Among the many Blog Exercises so far this year, I’ve mostly focused on your blog. Today, I want to talk about something related to your blog but mostly to your exposure and presence on the web: your private and personal information.
This post was triggered by an email I received yesterday from a friend announcing she’d changed her email. It featured her full name, first, last, and middle, and month and year of her birth, such as
I contacted her immediately and advised her to change it to protect her security and privacy. She complained that she’d sent the new email address to everyone on her contact list. She didn’t want to spam them immediately with a new correction.
Trust me, it doesn’t matter. Spam away! This is your security I’m talking about.
I told her to mix the announcement with a little education, reminding them not to do dumb things like this on the web. Teaching your friends to protect themselves is a good thing and worthy of a second email.
After having my purse stolen, having one of my sites hacked and locked down for almost five years, and dealing with serious cyber-security issues with clients over the years, I’ve learned that there are 7 pieces of identification necessary to complete steal a person’s ID.
This person just gave away two pieces of vital information.
Some experts say it takes more than 7 facts about you to truly take over your identity, but here are the basics they start with.
- name (full including middle name)
- date of birth
- social security card
- credit card(s) numbers
- bank account numbers
- driver’s license, passport, or identification number
Add to this familiarity with the most popular habits of people in your culture and community, commonly used and weak passwords, and anyone can instantly become you and abuse you from anywhere in the world.
We should know better than to trust strangers with our private information. We should know not to click email and comment spam links or open email from senders we don’t recognize. Then why do we think it is acceptable to enter our real full name, date of birth, home address, phone numbers, social security number, and credit card whenever a software program, online app, or social media service requests it?
When Did We Trust Greedy Companies?
Identity theft is not new. According to Wikipedia, the term identity theft was coined in 1964, a modern term for people falsifying their identity and impersonating others as they have been doing for thousands of years. Con artists rely upon a little information, a lot of charm, and people’s gullibility and trust.
I don’t know when we started trusting machines and corporations to keep us safe. I’ll never forget the first time I heard someone say that they liked Google “because I trust them to do right by me.” With the non-stop exposure of all the ways Facebook abuses our information and privacy, too many people still trust Facebook. It amazes me how easily we trust those who are in the business of earning income based upon our profiles, habits, and personal information.
We also used to trust phone companies along with our governments, and have been proved wrong with that assumption repeatedly. With the not-new news that the United States government (and many others) have been illegally monitoring our phone calls both on landlines and cell phones for decades, I have to admit surprise at the apathy when I brought it up before my college students. “Yeah. So what? Nothing we can do about it.” One student even told me that this was the right thing to do as it “protected us from terrorism.”
Getting a landline a few years ago, I was stunned that I had to pay an extra fee every month to have the phone company not share my personal information with advertisers. The day after my phone was turned on I got 6 calls from solicitors and robot-callers. I called the phone company immediately. They told me that the extra fee prevented my mailing address from being shared, not my phone number. “But you are the phone company not the address company!” There was no help to be found and no sympathy. I got on the do-not-call list immediately but the calls never stopped. Phone spam-bots clog up my home phone so much that it is full every two to three days.
What happened to putting privacy and protection of personal information first? Oh, that’s right: greed.
Look at Facebook, Twitter, LinkedIn, and Google+ registration forms. They ask for more than a name and password. They want a life history, not just in the past but in the present. LinkedIn wants you to share your whole CV with them, detailing your education, employment, charities, hobbies, everything a person could use to be you if they wanted.
Facebook, Twitter, Google+, and other social networks include geo-location information at the time of posting, sharing with the world where you are at any moment. Foursquare specialized in that, using mobile apps and GPS to report on your whereabouts everywhere you go, checking you in at certain locations and rewarding you for your presence. Stories in the media sensationalize home thefts based on social media information, even though it represents a tiny fraction of home theft stats. It is still something to be aware of when it comes to living in an “open” society.
Teaching web publishing and WordPress at three college institutions now, I always start off each course with instructions on appropriate sharing online. We talk seriously about the risks. I ask them to identify them, I don’t just tell them. They know the risks. They’ve had the lectures. Then why do they still not think and include their full names, email addresses, phone numbers, addresses, private information, children’s names, pictures of their children often in compromising positions and situations (aren’t they cute?), and a map to their home address on their class sites?
This is your chance to be smarter.
Your blog exercise today is to think about your privacy and what you share on the web.
I’m not saying do not join social networks and services online. This exercise is to think carefully about what you share and with whom. It’s about protecting you, your privacy, and your security. It is about minimizing the risks, not eliminating them.
Your Website and Blog
Begin with your site. Look at your Contact and About Pages. What personal information are you sharing there?
If you include an email address, make sure it is obfuscated, hidden from email harvesters, but readable to humans. Better yet, instead of featuring your email address, phone number, and mailing address, replace all that with a contact form, totally hiding your email address from the world while still allowing open communication.
Look for posts and places where you may have featured a map to your home or private office. Remove it or make sure the reason it is shown is a good one. It’s nice to share your location. Unless it is a store front keep it vague, narrowed to a neighborhood not your front or back door.
Go through your entire site and look for posts where you may have shared a little too much personal information.
Look for insidious ways you’ve revealed private information. Have you been sharing details about your upcoming vacation, how long you are going to be gone, and where you are going?
What about work? When you blog about work you may put yourself and your job on the line. While employers are more forgiving than they used to be, be careful miss-associating your opinion with your employer’s policies and reputation.
Protect Friends and Family
Be careful sharing stories of your self and your children. Use pseudonyms for them to keep their identity protected. Your story of a favorite pet could answer a security question about the name of a favorite pet. You never know.
We put pictures of ourselves, our friends, and family all over the web, on our sites, Instagram, Facebook, Flickr…think about the impact some of what should be fairly innocent activities in the news recently including the IRS Star Trek spoof during one of their conferences, and the accusations and loss of business because of fairly truthful testimony by Paula Deen during court proceedings caught on video and spread around the world. Whether true or not, the web has a way of twisting things around into compromising positions.
On my Family History site, while I would love to celebrate my mother’s life and family, I’m very careful to avoid her maiden name directly as this was the long-time piece of security information used by banks to verify you were you on the account. If you have a family site, take extra care when identifying yourself and family members, especially children. Consider only publishing about dead people, protecting the living.
Privacy and the Social Web
When you have gone through your site(s), turn to social media channels.
Go through your profiles and change your birthday to a date that isn’t yours. It could be the same week or, like me, a completely different but easily remembered day such as a holiday or anniversary. The people who truly love you will know the right date and not need some social media company reminder.
Look through your profile for any private information you do not need to share and remove it.
Give serious consideration to whether or not the online social world needs to know where you are at all times, or when you publish a post. If I make a recommendation on a WordPress tip or technique, does anyone care that I was in Seattle at the time I found it? No. They want the tip and my location is completely irrelevant.
If you have family or co-workers, take time to educate them on personal security safety. Same goes for your readers. Remind them that their safety and security, and possibly their identification, is on the line when they go online.
Privacy and The Real World
Now, look at your personal life and the day-to-day opportunities that encourage you to give away personal and private information.
- Answering with your zip code when a check-out clerk asks. The information tracks your home area for their junk mail ad campaigns. Tell them no thanks.
- A check-out clerk that reads the last four digits of your credit card out loud or asks you to do so. The first batches of numbers represent large groups, but the last six digits are unique identifiers. A simple computer program can turn up your whole credit card very quickly with those last numbers. Hand them the card and ask them not to read the numbers out loud.
- Signing up for shopping cards and using them. Sometimes they offer enough discounts to be worth the loss of your privacy if you provide real information, sometimes not. When a card will not give me an immediate reward and benefit, I say no to their offers. The usage of the card helps the store, not me. I’m selfish about my privacy and security.
- If a stranger asks you where you live, even in a fairly trusting situation, be vague. Don’t give them the house number or any identifying features of your home. You just never know.
- Don’t fall for opt-out schemes on emails. Few of these are serious, usually confirming your email as legitimate. Mark them as email spam and move on with your life.
More Personal Privacy, Security, and Identity Theft Resources
One of my students suggested a parody of the old “friends don’t let friends drive drunk” campaign: Virtual friends don’t let virtual friends do stupid shit on the web.
There is some truth in that, and that is what really motivated this blog exercise.
Here are some resources with more information about protecting your privacy online.
- Identity Theft & Identity Fraud – Office of Information Security – Access and Security – EITS
- Personally identifiable information – Wikipedia
- Types of Identity Theft – 8 Types of Identity Theft
- Top 16 Pieces of Your Information Identity Thieves Crave
- 10 things to know about ID theft – Identity Thieves – MSN Money
- Criminalising identity theft – Australian Government Law Reform Commission
- Identity Theft For Dummies Cheat Sheet – For Dummies
- Identity Theft Facts & Statistics – eHow
- USDOJ: CRM: About the Criminal Division
- 5 Ways to Prevent Identity Theft – wikiHow
- Identity theft techniques and practices – Canadaian Internet Policy and Public Interest Clinic (PDF)
- Social Networking Privacy: How to be Safe, Secure and Social – Privacy Rights Clearinghouse
Personally, I hate that we have to be so protective of ourselves, smarter than those determined to use and abuse others. Unfortunately, this is the world we live in. It will only get worse before it gets better. We need to learn to deal with those who know not how to live with consequences.
If you choose to blog about this topic and educate your readers, a very good idea, include a hat tip link back to this post to create a trackback, or leave a properly formed link in the comments so we can learn more about the tips and techniques you offer them for protecting their identity and security online.