Tell people that you’re going to
track their every move on a website,
store that information in files and
analyze it later, associating it with personal
data received earlier, and the response
might be, “Back off, Big Brother!”
But that is not a paranoid, Orwellian
vision of personal-data piracy. It’s simply
what happens when, as you browse the
Web, you (or your browser, without your
knowledge) accept a “cookie” – a short bit
of text that a website can store on a user’s
machine (see box: The way the cookie
crumbles). In other words, it happens every
day, millions and millions of times over.
In the West, fledgling Internet companies
take turns detailing for an eager audience
of electronic commerce executives
and venture capitalist technologies that
could more efficiently capture
information about people on line – making
their presentations without once mentioning
the infringement on privacy. For example,
online advertising companies DoubleClick
and Engage Technologies employ tracking
devices – electronic sniffer-dogs with a
particular nose for cookies – to follow Web
surfers from one site to another. By tracking
users’ movements, advertisers can personalize
advertisements to increase their efficiency.
Such events underscore the contention of
some that the main threat to privacy does not
arise from an Orwellian totalitarian state, but
rather from commercial interests. “Market
research has been transformed from almost
parochial telemarketing
models of the ’80s
and early ’90s to a
worldwide phenomenon with a
global reach,” says Najib Korban,
managing director and chief IT consultant of
Netcom Systems. “Tracking people’s surfing
and online shopping habits has, in
recent years, been equated to being
Internet-Savvy.”
The disturbing equation of advancing technology
and diminishing privacy is hardly
new. While most people consider privacy to be
a fundamental right, they willingly forego
small bits of it as a trade-off for small but
important conveniences – such as the use of
credit cards or automated teller machines.
And a growing number of people willingly
spend an increasing part of their lives connected
to the Internet, the most voracious
vacuum of personal data in history.
our privacy or anything else,” says
Korban. “It’s the people using this technology
and the policies they carry out that
create the violations.”
Others disagree. “By its very nature, technology
is intrusive,” says Georges Hindi of
Business Engineering Studies and
Technology (BEST), adding Pragmatically:
“But in this new and braver global village, all
concept of the private world has to disappear.
In the grand scheme of the Internet era, the
great benefits brought on by the electronic
revolution substantially outweighs the marginal
loss in people’s privacy.”
Jacques Hakimian of Dialog concurs.
“The true issue of privacy is not spamming,
which is harmless enough, but rather
security systems that need to be secure
beyond reproach in order to foster good
B2B and B2C transactions.”
However, much of the concern over privacy
springs from a new capability to correlate
previously anonymous information
with an individual’s email and street
addresses, which are sometimes reused or
even sold to third parties. This can simply
result in unwanted email messages or junk
mail. But more disturbing is the possible disclosure
of sensitive information.
A company with a banner ad on a Web
page might send an identifying cookie to
your browser, and it would be able to track
that browser if it
called up pages at other websites carrying
the company’s
ads. The advertiser
can, through an
agreement with a
commercial site, also
get a copy of personal
information you
gave to the shopping
site when making a
purchase and be able
to associate that
information with
your browser. Hindi
believes that the privacy policies posted on many, especially American, websites are
worthwhile and a conscious attempt to
appease the surfing community.
Korban takes a more pessimistic view:
“These policies are vague and often incomprehensible
and always subject to change.”
If you insist on perusing the policies, he
adds, watch for seals from business monitoring
groups that attest to the companies’
adherence to consumer privacy standards.
“The Internet is the only two-way media that
most people consume, and it’s very powerful.
You buy a TV, and no one knows what
you watch. You buy the newspaper, and
no one knows what section you read first.
Your computer, on the other hand, is telling
your secrets without your knowledge.”
Is it possible to browse without surveillance?
No, not completely, but it is possible
to move about the Internet in stealth mode.
“Some methods are in the hands of Web
users themselves,” says Korban, “others in
the growing number of companies that sell
privacy as part of their packages.”
In the West, there are hundreds of so-called
remailers. These intermediaries will remove
all revealing information, like your name or
email address, from your email messages
before sending them on to their destinations.
In the absence of a proper privacy
debate in Lebanon, the best information
may be gleaned from the US government’s
Electronic Privacy Information
Center (www.epic.org), which maintains a
list of reliable remailers, and if you follow
the links on its website to “privacy tools,”
it offers worthwhile
tips. There are also encryption programs
like Zero Knowledge Systems.
In addition you can
help safeguard your
own privacy. “One
of the most important
ways is to disclose
as little personal
information as
possible,” advises
Korban. “Don’t give
your identity online,
or, at the very least, minimize the sites at
which you register.”
And, one way to deal with the tell-tale
cookies is to say, “No thanks, no dessert for
me,” when a server offers your browser a cookie.
All the current versions of Web browsing software offer options in
their security preferences, or in a specific cookie-
setting panel, for automatically refusing
all cookies or for accepting them on a
case-by-case basis (see box: How to erase
your cookies).
Korban also advises consumers to maintain
separate email accounts: one for personal
messages, one for business and one for
ordering information or products. The last
is easiest to abandon if junk email messages
become intolerable.
The future promises more exotic inventions
with the potential to impinge on privacy.
In the meantime, though, there are
many steps that consumers can take to protect
themselves. Many of these measures
will prove useful to Internet shoppers even
if consumer privacy laws eventually do
become a reality. And if Internet sites were
ever to find that they were losing visitors
because of snooping cookies, the entire
business of Internet advertising might be
forced to change.
Korban argues that it is possible to stop,
or at least control, the policies that enable
abuses of the technology. Doing so
requires that we change our thinking and
laws to prevent a technologically induced
brave new world from turning into an
Orwellian nightmare.
The way the cookie crumbles
Computer scientists have used the term cookie for a long
time, but its origin is murky. According to Netscape,
cookies are a “general mechanism that server side connections
can use to both store and retrieve information on the client side
of the connection.” In English, that means cookies are small
data files written to your hard drive by some websites when you
view them in your browser. These data files – no more than
4,096 characters long but often as short as ten or 20 characters
contain information the site can use to track such
things as passwords, lists of pages visited, the date when a certain
page was last visited as well as any personal information disclosed during a website visit.
Cookies are not always bad. Benign ones make web-
sites run efficiently and help operate features like online shopping carts.
They let users avoid tediously typing in user names and passwords at sites that require them.
They are ubiquitous precisely
because they smooth the
unending stream of transactions
between Web browsers and Web servers that make up the constant
electronic chatter of the Internet.
When a user types in a Web address or clicks on a link, the Web
browser like Netscape Navigator or Internet Explorer sends a
request for the Web page to a Web server, another computer
with specialized software that receives and processes
requests for ‘{web pages, graphics, sounds and other elements.
If no cookie is involved, each request for a document or
graphic is handled the same way each time. If a cookie is
involved, the site knows you’ve been there before and may know
your preferences. On a site that issues cookies, the software that
handles requests from browsers for pages and images can issue
a unique identifying number the first time a browser makes a
request for pages. That identifying number is sent to the
browser, which stores it as a cookie on the user’s hard drive.
The next time the user wants to go to the same site the brows-
er sends the identifying number as part of the request. That helps
the company that runs the Web server track the number of
different visitors to its site. It also means that a record can be kept
of all visits by that browser to the site. Virtually all major ecommerce
sites use cookies to send a browser a session identifier
that allows a user to drop items in a shopping basket and return
within hours or even days without losing any of those selections.
t may sound spooky, but it’s important to recognize cookies
limits. They’re not active spying programs, just plain text.
A cookie can’t suck information from a user’s machine and secretly
transmit it to a Web server.
Many discussions of cookies revolve around credit card
numbers. Because of security concerns, these are rarely
stored as cookies. A cookie might contain a credit card
number, but only if the user provided it as part of a transaction
and the website was irresponsible enough to send it back
as a cookie. Any responsible site stores in a cookie only information,
like a name and password, that a user knows is going
into the cookie. And if a cookie is used by the website to call
up a database file with personal information, that information
stored at the website, not in the cookie.
The only information in a cookie is
what the user provides. If you
don’t give information about
yourself, a site has little or no
way to connect you, as an individual, with your surfing
expedition through its pages. This is not
entirely foolproof because a Web surfer can pick up cookies without realizing it from some advertising
companies (see box:
Look who’s watching).
Many people and
organizations in the
West, including the
Federal Trade Com-
mission, are voicing
concerns about what
websites might do
with the information
collected through cookies and are advocating
that sites adopt privacy
policies. In the mean-
time, wise surfers
should treat cookies
as they would a bar of
chocolate that’s been
left out in the midday
sun. Verify first, and eat later
An outbreak of media envy
0nline news is not the exclusive territory
of major daily newspapers anymore.
In the last year, local portals and
ISPs have been setting up websites and
getting into the online news business.
While many just sample the waters by
putting up a simple Web page with a few
local stories and a wirefeed from an international
news agency, others – such as
Cyberia – have hired extra staff members,
put display advertising online and set up
large community news operations.
Not wishing to be outdone by the new
whiz kids on the media-block, traditional
Lebanese newspapers are devising strategies
to capitalize on the booming demand for
accessing information from anywhere.
Both An-Nahar (www.annaharonline.com)
and L’Orient-Le Jour (www.lorientlejour.
com) have announced plans to consolidate
their content into Internet portals that
will blend news with entertainment listings
and other local information.
The media companies are forging ahead
despite mixed success by predecessors that
have tried to extend their print operations to
the Web. Still, industry observers say
newspapers must develop an Internet presence
or risk· losing readership to online
rivals. For their part, the newspapers tend to
agree that they need to do more online.
“We have to stop viewing ourselves as a
newspaper company and view ourselves as
an information company,” says a
spokesman for L’Orient-Le Jour.
But to be truly successful, say analysts,
newspapers will have to do much more.
For example, adding e-commerce
features and tailoring their content for
online readers will be essential. And
only then will that great divide –
between the once-a-day multicourse
meal of original material served up by
newspapers and the quickly changing
menus of original fare on the Web –
begin to narrow.
First fruits of Tuesday
It seems that everybody these days
across the Middle East wants to be a
start-up incubator. First Tuesday Beirut
(www.ftbeirut.com) was launched in
September with the stated aim of providing
“a platform for local Internet entrepreneurs
offering networking, resources and capital.”
Modeled after the UK-based First
Tuesday – so named because they meet on
the first Tuesday of every month – the
group gathers entrepreneurs and
investors under one roof to discuss business
plans and IT opportunities.
The potential partners meet like singles at
a bar: investors wear red dots; entrepreneurs
wear green dots. “We are a business
accelerator, focusing on speeding up
Internet companies on their path from idea
to full-fledged business,” says Antoine
Elhage, partner of the IT consultants,
Phoenicia Valley, which co-sponsors the
monthly event.
Fancy names aside, First Tuesday is in the
business of offering to a would-be Internet
entrepreneur one or all of the things
required to get started, from help in hiring
qualified employees or shaping a business
plan to so-called seed money – the first
investment that goes into the company.
Until earlier this year the level of entrepreneurial
activity in Lebanon ranged from
very low to non-existent. And while the
industry is not exactly shifting into overdrive
– September’s First Tuesday meet brought
little in terms of concrete deals – there have
never been quite so many would-be entrepreneurs
with bright ideas for an inventive
Web a-la-Leb. Perhaps that will help tum the
tide and have venture capital gushing rather
than dribbling into the local market.
Portal dominance
I ntenet business
models mutate
faster than a flu
virus. A case in
point: the “portal,”
a scheme whereby a
handful of mostly
money-losing enterprises
band together
to form a mega website
that combines searching, content, email, chat and
other services.
AiwaGulf.com, launched in March
2000, has reported a 120% increase in
number of unique hits from 9,000 to
20,000 a month. ”The growth opportunities
we have in the Middle East are stronger than
anywhere,” says Faisal e.1-Issa, founder and
managing director of AiwaGulf.
The company wants to battle to the top
of the Arabic-speaking Internet market,
with its stated goal to become the Yahoo!
of the Middle East. However, AiwaGulf is
still intrinsically a GCC portal and will
have to go some way to shed its khaleej
coat for a pan-Arab skin to prove that it has
the most momentum in region and can
beat off such rivals as Lebanon’s Yalla!
and California-based PlanetArabia.
Gradually, with trips and stumbles, the
Internet is coming of age in the Arab
world. And with that, the battle for
cyberspace supremacy has begun.
Beyond simply creating a hip, oriental
version of America Online, the idea
should be to make the portal site so enticing
that World Wide Web users will
make it their first stop, and so seductive
that they will not want to stray elsewhere.
Easier said than done.
