The other day I heard a radio commercial claim that more than half of all health-related Web sites are fronts for law firms trolling for potential malpractice-suit clients. I immediately doubted the ad's claim. First, it didn't cite a source for the high percentage of illegitimate health sites it stated. Second, it was an ad itself (for a law firm trolling for potential malpractice-suit clients, of all things). And third, it glossed over the actual name of the firm, but repeated its toll-free number over and over.
Still, the ad got me thinking about all the bogus Web sites out there, and how people can protect themselves in the absence of any third-party monitoring of Web information. There are some controls in place for making safe Web purchases, principal among them are Secure Sockets Layer (SSL) certificates, which are designed to ensure the security of Web servers. When you visit an SSL server, it places a small lock icon in the bottom-right corner of the browser window, and the URL in the address bar begins with "https:". Even these can be spoofed, however, so they shouldn't be your only consideration when deciding whether to trust a site with your credit card numbers.
Ultimately, when it comes to verifying any site's trustworthiness, you're on your own. Here are some tips and resources to help you decide for yourself which sites you can believe.
Start with the URL
Before you follow a link returned by a search engine or posted on some other site, mouse over it and look at the status bar at the bottom of the browser window for hints about the site. If you don't see this information, click View > Status Bar in either IE or Firefox.
The text between the double slashes and the first single slash is the server ID. If it's an ISP's name, such as "aol" or "geocities," the site is a personal page. (The server ID will usually be followed by a tilde or other character, and then a user name.) This doesn't mean the page is untrustworthy, just that the person or organization hasn't purchased their own domain name.
Check the server ID in your browser's status bar for an indication of the type of page prior to opening it.
Unfortunately, you can't tell much from the domain extension, or top-level domain. The popular .com and .net extensions are used by commercial and non-commercial entities, as are .org--which was intended solely for nonprofits--and the various country codes, such as .ca for Canada and .de for Germany. The first three are unsponsored, as are the newer domains .biz, .info, and .name. There are also several sponsored TLDs, which are "controlled" by a third party. These include .aero, .asia, .coop, .mobi, .museum, .pro, and .travel. Of these only .mobi has gained traction among Web developers eager to attract mobile-phone users.
Once you're on the site, look for an About or Biography page, which should give you a clear indication of the site's purpose and intended audience, as well as the qualifications of its authors. Also check for a Contact page that includes a physical address and/or toll-free telephone number. Keep in mind that these site elements are also easy to spoof. Two other early indications of a site's validity are the presence of a date on the page, and the inclusion of links to information relevant to the subject at hand, and not simply some Ajax widget that displays headlines from some other site automatically, or (more likely) a list of unrelated text ads.
Check the site's links
It's not uncommon for sites to fill their pages with links to other popular sites in hopes of raising their profile among search-engine spiders. To view a list of sites that link to the site in question, type link: followed by its URL in Google's search box, and press Enter. You can also enter the URL at Alexa.com, if it's one of the top 100,000 sites on the Web, to get a snapshot of its traffic, as well as what sites link to it.
View a snapshot of a Web site's traffic, and a list of sites linking to it, at Alexa.com.
Look for the site in a Web directory
There are some credible third-party Web directories that help you find topic-specific sites you can trust. The Librarian's Index is a bit dated, and it doesn't include some of my favorite technology resources, but it covers a range of topics almost as broad as the Web itself. A consortium of college and university librarians led by the University of California at Riverside created Infomine for their students and staff, but it lists many reliable Web sources in non-scholarly areas as well. One of the best consumer-focused Web directories is at About.com.
The ring-of-truth test
Even information on sites with reputations for reliability can be suspect, as shown by recent revelations about bogus postings on Wikipedia. The more important the information, the more sources you should use to corroborate it.
Along with a clear and consistent statement of purpose, a site should be grounded in the real world, with a physical address, a URL that matches its name, and references for its authors. It should also be easy to use, clearly laid out, and bereft of typos and broken links. And that old maxim is as valid on the Web as anywhere else: If it seems too good to be true, it probably is.
Friday: convert any Office file to PDF for free.
A friend took me to task for recommending that people use Gmail as a central repository for all their e-mail. (The fact that he works for Yahoo is purely coincidental.)
"Sure, let Google read all your mail and serve up ads based on the content," he said. "Nothing wrong with that." The fact is, I consider everything I do online--searching, browsing, shopping, e-mail, video-viewing, you name it--as public as anything I do on Main Street in midday. That doesn't mean I don't take precautions to protect my credit card numbers and other private information while online, just as I do my best to keep the information secure everywhere else. Here are my Online Privacy Rules.
#1: Paranoia pays. Don't trust anything or anyone. Just because the URL in the address bar begins "https://" and there's a little lock icon in the bottom corner of the browser doesn't mean you can enter your bank-account number, PIN, mother's maiden name, passwords, and the combination to your high school locker without a care. Phishers can spoof just about any indicator the browser makers and security protectors come up with. As much as possible, share your personal information only with those sites you know and trust.
#2: Don't use Internet Explorer. It's the most popular browser, which means it's the target for most data thieves. That's not saying you're 100 percent protected when you use Mozilla Firefox or some other open-source browser, but at least you're not putting the fate of your personal information in the hands of a single company. (I won't even mention Microsoft's spotty security track record.) Hundreds of volunteer programmers poke and prod Firefox (and to a lesser extent, other open-source software) to identify and patch security vulnerabilities.
#3: Use a temporary credit card number. If you know you'll be making a lot of online purchases, contact your credit card provider and ask about getting a temporary number with a preset spending limit and an impending expiration date. (Thanks to my personal tech guru, Steve Bass, for this useful advice.)
#4: Use an anonymizer. Anonymous proxy servers mask your computer's IP address, which allows you to browse without the sites you visit knowing who you are. Web pages will likely take longer to open when you filter them through a proxy server, and the services are not a privacy panacea because they won't stop you from volunteering personal information on a site you shouldn't trust, but they do provide an added layer of protection. There are plenty of free anonymizing proxy servers available, though I've never used any of these, or any other anonymizers. As I mentioned above, the best way to protect your online privacy is to assume you have none, and modify your online behavior accordingly. But I believe I am in the minority opinion on this matter.
#5: Don't use Google. This one's harder to do than it may seem. Not only has "google" become synonymous with Web searching, you can't always tell when you're on a site or using a service with ties to the company's enormous data stores. For example, Ask.com recently launched its AskEraser service that lets you wipe out your search history, but Ask serves up Google ads in its search results, and Google keeps track of who views its ads. Google makes no bones about its reliance on a history of your online activity to offer its various services. For example, you can't encrypt your messages in Gmail without using an add-in such as the $10 ZipMail for Gmail from MK Net.Work. So once again we're back where we started: The only way to ensure your privacy on the Web is to keep out.
Tomorrow: The fastest way (I know of, at least) to paste plain text in Word.
- prev
- 1
- next
