(4 of 8)
E-commerce sites routinely share your information, or sell it. The Electronic Frontier Foundation launched a campaign in early June against Macys.com for giving away info from its bridal registry to its business partners. Amazon, which once permitted users to choose to keep their data confidential, rewrote its privacy policy last year to say customer data are an "asset" it may sell or transfer in the future. If an e-commerce site you bought from goes bankrupt, it could be legally required to sell your data to the highest bidder. And sites routinely sell or exchange your personal information. Privacy advocates are pushing for federal legislation requiring websites to let users opt out of sharing, as has recently happened in financial services (see box).
Theft of personal data from websites is also growing. Egghead.com sent a chilly wind through cyberspace late last year when it disclosed that hackers had broken into its system and may have accessed millions of credit-card numbers from its database. (It later found that no credit cards had been compromised.) It was a stark reminder that financial data are only as safe as every website you share them with.
There have been other recent high-profile hacks. Music retailer CD Universe lost up to 300,000 credit-card numbers; Bibliofind, a subsidiary of Amazon, had the names, addresses and credit-card numbers of 98,000 customers stolen. One thing that makes online credit-card theft more tolerable than some cyberscams: if consumers find false charges, banks and merchants should pay most of the bill.
4 THAT WEBSITE ON WHICH YOU JUST ENTERED YOUR CREDIT-CARD NUMBER MAY BE A FAKE
In April the FBI cracked a Russian ring and charged a pair of its members with conspiracy and fraud. The hackers were also allegedly involved in website "spoofing." Federal officials said the Russians tried to create a counterfeit website mimicking the real home page of PayPal, the popular online fund-transfer service. PayPal has been hit with such spoofs several times. When a fake site was operating, hackers e-mailed PayPal users and got them to click on a hyperlink with the spoof site's domain name: www.paypai.com On many computers, a capital I looks identical to the l at the end of the word PayPal.
Near-identical domain names are easy to obtain. Banks have also been a frequent target of spoofers. Bank of America got wwwbankofamerica.com taken down--its domain name, minus the dot after www--but not before some customers were tricked into entering financial information.
5 THE GOVERNMENT MAY BE GIVING OUT YOUR HOME ADDRESS, SOCIAL SECURITY NUMBER AND OTHER PERSONAL INFORMATION ONLINE
If you live in Ohio, anyone who types your name into a county database can learn your address and how much your house is worth. He can also inspect detailed floor plans of your house, showing placement of your windows, porches and balconies. Supporters of the state's online initiative call it a breakthrough for open access to government records. Critics have another way of describing it: a breaking-and-entering handbook.
Governments around the country have been rushing to put property records online. Many jurisdictions have joined Ohio in creating databases searchable by name. If you go to the Brookline, Mass., website, you can find out where Michael Dukakis lives. Miami's will tell you Janet Reno's home address.