Personal blogging and online privacy

Continuing from my post yesterday about the IndieWeb, rel=me and anti-patterns, I’ve also been considering adding h-card information to my sidebar. Many blogs do this in effect by having an author photo and bio either in the sidebar or associated with each post. The h-card formats this into something that computers can interpret as well as humans.

My next question then becomes, “What information and how much detail should I put into such an h-card?” Which then brings up the issue of how safe is it to include personally identifying information on my website where anyone can see it?

The concern is that oversharing could leave me open to identity theft, which is an increasing problem worldwide. While this is an international problem, I am going to look at it from a New Zealand viewpoint.

Identity theft

The fear I have is that some personal information in the hands of criminals can enable identity theft. This is where someone uses another person’s personal information in order to access money or services under their name. My gut reaction to this idea is that you would be a mug to want to be me! I don’t exactly have a dream life or loads of money so it’s not worth the trouble. Apparently this is a common reaction and leads many people to have a false sense of security that makes it even easier to steal from them.

How common is identity theft?

As many as 133,000 New Zealanders may be victims of identity theft annually. (NZ Department of Internal Affairs). An interesting comment I found on the Equifax site is that:

identity fraud victims typically know the person who uses, or tries to use, their identity.

The cost of this crime to New Zealanders may be as much as NZ$200,000,000 every year. Globally many millions of people are affected, with billions of usernames and passwords stolen in 2016.

What is personal information?

What is considered to be personally identifying information varies, but a consensus would be:

  • Full name
  • Date of birth
  • Place of birth
  • Current address
  • Previous residential addresses
  • Phone number(s)
  • IRD number
  • Credit card information (card number, expiry date, verification code)
  • Banking login information such as PIN or security codes
  • Email address (and password)
  • Driver’s licence number
  • Passport number
  • Birth certificate
  • Current location
  • Place of employment or study
  • Interests, activities and connections (movies you watch, where you went for a run this morning and who you are friends with or work alongside).

It can be deceptively easy to leave snippets of valuable information all over the internet (and real world) which if collected together could enable someone to steal your identity. This digital footprint includes browsing history, device usage patterns, interests, perceived loyalty to a service, marriage status, preferences and income level (see this article by Netsafe). Most commonly such information is used to target advertising, but could also be used to manipulate people into divulging other, more valuable, information.

Are bloggers at more risk?

So far I’ve not found any indication that bloggers are at any more risk than other groups of people. In fact the high risk groups tend to be teenagers (who think nothing will happen to them) and older people (who can be more trusting). While bloggers may share more of their lives online, they do make conscious choices of what to share so may be less likely to accidentally share sensitive information than someone who doesn’t understand their social media privacy settings.

What I discovered in researching this post is that identity theft can affect anyone and often it is information that is inadvertently made public, stolen or leaked by hackers that enables criminals to steal an identity. There is a massive black marked on the dark web for this sort of information and even ‘kits’ which enable miscreants to lure people into divulging the information the scammers want (phishing). The best protections seem to be using long, unique passwords for every site or account, guarding email carefully and being suspicious of anything that tries to wheedle login details out of you.

Be careful out there.

Sources of reliable information

Social media, cyber privacy and blog comments

investigation

Over the last year or so I have disabled the comments feature on my blogs due to my perception that generally comments do not add very much additional value to the original post and the extra work it requires to weed out spam and junk comments.

During this same time there has been increasing alarm across the internet regarding the snooping into user’s ‘digital fingerprints’, both by governments (particularly the United States NSA and affiliates) and by commercial interests who are targeting advertising and ‘user experience’ at us based on our previous browsing histories. I particularly notice the targeted advertising in the different advertising that I encounter at work compared to what I see at home because I use different browsers, operating systems and visit different websites in these two contexts.

Of concern to me is the use of social media profiles to track whatever websites I visit and the goal of those companies to ‘monetize’ me as a user. As the axiom goes: “if you’re not paying for the product, you are the product”. I actually have hardly any money so these companies possibly pay more out in efforts to monetize me than I ever spend, but that’s beside the point. Call me an old fuddy duddy, but if I want to buy something I prefer to seek out information about my target purchase myself then take time to consider my options before choosing what or whether to buy.

Web advertisers have a very different take. They go to extraordinary lengths to steer internet users towards handing over their credit card details, having no qualms about manipulating us to that end. You may protest that often all they really want is for you to tweet a link or like something on facebook or give your email address. Unfortunately, while each of those actions may seem trivial, they give the tracking companies ever increasing leverage to present information in front of your eyes specifically tailored to cause you to click and browse ever closer to some looming button enticing you to ‘buy now and all your problems will be solved’.

I hate advertising. If something is truly good and does what it is designed to do well that product will become well known even without advertising. When I am seeking information or inspiration I’m happy to dig for it. Maybe that makes me weird.

So, given my own irritation at governments for using electronic communication tools to snoop on innocent citizens and huge companies for attempting to assign each of us a digital profile, I have chosen to kill off my Twitter and Facebook accounts. This does mean sacrificing potential avenues to notify people of any new blog posts I write and whatever stupid cat videos I’ve seen. More importantly, it cuts off any chance of interacting with the few who read my blog.

Therefore, I am activating the comments on this website for new posts. This is my digital soapbox, it may evolve into a stand-in for social media services with the advantage that I have complete control of what is posted and published. Feel free to comment, just keep it nice and family friendly (all comments are moderated).

On a related note, which you may or may not care about, I do not use any tracking codes or affiliate links (or, heaven forbid, advertising!) on this blog. What that means in plain english is that there are no hidden bits of computer code such as scripts or cookies that tell me, or anyone else, that you have visited the site. To my thinking these are yet another small betrayal of trust by webmasters in an attempt to gather information on whether each click on the site is from a new visitor or someone who has been here before, how long you spend on each page before moving on, the type of web browser and various other nuggets of data.

In truth, I can get some of that data directly from the server software powering the site; the server has to know where in the world you are in order to send the page information to your browser. It has to know what browser is being used so it can send that information coded in the appropriate manner for the browser to interpret. The server also knows what you click on so it can feed the linked page to your browser. That is more statistics than I care about frankly, and I hardly ever bother to look at it, so have no need to install Google analytics or any other tracking code. The same consideration to your right to privacy is why there are no social media ‘share’ buttons here. If you want to share a post just copy and paste the page address – easy!

A Few Relevant Links: