Tuesday, March 01, 2011

Staying Safe Online -- Are You REALLY Anonymous?

It's tempting to feel that you're anonymous online, protected from potential cyberstalkers by cryptic user names and website privacy settings. But is that really true? How easy is it for a malicious person to track someone down, based solely on personal information they've made available?
Anonymous Pictures, Images and Photos

We launched an investigation to find out.

The process started by picking a random person on Flickr. She had an unusual user name that we're going to call French Puppy (although all personal details have been changed), so no obvious clues there, but her profile linked to a personal website, LeahTphotos.com. First name Leah, but what was the T?

Website registration details often include the name and address of the creator, so we searched for "LeahTphotos.com" at whois.net. No luck, though, as it was registered to the name of a web design company, presumably the folks who built the site.

People often use the same user name around the web, and so we next tried searching for "French Puppy" at Google. Some hits, but not the right person.

Maybe her website name was the key? We tried another Google search for "LeahTphotos.com" and Leah, and success - we found a reference on another site that included her full name, a real breakthrough.

Entering this at Facebook gave us several hits, but we recognised her photo as a match for others on Flickr. The account was private, but revealed that she was in the Brighton network, and provided a list of all her friends. Within 60 seconds we had her phone number from BT.com, while 192.com helped out with her address, details of the neighbours, and even a handy map revealing how to get to her house.

That was enough, and we then emailed our test subject to explain what we were doing and why. She's since removed the page that linked LeahTPhotos.com to her full name, and so is a little safer as a result.

But what's really worrying isn't just that we could uncover so much in less than five minutes work on the very first person we tried. It's that the next two individuals we investigated were even easier to track down. And that suggests your privacy could be compromised just as quickly, unless you follow very strict rules about what you say online.

Seven rules for staying safe online

1. Don't give away your real name unless it's absolutely necessary.

2. If you register a domain name for a website then consider getting privacy protection as well. This lets you register with your real details, but ensures they're not available to the public, and is an option now offered by many companies (1steuro.net say they include it for free).

3. Don't tell people where you live, or work. Don't hint at it, perhaps saying you've just visited a particular place because it's "just around the corner".

4. It really should be obvious to say don't post details like your phone number online, but astonishingly people do this quite frequently. Try a Google search like "my cell number is" site:myspace.com to see what we mean.

5. Don't post links between your various internet homes, for example telling people on favourite forum A that you also post on message board B. And don't register the same user name everywhere. This only makes it easier to stalkers to follow you around the web, put together clues from different places, and uncover useful information.

1 comment:

Anonymous said...

Incredible..thank you so much for this.