So the other day I got my knuckles rapped by a fellow OSer for providing the sample steps to finding out details about just about anyone via Facebook. She accused me of giving those who would do wrong a manual. Kinda like I was writing the Anarchist's Cookbook for Facebook. Yeah, um no. That's kinda like saying that Criminal Minds is a resource guide for serial killers looking for a modus operandi.
The people who are out there looking for your personal information already know how to find it. Heck, I've had my debit card compromised 3 times in the last year, most likely by a skimmer when I was out and about doing everyday things like buying gas or eating in a restaurant.
Yet, online we seem to have blinders on about how many people can and do access the information we make available. We tend to think that either no one is going to be looking for our information, or that the only people looking at our information are people we know. However, unless you take steps to ensure that is true, you're living in a dream world.
Do you put photos in your OS posts? I do. Most of the time they are either borrowed from another source, or innocuous photos of Jell-o salad, and on rare occasion, they are a photo of me or someone in my family. I post a link on Facebook to my posts here on OS. When you post a link on Facebook it gives you the option to include a thumbnail image from the images available in the post. It's nifty and looks fab when you post it. The process of adding that thumbnail is such that a small copy of the original image is added to the Facebook servers. So, even if you delete the original image from your post for whatever reason, if the thumbnail copy has already been made, then it lives on forever.
While I don't want to get back into the whole brouhaha of this past weekend, I know for a fact that this happened in the case of that post. Someone shared the link on Facebook with the photo in question as the thumbnail, so now the image lives on. It took less than a minute to share that image. And no one needed the permission of the author to do it, because they had included it in their post. (Whether this violates copyright is another discussion altogether. Today we're talking tech and facts.)
Most of us leave our Facebook privacy settings on the default values, which for many of the elements is "Friends of Friends." This means that even though you and I may not be Facebook friends, if we have a friend in common, I can probably see some of your Facebook information or photos. The other day, just for funnies, I pulled up the profile of a fellow OSer whom I happen to be friends with on Facebook. (We'll call that Profile A) I looked at the Profile A's list of Facebook friends. It didn't take me too long to scroll through the list and find a face I recognize as an avatar of another OSer. (We'll call this Profile B.) Now, I didn't, until that moment, know Profile B's real name. I do now. I clicked on their profile, and while I couldn't see much on their Info tab, I could access their photos. I scrolled through the albums that belong to Profile B, who happens to be an avid online scrapbooker, and has nicely tagged all the people in their photos by name. So now I know the names of most of Profile B's family members, whose profiles I took quick peeks at, and guess what? On some of them I could see where they live, where they go to school, and got to cruise through their photos and find more names.
Okay, so that was fun. Profile B takes some fun vacations and looks pretty good in a bikini for her age. Now, what innocent little I know of Profile B from their writing on OS and their bio, which includes where they are from, coupled with my now having their real name, I can now pop their name into Google and spin the wheel. Bam! I've got more information. Profile B tends to write comments in their real name on a number of news websites, so now I know a little bit more about them and what sites they frequent. I also find that Profile B is named in some documents from where they work. So now, if I didn't know before, I now know where they work and if I wanted to be a total stalker, I could totally call their company and get them on the phone.
If I were so inclined I could probably find their home address and/or phone number through an online white pages site that lists all the phone directories in the country. If I felt like blowing a little cash I could go to a people searching site like Intelius and pay $49.95 to get more personal information, including their marriage/divorce records, criminal record, legal history, etc... All this from just looking up a friend on Facebook.
I don't blog here under my name because I don't think my name is actually relevant to the task at hand. I think some of you read me, or read me originally, in part because of my pseudonym. If I posted as June Smith I suspect you would skip over me a few times before you got around to taking a look. On Facebook, however, I do use my real name. As a result I am cautious about what information I share with people. When I friend someone, if I don't feel I know them all that well, but still want to be Facebook friends, I take a minute to customize my privacy settings as to what information about me they have access to. (For the sake of my marriage, I limit the access that some members of Dave's family have to my page, as I suspect they don't want to know about my nipples or what happened when I waxed my bikini line.)
Now, am I saying you should be paranoid? No. I'm not saying that at all. However, I do encourage a little forethought. I've lived online and quite publicly for over 15 years. If you Google my real name you'll get pages of returns on interviews I've given, documents I've written, and jobs I've had. I had an ex-beau that I hadn't seen since 1985 find me simply by Googling my name and tracking down my email address.
However, not all the people who have contacted me online over the years have had the best of intentions. In the late 90's I was stalked online by a total stranger who found my information through reading websites dedicated to the software company I worked for. I was subjected to all kinds of email harassment for a number of months. I was diligent and aggressive in taking on my stalker. I contacted his ISPs and had his accounts closed. I contacted the Royal Canadian Mounted Police (he was Canadian) and filed complaints with their fledgling cyber crimes division. I went to our own FBI, who thought I was a whackjob, because this was all taking place online and the law hadn't caught up with the technology yet, until the death threats started arriving at my office by US mail. I was lucky. They caught him, or as it turned out, a group of 3 people (two men and a teenage boy.)
My point is that while you don't need to batten down your hatches and bolt your virtual doors, it doesn't hurt to put a little thought into what information you share, how you share it, and with whom you share it.
TIP:
Enter the amount, and click "Tip" to submit!
crazypants
Boanerges1
Amy A
Mike Hunt
Sarah Eccleston
Emily Sussman
Salon.com
Comments
Btw, I'd appreciate it if you'd stop changing the PIN number on your debit card. That's awfully annoying to us perps.
I know exactly what I put out there, but I control it, and don't let it go if I'm uncomfortable with it being accessed. You're very right to warn others if they might not be aware how vulnerable they are, on Facebook and elsewhere.
Since I work for no one and have no skeletons or none that I can remember in my closet, I didn't care. However, I was/am the subject of a fraud and that is one hard mother to decode. You did great with Canada. But this is someone who knew far too much about me and I am never going to get a good rating check again even though she cannot get into my bank or credit cards because I changed all of those and put myself on high alert. It's a better life online but not in every way. Good detailed piece.
Valuable post.
YES. I am very cautious, as you probably know, over my personal information and where it goes. I know longer have a facebook account as a result of their new security practices.
I appreciate your wisdom here Surly and am thankful you are sharing it.
Please forgive my cut/paste - if you care to read the whole thing in context (of the TSA and air travel) you visit an old post of mine here:
http://open.salon.com/blog/fudo_myo/2008/10/28/air_fair_2_dyspeptic_bugabootsa_rules_hard_to_swallow
I once considered it morally and ethically reprehensible that someone would publish ways of circumventing the things that keep us safer. A number of things changed my mind. One, of course, was Mr. [Bruce] Schneier. Another was the book Little Brother by BoingBoing contributer Cory Doctorow. They caused me to see the instructions on how to defeat most padlocks with a soda can in a new light.
You buy locks to keep your things yours. You now know that a great many people know how to walk right through that lock like it's not there. After you get over the initial fear that nothing is safe anymore, you go out and buy a new, functional lock. And that makes you safer.
My mother lives in a "gated" community. I say that in quotes because the "gate" is operated by people who are not working for the TSA, for what ever reason, and can be walked right around - and frequently is. When you pull up and say, "hi, I'm here to see my mom," they ask, "do you have the number?" being too lazy to look it up. (I'm only assuming laziness - there could be other reasons they might not be willing or able to discern the numbers and their order in a book.)
"Sure," I say, "it's [my wife's cell phone number]." My wife, sitting next to me, answers the ringing phone in her hand when the "guard" calls and says, "OK, let them in."
Did I harm anyone (besides the gate operator's feelings)? Did I point out a flaw in the system? If you live there, do you feel safer knowing this? Do you really think no one of criminal intent has already found - and possibly already exploited - this flaw? Should you chastise me for pointing it out to everyone or should you find a way to fix it?
Thanks, surly. As if I needed another reason to avoid Facebook. I've had Lexis/Nexis and Westlaw accounts at various times in my wandering career. Give the wrong person access to those plus a name and location, in 5 minutes s/he will have gone through a substantial amount of your public records. Probably can come up with a maiden name, too.
Computers just make things easier - that includes crime. Vagrants used to dumpster dive behind restaurants for the carbons (remember those?) from your credit card charge (when they slid the roller tray over it). They'd get $2-5 for each. Now, high-tech hoods take jobs as wait staff and walk around with palm-sized skimmers, collecting scores of credit card numbers in an evening.
$20 gets you upwards of 300,000 valid credit card numbers - burned to a CD. That's how prevalent the practice is. Your card numbers are actually worth pennies now. They're openly traded like some trade MP3s.
The myth of the hacker using some kind of arcane codes to force their way into your laptop is just that - a myth. Oh, it does happen, and with alarming frequency. But it happens randomly, to anyone foolish enough to open the "COOL NEW SCREENSAVER" from their friends, or download the wrong pr0n file.
Anyone who wants your particular info is going to find the path of least resistance. Why try to force their way through your router (easier to do than you think) or hop into your home wi-fi network (even easier) all to find some unpatched back door into your computer (using Windows? ouch)?
Why, when they can wander past your house and pick up your trash? Therein they'll likely find magazine subscriptions, drug prescriptions (your doctor's name and number, as well as what you're being treated for), in addition to credit card statements, bank statements (if not the actual account numbers, at least where they're held) and, the coup de grace, offers for new credit cards and balance transfer "checks."
They'll call your company's IT department, claiming to be your assistant, and say you can't get into your e-mail; could they please reset the password?
If one of your e-mail passwords is compromised, most people are likely to use the same password for most of their accounts - including banking sites. Plus, most sites have the "forgot password" feature, which verifies through your (now compromised) e-mail. That's the proverbial spare key under the mat.
How many kids posting naked pictures of themselves, how many dumb criminals posting the details of their crimes (with video!) on MySpace before we, collectively, start to dispel the misconception that we're not all sitting around a virtual coffee table?
We're putting our photo albums out on our front lawns for our neighbors to see, but failing to realize that everyone else who drives down the street is having a look, too.
Because we interact online as friends, it's easy to forget that anyone can read this stuff.
Where do I send my $20?
"Profile B takes some fun vacations and looks pretty good in a bikini for her age. "
**blush** Ahhh thanks. I got a bikini wax just for you!!! Teeheehee!!
:)
Seriously, good advice for folks, I don't use my real name cause in real life I'm really David Hasselhoff and I don't want people reading me just because I'm world famous and stuff, but if I did, I'd be careful with who I shared what information with!!!
**wanders off to steal more credit card numbers**
Our bank gives you not ONE account for debit, but THREE. You keep a minimal amount in one account for online purchases, and transfer funds when needed to the online account from the other two, which are kept private. Works very well.
Don't use Intelius. Use US Search. They take PayPal, unlike the others, who require a credit card. This is from my good friend Skipp Porteous of Sherlock Investigations in New York, and it is good advice.
R
Last weekend it took me less than two minutes using Google and Anywho to find the name, address, landline, directions the home, and names of all the neighbors of someone posting dangerous information on OS. I thought about letting that person know that but did not want to be accused of being a stalker.
I am not a detective. I used free services to do so.
If I was to start over I would not use my real name on OS. My original intent was to write and be thought of as a writer. That has worked out. However, what I learned the other day is that even if I had not someone without much determination, time, or skill could have easily discovered my name anyway.
Good advice all the way around, surly.
PS.... Google Buzz is worse.
I use a pseudonym here, but one can easily find the real me on FB using just the method that Surly describes. I am just really careful about what I say and what I post, since I know my boss, coworkers and business contacts can all see it if they're so inclined.
I keep my financial stuff as secure as possible, but the rest of it, I try not to worry too much about.
Harry - too funny
okay. but they all joined. so under protest I joined. I immediately found my settings and made myself private. I THINK. their rules and instructions are SO arcane, so complex, I suspect everyone I know can see everyone else, which I DON"T want. I don't understand this. it seems VERY insecure. I'm waiting for this weekend actually, to get one of the savvier members of the family to take a peek and tell me how to get this right. if I have it my way, I'll see everything everyone that is my FRIEND does, but they won't see one another. it's SUCH a stupid badly designed bullshit site. except my entire family loves it.
I'm feeling VERY out of the loop.
anyways, thanks for doing this surlygurly. people need to know online is swirling waters, including a lot of cesspool drainage. we just carve out nice little areas for tea parties and such.
I am paranoid. I had a PC stolen a few years ago ... and no security on access ... so a great deal of info existed with only the click of a mouse. I spent hours changing credit cards, and days redoing access and passwords to all my various accounts ... all of which I paid online.
Soon after, all the people on my e-mail lists were receiving e-mails from me soliciting things. Fortunately, the perps mailed me, too ... since I cross-referenced my multiple accounts. So I mailed all my lists, told them to ignore my mail, particularly if it appeared mass mailed, then individually sent them all a new e-mail address. It was a frightening and time consuming and left me paranoid.
I now have a service pay my bills, so there is no longer any info re. my accounts on my PC. I am now only a member of OS ... and another writing site (use a pen name for both) ... one personal site that is free ... and my e-mail account. I have never, nor will I ever, join facebook, twitter or any other similar site. I have no need to be that exposed. If you are a friend or family, I will mail you my pics to your e-mail. If I want to find someone ... and have ... I use US Search (and feel secure with them, but pay using a card I keep for such things ... $1,000 limit). I only buy stuff online using that credit card. I still feel vulnerable, but have alerts with all my cards ... and keep my exposure to a minimum.
I have no earthly clue what this business of instant access, instant contact, instant gratification is all about. I consciously *don't* text, and only answer my phone if I recognise the caller. I do not read texts sent ot me. This whole business of public exposure seems weirdly exhibitionist, extremely juvenile, and seriously dangerous. If you (and your money) stand in front of the window naked, expect that people will see you (and it). And may try to take a little. What else could you expect? {{{R}}}
Some of your friends might have hundreds of friends. I am careful about my Facebook settings precisely because I don't want people to have access to family and friends.
I have been open online under various pseudonyms and my maiden name for many years and have never had any problem either online or offline. I guess I am lucky. I have never had any problem giving my social work clients my home number either.
My credit card has been compromised. Fortunately my bank is very good about notifying me immediately about any suspicious online charges. I have set up alerts for any credit card purchase over $100.
But you know, I'm sure someone with enough determination could suss it out, if they so tried. Despite skipping my email accounts around, I occasionally find that, from the same computer, one of my email accounts will find me and identify me to someone else as ME and not my alias. It's some weird piece of 'remember me' digital thing that's just doing its job and making me less than anonymous. So, that happens.
Welcome to the panopticon? It's just how it is. I try to keep it in mind in terms of the Kid and what any job might find acceptable, but I can't control what others do. I have accepted that there may be consequences.
the answer woulda been: "not at all, anymore. not at ALL."
Try going through this when your parent dies. And doesn't leave a will. I HAVE managed to change her magazine subscriptions. We can't get her mail forwarded, there's a half empty house, and those are real life issues of safety. Never mind not being able to access most of her accounts.
She has, apparently, been hacked and from what I can tell, it's likely through her obituary. The banks are cooperating by freezing everything, which they sort of had to do anyway, due to probate...it's a long story.
But writing my mother's obituary made her vulnerable to having her accounts hacked.
So...I am totally with you on this. As another commenter noted, having several accounts and only keeping a few hundred dollars on one debit account is a good safety measure.
Thanks for the good work surly.
I experimented with having a facebook account only for Open Salon friends. But I made the mistake of inviting my husband and a few personal friends. That means everyone on my personal account starts getting invitations to add me as a friend because Red MJ is my husband's friend.. Once there is any crossover between the two accounts, any privacy gets lost. So I deactivated my RSG facebook account, much to my regret.
Last year I Googled a couple of old friends I hadn’t seen in years. With a couple of clicks, I not only had their address and phone number, but I could have gotten their approximate salary and how much they paid for their house. Yikes!
I used to work at a bank and could access all the accounts, and one day “for fun” I entered a few celebrities’ names, and I could have told you how much they had in the bank and which ATMs they used.
I just had my wife proofread something about us that I was planning to post, and she was upset that I used an alias but I used her real name. So I changed it. Better safe than sorry.
I have no computer hacking abilities or knowledge. I just looked up "Angelina Voight" through a couple of different servers, and, in under five minutes, found several different addresses for Brad Pitt and Angelina Jolie. I can't comment on the accuracy of the ones in New York, California, etc., but it did give the correct one for the home they own in New Orleans. (They live five blocks from me. The exact location of their house is pretty common knowledge in the Quarter. I have seen them out and about on occasion. I have no interest in stalking them.)
And these are people who have good reason to worry about their privacy.
People do have different zones of privacy and safety. I loved living in high rises and feel safe in NY. My younger brother feels crowded if he can see any neighbors from his rural home. Taking a walk and not seeing anyone would feel dangerous to me.
No, I am a free woman! (free of Facebook, for reasons you so well explain here)
I get called paranoid for mentioning concerns like this to friends, and I don't have all the knowledge you do of methods for getting info, so this is enlightening and helpful. thanks!
It won't last.
I apologize to all those old boyfriends out there who would look me up. Have a nice life, guys!