Cloaking A Website

The concept of cloaking a website, also known as IP-based filtering, has been around for many years It has numerous useful and covert applications that have caught on in the business world.

Cloaking allows webserver administrators to draw a virtual curtain around a Web site to mask sensitive information from outsiders. It can make a website appears as if it has been abandoned to someone while to everyone else, the website appears as “business as usual”.

While few would admit it, the practice is an ever-more-popular strategy for Web site operators and corporations playing espionage with rivals.

Footprints left in the form of Web traffic logs are tipping one kind of voyeur off to another, and in some cases, that’s delivered new competitive intelligence to rivals.

An online retailer, for example, might show one price for a digital camera to the public, and another price 15 percent higher for the same product to its rival. Consequently, the rival might price its product disproportionately and lose customers.

Like with Caller ID, people want to know who’s calling them. And it’s going that way now with the computer; people want to know who’s looking at their site. Some of the voyeurism is quite general, like for marketing purposes, and some of it can be quite sinister.

As the Internet becomes part of mainstream media, several high-profile lawsuits, including those from the music labels, have proven that privacy is anything but a guarantee online. But people still have the feeling they’re anonymous while surfing. That’s why many “safe surfing” or subscription privacy tools have yet to gain steam with consumers.

Fears that marketers are watching your every move have subsided and seemingly been replaced by corporate paranoia over internal secrets.

New tools to help companies “cloak” their traffic while surfing the Web are becoming an attractive defense as a result.

As an example, Anonymizer, based in San Diego, began selling a corporate Internet cloaking service in 2003 called the Enterprise Chameleon. The product, a piece of hardware and software linked to a corporate server, will filter all employee traffic through its IP-changing servers and randomly issue untraceable IP addresses.

In general, cloaking works through a simple script that commands the Web server to deliver a set Web page whenever it detects the designated IP address. The IP address can be traced to an Internet service provider and, with special tools, to a geographic location. Because IP addresses are often static, the script could also mark whole blocks of numbers assigned to an Internet service provider, a geographic range, a specific company or government entity.

In one practical example of IP-based filtering called geo-targeting, an online retailer can display Polar Fleece clothing to Alaskans by detecting their IP address and hence, their whereabouts. Advertisers use the same technology to send specific promotions to consumers, and search engines sniff IP addresses to display results based on a user’s locale.

While privacy is an afterthought to many consumers online, corporations running a Web site or doing research on the Internet are increasingly aware of the perils of too much data and detection.

As more information is easily traced, you can look at an IP address and determine the owner of that, or the company that owns that block of IP addresses. You can start to look at other types of things, like that the company is sponsoring certain types of events, and you can see certain patterns. When you’re using a cloak, you’re trying to avoid this logging of data.

Privacy experts say that pharmaceutical and biotechnology companies are interested in keeping their online moves private, for fear of outsiders’ ability to reverse engineer what’s looked at in public databases. What companies research and read in the form of white papers could tip outsiders off to future products, for example.

Companies also have reverse engineered IP filtering to target and attract new employees. For example, during the dot-com heyday when hiring was tough, 3Com changed its Web page to highlight employment opportunities when it appeared Cisco employees were visiting. As much as 90 percent of corporations are mining competitive intelligence from their Web log files.

In one example, he said Company A was interested in buying out Company B, and its managers, investment bankers and corporate lawyers were regularly visiting the rival’s Web site for financial information and other related data. Company B caught on by analyzing its log files after a huge spike in traffic, and then it started talking to another rival about a buyout, which instigated a bidding war.

In another example, a maker of color printers might detect a traffic spike to a new product page from a rival, then later see interest in their marketing materials. That would signal that the rival could be coming to market with a new product of its own. To retaliate, the incumbent might issue an upgrade with a press release at the same time, thereby stealing some thunder from its rival.

Investigators often uses tools like the Anonymizer to ensure that their investigations online can’t be traced back to their office or home, thereby tipping off the subject.

Still, IP detection can be inaccurate. What if someone is working from home that day, or has a remote office? Then the truth can be made known.