Workers' Edge

Internet Explorer 8, Firefox 3, Google Chrome 4, Apple's Safari 4, and Opera 10 include features that block sites known to host malware and malicious downloads. All but Opera also let you browse without leaving any tracks. But just as important as these protections is ensuring that whichever browser you use is thoroughly patched.

Filtering out bad sites
Firefox's built-in antiphishing tool claims to update its bad-site database 48 times a day, according to Mozilla's Firefox security page. Firefox 3 uses Google's Safe Browsing service to automatically block sites that are known to host malware. The Google Code site describes how Safe Browsing works in Firefox.

To verify that attack-site blocking is enabled in Firefox, click Tools > Options > Security and make sure "Block reported attack sites" is checked.

Firefox will prevent known-bad sites from opening when "Block reported attack sites" is checked.

(Credit: Mozilla Foundation)

The same feature is built into Google's own Chrome browser. You can ensure that malware-site filtering is on in Chrome by clicking the wrench icon in the top-right corner, choosing Options, and selecting Under the Hood. "Enable phishing and malware filtering" should be checked. The Google Chrome Help site describes the feature. (Hint: This page looks very similar to the description on the Google Code site.)

Google's Chrome browser blocks known-bad sites when "Enable phishing and malware protection" is checked.

(Credit: Google)

The SmartScreen technology in version 8 of Internet Explorer blocks known-malicious downloads as well as bad URLs. Other new security features in IE 8 include automatic blocking of click-jacking and cross-site scripting attacks, automatic crash recovery, and highlighting of the actual domain name in the address bar. The Microsoft Security site describes the SmartScreen Filter and includes links to a SmartScreen FAQ and information for site managers.

Apple's Safari browser added phishing and malware blocking in version 3.2, which was released in late 2008; read about this and other security features in Safari 4 on the Apple Safari site. Likewise, Opera's Fraud Protection predates the phishing and malware filters in IE and Firefox and is enhanced in the latest version 10. But attack-site blocking is only one of Opera's many security features, which you can read about on the Opera site.

Browsing in private
To activate private browsing in Firefox 3, click Tools > Start Private Browsing, or simply press Ctrl-Shift-P. You can set Firefox to start in private-browsing mode by clicking Tools > Options > Privacy and check "Automatically start Firefox in a private browsing session." The Mozilla support site provides more information about this feature. Likewise, put IE 8 in private-browsing mode by clicking Safety > InPrivate Browsing, or by pressing Ctrl-Shift-P. You can also open a new tab and click either Browse with InPrivate or Open an InPrivate Window.

IE 8 also lets you control the information about your browsing habits that's shared with Web tracking services. To activate this feature, click Tools > InPrivate Filtering Settings and choose "Let me choose which providers receive my information." This opens the InPrivate Filtering settings dialog, where you can turn filtering off, choose which services to block from tracking you, or automatically block all trackers.

Internet Explorer 8's InPrivate Filtering lets you block some or all Web tracking services.

(Credit: Microsoft)

You can open an incognito window in Google Chrome by clicking the wrench icon in the top-right corner and choosing "New incognito window," or simply press Ctrl-Shift-N. The incognito icon (a shadow figure in a fedora and glasses) appears in the top-left corner of the browser window. The Chrome support site offers a more detailed description of this feature.

Opera lacks an equivalent private-browsing capability but does offer private searching and other identity-blocking features, as described on the Opera site. To activate private browsing in Safari, simply click Safari Settings Menu > Private Browsing.

Automatic and not-so-automatic browser updates
Patching is a way of life with nearly all software, but especially with browsers and the media players associated with them: Adobe Reader, the Flash Player, Apple's QuickTime, and Sun's Java, among others. All of a browser's security features can be rendered useless by a piece of malware that takes advantage of an unpatched hole in the program.

Firefox 3 alerts users to the presence of an update and now also notifies you when your Flash Player is out-of-date. Internet Explorer 8 updates via the Windows Update/Microsoft Update services. Google Chrome made a splash by being the first browser to update itself in the background without requiring any prompting from users. Safari updates automatically via Apple's update service, which also serves up patches automatically for QuickTime, iTunes, and other Apple software. Opera also notifies you automatically when a new version is available.

But updating is too important to leave to others. Back in April, I described Secunia's Online Software Inspector and downloadable Personal Software Inspector, which identify out-of-date programs on your PC. The programs mentioned in that post have all been updated since, but Secunia's services should point you to the most recent versions.

(Note that Secunia sometimes reports a program as being out-of-date when in fact you have the latest version. On my PC, it continually reports my up-to-date Flash Player as being in need of an update, for example. But the free service Secunia provides is worth putting up with this and similar minor annoyances.)

There's no way to reduce to zero your risk of picking up some piece of malware while browsing. You need layers of security to keep viruses, Trojans, and botnets at bay—the more layers, the safer your browsing. (Of course, the more layers, the slower your browsing, too, so don't get carried away.)

Much emphasis has been placed on the enhanced security features of the latest versions of the popular browsers. Whether one is any safer than another is anybody's guess, but no browser gives you more ways to thwart a Web-based attack than Firefox via its wealth of security add-ons.

Link checkers add warnings to search results
Search results are often difficult to trust, even when the URL looks familiar. Phishers are adept at planting dangerous links that look like harmless ones. Link checkers provide you with an indication of the trustworthiness of sites before you click their links. (Note that several of the products are available for Internet Explorer as well.)

Some of the programs, such as McAfee's SiteAdvisor, give the thumbs-up or thumbs-down based on a single company's research. Web of Trust (WOT) bases its recommendations on the collective intelligence of a network of volunteers. LinkExtend is a link-check aggregator that combines the analyses of eight different services.

McAfee SiteAdvisor adds a safety indicator to Web search results.

(Credit: McAfee)

While the recommendations of link checkers are helpful in identifying safe sites, you can't take their yeas and nays as gospel. For example, sites that offer downloads of system utilities may be flagged as dangerous because the programs require access to the operating system and thus could do major damage in the wrong hands.

Track the trackers
You know popular Web sites download software that tracks your activities on their sites, but do you know who's doing the tracking? Find out with the Ghostery add-on that pops up the names of the trackers as the page opens. The program puts a small "ghost" icon in the bottom-right corner of the Firefox window that turns orange when trackers are present. Click the link that appears to the right of the icon to find out more about the trackers and block them individually or entirely.

The Ghostery Firefox add-on lets you know who's tracking your activities on the site.

(Credit: Ghostery)

View encryption specs
When you open an encrypted Web page, a lock icon appears in the bottom-right corner of the Firefox window and the URL in the address bar begins with "https." But there's more than one form of encryption, and knowing which type and strength of encryption in use can be handy.

The CipherFox add-on puts in the bottom-right of the Firefox status bar the Secure Sockets Layer/Transport Layer Security (SSL/TLS) cipher and keysize currently in use. Double-clicking the entry opens the CipherFox dialog box, where you can disable RC4 encryption and display partial SSL/TLS. (Note that the developer accepts donations to support the product.)

Take charge of Web password management
Firefox's built-in password manager lets you create a master password and remember passwords for specific sites, but if you want to get serious about managing your passwords, get LastPass, a password manager that provides much more granular control over your sign-ins.

After you download and install the add-on, an icon is placed in the top-right corner of the Firefox window. Click it to open the LastPass menu, which lets you manage your identities, open the LastPass Vault, jump to favorite sites, and generate secure passwords. You can also import or export sign-in IDs, compose and print secure notes, and assign keyboard shortcuts for specific actions.

In addition to Firefox and IE, LastPass is available for Google Chrome and Apple's Safari browsers. LastPass backs up your passwords by storing an encrypted copy on its own servers. And because you can access your passwords via the Internet, you can use LastPass on any Web-connected device, although use of LastPass on an iPhone or other smart phone requires a Premium membership, which costs $1 a month. (You can also put LastPass on a USB thumbdrive for use with Firefox Portable and other portable apps.)

Web ads aren't just annoying, they can also be the source of a malware infection that attempts to steal your identity. In her September 15, 2009 InSecurity Complex blog, Elinor Mills describes how ads are being used by criminals to trick people into buying fake antivirus software, among other nefarious purposes.

Technology to block the ads that appear on Web pages has been around for almost as long as the ads themselves. No doubt someone will point out the irony of a blog that relies on ads for its livelihood explaining how to prevent them from appearing. For better or worse, few people will actually take the time to use an ad blocker when they browse. I don't think online advertisers are losing much sleep over the technology—yet.

Skip the ads when viewing pages in Firefox
One of the most popular Firefox add-ons is Adblock Plus, which puts an "ABP" icon on the far right of the main menu. Click it (or press Ctrl-Shift-V) to view the blockable items on the current page. Choose the down arrow next to the icon to open the program's Preferences dialog, disable ads on the page or site, or select other options.

Click the Adblock Plus icon to view blockable items on the current page.

(Credit: Wladimir Palant)

Hovering over the Adblock Plus icon shows the add-on's status and the number of blocked and blockable items on the current page. You can also open the program's Preferences dialog by clicking Tools > Adblock Plus Preferences. There you can subscribe to an ad filter, import and export blocklists, view and reset your "hit" list, and change your view. Another option lets you remove the block tabs that appear by default on Flash and Java items.

Block ads in Internet Explorer
Back in January 2008, I called the free IE7Pro "(t)he only Internet Explorer 7 add-on you'll ever need." Well, the name's the same, but the program now works with IE 8 as well. Blocking ads in IE is as easy as downloading and installing IE7Pro, clicking Tools > IE7Pro Preferences, and checking Ad Blocker on the main Modules tab. The program blocks Flash, Java, pop-ups, pop-unders, and other types of Web ads.

Activate ad blocking in Internet Explorer by choosing the Ad Blocker option in IE7Pro's Preferences dialog.

(Credit: IE7Pro Team)

To put a finer point on your IE ad blocking, select the AD Blocker option on the left side of the Preferences window. There you can enable the program's Flash blocker, which is off by default. You can also make changes to the IE7Pro filters, but you can't import or export filters as easily as you can using Firefox's Adblock Plus.

Use a proxy to squash ads in Chrome
It isn't surprising that Google decided not to include an ad blocker in its Chrome browser. After all, the company makes quite a bit of money from serving up those ads, so helping people to block them would be self-defeating. I found a couple of ad-blocking extensions for Chrome, but after taking a look at them, I just didn't trust them.

In one case, the home page of the extension's provider was crowded with ads itself. And another Chrome ad blocker I looked at had an unfinished appearance. The best solution I could find for blocking ads in Chrome is the Privoxy Web proxy, which is available on Source Forge. Configuring the add-on is a challenge, but a post on the GeekZone tech community boils it down nicely to seven steps.

Block ads in Opera, no add-ons required
The best way I found to block ads in the Opera browser is to use the program's built-in content blocker. To activate it, right-click anywhere on the page and choose Block Content. Only the blockable content on the page will be highlighted, and a toolbar appears at the top of the page. Choose an item to block it, and then click Done on the toolbar to reload the page minus the elements you selected.

To unblock an item, just reopen the Block Content toolbar and click the "Blocked Image" indicator. You can also view the URLs of all blocked items on a page, edit the entries, and add or delete items. There's no option to import or export a list of blocked URLs, however.

Bonus tip: Block ads and malicious sites via the free OpenDNS proxy service
Perhaps the greatest security resource on the Web is the free OpenDNS proxy service, which sends all your Internet traffic through a well-maintained set of filters to screen out ads as well as sites known to host malicious content. You can use the OpenDNS service to block gambling, adult, and other specific types of sites. For instructions on using OpenDNS, see Becky Waring's article "Use OpenDNS to surf safely with these tricks" on the Windows Secrets site.

Browsing the Web has become like walking down a carnival sideshow. Everywhere you turn, you're bombarded with come-ons. You know there's a catch to each and every pitch because these barkers are pros at separating you from your money.

The people offering free software and Web services appear to be taking lessons from retired carnies. Their offers are too good to be true—literally. Most of these folks are in business, after all, so they have to make money somehow.

And as they say, the most successful cons are the ones where the victim doesn't even know he or she has been conned at all.

Of course, the purveyors of these "free" services assert that there's nothing underhanded about their method of doing business. Many are up-front about their business model, whether it involves placing ads in their products and services, downloading unrelated browser toolbars along with their updates, charging only organizations who use the software while letting individuals have it for free, or offering only dumbed-down versions of the programs for free and requiring payment for access to all the products' features.

Still, sifting through the "free" claims to find the true price you pay for such products can be daunting. Anyone who has used the Internet for any length of time knows it pays to be skeptical. While there are hundreds—perhaps thousands—of truly free programs and services available on the Web, finding the best of them isn't always easy. And clicking the wrong free-download link can be downright dangerous.

One way to determine whether a program is really free is its use of the Free Software Foundation's GNU General Public License (GPL). The GNU GPL stipulates that the software can be used, copied, and distributed verbatim without limitation, though it cannot be changed. While you can usually get the source code of programs that adhere to the GNU GPL, the license differs somewhat from open-source software.

The Open Source Initiative defines 10 criteria that programs must follow to be considered "open source." Among these are that the software can be redistributed—whether sold or given away—without limitation, and that the source code be distributable as well. Such programs must also allow "modifications and derived works" that can be distributed under the same terms.

SourceForge provides the most comprehensive collection of open-source software for Windows, Linux, and other operating systems. The programs listed on the site are often poorly documented and may be labeled as "projects," so you may not want to pin your business's success on one of them.

In fact, you'll often find more complete reviews of the programs listed on SourceForge by searching for them on Download.com. For example, here's the SourceForge entry for the KeePass Password Safe password-management freeware, and the product's entry on Download.com.

Whose bandwidth is it, anyway?
My biggest beef with software vendors—whether they charge for their products or not—is their cavalier attitude toward our system resources. Microsoft ties up our PCs every second Tuesday of the month with multimegabyte Windows updates. But a more recent example is Apple's latest iTunes and QuickTime update, which comes in at a whopping 101.2MB download. Apple, Microsoft, and other software vendors repeatedly expect me to put my workday on hold and turn my system over to their monster updates.

Apple's iTunes + QuickTime updater wants to download more than 100MB of patches in the middle of my workday.

(Credit: Apple)

Many antivirus and other security programs let you use them for free but request a donation—sometimes repeatedly. For example, InformAction's popular NoScript add-on for Firefox opens a page after each update that solicits donations.

Other times, the vendor offers a free version of their commercial products, but finding it on the company's site becomes a game of Where's Waldo? If you're looking for AVG Free, you'll find it much faster on Download.com than you would on AVG Technologies' site.

Perhaps the greatest danger when looking for free software is becoming a victim of rogue security programs. This form of malware tricks you into downloading it by promising free protection, and then it claims to have found viruses that aren't actually there. The software holds your system for ransom, requiring that you pay to "remove" the infection that the program itself created.

The best way to avoid such traps is to restrict your software downloads to sites such as Download.com that scan all the files they host for malware prior to offering them for download. Better yet, think twice or even three times before installing any program. Every piece of software you load on your PC comes at a price, even if it's just the time, effort, and bandwidth required to keep it up-to-date so it doesn't become a security weak point.

The U.S. Centers for Disease Control and Prevention announced on Friday, October 9, that the H1N1 virus was widespread in 37 states. Fortunately, vaccines are on their way, and seasonal flu shots are currently available (the map on the Flu.gov site helps you find a vaccination center near you).

The best way to avoid bringing the flu bug home with you from the office is to stay out of the office. If you have the flu, do yourself and your coworkers a favor: stay home and rest! Not sure if you have the flu? Check the CDC site for a list and description of the symptoms of both H1N1 and seasonal flu. You'll also find information on the CDC site for taking care of people with the flu, prevention for people at high risk, and travel updates.

One of the best ways to track the flu's spread is via Google Flu Trends, an interactive map that indicates the frequency of flu-related search terms in various countries.

The Google Flu Trends map tracks flu-related searches by country.

(Credit: Google)

Additional information on flu trends is available for the U.S. and several other countries. For the U.S., you can compare yearly flu trends and view data for each state.

For several countries, Google provides more annual and regional flu data.

(Credit: Google)

Link to your office PC for free
In many work situations, there's no substitute for being face to face. But every year it gets easier to get your office work done from outside the office. One way to do so is via Windows' Remote Desktop Connection component, which lets you link to a PC that's on an office network, but only if the machine's running XP Professional or Vista/Windows 7 Professional, Business, or Ultimate.

... Read more

Someone told me recently that they had 22 different log-in IDs. My first thought was, you must get out more. My second thought was, how do you remember 22 different Web services, let alone log-in IDs and passwords?

The answer, of course, is a password manager. These days, I see PC security as a form of insurance. The more you have to risk, the more you should spend to protect it. Anyone who banks or otherwise transacts online will find the investment in a password and personal-data manager worthwhile. Fortunately, if your password-management needs are meager, the protection doesn't have to cost you anything.

Siber Systems recently announced the beta version of RoboForm Online that lets RoboForm users store their log-in data securely online. Just log into the service from any browser and get fast access to the IDs you've saved on your PC. With just one you're logged into your favorite Web sites.

Log into the RoboForm Online service to access your favorite Web services with a single click.

(Credit: Siber Systems)

The first time you use the program, you're prompted to enter a master password. You can change the master password via the program's Options drop-down menu and selecting Security settings, but if you forget a master password, you have to delete all the password-protected files and start over.

... Read more

CNET has been the premier technology-news site since there have been technology-news sites. It's great to be even a small part of it. But lately I've been spending more and more of my time on one-person tech sites run by people who are among the sharpest on the Web.

The sites themselves couldn't be more different, and one specializes on Windows XP, so it's anything but a "news" site, but each one offers something of value that you won't find anywhere else.

Before I describe these tech sole proprietorships, let me plug two of my favorite CNET reporters. Elinor Mills' InSecurity Complex blog keeps me up-to-date on the latest in tech security. And I get a fresh perspective on Microsoft and its products, among other interesting tech topics, in Ina Fried's Beyond Binary blog.

The guy with his finger on the technology pulse
I get winded just reading about all the events and product announcements Harry McCracken writes about on his Technologizer site. The former PC World editor-in-chief covers topics so diverse that about the only thing they have in common is that they're all so interesting. Harry cuts through the hype and gives you the low-down quickly and simply.

By the way, Harry will be tweeting during Chris Anderson's videocast about disruptive technology on Sept. 30 at 3 p.m. Pacific time. I'll be working, but I hope to catch at least a couple of his tweets during my afternoon break.

The first word on computer security
Bruce Schneier writes about more than just security on his Schneier on Security blog, which is a good thing because you really have to read about the discovery of giant squid and the nonrandomness of coin-flipping to get a break from all the bad news. And unfortunately, there's no shortage of bad news when it comes to computer security.

Granted, many of Schneier's stories don't affect everyday PC users directly, but scan Schneier's blog whenever you need a reminder of why we need to take security so seriously.

Nobody knows more about PC annoyances than the Bassmaster
There's a lot to enjoy about computers, but for every source of PC joy there are 10 sources of PC aggravation. And when your tech hardware and software starts getting on your nerves, head over to the newsletter archive on Steve Bass's TechBite site for solutions with a touch of wry.

Along with great Windows troubleshooting tips, you'll find money-saving tricks and freeware recommendations. But my favorites are Steve's Time Wasters: deceptively difficult puzzles and games, optical illusions, stunts gone askew, and other Web wonders. The Internet the way it was and the way it should be!

A site for the operating system that wouldn't die
You have to hand it to Windows XP. The software has been around since wireless networks were young and cell phones had only 15 buttons. The fact is, XP continues to be the most widely used operating system in the world. And when your XP machine starts acting up, make Kelly Theriot's Kelly's Korner one of your first stops.

Troubleshooting's topic number one on this site, but you'll also find plenty of XP interface tweaks and links to other resources, particularly Microsoft Knowledge Base articles. This site is never going to win any design awards—some of its pages are text links in long, unbroken tables—but if it can go wrong in XP, it's probably described on Kelly's site.

Sometimes you just have to laugh
More malware, more defective hardware, more privacy breaches. Reading the daily technology news makes it easy to lose your sense of humor. Sure, you can browse over to The Onion or another humor site, but you get a whole different sensibility—or nonsensibility—from Dan Tynan and his cronies JR Raphael and "Dr. Smartass" on the ESarcasm site.

I'd like to report that I found some redeeming value on this site, but I'm still looking. (You'll find Dan's more serious take on matters technological on his Tynan on Tech blog.) If you're at all inclined to take technology—or yourself—seriously, avoid this site like the H1N1 virus!

The 2009 football season has arrived, and with it the need for somebody in the office to collect everyone's picks in the weekly football pool. Google Docs' forms function makes recording the pigskin prognostications as easy as siding with whoever's playing the Detroit Lions this week.

On the Google Docs main page, click New > Spreadsheet to open a blank worksheet. Click Form > Create a form to open the Edit form dialog. Give the form a name in the top text box. Type "Name" in the Question Title text box, choose Text in the Question Type drop-down menu, check "Make this a required question," and click Done. Now you'll know who's responsible for each set of picks.

Create a text box for football-pool members to enter their names.

(Credit: Google)

Next, create a two-item multiple-choice "question" for each game in the pool. Click "Add item" in the top left and choose "Multiple choice." The Question Title field is required, so enter some identifying text, such as "Game 1." Choose "Multiple choice" in the Question Type drop-down menu. Enter the away team in the first option box and the home team in the second. Check "Make this a required question" and click Done.

Now click the Duplicate button in the top right (the double-sheet icon between the pencil and the trashcan) once for each game in the pool. Double-click the copied multiple-choice questions in succession, enter the away and home teams as options 1 and 2, respectively, over the copied teams, and click Done (the "Make this a required question" option should be checked automatically).

Copy a game "question" and change the title and multiple-choice options to complete the football pool.

(Credit: Google)

Once you've entered the teams for each week's games, click the link at the bottom of the "Edit form" dialog to preview your game form.

Preview your finished game form by clicking the link at the bottom of the Edit form dialog

(Credit: Google)

When you finish creating a "question" for each game, open the resulting spreadsheet and click the Share button. Choose "Invite people" to open a dialog that lets you enter participants' e-mail addresses, add a message, and allow them to edit or merely view the worksheet. The "People with access" and "Advanced permissions" tabs give you even more sharing options.

Click "Get the link to share" to open a dialog from which you can copy the URL to send to pool members via e-mail or IM. Other share options let you e-mail the sheet as an attachment, publish it as a Web page, and change your notification settings.

If you don't like the form's plain-vanilla look, you can choose one of Google's canned themes for your form. You can also view the picks in a spreadsheet or summarized as pie charts, embed the form in a blog or Web site, and change the confirmation message.

By the way, you can try out the game questionnaire I created for this week's NFL games. Just make sure you make your picks before the Titans and Steelers kick off.

Earlier this month, an 82-year-old man in Auburn, Calif., was scammed out of $5,200 because his Facebook profile was too forthcoming. The first thing I did after reading his tale of woe on the Auburn Journal site was to examine my own Facebook profile from a stranger's perspective.

I didn't like what I saw.

What I saw was too much, so the second thing I did was edit my Facebook profile to remove some personal information and further restrict access to it. Unfortunately, the process took longer than I expected.

A Facebook privacy makeover begins by hovering the cursor over Settings and choosing Account Settings. The Settings tab shows your name, contact e-mail address, and other basic information. The Networks, Notifications, Mobile, Language, and Payments tabs are self-explanatory, although I unchecked several of the Notifications options that were selected by default.

The real work begins when you rework Facebook's privacy settings. Hover the cursor over Settings and choose Privacy Settings to open the service's Privacy Overview. Your privacy options are presented in four categories: Profile, Search, News Feed and Wall, and Applications. You can also add someone to your Block List by entering his or her name in the text box near the bottom of the page and clicking Block.

Facebook's Privacy Settings are listed in four categories along with a tool for adding names to your Block List.

(Credit: Facebook)

Click Profile to view your personal and contact information. Your options in each category are everyone, people in your networks and friends, friends of friends, only friends, and a Customize dialog box, which provides a bit more granularity to your options. Click the Save Changes button at the bottom of the page once you've finished making your selections.

The custom options in the Facebook privacy settings let you limit access to your personal info.

(Credit: Facebook)

I reset each privacy option to Only Friends, with the exception of the Basic Info category, which is viewable by everyone. To see your profile as your friends do, enter the name of a friend in the text box at the top of this page. (You can view and edit the entries in your Basic Info by clicking Info on your profile page and choosing Edit Information.)

You might be surprised by the amount of information about you that Facebook's search function makes available. To change Facebook's search settings, click Search on the Privacy Overview page. The default option under Search Visibility is Everyone, but you can change this to Friends of Friends, Only Friends, or a custom setting for people in your networks.

I chose to show in search results only a link to send me a message. I also unchecked the option at the bottom of the screen to create a public search listing for me to submit to Web search engines. When you're done, click Save Changes.

Uncheck options on the Facebook Search Privacy page to restrict your personal information shown in search results.

(Credit: Facebook)

The default selections in Facebook's privacy settings for News Feed and Wall are similarly too open for my liking. It wasn't so much the options under Actions within Facebook, although I did uncheck several of these. The settings under Facebook Ads were a bigger concern to me.

There are two options on this page: "Allow ads on platform pages to show my information to" and "Show my social actions in Facebook Ads to." You can choose either "Only my friends" or "No one." Opting for the latter choice was a no-brainer for me.

More unpleasant surprises awaited on the Applications Privacy page. What your friends do affects how far afield your personal information travels. You can read about it under the Overview tab, which concludes by promising that Facebook won't sell your personal information and that "(y)our contact information is not exposed by the Facebook Platform."

I'm sure the Facebook Platform offers some real benefits, but until I have a better understanding of those benefits and their potential risks to my privacy, I'm opting out. To do so, choose "Do not share any information about me through the Facebook API." Take that a step further by selecting the other two options on this page, which block friends from viewing memberships in Facebook Connect sites and prevent Beacon sites from posting stories to your profile.

These days, I spend more time in Facebook than any other Web service except Gmail, and Facebook is gaining fast on that top spot. Of course, the bad guys are spending a lot more time there, too. Minimize your chances of catching their eye by lowering your profile.