While this privacy policy applies to the AOL Anywhere site and all of the other Internet-accessible AOL-branded services, like AOL Instant Messenger, we will refer here only to AOL Anywhere to make reading this policy easier. The AOL Internet online service has a separate privacy policy for its members. If you are an AOL member, you can find that policy within our Terms of Service. The purpose of this AOL Anywhere privacy policy is to inform you, as a welcome visitor to AOL Anywhere, what kinds of information we may gather about you when you visit AOL Anywhere, how we may use that information, whether we disclose it to anyone, and the choices you have regarding our use of, and your ability to correct, the information. Finally, please note that this policy applies only to AOL Anywhere and Web sites that carry the AOL Anywhere brand, and not to other companies' or organizations' Web sites to which we link. We have clearly marked AOL Anywhere and these branded Web sites with our logo so you know where this policy applies.

Information About All AOL Anywhere Visitors
In general, our service automatically gathers certain usage information like the numbers and frequency of visitors to AOL Anywhere and its areas, very much like television ratings that tell the networks how many people tuned in to a program. We only use such data in the aggregate. This collective data helps us determine how much our customers use parts of the site, so we can improve our site to assure that it is as appealing as we can make it for as many of you as possible. For example, AOL Anywhere uses a technology nicknamed "cookies" that tells us how and when pages in our site are visited, and by how many people. AOL cookies do not collect personally identifiable information and we do not combine information collected through cookies with other personally identifiable information to tell us who you are or even what your screen name or e-mail address is. We also may provide statistical "ratings" information, never information about you personally, to our AOL Anywhere partners about how our members, collectively, use AOL Anywhere. We do this so they too can understand how much people use their areas and our site in order for them to provide you with the best possible Web experience as well.

Information About You
Sometimes, we may specifically ask for information about you when you sign up to use a service, like AOL Instant Messenger, or when you order a product. We will need certain information -- such as name, Internet address or screen name, billing address, type of computer, credit card number -- in order to provide that service or product to you. We may also use that information to let you know of additional products and services about which you might be interested. You can choose not to receive such information if you don't want to by letting us know on the registration screen when you sign up for the product or service. We may ask you for information about your interests so that both you and we can take advantage of the interactivity of the online medium, but you may always choose to respond or not. Additionally, we may provide you with an opportunity to be listed in a directory on one of our AOL- branded services -- these listings are also optional and you can make changes to or eliminate this information when you want to.

Disclosure
We do not use or disclose information about your individual visits to AOL Anywhere or information that you may give us, such as your name, address, email address or telephone number, to any outside companies. But as we mention above, we may share with our Web site partners aggregated statistical "ratings" information about the use of AOL Anywhere.

Special Attention to Kids
America Online, Inc. takes special care to protect the safety and privacy of young people using our services. We do not specifically collect information about children and believe that children should get their parents' consent before giving out any personal information. We encourage you to participate in your child's experience in cyberspace and to review our important safety tips before your child explores the Internet. We also encourage you and your child to visit AOL Anywhere's Kids Only Web Channel, which provides access to age-appropriate content available on the Web. AOL also recommends that parents who are AOL members use AOL's Parental Controls or, if not, other Web filtering technology to supervise their kids' access to the Web.

AOL Anywhere Privacy Policy Changes
If we decide to change our privacy policy for AOL Anywhere, we will post those changes here so that you will always know what information we gather, how we might use that information and whether we will disclose it to anyone.

TRUSTe
America Online, Inc. is a member of the TRUSTe program. This above statement discloses the privacy practices for AOL Anywhere.

TRUSTe is an independent, non-profit initiative whose mission is to build users' trust and confidence in the Internet by promoting the principles of disclosure and informed consent. Because this site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed and audited for compliance by TRUSTe. When you visit a Web site displaying the TRUSTe mark, you can expect to be notified of:

1. What information is gathered/tracked.
2. How the information is used.
3. Who information is shared with.

If you have access to a computer and a modem, you are licensed to drive on the information superhighway. And you are one of a growing number of online participants. According to a Nielsen survey (August 1998), 70 million adults, or one-third of Americans over age 16, use the Internet. This is an increase of 18 million from the previous year.

The information superhighway can bring many benefits to our daily lives. Unfortunately, it may create many new threats to our personal privacy as well. Unless you know the privacy "rules of the road," your online activity may lead to significant privacy problems.

If you are new to online communications, turn directly to page 7 of this fact sheet for a list of online privacy terms. Otherwise, read on.

What are "online communications?"

"Online communications" are communications over telephone or cable networks using computers. Examples of online communications include connecting to the Internet through an Internet Service Provider (ISP), connecting to a commercial online service such as America Online, Compuserve, or Prodigy, or dialing into a computer bulletin board service (BBS). Increasingly, the differences between ISPs, the commercial services, and BBSs are blurring. The larger commercial services and many BBSs now provide Internet access.

The Internet raises some unique privacy concerns. Information sent over this vast network may pass through dozens of different computer systems on the way to its destination. Each of these systems may be managed by a different system operator ("sysop"), and each system may be capable of capturing and storing online communications. Furthermore, the online activities of Internet users can potentially be monitored, both by their own service provider and by the sysops of any sites on the Internet which they visit.

ISPs, commercial services, and BBSs are managed by sysops who may have different attitudes toward online privacy. Additionally, there are a tremendous variety of activities provided by all types of online services, each of which may raise specific privacy concerns.

What level of privacy can I expect in my online activity?

Often the level of privacy you can expect from an online activity will be clear from the nature of that activity. Sometimes, however, an activity that appears to be private may not be. There are virtually no online activities or services that guarantee an absolute right of privacy.

Public Activities

Other public activities may allow your message to be sent to multiple recipients. Online newsletters, for example, are usually sent to a mailing list of subscribers. If you wish to privately reply to a message posted in an online newsletter, be sure you address it specifically to that person's address, not to the newsletter address. Otherwise, you might find that your message has been sent to everyone on the newsletter mailing list.

You should not expect that your service account information will be kept private. Most services provide online "member directories" which publicly list all subscribers to the service. Some of these directories may list additional personal information. Even individuals with direct Internet accounts may be identified with commands such as "finger," which let anyone with Internet access find out who else is online. Most service providers will allow users to have their information removed from these directories upon request. Be aware that some service providers may sell their membership lists to direct marketers.

"Semi-Private" Activities

Often the presence of security or access safeguards on certain forums or services can lead users to believe that communications made within these services are private. For example, some bulletin board services maintain forums that are restricted to users who have a password. While communications made in these forums may initially be read only by the members with access, there is nothing preventing those members from recording the communications and later transmitting them elsewhere.

One example of this kind of activity is the real-time "chat" conference, in which participants type live messages directly to the computer screens of other participants. Often these activities are described as private by the service provider. However, chatline users may capture, store, and transmit these communications to others outside the chat service. Additionally, these activities are subject to the same monitoring exceptions which apply to "private" e-mail (see next section).

"Private" Services

However, there are three important exceptions to the ECPA.

• The online service may view private e-mail if it suspects the sender is attempting to damage the system or harm another user. However, random monitoring of e-mail is prohibited.

• The service may legally view and disclose private e-mail if either the sender or the recipient of the message consents to the inspection or disclosure. Many commercial services require a consent agreement from new members when signing up for the service.

Once a sysop has intercepted e-mail for any of these lawful reasons, the sysop generally may not disclose the contents to anyone other than the addressee. Certain exceptions to this disclosure prohibition exist. These exceptions include when any party to the message consents to disclosure, when disclosure is ordered by a court, or when the message appears to involve the commission of a crime (in which case disclosure is limited to the appropriate law enforcement officials).

A sysop does not violate the ECPA if the message is accidentally sent to the wrong person. (However, the sysop may be responsible for damages caused by negligence in operating the service.)

Remember. Your e-mail message may be handled by several different online services during delivery. The sysop of each of these systems may view e-mail under the above exceptions to the ECPA. Additionally, the message may be intercepted if either the sender or recipient consents. So, even if you do not consent yourself, the person you sent the e-mail to may have consented to the disclosure of the message.

Can online services track and record my activity?

In a word, yes. Many types of online activities do not involve sending e-mail messages between parties. Internet users may retrieve information or documents from sites on the World Wide Web (WWW), or from "ftp" sites. Or users may simply "browse" these services without any other interaction. Many users expect that such activities are anonymous. They are not. It is possible to record many online activities, including which newsgroups or files a subscriber has accessed and which web sites a subscriber has visited. This information can be collected both by a subscriber's own service provider and by the sysops of remote sites which a subscriber visits.

Records of subscriber "browsing patterns," also known as "transaction-generated information," are a potentially valuable source of revenue for online services. This information is useful to direct marketers as a basis for developing highly targeted lists of online users with similar likes and behaviors. It may also create the potential for "junk e-mail" and other marketing uses. Additionally, this information may be embarrassing for users who have accessed sensitive or controversial materials online.

The practice of collecting browsing patterns is increasing. Online users should be aware that this practice poses a significant threat to online privacy. Additionally, online users should educate themselves about what information is transmitted to remote computers by the software that they use to browse remote sites. Most World Wide Web browsers invisibly provide web site operators with information about a user's service provider, and with information about the location of other web sites a user has visited. Some web browsers are programmed to transmit a user's e-mail address to each web site a user visits. The major browsers are Netscape Navigator and Microsoft Internet Explorer.

The Federal Trade Commission is urging commercial web site operators to spell out their information collection practices in privacy policies posted on web sites. Many web sites now post information about their information-collection practices. You can look for a privacy "seal of approval," such as TRUSTe (www.truste.org), on the first page of the web site. TRUSTe participants agree to post their privacy policies and submit to audits of their privacy practices in order to display the logo.

Other seals of approval are offered by the Council of Better Business Bureaus (BBB), www.bbbonline.org, and the American Institute of Certified Public Accountants, WebTrust, www.aicpa.org/webtrust/index.htm. The BBB service has been adopted by a coalition of companies called the Online Privacy Alliance (www.privacyalliance.com)

Users who access the Internet from work should know that employers are increasingly monitoring the Internet sites which an employee visits. Be sure to inquire about your employer's online privacy policy. If there is none, recommend that such a policy be developed.

Can an online service access information stored in my computer without my knowledge?

Unfortunately, the answer to this question is yes. Many of the commercial online services will automatically download graphics and program upgrades to the user's home computer. News reports have documented the fact that certain online services have admitted to both accidental and intentional "prying" into the memory of home computers signing on to the service. In some cases, personal files have been copied and collected by the online services.

It is difficult to detect these types of intrusions. The online user should be aware of this potential privacy abuse, and investigate new services thoroughly before signing on. Always ask for the privacy policy of any online service you intend to use.

What can I do to protect my privacy in cyberspace?*

When you are sitting alone at your computer, "surfing the Net", sending electronic mail messages and participating in online forums, it's easy to be lulled into thinking that your activities are private. Be aware that at any step along the way, your online messages could be intercepted, and your activities monitored, in the vast untamed world of cyberspace.

1. Your account is only as secure as its password. Create passwords with nonsensical combinations of upper and lower case letters, numbers and symbols, for example tY8%uX. Change your password frequently. Never write it down or give it to someone else. Don't let others watch you log in. Never leave your computer logged in unattended. Another way to create a password is to use the first or last letters in a favorite line of poetry. Intermingle these letters with numbers and punctuation mark. "Mary had a little lamb" becomes m*ha2ll or y!dae9b.

2. Contact the sysop of any online service you intend to use and ask for its privacy policy. Most of the commercial services have written privacy policies which are provided to new subscribers. Also, carefully read all messages which appear on initial login. Many sysops notify online users in login messages that e-mail is subject to inspection. Many services require new subscribers to allow e-mail to be monitored as part of the sign-up process. All sysops should have a well-defined, written policy concerning privacy. Those that do not should be avoided. Likewise, when you are "surfing the web," look for the privacy policies posted on the web sites you visit. If you are not satisfied with the policy, or if there is no policy posted, do not spend time on that site.

3. Shop around. Investigate new services before using them. Post a question about a new service in a dependable forum or newsgroup. Bad reputations get around quickly in cyberspace, so if others have had negative experiences with a service, you should get the message.

4. Assume that your online communications are NOT private unless you use powerful encryption. Do not send sensitive personal information (phone number, password, address, credit card number, vacation dates) by chat lines, forum postings, e-mail or in your online biography.

5. Be cautious of "start-up" software that makes an initial connection to the service for you. Often these programs require you to provide credit card numbers, checking account numbers, Social Security numbers, or other personal information, and then upload this information automatically to the service. Also, these programs may be able to access records in your computer without your knowledge. Contact the service for alternative subscription methods.

8. If your online service allows you to compile a list of favorite newsgroups, or lets you arrange newsgroups by priority, be aware that your sysop can monitor that list. Do not place controversial or sensitive newsgroups in this list if you want to avoid being connected to particular issues.

9. The "delete" command does not make your messages disappear. They can still be retrieved from back-up systems.

10. Be aware that others' online identities are not always what they seem. Many network users adopt one or more online disguises.

11. Your online biography, if you create one, may be searched system-wide or remotely "fingered" by anyone. If for any reason you need to safeguard your identity, don't create an online "bio." Ask the system operator of your service to remove you from its online directory.

12. If you publish information on a personal web page, note that direct marketers and others may collect your address, phone number, e-mail address and other information that you provide.

13. Be aware of the possible social dangers of being online: harassment, stalking, being "flamed" (emotional verbal attacks), or "spamming" (being sent frequent unsolicited messages). Women can be particularly vulnerable if their e-mail addresses are recognizable as women's names. Consider using gender-neutral online IDs.

15. Take advantage of privacy protection tools. There are several technologies which help online users protect their privacy. Discussed here are encryption, anonymous remailers and memory protection software.

Encryption. Encryption is a method of scrambling an e-mail message or file so that it is gibberish to anyone who does not know how to unscramble it. The privacy advantage of encryption is that anything encrypted is virtually inaccessible to anyone other than the designated recipient. Thus, private information may be encrypted, and then transmitted, stored or distributed without fear that it will be scrutinized by outsiders.

Memory protection software. Software security programs are now available which help prevent unauthorized access to files on the home computer. For example, one program encrypts every directory with a different password so that to access any directory you must log in first. Then, if an online service provider tries to read any private files, it would be denied access. These programs may include an "audit trail" that records all activity on the computer's drives.

WWW - Stands for World Wide Web. This powerful tool for accessing the Internet combines graphics, "point and click" navigation commands, and a method of linking many different sites to allow users to quickly and easily search for information on the Internet.

Several online newsletters discuss cyberspace privacy issues:

• Computer Privacy Digest: CPD can be read as a Usenet newsgroup, comp.society.privacy. Alternatively, to receive CPD via e-mail, send a request to the newsletter's moderator at: comp-privacy-request@uwm.edu.
  
• Privacy Forum: For subscription information, send an e-mail message consisting of the word "help" (without quotes) in the body of the message to: privacy-request@vortex.com.

To see a demonstration of the kind of information that can be compiled about you when you surf the web, visit the site of the Center for Democracy and Technology, www.cdt.org. It also lists the privacy policies of the major online service providers: AOL, Compuserve, Msnet and Prodigy.
For another demonstration of the traces you leave behind when you surf the web, visit the web site of the French Commission Nationale de L'Informatique et des Libertes:  http://www.cnil.fr/uk/traces/uk_traces.htm.
To learn more about cookies blockers and other types of online filters, visit the Junkbusters web site, www.junkbusters.com.

To learn more about anonymous Web browsing, visit the Web site www.anonymizer.com.

For information about anonymous remailers, the following online resource is helpful: "Anonymous Remailers FAQ," compiled by Andre Bacard, www.andrebacard.com/remail.html.

To see examples of powerful search engines available to find public postings made on the Internet, visit these Web sites: Alta Vista at www.altavista.com, DejaNews at www.dejanews.com, and Excite at www.excite.com.

To learn more about the encryption program PGP, contact these online sources: "The Official PGP FAQ," www.pgp.net/pgpnet/pgp-faq/.
MIT distribution site for PGP, http://web.mit.edu/network/pgp.html