There is already a lot being said about malware (Trojans, viruses, worms, etc.) and attempts to obtain your cash, personal identity, usernames and passwords through various frauds, phishing schemes and other cybercrimes. While this is crucial information to have, practically nothing is being written about the tremendous amount of personal information pouring onto the Internet through the careless use of social networks, blogs, and photo album services. In these popular Internet outlets, especially Facebook, there exists a dangerous opportunity for predatory criminals; bloggers and those with extensive social profiles may in fact be fueling the fire and opportunity that these monsters need to commit their crimes!
To reinforce my statement I would love to point out one shining example I stumbled across a week ago and illustrate how one particular blogger has put her entire family in jeopardy. In the interest of their safety, however, I am not going to identify the particular blog. I will, however, relate to you what I saw so that you may learn from her mistakes then take an objective look at your own online presence and determine if changes need to be made.
The name of her site was something whimsical like “The Smith Family Blogosphere of Happiness” and the blog had its own URL- “TheSmithFamily.com.” This blogger was obviously dedicated! There were many pictures in the online photo album of blogger, her husband and beautiful children in various activities both at home and at school. She obviously put a lot of thought into the numerous blog entries about various subjects: family vacations; the usual ups and downs that she and her husband have at work and raising their children; how she felt about some issues in her community and anything else that seemed to cross her mind. It was a typical non-commercial blog documenting the daily lives of the Smith Family.
No big deal right? Wrong… in terms of personal security, this family blog was a security nightmare.
The first thing I noticed was that she identifies her last name in the title of her blog. A quick trip to the WHOIS database (how to identify the owner of a website) verified that her URL was registered publicly and identified the blogger by name, home address, private email address and home phone number.
She did a good job at referencing her children in her blog posts as “the oldest boy,” “our youngest son,” or “my daughter” but she mistakenly names most of the picture’s filenames after them (i.e. janes_xmas.jpg, johns_new_bike.jpg or john_and_jim.jpg); anyone can tell who’s who and put a face to a name.
Most horrifically, the kids are in athletic uniforms with the name of the school emblazoned across the front; knowing each child’s name, what they look like and the name of their school in conjunction with the address I obtained through the WHOIS record would allow me to find these particular children at school very easily.
While she only references her husband by his first name it isn’t much of a stretch to put it with her last name to reveal his identity. She describes both of their positions at work and names their employers. I even found a post referencing a vacation they were all taking in Acapulco, Mexico in December. The post was written in October.
I could have gained motor vehicle registration information (which includes full name, address, VIN, driver’s license number and date of birth) through the vehicle license plate information found in one particular picture. There are unscrupulous sellers on the Internet who will provide this information instantly to anyone with a credit card.
In completing my cursory internet profile, I “Googled” the blogger’s name, which returned nothing except for the blog, but when I searched on the email address I obtained via the URL’s WHOIS registration, I found her eBay identity, her Facebook profile, an entire UseNet newsgroup identity (which I am MOST sure that she wishes to keep VERY private since she did a good job maintaining her anonymity there) and a few other interesting morsels of information too bizarre even to mention.
It would not take the mental muscle of an evil genius to gather just a little bit of information to make this family’s location, identity, and habits, readily discernable. What horror would befall them then if someone were so inclined to cause them harm?
There are several things she should do differently. First, use good ol’ common sense, there is no greater substitute! Change the title and the URL address of her blog and remove her family’s last name. She can use a “proxy” or private registration service to maintain her URL with the registrar. She should use generic file names for her pictures that do not identify the people in them and obscure identifiers in the photos like the license plate and the school name on the uniforms too. She shouldn’t discuss the identity of her employer; if it is important, then refer to it in a generic manner such as “I work at an auto parts store.” She certainly should not be advertising when and where she will be vacationing in the future. Lastly, she should use a free (and anonymous) email address to post to newsgroups… especially when anyone may blush at the more than casual reference to her sexual inclinations.
I realize that you cannot avoid all risk in life, but the bottom line is if you participate in the online world, you will have to bear the risk of a certain amount of exposure and be prepared to address the issues that are part and parcel with sharing personal information on the Internet. Additionally, I concede that this blog was without a commercial purpose; out of necessity one often has to share personal identifying information when running an online business. It simply goes along with the territory.
I hope that you will take a critical look at your own online identity right now. Ask yourself, “Am I absolutely comfortable with what I have found?” If you are not, then resolve to do something about it today because someone else may stumble across your little corner of the Internet and decide to find you tomorrow. Unfortunately, this is a reality.