Arekibo Blog

So as I alluded to last week, I felt a post on privacy coming on. A number of factors have influenced this post and in trying to work out how to formulate it, the easiest way I could think to do so is to break the subject down into its (what I consider) constituent parts.

Part I

This post is about the problem. Protecting our privacy online is a problem. We use the web more and more for everything we do, so protecting ourselves (where possible) is something we should be aware of. Equally as important is the understanding that we are aware of how our privacy can be compromised.

Part II

This post is about (trying to find) the solution. There really isn’t any solution other than vigilence, but I’ll provide a number of hints and tips as to how simple steps you can take will at least protect some of your information.

Part III

This post is about evaluating the fall out and how it will affect our future privacy. As spiders and crawlers become more and more pervasive, how can the way we think about our online selves protect us from our own mistakes.

The influencing factors that I mentioned before are the following:

• This post about Google trying “not to cross that creepy line”
• This post about Facebook Groups being hacked
• A colleague’s Hotmail account being hacked
• A quick Google search for my name

So let’s get down to it. Imagine you are meeting a friend in a cafe. Let’s say you have a bag with you (let’s not get sexist here). This bag is made of clear plastic and in it, clear to the world to see, is a letter with your name, address and personal email address clearly visible at the top of it. Stuck to the front of that is a post-it with a list of the CDs, DVDs and books you would like for Christmas. Beside the post-it is a ridiculous photo of you taken on a stag/hen party “wearing” a pint of beer. And beside that is your company business card with all your details of your place of employment, including your position within the company. For good measure, let’s say your mobile phone is in the bag, with the bluetooth switched on and unlocked.

You sit for an hour and drink coffee with your friend, while every and anyone who sits at the table opposite can clearly see all your information and copy what they like from it while you are relaxing and chatting. It’s a horrific notion really and if someone said to you that this had happened to them, you would laugh and say, how could you be so stupid! The stark reality is that this bag doesn’t only exist, there are millions of them around the world. Most people in the developed world have one and most of them don’t even know they are carrying one around with them. No prizes for realising that this bag is the internet and rather than your information being available in a cafe for an hour, it’s available online 24/7 all year round.

We as a planetary population are very stupid with our personal information. We are inherently trustful of the web and readily give up our secrets to it. We rehash and reuse the same information again and again and again. Let me give you a quick example; I guarantee that 50% (at least) of you reading this post use the same password for your email account as you do for your Facebook account. If you have more than one free email account (Hotmail, Gmail, Yahoo, etc) I guarantee that you use the same password to access both. I agree, this is a grandiose generic statement, and I still don’t know what your password is, but the fact that I know your habits (and those of millions of others) shows that the way we exist online is naive and unprotected. The majority of people with Facebook accounts have not switched on their security settings and the large proportion of their profile information (Facebook does apply some of it’s own security checks to protect your most personal information unless you are that persons friend) is available for the world to see. All those photos of that holiday in Spain are there for your Boss and co-workers to see. If I can access your Facebook account, I can find out alot of things about you. Your birthday, your place of birth, possibly your mother’s maiden name… all standard personal information required by your bank, mobile phone company, isp, etc. If this doesn’t scare you, then you might not like to know that in Ireland, you can apply for a copy of your birthcert online using only the information above. I need to provide no further proof of identity and the birthcert gets sent to me in the mail. And if I have a copy of your birthcert… well, you get the general idea. For those of you that think I might have already used this deceptive practise for my own devious means, I needed a copy of my birthcert recently. I could tell you why, but then you would know I was married… DOH! See how easy it is… The collective small pieces of information we give away online through our various profiles put us at risk.

Of course, nothing can protect us if one of these large corporations like Google or MSN get hacked and our details are stolen. This is malicious and unpreventable by us. What I AM talking about though is the small snippets of information we wilfully give to the web, which when collected as a whole, can be used to acquire quite a large picture of our lives. Let me give you another example and for this I’ll need a volunteer… No one… ok well I’ll use myself.

A quick Google search of my name revealed the following:

• I have my own web site on my own domain
• I have an active interest in photography
• I use an Apple computer
• The type of camera I use is mentioned in a photography forum
• I have a Facebook account
• I have a Twitter account
• I have a Vimeo account
• I have a Wikipedia account
• I have wishlists on Amazon
• I have written reviews on Amazon
• I write on blogs
• I comment on other blogs and forums
• I have worked as a developer for quite a while
• I was a rock climber competing in the Irish Bouldering League

Now those of you out there reading this will think, “WHAT THE HELL ARE YOU DOING? You’ve just consolidated all your personal information into one post!!!” Well, not entirely. The majority of this can be gleaned from the first page of a Google Search. And the majority of it I’ll be getting rid of over the coming weeks (and I’ll show you how I intend to do this in the next post). While I’m not too concerned over the information that is available as my Facebook account is locked down, I AM a bit concerned over the small amounts of information available from various sources. If I posted on Twitter for example, that I was going on holiday tomorrow (as people often do, coupled with their zealous need to rub it in over friends on Facebook; if their Facebook account isn’t secure then…), taking into account the second and third point on my list above, I’m inviting potential thieves to break in, telling them the type of haul they might expect to get and telling them approximately how much time they have to do it. This, for my part, is plain stupid and I deserve all that I get.

While the likes of Google Dashboard provide us with ways to lock down our private information, this is one service of many. Lots of us don’t use Google’s services, so it is up to our own vigilence to protect ourselves. I’ll go through the details of methods of protecting ourselves further but for the moment, take a look at this check list:

• Do you use the same password for more than one service (email accounts, Facebook, Twitter, LinkedIn, YouTube, Vimeo, etc)?
• Do you use Facebook? Have you applied the security/privacy settings available to you?
• Do you use your personal email address on forums where you comment or answer questions?
• Do you have wishlists/playlists on Amazon, CD-Wow, Play.com, Last.fm, etc?
• If you search for your name in a search engine (Google, Yahoo, Bing, etc), are you surprised by the number of results you get that relate directly to you? Did you find profiles generated completely automatically (Zoominfo, Lookupanyone, etc)? Did you find your Facebook page? Could you access it without having to log-in?
• Do you use different passwords for the different services you use? Do you change these passwords regularly?

The yes or no answers to the above should be self evident as to how safe or insecure your private information is. In the next post I’ll look at how we can tighten up our own personal privacy and a quick trick I decided to use to help protect me and my information. But for now, just have a think about your own personal information and how much of it is available online.

Check out Part II here and Part III here.