files cannot be executed, so they cannot cause trouble. Moreover, the only things your browser allows a web site to do with your cookie is pass the cookie a name, text-formatted data, and an expiration date—which your browser (not the web site) then writes as text-formatted data at a specific and designated place on your hard-drive; and, in subsequent visits, to read that file and update it similarly. (More technically, a cookie can record the domain of the server which recorded the cookie, whether a secure HTTP connection is required, what site may access the cookie, expiration date of cookie, cookie name, and cookie's string data.) This small (typically one line) text file is called a cookie.

   While cookies aren't dangerous, you can disable Cookies if they frighten you. In the Microsoft Explorer, go to Tools, Internet Options, Security, Custom Level and disable storage of cookies. Note, though, that the next time you try to log into your bank or favorite web site don't be surprised if they clunk to a stop, unable to verifiy your username, codeword, password or the like. Typically, you'll find you're no longer able to access some of your favorite sites if you disable cookies. Since we only use cookies to keep up with your last visit, except for being unable to tell you what's new since your last visit our site will continue to work normally if you disable cookies.

   Since your browser will only write a cookie file in a designated spot, and cookies are in text format, you can inspect your cookies. (If you expect them to keep working, however, be very sure not to change them. They're in tab-delimited text, a database format. Any change can make them unreadable.) Users of Microsoft Explorer willl find cookies as text files (*.txt) in your Windows/cookies directory with back-up copies located in your Windows/Temporary Internet Files directory. NetScape users will find cookies.txt located in the Navigator directory. Mac users will find the MagicCookie file inside the Netscape folder, which is located with the System Folder:Preferences folder. (Javascript Bible Second Edition, Danny Goodman, p. 161).

   We know that it's tedious for our visitors to keep up with whether conference rooms and blogs have been updated since their last visit, and that you don't like to read through all of the dates on the buttons to find out if anything is new when a single quick glance should suffice. So we use cookies to keep track of the dates that you've visited each conference room / blog so that your computer knows (your browser checks the cookie on your hard disk), and the button can then simply and automatically alert you when the conference room ‘last modified' date and time is more recent than your last visit. No more need for you to browse every blog to see if there's anything new since your last visit, or keep track of the date, or guess approximately when, you last visited each conference room or blog that you like.

   It would be a simple matter to ask your nickname and (assuming you filled in the blank) then store that in the cookie along with the date of your last visit. That would allow your browser to display your own nickname instead of the standard "New4U" when there's been an update since your last visit. That would be more effective in letting you know that the updates aren't merely recent, but specifically since your own last visit… but we're afraid that seeing one's own nickname there would be too intelligent, scary, and would "freak out" some visitors. So until more users become more net savvy about security and avoiding real security problems (see below) and less skittish about legitimate artificial intelligence we're postponing that.

   
   
   
4. Security precautions which are most essential (in addition to suggestions in ‘Your Profile' entry above)—do these consistently and forever, even when it gets tedious and becomes old and drudgery, and you'll thank me someday; don't do them and you'll be sorry someday:
   • Don't ever send or accept animated electronic greeting cards of greeting cards sent as attached files.
     
     
   • Don't run programs found on questionable web sites
     
     
   • Don't be enticed by sweepstakes, free holiday, and similar enticements in a Web site
     
     
   • Don't ever install software except from reputable sources and only from original CDs and/or well-known legitimate web sites. (I wouldn't even trust original, but 2^nd-hand, floppies—which are easily rewritten.) Infected software is a major source of viral infections.
     
     
   • If a floppy disk has been in any other computer, even for a moment, unless it was write-disabled, if you put it back in your computer you must assume it's infected and run a good virus scanner through the entire floppy (not just files you altered) before you do ANYTHING else. Unless you have to alter the files on the floppy while using the other computer, ALWAYS write-disable your floppies BEFORE putting them into any other computer, even when switching between your office and home computers. If you fail to do this, assume that floppy is infected. This is probably the manner in which most viral infections spread.
     
     
   • Don't ever open an email attachment, even from your wife, parents, children, or best friend—that's often forged these days. Attachments can be executable files, which can cause unlimited damage, including complete and irrecoverable erasure of your hard disk. If you need to send or receive an attachment:
     1. The best measure is to confirm the authenticity of the attachment by telephone (not email!). If this isn't feasible, unless the file extension is .jpg or .gif (graphics files), my advice is to trash the email with its attached file UNOPENED. (Opening the attached file is what usually does the damage.)
        
        
     2. If the attachment may be very important and confirmation by telephone is impossible, the next best measure is to arrange with anyone you know who might send an attached file (like a digital photograph from a family member) confirm FIRST (by separate message, before any attached file is sent) with the sender to include a ONE-TIME UNIQUE code IN THE MESSAGE BODY. This confirmation MUST NOT originate with the sender of the attachment! The sender should notify the recipient that (s)he wants to send an attached file. The person who is to receive the attached file should then notify the sender of the code to include in the message body. It is imperative NOT to use your ‘Reply' button to do this! If the sender is forged, using your ‘Reply' button would send the ok and code to the forger. So take the trouble to get the sender's eddress correct. If the sender is who you expect it to be, then (s)he can send the attached file ok.
        
        
     3. When the message and attached file comes in, BEFORE opening the attached file (!!!), check that the one-time unique code, agreed upon beforehand, is in the message body and is right.
        
        
     4. Never use the same code again.
        
        
     
     
     
   • If it's not a well-known site like CNN, Jerusalem Post, Alta Vista, Yahoo or the like then it's a questionable site until you, or someone you personally know and trust, has proven it trustworthy. (We, and other reputable sites, work very hard to develop a reputation for integrity. 36% of all of our new visitors—more new visitors than either Yahoo or Alta Vista refers to us—are referred to us by someone who has already found us to be trustworthy. We're very proud of the reputation for integrity that we're building.)
     
     
   • Don't run ANY kind of executable file in a questionable web site. Don't download software from a questionable web site. Be *much* more suspicious of unknown web sites than your peers—whose computer crashes when a new virus goes around. If it's not a well-known web site and your prompted to run a program—don't.
     
     
   • Minimize the risks of receiving viruses and Trojan Horses—stringently limit who has your eddy (eddress, email address). Change your eddy whenever you start attracting spam, notifying only those you want to have your eddy:
     1. carefully ensuring that only those you want to have your new eddy receive it
        
        
     2. notifying each recipient not to give your new eddy out to anyone
        
        
     3. Don't be suckered into responding to an unknown spammer by the ploy of "click here to be removed from our list." Unscrupulous spammers treat your naive response as verification of an authentic eddy—which they can then sell at a higher price. Don't respond to them at all. Instead, apply the next suggestion.
        
        
     4. Obtain an ‘anti-spam' software program (such as Spam Hater which can be downloaded free) and complain about every spam to the offending domain's abuse department (abuse@…). Visit also Spam Cop.
        
        
     5. Remember: if your eddy isn't in ‘the loop,' you far less likely to get the next virus or Trojan Horse that goes around. Control who has your eddy meticulously.
        
        
     
     
     
   • For further information visit Internet Security.
     
     
   
   
   

Credit Card Security in the Web

(Last update: 2004.01.20)

Security Critic (2004.01.20): Beware a recent innovation by scam artists called "phishing." Phishing involves spamming with emails that fraudulently claim there has been some technical problem with a credit card order and requesting your credit card details to straighten out the problem. We NEVER send out an email asking you to send your credit card details in an email. If there's any problem we ask you to go back to our web site, which encrypts your information and ensures that the info goes only to us. If you receive a request, purportedly from us, asking for your credit card info, DON'T send your credit card info. (Also, please advise us so that we can try to take some action.) We advise you NEVER to put your credit card number in an email.

Our site doesn't provide the same security as the "typical secure web page"—ours is better. In typical "secure web pages," there is a strong encryption better than ours—but only for entering the data. Once it reaches the Web it becomes raw data and the ISP then sends out the raw, unencrypted, numbers to the owner of the web site form you completed—with no protection whatsoever.

While our encryption isn't as sophisticated as the standard web encryption system, it's adequate AND our encryption is vastly superior because it provides you with security where standard encryption provides no encryption or security at all—once it's received on the Web! Only our security covers you from your computer to the final destination where, only then, it's finally decrypted. Neither the ISP nor anyone else on the Web ever gets your raw, unencrypted, credit card numbers.

You enjoy much greater security than most everyday situations you probably don't even think about: when you give your credit card to a waiter and the like, or order over the telephone—and even has some advantages over typical encryption systems (we wrote and know intimately every line of our code; there is no backdoor, public keys, Trojan Horse viral timebomb or mobile code as can be concealed, even by a rogue programmer, in "black box" encryption systems).