Posts Tagged ‘Privacy’

May 22, 2017

A Not Me

I’ve been having a growing problem over the past couple of years that stems from having a highly common name, and using a highly common email platform. Back when gmail was invite only I created an account based off of my name. Occasionally since then I’d get email that was clearly never intended for me, but for some other S Tyler. A Sharon Tyler might sign up for veterinarian’s news letters accidentally fat fingering my email address instead of hers. Steve Tyler might book tickets to Disney world making a similar mistake sending me a confirmation of his itinerary.

For news letters I unsubscribe myself. Important documents (I once reserved someone’s loan closing docs) I emailed the sender and informed them of their mistake. Usually they’re grateful for being made aware of the mistake. But what do you do when someone creates an account using your contact information? In this increasingly politicized and hostile online world, I’m increasingly uncomfortable with the idea that my email address could be associated with a social media account I have no control over. Such is one of the cases I’m dealing with lately. Someone created a snap chat account with my email address and despite my continued attempts to have it removed through customer service, the email address keeps getting associated with the snap chat account!

A common approach I’m seeing online is to lock the other person out of the account and delete it. Technically the account is not mine, even if they signed up using my name. One could interpret this as a violation Computer Fraud and Abuse Act. Its doubtful I’d face any serious consequences since there’s no financial ramifications for SnapChat if I were to do this, but I’m too much of a rule follower to risk it. I’d also feel bad if this was some poor kid making an honest mistake (repeatedly). I love my social media accounts. Going over my facebook time line to see all my old favorite photos and read the comments always brightens my day.

I could log in to the account, look up the phone number and send a text asking them to use their email address instead of mine. That wouldn’t destroy the kids’ account, but could still be a violation of the Computer Fraud and Abuse Act. Also, it would then expose my phone number to a complete stranger which I’m not sure I want to do. The account is private so I have no idea who is there and how receptive they’d be to being contacted anyway.

For now I keep contacting customer support, and keep asking them to disassociate my email address. Some day I’ll come up with a better strategy for dealing with Not Mes.

It may appear as though I don’t really worry about online anonymity. My first and last name is listed in the title of my blog. It’s in my email address, and my online signature. It’s not that I don’t think it’s a good idea to be careful, or that I don’t worry about privacy. From a practical standpoint, online anonymity doesn’t really exist. There’s not really much I can do, even when I try and hide.

You can’t hide from the Crowd

A decade ago, before facebook, myspace, there really weren’t many people online. You weren’t likely to run into many people online that you also knew offline. There was no one to recognize your photo, or who would know your real name. Now, with so many people online, finding out who you are can be easily crowd sourced. Take the example of the Toronto Kissing Couple. The internet was fascinated by a photo by Rich Lam, taken during the Stanley cup finals of a couple that appeared to be kissing. Within days, their identities were discovered through an acquaintance. During the same event, the Toronto police were able to identify rioters by asking people online to identify them in pictures. This is sometimes referred to as “crowd sourcing”: turning to a large group of people to solve a problem.

Crowd sourcing has even been used to help return lost cameras to their owners. With so many people online, chances are someone is familiar enough with you that they can recognize you in a picture, or by seemingly small number of innocuous details about your life.

You are your own worst enemy when it comes to anonymity

Even without crowd sourcing it can still be easy to deduce a person’s identity, especially if one is active in any kind of online setting. I have inadvertently stumbled upon the last names of several anonymous bloggers I follow. One blogger posted a link to her wedding photographer’s sneak peak page which included a photo of the wedding invitation, somewhat obscured but readable. Another linked her multiple social media profiles including her linkedin profile to her klout page, presumably to boost her score, then shared her klout page. A third blogger used her last name in her twitter handler. She never posted her twitter account on her blog, but she often tweeted with another blogger I follow on twitter and I recognized her profile picture.

Often our identity can be pieced together using small, innocent pieces of data. It’s called the Mosaic Effect. For example, by noting what times I post you can get a sense of what time zone I’m in. If I complain about a bad snow storm you know I’m somewhere cold. None of these details by themselves is enough to triangulate my whereabouts, but put enough together and you can get a very good idea. One study found 87% of the US population can be uniquely identified by just a zipcode, a gender and a date of birth. In fact, birth date is one of the most innocent details identity thieves look to steal.

Scary? A little bit.

Staying Safe

So what can you do to keep your identity and your privacy “safe”? It depends partially on what you’re worried about. One strategy is to come up with an online profile. Identify which details you’re willing to share and stick to it, no matter what. This is the strategy I employ. As a PhD student, I want to be found. A potential collaborator may want to know what university I go to, but there’s no reason a professional acquaintance needs my birth date. For that reason, I don’t share my date of birth, age, middle name (other than my initial to help differentiate me from the 100s of other Sarah Tylers), zipcode, or hometown, etc. in any public forum. Ever. No matter how innocuous the detail seems, or how obscure the online forum is. Of course that doesn’t mean someone can’t find these details with enough effort, I just won’t wake it easier for them.

With this strategy I am findable for professional colleagues, but somewhat protected from identity thieves and stalkers. Another way to protect yourself is to apply a little bit of misinformation. Some suggest creating an “un birthday” for online websites that require it.

The same rule applies to children. A report came out a year ago of identity thieves using children’s social security numbers. In their excitement about a new little one’s arrival, Parents often don’t hesitate about sharing a birth date or child’s first and middle name online. Some even post photos of birth announcements, which are archived by search engines. Yet with these details an identity thief is halfway to acquiring all the information he or she needs. Yes, you can get remove the fraud, but how carefully are you going to be checking your new infant’s credit history? Before the report came out it would have never crossed my mind.

Of course, nothing is full proof. Just like there is no full proof way to keep your car safe from thieves, there is no full proof way to keep your identify safe. But you can make it a little harder to steal your identify than then next guy’s.