Every time you load a new web page, your browser makes several requests to one or more sites on the Internet to get the content that comprises that particular page. For example, when you are looking at a healthcare-related page, one site may deliver text and diagrams describing a particular malady, while another site, totally independent of the first, may be delivering specially targeted ads about one or more related products. These requests adhere to a protocol and contain specific values that were not originally intended to, but can be, and are being, used to track your browsing habits.
In early 2000, the FCC gave its permission to advertisers to create a web tracking database and tie it to other databases containing specific people's names and addresses, thereby making it possible for advertisers to associate individuals' surfing activity with their identities. The FCC is leaving it to the advertising industry to police itself. Currently, the industry offers the ability to "opt-out" of their web tracking database. That means that, by default, companies are allowed to gather and use information about you until you expressly tell them to stop doing so. In many cases, the process of telling them to stop is not clearly posted or easy to accomplish successfully.
Surfer Protection Program allows users to control what personal information is revealed as they browse the Internet. Rather than having to "opt-out," users should be able to selectively "opt-in," and actively decide how much, if any, of their individual Internet browsing habits are documented.
Surfer Protection Program safeguards your online privacy by allowing you to:
Once installed, Surfer Protection Program is set to immediately protect your online privacy wherever you go online. Even with the ever-changing landscape of the Internet, Surfer Protection Program will protect your privacy without any intervention on your part, and without the need to contact our web servers for updates.
This document is broken into two sections, The Basics, and Safeguarding Your Online Privacy. The Basics section reviews the installation of the program, starting the program and an introduction to the program's Control Panel, which provides access to all of its tools. In Safeguarding Your Online Privacy, we will walk through common examples of using the Surfer Protection Program's tools for scenarios you may encounter.
If you are reading this document, you have already used Surfer Protection Program InstallShield Wizard to install the program and have manually configured your browser to talk to Surfer Protection Program.
In this section, we will list the changes the InstallShield Wizard made to your machine, briefly discuss the proxy settings on your machine, and introduce you to Surfer Protection Program's Control Panel.
Surfer Protection Program InstallShield Wizard uses Microsoft's Windows Installer service. If you are running Windows 95, 98, or NT, Surfer Protection Program InstallShield Wizard will install the appropriate Windows Installer on your machine if it is not already installed. If the wizard had to install the service, it will prompt you to reboot your machine after completing the installation. The reboot is for the Windows Installer service, not for Surfer Protection Program.
During the installation process, Surfer Protection Program InstallShield Wizard modifies your machine by:
Surfer Protection Program is an HTTP/1.1 proxy that intercepts, rejects or modifies all requests sent by the browser. To use Surfer Protection Program, your browser must be able to be configured to direct its requests to an HTTP proxy. Unless you are using a free ISP, it is very likely that your browser can be configured to talk to a proxy. Most free ISP providers over-ride the browser's proxy configuration, e.g Juno, Excite's FreeLane, AltaVista Free Access, and Freeserve are free ISP services that would not work with Surfer Protection Program.
If you are an AOL user, you can use the AOL dial-up connection, but you must install/use a browser other than AOL's proprietary browser. You should already have Microsoft Internet Explorer on your pc. If you can't find Microsoft IE, you can reinstall it from either your Window's or AOL's CD-ROM; or you can download Netscape's latest browser, Netscape .
After installing Surfer Protection Program with the InstallShield wizard, you must configure your browser to use Surfer Protection Program by setting its proxy values to: localhost:8284. The InstallShield wizard provided the Quick Start Manual to assist you.
Surfer Protection Program will start when you login (using a shortcut placed into the startup folder of your profile). If you just installed the program, or if you disable the auto start at login feature, (by deleting the shortcut from the startup folder) you can manually start the program from the desktop's Start menu. Click on Start, select Surfer Protection Program, and select Run Surfer Protection Program.
The first time you start the program, you will see two windows: an SPP Counter Window and an SPP Startup Window. The startup window has a checkbox that you may check to prevent the window from appearing on subsequent startups. The window closes when you click OK. The SPP Counter Window will appear for the very first startup and on subsequent startups if it was open when the program was last shut down. You can minimize or close this window. The window can be opened through the Control Panel's Configuration option.
The control panel provides access to the tools to let you customize and review Surfer Protection Program's settings and behavior. To access the control panel, Surfer Protection Program must be installed, your browser's proxy settings configured to talk to Surfer Protection Program, and Surfer Protection Program must be running.
In your browser's area where you type and view a web page's address, add two plus characters, "++", to the end of the current address and press the Enter key.
Surfer Protection Program will recognize the "++" and create a web page showing you that site's specific privacy settings, Privacy Settings. You will also see a control panel at the top of the page that provides access to all of Surfer Protection Program's services. Every page produced by Surfer Protection Program will have this control panel.
The following subsections summarize the features available in the control panel. The Control Panel Help provides specific detail for each of the features. The Control Panel Help document is available from Surfer Protection Program's Control Panel; click User Manual, then Control Panel Help.
The Manage group provides tools to control the messages your browser sends to other computers.
The Permitted and Blocked features exist to make defining the site control much easier. For example, its very easy to say, "Always block a web page that has "/banner/" in its path, but let me always see pages from "/myhomepage/banner/".
The Current Site group provides a single tool, Settings, which summarize how the current settings are affecting a specific page:
The Message Log group provides tools to let you view the actual message traffic between your browser and the web servers that are accessed to construct the various pages. The log has the following features:
The Statistics group provides a running total of the out-going Cookies that were blocked, the Set-Cookie attempts that were blocked, and the number of sites that were blocked. You can zero the results. There is also a desktop Cookie Counter window that lets you see related metrics on your desktop.
Surfer Protection Program safeguards your online privacy by allowing you to:
In the following subsections, we will describe each of these features and walk through related examples that exercise Surfer Protection Program's user interface.
Surfer Protection Program protects your privacy by deleting eight fields from every request your browser sends out to web servers on the Internet. It is the blocking of these fields, not blocking sites, that protects your privacy. See the section: The Eight HTTP fields, IP Address and your privacy.
One of the eight fields Surfer Protection program blocks is the Cookie field. Some sites provide you with customized service, e.g. a local weather report, or stock quotes for your stock portfolio. You usually provided some information for this personalized service, i.e., the city nearest you, or a list of stocks you would like quotes on, respectively. The information you provided is normally retained in a Cookie on your machine. This Cookie is sent to the web server whenever you bring up that specific web page. Cookies were originally created to provide these types of personalized services.
Some sites require Cookies to function as intended without you knowing that they are being used. For example, sites that offer online opinion polling will set a Cookie on your machine so you can only vote once.
Unfortunately, some Cookies are being placed on your machine to track your movement through the web. To protect your privacy, Surfer Protection Program is initially instructed to stop all Cookies from leaving your machine. However, to continue enjoying the personal services offered by friendly web sites, you must instruct Surfer Protection Program to let those web sites receive the Cookie.
Surfer Protection Program lets you:
The following example demonstrate these features.
As an example, let's say we want to use Microsoft's Hotmail service. If we try to use Hotmail, we are informed that 1) our browser type can not be detected and 2) cookies must be enabled.
The User-Agent field is required to declare our browser type; the Cookie and Set-Cookie fields are required to enable cookies. Surfer Protection Program's default behavior is to block eight fields from every message. We need to allow these fields for the Hotmail site. To do this, we bring up Surfer Protection Program's Privacy Settings web page, which presents a form to fill in on the browser. We enter "hotmail.", then select "Allow" for the nine privacy items that are listed, and finally click on "Submit." The specific steps are detailed in the next subsection.
To instruct Surfer Protection Program to relax the privacy settings for a site:
In your browser, request Surfer Protection Program’s Control Panel, then Select Privacy Settings. Then, perform the following in the Privacy Settings window:
Once we have entered a site's privacy setting, we can always modify or delete the entry.
Surfer Protection Program deletes eight, separately controllable items from every request unless you direct it to do otherwise. As the example demonstrated, on a site by site basis, you can instruct Surfer Protection Program to delete or allow any of the eight fields. For a description of these eight fields, see the section: The Eight HTTP fields, IP Address and your privacy. Usually, you only need to allow the Cookie, User-Agent, and Set-Cookie fields. Some sites will also require the Referer (sic) field.
There may be times when you visit a site of interest that requires Cookies and notice that you can't even access the page to receive the desired service after you've relaxed the privacy settings for that site; frequently, a "Page not Found" error will be received. Why is this behavior occurring? Sites like this may be contracting out the service you're interested in receiving from a third party. In cases such as these, the site name providing the content will be different from the one you're currently viewing. Surfer Protection Program allows you to determine if that is the case. Using Surfer Protection Program's Message Log, you can quickly review the browser's requests to see from which site it tried to obtain content. With the name of the third party site in hand, you can now, if you choose, relax the settings for the site that actually performs the service.
Surfer Protection Program can create a web page that shows you the privacy settings that are being applied to that page. You can quickly see each of the privacy items that are Allowed or Blocked. You also see the existing pattern that matches that web page. As you review these settings, you may decide to change them. With a simple click of the mouse on the pattern, you are presented with a form to modify/delete the privacy setting.
If you use Surfer Protection Program's privacy settings, why should you consider blocking sites that your browser may access? Speed is the primary reason. By blocking the advertising sites alone, you can significantly speed up page download times. For pages you visit frequently, you can block the extraneous graphics, e.g. ads, affiliates, sponsors, etc. If you are using Surfer Protection Program's privacy settings, you do not need to be concerned about blocking sites to ensure your browsing privacy.
Surfer Protection Program lets you:
For example, we add the pattern "/ads" to block any web page that has the "/ads" in its web page address, URI. But, we also like the MYISP ads that have a web page address, URI, with "MYISP/ads" in it. So we add "MYISP" pattern to over-ride any blocking rules for all MYISP web pages. Now, with these two pattern rules, we block any page with "/ads" except for those pages that have "MYISP" in their address.
You must carefully consider the pattern you choose to block a site. Poorly chosen patterns may cause unexpected behavior. We recommend reading Site level or web page level patterns.
This page is useful when you are writing advanced POSIX patterns (see the section Simple POSIX Regular Expressions). You can use a web page address as a test case. When you enter the new pattern, Surfer Protection Program will check the pattern to ensure it is a legal pattern. If it is illegal, an error page will be presented to you. It the pattern is legal, then the Privacy Settings page is returned. If the pattern blocks the web page address, it will be listed.
Simply clicking on the patterns in this page will generate the page that lets you modify/delete the pattern.
Surfer Protection Program Provides a color-coded Message Log to let you see the all requests made by your browser. Using the color-coding scheme, you can quickly identify if a request was blocked or modified. A modified request is one that has had at least one field that was deleted or had its value set to a customized value.
The displayed message log is color coded for quick analysis. Red indicates that the message was blocked. Green indicates that the message had its header modified in some manner. In the Complete Detail view, this same color scheme applies to the items in the message header: red indicates that the field was blocked, and green indicates that the field was modified
When you view the sub-page requests of a web page in Surfer Protection Program's Message Log, you may want to see what is returned by one of the sub-requests, even if the sub-request was blocked.
From the Message Log web page, you simply click on the desired request and Surfer Protection Program will retrieve the request. Even if the request is blocked, Surfer Protection Program will over-ride the block to retrieve the request.
If the request you click on is a file, you will see the contents of the file. However, the advertising pages are tricky. When you Over-Ride an advertising request, you may get a file back or you may see a blank page or even a blocked page. You have to go back to the Message Log to see what really happened. You may see that a blank (blank meaning a response with no content ) page was indeed returned, or you may see that the page "moved" and the new page indicated by the move response is, itself, a page that was blocked.
Surfer Protection Program is an HTTP proxy. If you have a network of computers and at least one that connects to the Internet, you can have all of the browsers on the networked computers direct all requests to Surfer Protection Program running on the computer connected to the Internet. You should check your ISP agreement to see if a networked set of computers is permitted to use the ISP's single connection.
When a request is sent out from the browser to a web server, there are eight fields to be concerned about. They are: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Cookie, From, Referer (sic), User-Agent.
By default, Surfer Protection Program deletes these fields from each request. On a site-by-site basis, Surfer Protection Program can be directed not to delete the fields or to modify the field by returning a specified value. Surfer Protection Program can also be directed to delete the Set-Cookie field that may occur in responses. This prevents a cookie from being placed on your machine. However, the content of the page you display may have scripts that can also place cookies on your machine, so you may still end up with a cookie on your machine that you did not specifically permit. Surfer Protection Program's privacy settings prevent the cookie from leaving your machine, unless you direct Surfer Protection Program to let it out.
The From field is your Internet email address. This tag, all by itself, uniquely identifies you.
The Referer(sic) field contains either the URI of the page you are on when you make a new request, or the URI of the parent page for a sub-page request. This field permits a server to generate a list of URIs that you have visited. This field lets a company see where you were just before coming to their company site. It can also be used to easily track your movement through the company's web site.
The User-Agent field identifies the specific type and version of a browser you are using. This readily identifies specific security holes to which your browser is vulnerable.
The setting of the Accept-Language field may indicate that you are part of a particular ethnic group because of the language in which you are willing to accept content. Again, this is information that you may want to keep private while you browse.
The Accept, Accept-Charset, Accept-Encoding, and Accept-Language, fields, together, could uniquely identify you if they are very detailed.
The Cookie field allows you to be uniquely identified. It can be a good field when used as it was originally intended. It permits shopping carts to work properly, or allows sites to provide you with personal services, e.g. your local weather or stock quotes. The value of the Cookie field can be unknown. Only the programmers that placed the cookie on your machine know how to interpret its contents. Thus, you can't simply look at a cookie and label it as good or bad. For very good presentation of Cookies and even an online demonstration of how cookies are used by ad agencies to track you, take a look at the following site: http://privacy.net/
Your IP Address is sent as part of every message the browser sends. The Internet Address can be associated with a geographic region. Unless you have a dial-up connection, this address uniquely identifies you day after day, week after week. If you do use a dial-up session, this value uniquely identifies you for the period of your dialup session. Your IP Address changes from one dialup session to another, so you can't be tracked day to day.
POSIX is a standard in the software industry for searching text strings. Using a few simple elements of POSIX expressions, you can quickly create an expression that lets you match more than one site, easily and efficiently. Let's use the following web page addresses:
First, note that Surfer Protection Program removes the http:// from the URI, the web page's address, before matching against it. So, the first character in the two URIs that can be matched is the letter "w."
To match both addreses, we could use any one of the following patterns:
The first pattern matches the literal "good_files" without the quotes, they identify the boundary of the literal. Basically, if you type a bunch of alphabetical characters, numbers, a dot ".", a slash "/", then what you typed is the literal pattern.
The second pattern demonstrates an alternative. This pattern matches either of the two literal patterns: "foo.com", or "bar.com", again ignore the quotes. The "|" represents the "logical or" operation.
The third pattern demonstrates an alternative and a sub-expression. A sub-expression is enclosed in the open and close parentheses, "(" and ")" respectively. This pattern reads: "First find either "foo" or "bar", then make sure it is followed by a ".com"."
The fourth pattern uses a character set which is denoted by the brackets, []. The brackets represent a single character that may have a value of any character inside the brackets. In this example, the only legal values are the letter 's' and the number '1'. This pattern will match the literal "/good_file" that is followed by either an 's' or a '1' and then immediately followed with a slash, '/'.
In Rx by Tom Lord POSIX regular expressions are described in the section POSIX Basic Regular Expressions. When reading this document, note that seven special characters are preceded with a backslash, "\" in the document when they are to be used as special POSIX operators and have no backslash when they are to be used literally in a pattern. Surfer Protection Program uses an option where the reverse of this is true, i.e. the seven special characters are special POSIX operators when there is no backslash preceding the character.
The following discussion is to provide a simple understanding of a URI. For a formal definition, see ftp://nis.nsf.net/internet/documents/rfc/rfc2396.txt.
When you define a privacy setting, you should decide if you want the setting to apply to the site or to a subset of pages from the site. Web page address have a format that looks like http://<site>/<dirctory>/<filename>. The <site> is something that ends in a ".com", ".gov"; etc. The <directory> is usually the location of the <filename> on the web server.
As an example, to block doubleclick.com, I can use the pattern, "doubleclick" which blocks any address that has the word doubleclick in it. But, suppose I have a site that preaches the horrors of privacy invasion and I have a few articles regarding doubleclick. If I place the articles in a directory "/privacy/doubleclick/oct-news-story.htm" then the simple pattern "doubleclick" will also match this web page address. However, if I use the pattern "doubleclick.com" then my news stories will not be blocked. The web address to my news story would look something like "http://mysite.org/privacy/doubleclick/oct-news-story.htm". Since it's illegal for me to put this file into a directory "privacy/doubleclick.com/oct-news-story.htm" the only web page addresses that would match the pattern "doubleclick.com" are those from the site of doubleclick.
At times, it is more efficient to block a directory than it is to block a site. For example, there are many sites that use a directory name with the patterm "/ad/" or "/ads/". You must exercise good judgment when choosing patterns. As a thumb rule, if you relax a privacy setting (allow a cookie field, etc) then using a site pattern is safer than a non-site pattern.
In this section we will describe the events that occur when you direct your browser to get a web page. This section will introduce terms and describe the process to let you understand how sites track and how Surfer Protection Program protects your browsing privacy.
We've added notes regarding Surfer Protection Program at relevant points in the discussion and colored those entries green. We also made certain key words bold where they are introduced and described.
As an example for this discussion, we will use a home computer that is connected through a dialup connection to an Internet Service Provider, ISP.
When you direct the browser to get a web page (for example, you click on a "Favorite," or type in an address using www.somecompany.com), the following occurs:
The string you typed in or that was stored as one of your "Favorites" is called a Uniform Resource Identifier, URI. For our discussion, the URI normally consists of two parts, a host and path. The host is the first part you see in your browser address window. The host looks something like: www.somecompany.com. Common host endings are .com, .org, .edu, .net. The path is everything that you would see to the right of the ".com." Sometimes it can be only a single slash, "/".
These three steps are all that basically happens. But, to understand the privacy concerns, the way the advertising firms track you and some of the features of Surfer Protection Program, we need to add detail. For example, how did your browser find www.somecompany.com's web server? What did the browser and the web server say to each other? Was only one request and one response really used?
In this section we'll add the detail to give you a good description of what occurs when you request a web page. With this information, you will be able to understand the features of the Surfer Protection Program.
When you request a web page, the browser must first determine which computer to talk to in order to retrieve the web page. The browser will first check to see if it must talk to a proxy. A proxy is an application that will handle all the details of getting the page for the browser. If there is a proxy, the browser's job is very simple. For every page requested by the user, the browser asks the proxy to retrieve it.
When using a proxy, the proxy would perform all of the following steps except the last one where the returned response is evaluated and displayed. We'll continue the discussion without using a proxy. (Surfer Protection Program is a proxy. Once it is installed, the browser is directed to talk only to Surfer Protection Program.)
The web page you identified to your browser, using the URI that indicates the page, has a human readable address of the computer that owns the page. This is the section of the web page address that appears as something like www.somecompany.com. The browser asks your ISP's Domain Name Server for the Internet Protocol, IP, Address, i.e. the computer readable format of the human readable address. The Domain Name Server is a computer that was identified when you set up your dialup connection for your ISP; it is a service provided by your ISP. The job of the Domain Name Server is to take the human readable address and convert it into an IP address that computers understand.
Surfer Protection Program caches (stores) the IP Addresses for a couple of hours, as would your browser. When a page is requested a second time, Surfer Protection Program does not need to send a message to the Domain Name Server for the IP Address, it remembers it from last time. For security reasons, it only remembers IP Addresses for a short period of time.
The browser creates a request for the desired web page. The format of the request (and all responses) is standardized so all computers can read and understand the requests. The specification that defines the format of these requests is commonly referred to as HTTP for Hypertext Transfer Protocol. Normally there is a number that indicates the version of the specification being used, e.g. HTTP/1.1. Version 1.1 is the current version for the year 2000.
Part of the request may contain information indicating that the browser already has a copy of the requested page that it had previously cached (stored locally). The request will say please give me this web page only if it has changed since my last copy, dated xyz.
After creating the request, the browser must now establish a connection with the web server in order to deliver the request. The IP address (the computer readable address) is used during this step of establishing a connection. Once the connection is established, the browser sends the formatted request to the web server and then, while keeping the connection open, waits for the response from the web sever.
Once the response is received, the browsers would close the connection. Usually, as we'll see in the next step, a web page requires lots of other little pieces from the same site. If we close this connection, we have to open it over and over again. So, with HTTP/1.1 replacing HTTP/1.0, the browsers and web servers are now permitted to keep the connection open for a short while. This reduces all of the extra open-connection message traffic between the computers on the Internet by quite a bit. This new feature of keeping connections open is referred to as persistent connections in the specification.
The Surfer Protection Program implements HTTP/1.1. Some browsers have an option setting that lets you describe the proxy as a 1.1 or 1.0 compliant proxy. Set up your browser to talk to Surfer Protection Program using HTTP/1.1, as it is more efficient; otherwise HTTP/1.0 is okay.
Having received the response, the browser must now determine what was actually received. The response could be the intended web page or any number of other responses that are permitted.
A very common response is "304 Not Modified." With this response, the web server is telling the browser that it has the latest copy cached locally and that it should use that copy. This saves time by not having to send the file from the web server to the browser.
Another common response is "302 Found" (sometimes seen as "303 See Other," or "307 Temporary Redirect"). This response indicates that the requested file is now at a new location, i.e. it has a new URI. This new URI is usually only temporary, so the browser would normally not cache the returned file for future use. With this response, the browser starts all over with step one above to get the new page using the new URI.
And of course, there is the "200 OK" response. This response returns the desired page. With this response, the browser continues with step five below.
When the browser receives the web page, it reads the contents of the page. The contents are written using another standard, HTML for Hypertext Markup Language. As the browser reads the contents of the page, it will make a list of several other sub-pages that are needed. These sub-pages themselves become requests. Each has its own URI and associated web server that knows how to return the sub-page to the browser when requested. The browser requests each of these sub-pages starting with step one above. As the responses return, the browser remembers if the response belongs to a parent page or is itself the parent page. The browser displays the response accordingly.
Copyright © (2000) Intelligent Software Modeling, Inc. All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice.
The limited permissions granted above are perpetual and will
not be revoked by
This document and the information contained herein is provided on an "as is" basis. Intelligent Software Modeling, Inc., disclaims all warranties, expressed or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties of merchantability or fitness for a particular purpose.