Inspired by Evan Ratliff's outstanding article, Vanish, in which he tried to hide from an international crew of internet detectives for 30 days, I decided to investigate just how much I could discover about myself using only the free array of services that the web has to offer.
The quest begins ..
I allowed myself only one starting point: my name. My name which is, unfortunately in the Google age, rather unique. Googling myself turns up my LinkedIn account at the top of the pile. In less than 30 seconds we have discovered what I do for a living, where I work and where and when I went to university. So far so good but what about getting some really useful information like my age? Well I don't list my age on LinkedIn but it isn't too hard to figure out from the dates of my education although, without an actual birth date, this information is probably only marginally useful.
So, back to Google and it appears that I've got 2 Twitter accounts. One is locked down (as is the cache) but the account name seems pretty unique and this hunch is proved correct when a bit of Googling brings you to a related website and a quick WHOIS gleefully spits out my home address.
Now I have my name, year of birth, place of employment and home address. Now, apart from my address, I'm not that worried about that information being out there on the web because, really, it seems like the kind of stuff that you could get your hands on in real life without too much effort.
But then I have a terrible thought: I've so far assumed that the key bit of information that was keeping me safe was my birthday. I've always been careful to obscure it from public facing sites, even choosing to fill in a false one on occasion (a move that permanently locked me out of my Flickr account when I forgot my password) but I start to get a sinking feeling that I might have actually tweeted about my birthday. I slavishly scan through my tweets and, sure enough, there it is: a big, flashing, publicly available neon sign that says 'THIS IS MY BIRTHDAY'.
Oh dear. Life = well and truly hacked.
The problem with privacy
Although not as true as it always was, for a long time websites with logins relied on your birthday as the key piece of identifying information that differentiated you from an impostor. Before social media kicked off it was a fairly reliable assumption that only you and a handful of friends and family would know your birthday and enough about you to answer any other security questions. Now that social media has grown up it is relatively simple to find identifying information about people; anyone who picked 'what is the name of your pet' for their security question could probably do with an urgent search through their social media presences to see if they've ever let it slip (handy hint: you have).
Now that we're living our lives online with more and more transparency as well as experiencing more incentives and reminders to share what we're doing, we should revamp the way we protect our online identities. Security achieved through 'secret' personal information is just a comforting daydream in the modern media age. For those of us that spend our lives on the web it is time to start hacking ourselves and seeing just what we discover.
The engineer Claude Shannon famously said of security design that you should assume that "the enemy knows the system". Well, now the system is you and you need to find a better way to protect it.
Next week I'll be sharing my tips on improving data security that I learnt as a result of researching this article. Subscribe via RSS to make sure that you don't miss it.
Related posts
How I hacked my own life
Inspired by Evan Ratliff's outstanding article, Vanish, in which he tried to hide from an international crew of internet detectives for 30 days, I decided to investigate just how much I could discover about myself using only the free array of services that the web has to offer.
I allowed myself only one starting point: my name. My name which is, unfortunately in the Google age, rather unique. Googling myself turns up my LinkedIn account at the top of the pile. In less than 30 seconds we have discovered what I do for a living, where I work and where and when I went to university. So far so good but what about getting some really useful information like my age? Well I don't list my age on LinkedIn but it isn't too hard to figure out from the dates of my education although, without an actual birth date, this information is probably only marginally useful.
So, back to Google and it appears that I've got 2 Twitter accounts. One is locked down (as is the cache) but the account name seems pretty unique and this hunch is proved correct when a bit of Googling brings you to a related website and a quick WHOIS gleefully spits out my home address.
Now I have my name, year of birth, place of employment and home address. Now, apart from my address, I'm not that worried about that information being out there on the web because, really, it seems like the kind of stuff that you could get your hands on in real life without too much effort.
But then I have a terrible thought: I've so far assumed that the key bit of information that was keeping me safe was my birthday. I've always been careful to obscure it from public facing sites, even choosing to fill in a false one on occasion (a move that permanently locked me out of my Flickr account when I forgot my password) but I start to get a sinking feeling that I might have actually tweeted about my birthday. I slavishly scan through my tweets and, sure enough, there it is: a big, flashing, publicly available neon sign that says 'THIS IS MY BIRTHDAY'.
Oh dear. Life = well and truly hacked.
The problem with privacy
Although not as true as it always was, for a long time websites with logins relied on your birthday as the key piece of identifying information that differentiated you from an impostor. Before social media kicked off it was a fairly reliable assumption that only you and a handful of friends and family would know your birthday and enough about you to answer any other security questions. Now that social media has grown up it is relatively simple to find identifying information about people; anyone who picked 'what is the name of your pet' for their security question could probably do with an urgent search through their social media presences to see if they've ever let it slip (handy hint: you have).
Now that we're living our lives online with more and more transparency as well as experiencing more incentives and reminders to share what we're doing, we should revamp the way we protect our online identities. Security achieved through 'secret' personal information is just a comforting daydream in the modern media age. For those of us that spend our lives on the web it is time to start hacking ourselves and seeing just what we discover.
The engineer Claude Shannon famously said of security design that you should assume that "the enemy knows the system". Well, now the system is you and you need to find a better way to protect it.
Next week I'll be sharing my tips on improving data security that I learnt as a result of researching this article. Subscribe via RSS to make sure that you don't miss it.
Related posts