Your Most Important Resolution for 2006 is to Take Personal
Security on the Internet Seriously.
There is already a lot being said about malware (Trojans,
viruses, worms, etc.) and attempts to obtain your cash, personal
identity, usernames and passwords through various frauds and
phishing schemes. While this is crucial information to have,
practically nothing is being written about the tremendous amount
of personal information pouring onto the Internet through the
careless use of blogs and photo album services. In these popular
new Internet outlets there exists a dangerous opportunity for
predatory criminals; bloggers may in fact be fueling the fire
and opportunity that these monsters need to commit their crimes!
To reinforce my statement I would love to point out one shining
example I stumbled across a week ago and illustrate how one
particular blogger has put her entire family in jeopardy. In the
interest of their safety however, I am not going to identify the
particular blog. I will however, relate to you what I saw so
that you may learn from her mistakes then take an objective look
at your own online presence and determine if changes need to be
made.
The name of her site was something whimsical like "The Smith
Family Blogosphere of Happiness" and the blog had its own URL-
"TheSmithFamily.com." This blogger was obviously dedicated!
There were many pictures in the online photo album of blogger,
her husband and beautiful children in various activities both at
home and at school. She obviously put a lot of thought into the
numerous blog entries about various subjects: family vacations;
the usual ups and downs that she and her husband have at work
and raising their children; how she felt about some issues in
her community and anything else that seemed to cross her mind.
It was a typical non-commercial blog.
No big deal right? Wrong... in terms of personal security this
blog was a nightmare.
The first thing I noticed was that she identifies her last name
in the title of her blog. A quick trip to the WHOIS database
verified that her URL was registered publicly and identified the
blogger by name, home address, private email address and home
phone number.
She did a good job at referencing her children in her blog posts
as "the oldest boy," "our youngest son," or "my daughter" but
she mistakenly names most of the picture's filenames after them
(i.e. janes_xmas.jpg, johns_new_bike.jpg or john_and_jim.jpg);
anyone can tell who's who and put a face to a name.
Most horrifically, the kids are in athletic uniforms with the
name of the school emblazoned across the front; knowing each
child's name, what they look like and the name of their school
in conjunction with the address I obtained through the WHOIS
record would allow me to find these particular children at
school very easily. While she only references her husband by his
first name it isn't much of a stretch to put it with her last
name to reveal his identity. She describes both of their
positions at work and names their employers. I even found a post
referencing a vacation they were all taking in Acapulco, Mexico
in December. The post was written in October.
I could have gained motor vehicle registration information
(which includes full name, address, VIN, driver's license number
and date of birth) through the vehicle license plate information
found in one particular picture. There are unscrupulous sellers
on the Internet who will provide this information instantly to
anyone with a credit card.
In completing my cursory internet profile, I "Googled" the
blogger's name, which returned nothing except for the blog, but
when I searched on the email address I obtained via the URL's
WHOIS registration, I found her eBay identity, an entire UseNet
newsgroup identity (which I am MOST sure that she wishes to keep
VERY private since she did a good job maintaining her anonymity
there) and a few other interesting morsels of information too
bizarre even to mention.
It would not take the mental muscle of an evil genius to gather
just a little bit of information to make this family's location,
identity, and habits, readily discernable. What horror would
befall them then if someone were so inclined to cause them harm?
There are several things she should do differently. First, use
good ol' common sense, there is no greater substitute! Change
the title and the URL address of her blog and remove her
family's last name. She can use a "proxy" or private
registration service to maintain her URL with the registrar. She
should use generic file names for her pictures that do not
identify the people in them and obscure identifiers in the
photos like the license plate and the school name on the
uniforms too. She shouldn't discuss the identity of her
employer; if it is important, then refer to it in a generic
manner such as "I work at an auto parts store." She certainly
should not be advertising when and where she will be vacationing
in the future. Lastly, she should use a free (and anonymous)
email address to post to newsgroups... especially when anyone
may blush at the more than casual reference to her sexual
inclinations.
I realize that you cannot avoid all risk in life, but the bottom
line is if you participate in the online world, you will have to
bear the risk of a certain amount of exposure and be prepared to
address the issues that are part and parcel with sharing
personal information on the Internet. Additionally, I concede
that this blog was without a commercial purpose; out of
necessity one often has to share personal identifying
information when running an online business. It simply goes
along with the territory.
I hope that you will take a critical look at your own online
identity right now. Ask yourself, "Am I absolutely comfortable
with what I have found?" If you are not, then resolve to do
something about it today because someone else may stumble across
your little corner of the Internet and decide to find you
tomorrow. Unfortunately, this is reality.
Have a safe and prosperous new year in 2006!