Hex dump of Gibe-F worm.

Privacy Policy

This is the Internet.
You should expect no privacy.

That's about as simple as I can make it.

All unencrypted communication by Internet, telephone, and fax is subject to interception and archiving. Belief otherwise is folly. Belief that this is somehow changed by stern corporate announcements of wishes for deletion of misdirected e-mail messages by unintended recipients is arrogant folly. Judging by the silly disclaimers that so many corporations require at the ends of outgoing messages, arrogant folly is awfully common.

It is easy for governments to intercept traffic because Internet and telephone traffic must pass through a limited number of backbone interconnection points. The governments simply obligate the telecommunications companies to provide access, or even to do the data collection on behalf of the government. Yes, this process was greatly expanded in the U.S. during the Cheney/Bush administration, but it had already been underway for many years. See, for example:

See my information security pages and especially my Just Enough Crypto page for details on cryptographic protection of Internet traffic.

See my page on government surveillance of Internet traffic and other communications for details on government violation of your privacy.

For anonymous browsing, you could try using an anonymizer web proxy, although that only obscures the server's view of things. Your ISP still sees exactly what you're doing unless the anonymizer also uses SSL/TLS.

TOR (The Onion Router) can provide much better protection if used very carefully.

What this server logs, and how to accomplish this with Apache

My Apache configuration file /var/www/conf/httpd.conf contains the following lines.

Define some aliases for useful formats:
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h -- %{Referer}i -> %U" referer

Log errors, such as requests for pages that don't exist (some page, possibly one of mine, has a broken link) and silly requests from lazy and cheap bloggers to make my server do the heavy work of filling their pages with my images:
ErrorLog logs/error_log
LogLevel warn

Just log requests for pages, do not log the many requests for the images populating those pages. Notice that the common format specification captures your IP address, timestamp, and the page your browser requested:
SetEnvIf Request_URI \.gif is-image
SetEnvIf Request_URI \.png is-image
SetEnvIf Request_URI \.jpg is-image
SetEnvIf Request_URI \.jpeg is-image
SetEnvIf Request_URI \.ico is-image
SetEnvIf Request_URI style\.css is-image
CustomLog /dev/null common env=is-image
CustomLog logs/access_log common env=!is-image

Log information about referers, including your IP address, the link you clicked on to get here, and the here that you viewed. Notice that if you come from a search engine results page, the URL of that referring page will show the search you made to find my page:
CustomLog logs/referer_log referer env=!is-image

Through the magic of PHP embedded within this page and executing on the server before serving up this page, it sees that your IP address is 54.145.11.9 and local time at the server is 20:59:38 on 27 Sep 16 and so a line like the following just got added to /var/www/logs/access_log because of your request:

54.145.11.9 - - [27/Sep/16:20:59:38 "GET /security/privacy-policy.html HTTP/1.1" 200 15792

If you arrived at this page by clicking on the "privacy policy here" link at the bottom of the main page, then the following would had just been added to /var/www/logs/referer_log because of your request:

http://cromwell-intl.com/ -> /security/privacy-policy.html

If, however, you somehow reached this page by asking a search engine to find it, the referer string is more complicated but still readable. Here's a real example of someone at IP address 122.57.185.236, which resolves to 122-57-185-236.jetstream.xtra.co.nz (this looks like a customer of a New Zealand ISP) loading an Internet radio page of mine through a search for:
vladivostok radio
at Google's New Zealand search interface:

122.57.185.236 -- http://www.google.co.nz/search?q=vladivostok+radio&hl=en&start=100&sa=N -> /radio/internet-radio.html

Here, someone at IP address 89.132.217.153, which resolves to catv-89-132-217-153.catv.broadband.hu (so they're a customer of UPC Magyarország Kft., a Budapest-based provider of cable television and broadband Internet connectivity) loaded a GSM telephone construction page of mine through a search for:
telephone interface to gsm
at Google's Hungarian search interface:

89.132.217.153 -- http://www.google.hu/search?hl=hu&q=telephone+interface+to+gsm&btnG=Keres%C3%A9s&meta= -> /steampunk/gsm-soviet-telephone.html

Some of the referrer entries are empty. In that case, the client was behind a corporate firewall that functions as an invisible web proxy. To the client, it appears that the connection is made directly to my server. Really, the corporate firewall intercepts the connection attempt, decides whether it is allowed or not, and if so, makes the connection on behalf of the client but with the referrer information stripped out.

In that case, I don't get to see what page referred you to mine. However, your corporation has logged everything about your Internet activity.

Google AdSense and cookies

I have Google AdSense ads on my pages. See the little box of links to the right of this paragraph. Also see the banner across the top of the page, the large rectangle near the top, and the "skyscraper" ad between there and here.

To make that "link unit" appear, this page just had a single line of PHP:
<?php @ include ('../ads/link-unit-180x90.html'); ?>
That directed the server to replace that PHP code with the following block of JavaScript code before sending the page to your browser:

<div style="float: right; margin-left: 12px; margin-bottom: 10px;">
        <script type="text/javascript">
        <!-- google_ad_client = "pub-5845932372655417";
                /* Link Unit 180x90 */
                google_ad_slot = "8066800540";
                google_ad_width = 180;
                google_ad_height = 90;
        //-->
        </script>
        <script type="text/javascript"
                src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
        </script>
</div> 

If your browser has JavaScript enabled, then it made a request for /pagead/show_ads.js from the Google server pagead2.googlesyndication.com with those specific "ad client" and "ad slot" parameters set to give me the credit for showing you the ad (maybe about US$ 0.0001), and if you happened to click on the ad, the credit for sending you to the advertisement (anywhere from US$ 0 to maybe 2.00, but generally at the very low end of that range).

Now, Google used to just serve up ads based on their search index's notion of what this page is about. But in April 2009 Google announced a plan to use cookies to try to figure out what your interests are as opposed to just using what this page seems to be about. These would be "id" cookies from doubleclick.net.

If you notice a cookie transaction when loading any of my pages, it is because of Google AdSense.

I certainly don't care what other pages you look at. What little I see in looking at the referer log data once in a great while is far more than enough information along those lines....

Google says that you can go to their Ads Preference manager to see what Google thinks your interests are, and to opt out of the cookie tracking. Then AdSense ads will still appear, but they will be based only on the page contents and not Google's notion of your interests.

What is the PHP trick to show client IP address and server local time?

It's pretty simple. The HTML code for that paragraph looks like this:

<p>
Through the magic of
<a href="http://www.php.net/">PHP</a>
embedded within this page and executing on the server
before serving up this page, it sees that
<b>your IP address is <?php echo $_SERVER['REMOTE_ADDR']; ?> </b>
and <b>local time at the server is
<?php   echo date("H:i:s");
        echo " on ";
        echo date("d M y"); ?> </b>
and so something like the following just got added to
<tt>/var/www/logs/access_log</tt> because of your request:
</p> 
To the cyber security page