People have increasing concerns when it comes to their online privacy. The rise of Web 2.0 technologies, such as social media (Facebook, MySpace, etc.), blogging sites, photo sharing sites, video sharing sites, and even open webcam projects raise interesting questions. Do you have a reasonable expectation of privacy when it comes to information you’ve posted?
Many believe that if you only share something with your on-line ‘friends’ that it is still private, however, how many friends do you need to have before it becomes incredibly unlikely that there won’t be a leak somewhere? How soon does your ‘reasonable expectation’ of privacy become no privacy at all?
The question of privacy has come down to this: How can one simultaneously have an expectation of privacy and publish information about themselves freely on the internet? It is this dichotomy that causes concern to many net denizens.
Most internet users have their public face, which they display on LinkedIn, other social media sites, and on various public forums. In fact, such a public face is increasingly necessary for job hunting, networking, and interacting for work. They also have their ‘private face’, which they tend to use for anything they consider to be more personal.
The key to internet privacy isn’t to be a social media pariah, but rather find a way of keeping your public and your private activities utterly separated. After all, if no one can link your private activities to your public face, then your privacy is assured for those specific activities.
There are a number of simple steps that can be taken to insure that your private activity remains separate from your more public activity:
1 – When making ‘private’ on-line profiles, make sure they don’t share any features with the real you. Set them up with a different date of birth, home and employer. When setting up these profiles, never use your real e-mail address, and certainly never use a work e-mail address. These can all be linked back to your other social media accounts with simple tools (www.spokeo.com being one example).
Create an e-mail address specifically for the purposes of your new identity and use it only for those purposes. Do not get lazy with this practice and send a quick e-mail to a friend, or make a quick post. Discipline is the key. Tracking e-mail addresses between common social media, forum, or other accounts is the main technique used by people engaging in investigative research (be they employers, hackers, ex-wives, private investigators, etc.) to discover private profiles and link them definitively to the ‘real you’.
2 – Never use a ‘username’ you’ve used for the ‘real you’ for any private purpose. They can be linked. It’s amazing how many people use the same profile name on LinkedIn as they do on certain ‘scandalous’ dating sites. For an example of how easy this is, Google a username of one of your friends. I guarantee you’ll find them in more places than you might think.
3 – Become familiar with the ‘Tor Browser Bundle’. Use it for any and all web surfing you want to remain private. Failing that, use an anonymous proxy. Simply searching for ‘Anonymous http proxy’ on Google will return lists of currently active proxies. While this is not an iron clad guarantee of privacy, it will stop marketing companies and some hackers, or unscrupulous forum moderators from revealing your identity.
4 – Never post any photos of yourself on your ‘private profiles’. The same goes for identifiable pictures of pets, family members, friends, houses, or cars.
5 – Never, under any circumstances access resources using a private profile from your place of work. The IP address of that connection can be traced back to your employer, and your employer will be logging your internet activity. Sure it may be fun to goof off on a hockey forum all day, but if you happen to irritate an admin and they report your activity, it’s your boss that will ultimately get the call from their ISP, check their logs and figure out exactly who it was.
6 – With regards to your ‘public profile’, assume that your boss, mother, priest, rabbi, friends, relatives, enemies, hackers and social engineers can see everything that you post. Employees are increasingly vetting social media behavior prior to making hiring decisions, so make sure you don’t let yourself down. If you do have an on-line ‘wild side’ keep it firmly to your ‘private profiles’.
7 – If you make ‘private profiles’ on social media, do not invite any of your public friends to be your friend. Investigators, fraudsters and social engineers often use investigative research to look for and map connections like this, and you can easily give the game away!
8 – When making private profiles, it helps to use a reasonably common name, or the name of a minor celebrity. This way, even if someone gets hold of the user name and links it to you, the name will be used so often by others that linking you to any specific piece of activity from that user name will be almost impossible. For instance, a search for Angelina Jolie (a not so minor celebrity) reveals over 2,500 forum users with that as a handle. Trying to link any individual with that name back to a single piece of activity is impossible. This kind of ‘passive fuzzing’ can be extremely effective. The same applies for common names.
By following these simple rules, you’re public internet face and your private internet face can remain largely private, and all but the most skillful investigator will be utterly lost, when it comes to finding the ‘real you’, from any of your ‘private profiles’. If you don’t follow these rules, then expect your private profiles to be public, and act accordingly.
About the author: Richard Farley works as a digital investigator in London for Atris Aqua. He specializes in employee vetting through the use of only open source intelligence techniques.
Credits: Image courtesy of OpenSource.com.