Internet Security (as Pete put it), or "Am I being paranoid... enough?"

[Andy Hornblower]

Pete thought it would be a good idea to start a thread off, along these lines - re-posting something I said in a PC about the new map.

Before the almost inevitable debate starts (which I reserve the right not to get involved in... much), I'd like to say that I think the map is a good thing. I just don't want to be on it. I fully encourage the rest of you to sign up for it though

I would suggest you might not want to be too specific about your location - a postcode stub (like E17) or the name of your town, followed by UK, will work.

Hopefully, this is useful in a wider context:

"Not wanting to get into this too deeply; when we talk about ourselves online, we give away information that stays out there for some time. It's not hard to piece it together to find out quite a lot about someone. In this case, for example (map->profile->posts I've made), it's easy enough to find a list of some of the more expensive things I own. I might also give away things about my lifestyle that give clues about when I'm most likely to be out, and for how long.

There are two main things, I guess - the possibility of identity fraud, and the possibility of targeted burglary. There are others, but I won't go into those. Card fraud just happens as a result of using a card online at all, so I don't think about that too much (it's happened to me a few times) but ultimately, I could quite easily leave enough clues lying around to give someone a good idea of how profitable it would be to burgle me, where I live, and what times of day I'll most likely be out. They wouldn't need to know my real name - that's not relevant to the process.

I've read that software has been written that trawls forums, Facebook and so on, and can piece together all the information that's available about someone, with a reasonable degree of certainty, even though they used different accounts to talk about different aspects of their life. I'm assuming that's mostly used by the FBI, NSA... maybe Google, for some reason, but that doesn't particularly bother me.

If someone puts in the effort, they can probably find most of that out whatever I do, short of not talking about myself online at all, but I wouldn't want to make it too easy.

If the information is completely public, and reachable just by googling, it's possible to come across information you weren't even looking for.

Whether it's an entirely rational reaction, I couldn't say, but personally, I would not be comfortable tying my location to my other details, publicly.

Plenty of other people are happy to talk about every aspect of their lives though, so whatever you decide, some of them will sign up. Maybe most of them. I really don't know."

 

[Nick Wyver]

It's really not difficult to find out where I live and what I do for a living (actually, it's not even remotely a living but I've nearly reached the official retirement age and I can't be bothered any more). I feel more comfortable using my real name on here than some pseudonym. It helps to keep me polite.

 

[jimmylh]

I know what you mean. I never say what my last name is on forums and I only narrow my location down to the town I live in. Without my full name it would be a lot more difficult for someone to zero in on me. Another precaution is to turn off embedded location info in pictures taken with digital cameras and phones.

 

[Pete Thomas]

i would say one of the biggest issues is publishing a date of of birth, even without the year various snippets of info in postings can help a determined fraudster work out the year to go along with the day.

I also think it is not a good idea to give out an address, though I would not have thought targeted burglary is the biggest issue unless you discuss the valuable items in your house, and I think in our case most thieves sophisticated enough to follow a target on various Internet posting possibly seen' as interested in saxophones as other more desirable swag.

I would probably be more concerned about children and single females making it easy for stalkers due to giving out personal addresses.

 

[Andy Hornblower]

Interesting point on the date of birth.

My instrument collection is easily the most valuable thing in my flat, Pete. If someone worked out roughly how much I'd spent on them, they might also conclude I must be quite wealthy - which I'm not - but it would make me seem like a worthwhile target.

Burglars do have computers. They steal enough of them.

 

[jonf]

In my day job I work with potentially sensitive data, from which all strong identifiers are stripped. For this purpose, both full post code and date of birth are regarded as identifiers to the same level as a person's name. A post code in the UK typically narrows down a house to between one and thirty residences, so identifies the individual to a far finer location than post/zip codes in most countries. Date of birth, particularly when combined with other data can easily identify an individual. Combining data gives rise to what's called 'disclosive potential' which is really as good as naming an individual. Andy's right about post code stub being as far as you should disclose to the wider internet for safety's sake.

 

[Nick Wyver]

What exactly are you all afraid of?

 

[richardr]

I have always assumed that every aspect of my electronic communications is at least monitored and perhaps read by a variety of organizations ranging from the ostensibly benign (GCHQ?) to the out-and out criminal. That's the reason why I don't pay money over the internet, because doing that involves giving out the details of how to extract money from my account to every hacker who may take the trouble to look. Also, I think it's odd that members of the Cafe list their equipment along with their avatars. Surely this is an invitation to thieves.
I like the map but I wouldn't want to appear on it.

 

[Targa]

Worth burgling DavidUK for scrap value alone.

 

[Veggie Dave]

What exactly are you all afraid of?

Indeed.

 

[jimmylh]

Indeed.

I just call it extra insurance, not as a paranoia. I only give out personal info on a need to know basis. When talking with folks on an internet forum, why would anyone need those kind of details?

 

[kevgermany]

That's the reason why I don't pay money over the internet, because doing that involves giving out the details of how to extract money from my account to every hacker who may take the trouble to look

This is a rather sweeping statement that's not really correct any more.

The payment card industry (PCI) has pretty strict regulations that are making it close to impossible when you pay by card - as long as the merchants follow the regulations - and those that don't lose the ability to take transactions by card. PCI compliance audits are a fact of life for business nowadays.

Paypal, by acting as a third party hide your bank details from the other party. Completely safe, unless they're compromised, as it's only public imnformation that's used to effect the payment. The password goes through on a secure link that's heavily encrypted.

Banks have introduced systems which pretty much prevent this kind of fraud, e.g. by issueing on paper a set of single use passwords.

As far as I know, most of the problems these days revolve around stolen cards, and companies taking payment by card that don't follow the PCI rules and also suffering a data breach. If a merchant follwos PCI rules and has a breach, it's almost impossible to reconstruct credit card details from security breaches. Insider jobs, which used to be easy, are close to impossible nowadays.

Other online payment methods exist, but if you stick to the big names you will be OK. And in any case, credit card companies, paypal and some banks cover any losses from on-line fraud.

You must also ensure that you have a clean, fully patched computer, with proper AV protection.

 

[jonf]

What exactly are you all afraid of?

I'm not really afraid of anything. I am just aware of the identifiers fraudsters can make use of to undertake identity fraud. Having your identity compromised is a collosal pain in the arse, and one I could well do without, so there are a few simple things I do to reduce the risk. Not splashing my identifiers all over the internet is one.

 

[Colin the Bear]

I don't use my real date of birth on line. However any one who can work out the numbers, is welcome to hack my bank account and pay off my overdraft. I have an eclectic sense of security. On the car I have "P" plate and never wash it. Great deterrent.

 

[aldevis]

I never say what my last name is on forums

Me neither

 

[jimmylh]

Me neither

?

 

[aldevis]

?

My first name is pretty unique.
(edit: yes, it is "aldevis")

 

[jimmylh]

My first name is pretty unique.
(edit: yes, it is "aldevis")

Plus you're also more famous, I'm just a random guy on a forum. Harder for you to go stealth than for me.

 

[aldevis]

Plus you're also more famous, I'm just a random guy on a forum. Harder for you to go stealth than for me.

I fear that my mother in law could be kidnapped, since she is very rich and lives alone in apt. 3, 187 Bishopsgate, London EC2M 4NP, United Kingdom,

 

[jimmylh]

I fear that my mother in law could be kidnapped, since she is very rich and lives alone in apt. 3, 187 Bishopsgate, London EC2M 4NP, United Kingdom,

Does she ride a black and blue bicycle? I looked just for laughs to see what is there. Right around the corner there is a dozen or so bicycles parked in some sort of locking stations. They are all identical. Are they some sort of rentals?