I am not a social person. It's just not my nature to seek out interaction with other folks and share all the gory details of my life with them. So when social networks like Facebook and Linkedin became popular I pretty much ignored them. As a former software developer I expect new applications to be a bit buggy and, given that the whole purpose of social networks is to get you to share information about yourself, I thought they were likely to be rife with privacy and security gaps. I was convinced that they were something to be avoided, at least by me. Unfortunately, a majority of the few folks with whom I would like to have some social contacts tend to communicate through social networking sites. That includes our kids. So when my wife came to me and told me that her sister, who was on Facebook, had some news about our kids that we hadn't yet heard, I had to agree with her that we should take the plunge.
Once we got on Facebook I became ever more amazed at how much personal data people put in their profiles and posts. People who, I am sure wouldn't leave their front door unlocked when they go away, will use their cell phone or laptop to post that they are out on a day trip or grabbing a cappuccino at the local beanery. That is sort of an open invitation to any tech-savvy burglar to stop by and run off with the new flat screen they posted about on Facebook earlier in the week. The reason for that is sort of twofold. On the one hand a lot of data that people put on Facebook is available to people whom they might not intend to have it. In addition, there are a lot of companies who make a living by aggregating data from various sources and selling it to anyone who wants it. That can make for an interesting and really insecure situation.
Just to make sure that I'm not laboring under more than my normal degree of paranoia here I ran a little cyber-stalking experiment today. It went like this:
I got on the Facebook wall of someone who is one of my Facebook friends (we'll call this person, F) and scrolled down through the posts until I found a comment from someone who is not one of my Facebook friends. This person (whom we will call X and refer to as the neuter he, which doesn't necessarily imply that it is a man rather than a woman) is one who frequently posts location info that is often commented on by F. Ordinarily I wouldn't have access to X's posts unless I specifically searched for X using Facebook's friend search function, but when X comments on a post that one of my Facebook Friends has made, or vice versa, Facebook let's me see X's profile information as well as the posts on his wall. Another way to get that kind of information is to run a Facebook application. To the best of my understanding, the Facebook application APIs will allow an application to get at most anything in a person's profile. Here's an article with some more information about social media APIs.
In any case, X's birth date and city of residence are listed in the profile, so I picked up that info from there. I also picked up some information about X's immediate family. Next I Googled X's first and last name and city and state of residence. This turned up a wealth of data. For one thing, X belongs to an organization that has a Facebook page. On that page I found out that X is a chairperson for a certain group. I also found out when and where the group will meet over the next several weeks. So now I know some times when X will be away from home and, in one case, I know that he will be holding a meeting at his home.
Another item that came back on the search was a page from a data aggregator. This page contained even more information about X, including a picture of his house and the front part of the name of the street where he lives. There was also information about X's spouse and children, his past residence locations and other spellings of his name. The site offered to sell me a full report with all the information the company had about X for a small fee. I looked at pages from several other aggregators and got similar information and offers of a full report, in one case for an introductory price of ninety-nine cents! One of the aggregator's listed the last part of the name of the street where X lives. So by putting together the two parts I had received from the two aggregators I was able to get the full name of the street.
Had I chosen to buy the full report I would not only get information on X's full address and current phone number, but also current income and place of business, complete list of relatives and any public record information concerning life events such as marriages, divorces, etc. There's more information about this subject in this article from the Vancouver Sun.
The way it appears to me is that a tech-savvy burglar, using the information gleaned from X's Facebook profile and the information from the location posts that X puts on Facebook, could clean out the house while Mr. and Mrs. X were out having a double latte some evening. If any curious neighbors challenged the thief, he would know more about the Xes than the neighbor knew and would be able to allay their suspicions long enough to get away with the goods. All of this, at least in my mind, is tantamount to putting the front door key under the mat.
So what can you do to make it a little tougher for burglars to rifle the family jewels? For one thing you can start by putting as little information in your social networking profiles as possible. Of course you'll need to put enough info there so that someone whom you want to find you can do that, but you should keep it to a minimum. Remember, all I needed to get the data I've mentioned here was first and last names and city and state of current residence. Other information, like family relationships, city and state of birth, schools attended, etc., just makes it easier to steal your identity or to verify it when dealing with a data aggregation site. Another thing to avoid is posting your location when you're not at home or the fact that your spouse is away for an extended period of time. The former might allow someone to burglarize the place and the latter might cause you to get an unwelcome visitor. A third thing to avoid is social networking site applications, especially games that require you to volunteer information about yourself or one of your friends. They are just there to feed the databases of data aggregators. In fact, it is a good idea to disallow the application APIs altogether so that nothing can run against your id.
Doing these things won't guarantee that you won't have a problem, but they'll make it more difficult for someone to steal your identity, or that new flat screen.
No comments:
Post a Comment