On The Internet, Everybody Knows You’re a Dog
↓ Updated: September 25th, 2009.
I care about my privacy, and I try to take reasonable steps to safeguard it. Every once and a while however, I am reminded of what little difference that makes.
A year ago I saw private investigator Steve Rambam give a talk entitled “Privacy is Dead, Get Over It” at The Last Hope. The talk is available on YouTube, and although it’s long, I’d highly recommend watching it. Steve gave a great lecture on what type of info is available to him as a PI, and how much of that is contributed by us. After that, I stopped twittering.
That didn’t last long. No more than a week later, I was back to broadcasting the various happenings of my life, having gained only a bit of perspective on what type of information I wanted to contribute. A year later, while thinking about this talk, I decided to do a little audit of my own privacy online. Here’s what I found:
What I Have Going for Me
Let’s start with the good. Where’s the first place you used to go to find info on someone? The phonebook. I don’t have a landline, so I’m not listed. That’s a good start. I’m also not particularly settled down yet. I move often, so info becomes stale quickly. I don’t own a house, run a company, or do many other things that would create public records.
I’m also lucky. A quick Google search will reveal that I’m not the only David Albert on the internet. Not only that, but there happens to be a rather famous and more accomplished one generating a bunch of noise that might help drown out what I generate.
These, as we’ll soon find out, are small comforts in the face of a very grim reality.
The Search Begins
Let’s say you got an e-mail from me, and wanted to know more about me. Maybe you even want to find me in person. The place to start would be my signature, which is pretty much standard at my office:
David Albert
AdaptiveBlue – Software Engineer
http://getglue.com
http://twitter.com/davidbalbert
From here you already know where I work, and you have my Twitter account. From my twitter page, you’ll find a link to my website. While I might not be in the phonebook, I’m in the internet equivalent. WHOIS is a system where you can look up the owner of internet resources, including domain names. When you register a domain, you’re required to enter your name, address, and e-mail address. These become public and are available via WHOIS search. You can pay extra to have someone enter their info as a proxy, but you have to pay extra, so very few people do it. This service is also not available in every case (like mine). I’m not going to hand it to you on a silver platter, but if you know how to use WHOIS, you have my address. At this point I’m already screwed.
Look back at my Twitter account for a second. My latest tweet is about my Greyhound ticket. Seems pretty benign, right? Think again. With this info, you can infer that I was away for the weekend. If you had the means and desire, this would have been a good time to break into my apartment and snoop around.
I use Facebook. I don’t use it as much as the vast majority of users, but there is still an obscene amount of info that has been put up there by me and others. I don’t link to my profile from anywhere and I have all my privacy settings as stringent as they can be, so this might seem like a bad angle of attack, however not all is lost. If you know a little bit about me, like where I live (available on my Twitter profile), or where I went to school, you’ll probably be able to find my profile pretty quick. If you’re so inclined, I’m sure you could find a friend of mine with access to my profile or be able to access my info via other means.
Even if you can’t find a way in, there is a nice little tidbit that you’ll probably be able to use. Facebook recently introduced usernames, and if you can find mine, you might notice something juicy. I use the same username on Facebook as I do on Twitter. A quick Google search for my Twitter and Facebook username reveals that I use the same one everywhere I go on the net. A lot more fruitful than searching for my name. From here, you can find forums I’ve used, companies I’ve worked for, accounts I’ve created, services I’ve used, code I’ve written, e-mails I’ve sent, the school I went to, photos I’ve taken, my interests, and people I’ve interacted with who might provide some sort of info about me or way to find me, just to name a few.
Twitpic
For the sake of brevity, let’s just take a look at one of the results. Twitpic is one of many services that allows you to post photos from Twitter. You can find my account from our most recent Google search, but you don’t even have to look because it uses my Twitter username and info. Browsing through my recent photos, we find a picture that looks interesting. While there’s no description attached, the page says that the picture was posted August 15th. While the date is apparently wrong, you can find the relevant tweet from the 14th. It says I’m on my balcony watching the sunset. Take a look at the picture again. The quality is not great, but given that you know my address, it’s probably good enough for you to pinpoint my window from the street.
You can do this stuff all day. Keep clicking on those links from Google, and you’ll be able to find all sorts of stuff on me. In an hour, you’ll probably have a pretty complete picture.
The Takeaway
So what is there to take from this besides every bit of personal information that anyone has ever posted about me? Steve Rambam was right, privacy is dead, and it’s our own damn fault. No matter how little info you put online about yourself, people who want to find out about you will be able to (remember, we only looked at public info that I put online myself. We haven’t even considered other private databases available to PIs, various public records, and government databases available to the Police and the Feds). Furthermore, if you’re thinking about taking it down now, don’t bother, it’s too late. Everything on the web is archived in some form or another. If you publish it, it’s there for good. No ifs ands or buts about it.
You can, however, begin to consider these things going forward. What types of info do you really want to share? Twitter just announced a geolocation API. Do you want people to know where you are all the time? How about who you’re hanging out with? Think about this the next time you share something on Facebook or checkin on Four Squre. If you make conscientious decisions about these things, you might not be able to stop interested parties from finding out all about you, but you might just make their jobs a little bit harder.
Update: There’s a great article by Jacqui Cheng on the subject that is totally worth your time. ↑
Nicholas Bergson-Shilcock — Sep 3rd 9:31pm
Good post, Dave.
The key question for me is, “why do you care about privacy?” This isn’t a rhetorical question; I actually mean it quite literally. Here are some of the answers I can think of:
The first obvious answer is identity theft. We don’t want our identities — by which we typically really mean our financial identities — to be stolen. It can be economically devastating, but is more commonly just a major pain to clean up. Note that none of what you mentioned *directly* leads to identity theft, at least if you take reasonable precautions with your financial accounts. This post is a good reminder that it’s dumb for banks to use a fixed set of questions to reset your password (e.g., “where did you grow up?” or “the name of your pet”) and that people ought to think about the ways that multiple pieces of innocuous information can be combined towards nefarious ends (I’m thinking of the financial institutions that set your default login to be the last four digits of your credit card number — which can be easily found on any receipt — and your birthday. Dumb, dumb, dumb!).
The second answer, which you allude to in your post, is that someone (presumably a stranger) could figure out the best time/way to rob you. This is possible but seems highly unlikely. Most burglaries aren’t premeditated capers like in the movies; you’re more likely to have your apartment broken into by a heroin addict than a Google-stalker. It’s a risk, sure, but not one I’m particularly concerned about.
The third answer is fear of stalkers/crazy exes/someone else you know in some capacity who’s out to get you. This one’s legit. It’s certainly a lot easier these days for an angry ex to track you down and cause a scene or for an obsessed acquaintance to make your life awkward and uncomfortable. My guess is that most people in these situations do actively censor themselves with respect to what they publish online (though as you pointed out, trying to get information off the web after the fact is like trying to get pee out of a swimming pool).
Lastly is the answer that I find most compelling. I’ll call this one “liberal values”* for lack of a better term. Essentially it is the idea that in a free society, people need spaces in which they are free to think and express themselves. This privacy is important and far-reaching. It’s deeply related to some of the most basic human rights — to think what you wish, to engage in private activities with other consenting adults, and to be free to do and think all these things even if they fall far outside the norms of mainstream society. People should be able to communicate with each other without the government eavesdropping, just as they should be free to conduct their private sex lives as they see fit, regardless of their neighbors’ opinions on the matter. I’m convinced more each day that the tremendous diversity of preferences and tastes in virtually every aspect of human affairs demands this type of freedom for human flourishing and happiness.
But to get back to your post, I don’t think the type of privacy issues you’re talking about directly hurt the type of privacy I care most about. That’s not to say advances in technology don’t pose legitimate concerns here, as I think there are in fact several. I’m not worried that people will see what restaurants I like going to because of FourSquare; but I am worried about the confused 14-year-old who doesn’t look up information about STIs because she’s afraid her parents will see what websites she visited. I’m not troubled by the fact that anyone can find out where I work or that I consider myself a libertarian; but I *am* deeply disturbed by the fact that some of our phone calls are recorded by the state.
As you point out, we have only ourselves to blame for a lot of the information about us that gets on the net. the good news is that humans are actually pretty good about figuring out what they value and acting accordingly. And while we’re certainly not perfect, on average we do a better job at making these choices ourselves than letting others make them for us. You’ve written a good post that ought to serve as a reminder for all of us to think about what we do and do not want to share with the rest of the world. Weigh the value of sharing the information against the potential harm, and then make a choice.
Now, if you’ll excuse me, I have to go tweet about this comment.
* By “liberal” I mean liberal in the more traditional use of the term, i.e., more libertarian than lefty, though I suppose the left still theoretically values these things.
David — Sep 25th 12:54am
Holy crap dude, this might as well be a blog post of your own. Because it’s late and I have to go to bed, I’m going to have to be on the short end.
I agree with you 100% about the most important kind of privacy. Free speech and expression require privacy for us to breathe and think, free from fear of eavesdropping and judgment. I think what is important is that expectations are changing. Things that we used to consider private, like photos, videos, and even our thoughts (Twitter, et all), are now online for all to see by our own choice.
As we become more used to this availability of information, things that used to seem outlandish, like the government tapping our phones (without a warrant even), start to seem like not a huge deal. I have public conversations with my friends on Facebook already, so what if my phone conversations are public too? I hardly ever use the phone anymore anyway.
As more and more of our means of communication move onto the internet and into the public, we’re going to have to fight harder and harder to keep what we don’t want to share from becoming public as well. Not only that, but it’s going to take huge groups of concerned citizens, not just a bunch of privacy conscious computer nerds to make it happen. The first step towards getting people to care about protecting their privacy is helping them understand it. I think self contributed information is a good place to start. Understanding it is easy, and if you care, you can actually do something about it.
Also, I found an Ars article just now that I tacked on to the end of this post. Well worth the read.
Michael Glass — Mar 2nd 10:01am
I just wrote a paper about how the likes of Skype & Tor have made wiretaps obsolete. The new wiretap, I theorize, will be a system of correlation between a user’s various public disclosures (as well as any subpoenaed private disclosures).
I was recently considering making my twitter account private and I had to think about the trade off between increased privacy vs. increased access to the twitter community. When I was a full-time developer, tweeting about a programming problem would often result in other people (who I don’t even know) guiding me to their own blog posts where they were dealing with similar problems. This is aardvark without the algorithm and it seems to work very well.
Twitter bots are generally annoying, but yesterday, after tweeting, “Inconceivable!” @IAmInigoMontoya tweeted back, “@michaelglass You keep using that word. I do not think it means what you think it means.” I kind of love that.
Ramble ramble. What else? Check this article out,
http://www.wired.com/wired/archive/4.12/fftransparent.html
It’s obviously the extreme case, but it’s certainly the direction we’re moving in.