02 May 2013

More Considerations from Alpha Lays and Beta Pays

In the wake of our informal study as mentioned in the mini-series "Alpha Lays and Beta Pays," there's another aspect that deserves a special mention. We did mention it in passing with regards to personal information, but here we're going to delve a little deeper.

The disturbing thing is that many of the girls we reviewed gave out quite a bit of personal information in their profiles. Fortunately, only a couple actually managed to put their direct-contact information (such as email addresses, mobile numbers, and/or offsite IM nicknames) in their profiles.

To an extent, this is somewhat unavoidable between ostensible principles and needs of the site. Most sites want basic info on you, and ostensibly assume that what you're entering is true.

Some of the bad practices we've seen include (but are by no means limited to):

  • Using their real names in their username
  • Using their birthdate in their username
  • Putting offsite contact information
  • Mentioning specific pieces of information that can be traced back to them (e.g. a user stating that they graduated from a certain school in a specific year; names of one's pets; specific injuries or illnesses that the user has--or has had)

Why is this important?

There are many ways that anyone who gets a hold of this info can use it. Like most things, it can be benign or malicious. From a benign perspective, somebody could use such information to do a background check (i.e. like what Chewie and I did in "Alpha Lays") in order to determine if someone is indeed who they say they are and is not likely to pose an obvious threat of danger.

Maliciously, such personal information can be used to uncover more data that in turn can be used to commit identity theft, unauthorised access into computer systems, blackmail, allow for stalking, and possibly violent crimes such as armed burglary and assault. Even indirectly, a malicious entity could use such data to craft campaigns to glean more data from an unsuspecting user via social-engineering techniques (an example would be to create bogus login pages tied to a phishing email).

As a perpetual student of IT security, I'm familiar with ways in how people's information can easily be gleaned and misused. There are a wide array of tools available to the public to data-mine and manipulate. No, I won't list them here, but I will say that they're not hard to find, and the Internet abounds with a lot of "tutorials" on how people can use (and sadly, abuse) such tools.

In addition to the recommendations we put forth in the second part of "Alpha Lays and Beta Pays" we also issue the following:

  • Look into other sites that you use and see if they're making your data publicly-accessible. 
  • Research how to opt-out of services such as Spokeo and Intelius, and then demand they remove our information from their databases. 
  • Revise your online-dating profile. For basic information, only put what's absolutely required, and don't go posting your contact information on your profile. 
  • Refrain from divulging personal information right away. Let a conversation develop first on the site before, say, agreeing to talk on IM or Skype, and both of those before giving out your cell or home phone number. Build trust first. 

It's rather important to keep yourself safe, and ultimately you're the only person who can do that. Suffice it to say, there are genuinely-dangerous people who do look to prey on people online and who don't have other people's best interests at heart. Take the time to think things over before acting.  A good place to start would be to read what the Electronic Frontier Foundation (EFF) has had to say about online-dating. In addition, the Privacy Rights Clearinghouse has put together a well-written fact sheet that addresses many pertinent issues you can face.

Finally, I highly recommend checking out Naked Security as they do an excellent job with keeping everybody abreast of the latest security developments. 

No comments:

Post a Comment