Categories
How To Privacy's a Joke Security Technology

How to plug your personal information leaks

If you don’t know where your personal information could be leaked, you’ll never know where to plug it. Here’s some of the common holes.

Source: flickr/tinkerbrad

If you followed the instructions in the previous “Privacy’s a Joke” post, “How to find yourself online” then chances are you found some information on the internet about yourself that you didn’t realize was available to just anyone.

I mentioned at the beginning of the post that a search for my actual name yields only about 6 results. Most of those, I intentionally put my name on them, but then realized later on that the descriptions of myself with my real name involved match those of myself using my alias as well. That makes it easy to attach my alias to my real name, and then use the other little bits of information that I unintentionally put on the internet, for example, my résumé, to get the bigger picture.

  • What websites or uploaded files have you thought you should use your real name on?
  • Is your profile publicly visible on purpose?
  • Did you fill in any boxes that link your favorite social sites or a personal website?

Below are some common sources of personal information leakage that you may want to take a look at to ensure the information that is out there is as detailed/generalized as much as you intended.

Social Networks – Entertainment

Websites like Facebook, Twitter, MySpace, Last.fm, FriendFeed, and others are the ones that are still either mainsteam, or on the peripheral edges of common use. Websites in this category have the most personal information on them, and can be tied in to several other websites as an addon, RSS syndication, widget or other means of sharing your activity with other websites you own or frequently visit. When it comes to these social networking sites that people use to broadcast their minute-to-minute activities, you have to be conscious about where else that information gets propagated on the internet.

  • Do you have a Twitter widget on your blog or MySpace page?
  • Do you update all your social statuses with Ping.fm?
  • Do you know which sites are going to receive which messages?
  • Have you connected your MySpace & Facebook & Twitter together?

When you make an update to your choice of social networking sites, you have to remember who else is going to see that update. Any thing that you think is only going to one place, or places that have limited permissions, but ends up visible somewhere else will instantly break the chain of privacy you thought you had. I’ll break down some of the privacy settings of these types of sites in future posts, like next week’s Facebook Privacy Settings post.

Social Networks – Professional

Sometimes, it’s better to go by your real name on a website where you’re in contact with other professionals in your career field. I’m pretty sure the likelihood of being hired under the alias “xXxSpicyCandy87xXx” is very very low – unless you’re trying to get a job as a stripper. Websites like LinkedIn and CareerBuilder.com are business-oriented and it’s best to use real, accurate information. Of course, the amount of information you offer up to the site can vary – but the less information you have about yourself, the harder it is going to be to locate colleagues or convince future employers of your qualifications (should they decide to use those platforms).

With LinkedIn, you can limit what people see about you during a search – which is helpful if you share similarities in your name with other people. By only displaying certain bits of information, you can still show up as a relevant prospect while at the same time not stand out or openly display everything about you for all the world to see. Due to the nature of these types of professional sites, location and other physical details about your past and present are vital – but keep in mind that anything you want a colleague or future employer to see, you are also offering up to the general public. I’ll have more about these types of sites in a later post.

Blogs/Online Journals

Back in the early 2000s, online journal keeping was all the rage. It gave teens and adults a creative outlet with an audience that simple diary-keeping couldn’t offer. Fortunately, or not, most of those blogs are still out there – and there’s a good chance that you haven’t given any of them a re-read once a week or two has passed. Aside from social networks, blogs are the next biggest place you’re likely to leak out all kinds of personal information – even if it’s under the guise of an alias. I have a brief anecdote:

Back in the mid-2000s, I met a girl online, and after several conversations, phone calls, photo exchanges, and issues in our lives, we agreed to become an item. We hadn’t yet met, but it was nice to have someone to think about who was supposedly thinking about you too. We made plans to meet, but before they could be carried out, she got in a car wreck, and went into a coma for 2 months. When she came out, everything that we had talked about was lost. Fortunately, being an internet relationship, it was all documented, and I was able to bring her up to speed on who/what we were.

During the recovery time though, stories of her family and life had started to change. Things weren’t adding up like they used to, and a lot of explanation was necessary to try and make sense of what was going on from her point of view. So I got curious.

Being the industrious person that I am, I started out on Google Blog Search from blogger.com, with only the information that she “had a blog she used to keep a long time ago.” I had what I thought was a reasonable understanding of where she lived (based on gifts we sent to each other), and her name, current online aliases, and other small tidbits of information that one would probably not be able to effectively make up.

It took about 2 weeks of searching different combinations of info, names, location, and stories of her past before I finally located the blog that she had kept – and from there was introduced to a whole different person than the one I thought I was talking to. Everything was explained in categorized posts, in chronological order from when she was just a couple years younger.

Needless to say, when I confronted her with this information, she was not only surprised, but saddened and disappointed she didn’t tell me sooner. It also ended our digital relationship, as she informed me that everything she had said about herself was a fabrication, created to escape her present reality of a sick & dying mother, troubled father, and just generally bad home-life. All of that made more sense than her fabricated life did, once I recalled that our first phone conversation was me intervening & preventing her from cutting herself.

When you post a blog online, it may be the case that no one cares enough to actually read it at the time that you post it – but there will come a time when the right search words are put in, that it gets returned at the top of the results pile, and someone will see it. Also, if you write in a blog, you’ll need to be careful about what you link to. If you have other social sites, personal sites, or favorites, and you provide a link directly to them, that anyone who has seen your blog has also seen every site you’ve linked to.

Applications and Web-based Games

Back in 2007 & 2008 when Facebook’s Platform started to take off, a ton of apps and games came out that you could play right there from inside Facebook. In order to play the games, you had to give the apps permission to access your data. Why? Because it was accessible…so why not?

I’ll attempt to go into some of this in detail in a later post – but it’s really more technical than I wish to cover, at least today. Suffice to say, if/when you decide to play/use an application that wants to access your data, take a look at the things it’s asking to access. If it wants something that you don’t think it should need to have, or you don’t want it to have, then you should not give it permission to get it.

There is a similar situation in phone apps, like the iPhone and Android. The difference is that there is no control over what information gets sent back to the application developer or its third-parties…it just does it.  I will also cover this in a future post as well.

Online Documents & Files

Back in the mid-2000s, in my naivety, I decided to host my own résumé online in PDF format. Not only did it have my name, but also my address, email, phone number, previous employers, references, schools, hobbies, interests, etc. Everything I would have given an employer (or actually uploaded to careerbuilder, at the time) was in that PDF. Little did I know, Google was able to crawl through PDF files, and so was everyone else.

Now, when I do a people-search for my own name, the address that gets returned is my previous address. Since that episode, I have not posted my address online for public consumption in any way. My address is on my Facebook page, but only to the specificity of block, not apartment number or suite or building – plus, it’s only visible to Friends, and I’m selective about who I add as a Friend.

Location Sharing Services

It seems that late in 2009, websites like FourSquare, GoWalla, BrightKite, Loopt, and Whrrl started taking off with the ability to share ones current location. Not long after, Google Latitude, Facebook Places, and Twitter showed up with their own location-based geotagging abilities. Obviously, with this comes the announcement of where you are in the world. But the less obvious is the announcement of where you are not.

If you slipped up and your current address is available on the internet, and someone has tracked back your real name to your alias, and notices that you use a location-sharing social network service, then guess what: you’ve just told everyone you’re not home right now. And then depending on where you’re checking in at, you’ve also given a time-frame for how long you’ll be out. Are you having dinner? At work? Visiting a relative? On vacation? At a sporting event? All of these have a particular number of hours usually associated with them.

In order to prevent…

In order to prevent someone from tracking/stalking you, you have to know what information you’re freely sharing with the world. You have to keep track of all the places that your information is syndicated, what the information implies, what contextual/meta information is available, and who is going to be privy to any of it. If it’s overwhelming to remember all of that, then you have spread your social network too far, and need to start pairing down what you offer up to the world and where.

When people find out what I know how to do on the internet, it always shocks them – but I explain, just as the “It Takes A Thief” series on the Discovery Channel, in order for me to help protect myself and others against the dangers inherit in the world, I have to learn how people can use the information. And you should take an active interest in learning it too. If you can cut off the leaks of personal and private information that are available, you’ve made steps in the right direction to keep yourself safe.

Next week I’ll go through the Facebook Privacy Settings page to get your profile locked up to only the people with whom you want to share.

By [[Neo]]

I am a web programmer, system integrator, and photographer. I have been writing code since high school, when I had only a TI-83 calculator. I enjoy getting different systems to talk to each other, coming up with ways to mimic human processes using technology, and explaining how complicated things work.

Of my many blogs, this one is purely about the technology projects, ideas, and solutions that I have come across in my internet travels. It's also the place for technical updates related to my other sites that are part of The-Spot.Network.

2 replies on “How to plug your personal information leaks”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.