CyberTimes
toolbar
IBM Active Channel for Microsoft Internet Explorer. Find out about your chance to win a computer; click here for official rules and information.
November 5, 1997
Underdeveloped
By PETER WAYNER


Traveling the Web Invisibly,
Through a One-Way Mirror

One of the biggest challenges Web developers face is finding a balance between the privacy rights of surfers and the kinds of crucial information that greases the wheels of electronic commerce.

On one hand, the wealth of data about people browsing through a site is extremely valuable to publishers. The click-stream contains rich information about the pages that people choose to read, the time they spend lingering on them and the topics they find interesting. This information is irresistible to editors who want to optimize the feed to keep everyone happy and to publishers who want to share usage data with advertisers.


Related Articles
Anti-Spam Crusader Sees Work as Mission
(August 9, 1997)

Spam King Revels in Bad-Boy Image
(August 9, 1997)

On the other hand, surfers are inherently skittish about being tracked so closely. Until now, Web site owners have been fairly careful about not offering too much personalization because it can set off the psychic prowler sensors that guard many users' personal space. The battle over spam, a nuisance that's very easy to delete, shows just how passionate people can be about such things.

The fault lines are about to get more complicated because software developers are coming up with new technologies for giving people more control about what and how much data they reveal — and to whom they reveal it.

One of the most impressive such schemes is the Lucent Personalized Web Assistant developed by Yossi Matias, a researcher at Bell Labs. His software strips out personalized identifications and prevents Web sites from tracking surfers' movements or creating dossiers about them.

The technique is fairly simple. A proxy server sits between your browser and the Web, filtering out personal references. Normally, proxy servers are just fairly transparent parts of a firewall that make requests for your browser because the firewall won't let your machine make the requests itself.

The Personal Web Assistant, however, actually scans the traffic flowing by and changes your name and e-mail addresses so they don't reveal your identity. For example, when some Web site asks for a form that requires your e-mail address, you type "\@" instead. This is a command that tells the assistant to hide your identity. In this case, the assistant encrypts your address and sends it along. So "pwayner@nytimes.com" might become something like "asfa9340asjdfas@lpwa.com."

Matias has added several neat features. If someone at a Web site you visit gets this address and actually writes to asfa9340asjdfas@lpwa.com, the proxy will decrypt the address and forward the mail. But as an added safety feature, each address is customized for every site. So, if you type "\@" into a form at Bob's Health Data, it would produce an encrypted e-mail address completely different from the one that would be generated at Jerry's Chicken Shack and Cyber Plaza.

This lets users track spammers who may be surreptitiously buying e-mail addresses from Bob's Health Data site. The Web Assistant will block out particular addresses if they start generating too much spam, and you can also do this on a site-by-site basis. If Bob starts making some extra money on the side selling addresses to spammers, you can cut him off without blocking Jerry. E-mail from the Chicken Shack will still work.

One of the biggest advantages to this encrypted e-mail approach is that it is "stateless," meaning that the computer running the Personal Web Assistant doesn't keep track of any data about the user's name or e-mail address. Stateless computers are much easier to maintain because there are no funny states that might occur because of glitches or bugs.

But the term also resonates in a political sense. If there is no state, then there is no information that can be subpoenaed or recovered by an investigation. The machine simply decrypts the e-mail address and passes the data along. Many people are quickly discovering that one of the downsides to using companies like Federal Express is the paper trail that is created. The company already spends a great deal of time and money complying with subpoenas for its shipping records.

In the long run, techniques like this may turn out to be valuable enough to support businesses that either offer advertising or charge for access. Some Internet Service Providers might want to offer “anonymizing” services to their clients. I can see this being particularly possible in New York City and Los Angeles, where rich and famous people need to fight off paparazzi. It's only a matter of time before the folks who dogged Princess Diana will find their way into cyberspace.

Right now, you can experiment with the assistant by going to Matias's Web site. At this point, it is just the project's research site, but I was surprised at how good the response was when I experimented with it for a day. Despite the fact that all of my packets were rerouted through Bell Labs, the response time was still great.

There are, of course, dangers to these schemes. Some companies are already building special proxy servers like this that will screen out pornography. While these businesses may by motivated by sexual harassment laws, there is no doubt that the technology could be extended in many different ways.

The good news is that Matias's scheme is one way to use technology to give people control of their identities on the Net — not to take control away from them.


UNDERDEVELOPED is published weekly, on Wednesdays. Click here for a list of links to other columns in the series.

Related Sites
Following are links to the external Web sites mentioned in this article. These sites are not part of The New York Times on the Web, and The Times has no control over their content or availability. When you have finished visiting any of these sites, you will be able to return to this page by clicking on your Web browser's "Back" button or icon until this page reappears.

Peter Wayner at pwayner@nytimes.com welcomes your comments and suggestions.


IBM Active Channel for Microsoft Internet Explorer. Find out about your chance to win a computer; click here for official rules and information.
Home | Sections | Contents | Search | Forums | Help

Copyright 1997 The New York Times Company