5 Seemingly Innocent Ways You Risk Your Identity Every Day
We tend to think of identity theft as a crime perpetrated exclusively on stupid people. Sure, you don't fall for that Nigerian prince schtick and you don't send your login information to "official" emails that misspell "PayPal."
Well, you'd best take a slice of humble pie, because there are lots of things that you do every day, that you're probably doing right now, that are putting your personal information at risk. Things like ...
#5.
Playing Facebook Games
Getty
After a long, hard day of playing Facebook games and pretending to work, there's nothing quite as relaxing as heading home to unwind and play Facebook games without pretending to work. It's an innocent exchange. You get a few hours of entertainment in turn for nothing more than your time and willingness to glance at a couple of ads.
Getty
"Before 'Farmville,' gin was the only thing that could get me through a day of work."
We've already discussed how Zynga, the operators of "Farmville," are evil masterminds. What we didn't tell you is how you're pretty much opening your entire life to them whenever you play. And, if you don't happen to use any of their games, you can rest assured that the same is true of virtually every app on Facebook. Last month, the security firm Symantec uncovered a security hole in the social network that gave third-party clients access to the entirety of a user's account.
But hey, 'Mafia Wars'!
And we don't just mean they could see all those pictures of you drunkenly fingering that elephant pinata at your cousin's birthday blowout. Facebook was accidentally leaking access tokens to advertisers, developers, every-damn-body. Theoretically, these tokens could give a third party the ability to post as you on your profile, as well as look through literally everything you've ever posted on Facebook. As many as 100,000 apps had tokens leaked to them over a period of years.
Getty
"What other social network are you going to use -- MySpace?"
It's not directly Facebook's fault, except where they've been completely negligent about what goes on on their servers. Most Facebook apps are developed by third parties that can basically hijack the service for whatever dubious purposes they like, as evidenced by the plague of Facebook app viruses that spread thanks to people's tendency to click on anything that looks vaguely like a picture of boobs.
Getty
"Tits? Hell yeah I'll let you have access to my hard drive."
Now, here's the good news. Facebook doesn't think that any of the third-party sites actually took advantage of this hole when it was open. But that doesn't mean advertisers and app developers don't love spying on you. Facebook's privacy policy does forbid any app from sending user data to third parties, but The Wall Street Journal conducted a study at the end of 2010 which showed that 10 out of 10 of the top Facebook apps were in violation. Those apps sent off user ID data on millions of users to "outside companies," which means millions of people found their names, app preferences and friend lists leaked out to admen.
Getty
"Can you believe Bill is flirting with Jane and Sarah? Let's try to sell penis enlargers to all of them."
In other words, information sharing is against Facebook's privacy policy in the same sense that jaywalking is against the law. The rules are there, but nobody tries very hard to enforce them.
#4.
Using Public Wi-Fi
Getty
About one-fifth of Internet users have used a public Wi-Fi network, be it at Starbucks or an airport or any of thousands of other locations where people just can't bear to be out of contact with their Facebook wall. Most of those users probably weren't aware that they were putting everything from their email password to their PornHub account at the mercy of anyone who happened to be paying attention.
Getty
"Would you like a croissant or some identity theft with your coffee?"
And we literally do mean anyone. There's a program called Firesheep that allows the user to intercept your Wi-Fi connection and gather the cookies from whatever sites you visit. The cookies, of course, being the files containing the info that lets you automatically log into sites the next time you visit. Once they have those cookies, they can gain access to your accounts. The Internet's propensity to give everything a geeky nickname has dubbed this process "sidejacking."
The creators of Firesheep are adamant that they don't intend for anyone to actually use this freely distributed program, but wanted "to demonstrate just how serious this problem is." Which is kind of like building a doomsday device to save the world from doomsday devices.
Getty
"There. Now the world is safe."
A recent British study hired a security expert to find out just how easy it is to leech sensitive information out of the public airwaves, and the guy wound up breaking into the accounts of 350 people in one hour, each "sidejack" taking as little as five seconds.
Worse, the hacker doesn't even need to stick around to continue harvesting your passwords. Open Wi-Fi is like an orgy during a latex shortage. Much like governments ill-advisedly developing anthrax and rage viruses, one lab recently developed what they call "Typhoid" malware, which can surf the Wi-Fi networks and infect computers that are in proximity to each other.
Because the original typhoid was such a good time for everybody.
#3.
Following Celebrities on Twitter
Getty
The invention of Twitter has been useful primarily in maximizing the ability of celebrities to expose us to their shockingly dull and inane lives. But the mass adoption of the medium combined with the childlike trust we have in famous people creates just another opportunity for scammers to exploit.
Getty
"Taylor Hicks wants to worship the dark god Set? Count us in."
The fact is, celebrity Twitter accounts are easier to break into than a convertible sedan, as we saw in January 2009 when 33 different celebrity or corporate Twitter accounts were hacked. It began with a tweet from Fox News that read "Breaking: Bill O Riley [sic] is gay" and didn't stop until Rick Sanchez of CNN had admitted to being high on crack and Britney Spears informed a shocked nation about her four-foot-wide vagina.
Getty
Okay, so the Rich Sanchez = crack thing makes sense.
So why should you care that strangers are taking over Twitter accounts and making celebrities say ridiculous things? Well, the very same week this article was written, actor Simon Pegg's Twitter was hacked, telling his followers to download a Paul screensaver. Those who did found themselves infected with a Trojan designed to steal their online banking login information.
Which is, arguably, a better fate than watching Paul.
Just a couple of months earlier, Lady Gaga sent out an oddly worded tweet that purported to include a link to one of her banned music videos. The link led to a bogus site that attempted to hijack your Twitter account, using it to spread the same tainted message to all of your followers. Gaga wasn't the origin of the tweet, but she fell for it like thousands of other people and ended up exposing her 9.6 million followers to scammers as a result.
Getty
How could she have been outwitted?
You'd think it's their own fault for trusting somebody who once wore a gown made of meat, right? You'd be less inclined to expect scammers distributing links through Barack Obama's Twitter. Except, oh wait, that totally happened. Having lots of money and the ability to order a nuclear strike doesn't render you immune to 18-year-old kids with an Internet connection and buckets of free time.
Getty
"He's a nerd, gentlemen. The only way to stop him is a girlfriend who puts out."
My (real) identity is advertised all over the place. I'm in business. I actually PAY people to give out my name, address and 'phone number. I'm listed all over the internet and in the telephone book. ANYONE can find me - I want them to find me - My business depends on it !
ReplyWhy is this article supposed to be scary ?
I must have the safest identity in the world because I do not do any of these things (even #2 somehow).
Replyf**k you, Paul was great.
ReplyI liked Paul.
Reply"If you're paying attention, BP has finally crossed the line from "incompetent evil" to "cartoonish supervillainy."
ReplyStolen from Simpsons.
The Simpsons have done everything already. No one cares.
As long as they don't hijack my computer to viagra websites or somehow uninstall my ad blocker or get me arrested somehow, I'll be fine.
ReplyEven better: Sites that use Google's Urchin Tracker system, put cookies named utma, utmb, utmc on all their pages, and these come from Google's servers, so Google knows everything you browse on the internet. Google isn't known for abuse of personal data in a dangerous way, but it's not one person, it's 100,000 different people, and their software has bugs too. They do work with Govt agencies too often for comfort.
ReplyWhat's more shocking is that your plaintext data goes over the internet - this means what you type goes through multiple servers to the website you are using and back through multiple servers.
Some of these can be in different jurisdictions, different states, countries, and these routes change dynamically according to traffic and congestion - that's how the internet is programmed.
So potentially everything that leaves your computer can be and is sniffed and saved by multiple entities.
The thing is that all these are multi-person entities and no one person can guarantee what happens to the data when other persons have it, which they do.
Your ISP could be (has been exposed, and even mandated recently) sniffing everything you type. Just because they have the bucks to buy super-duper hardware to store and scan everything.
And then you have another example of #1 - even the military got their data exposed recently when someone hacked Booz Allen Hamilton, a huge defense contractor. Now if contractors have military data, government data, your data, and they are not integral or competent, then good luck.
Just one thing I wanted to point out - research fail.
ReplyBP hasn't stood for British Petroleum in YEARS. You know what BP stands for? BP.
Evil is evil, no matter the name.
It's a British based company that deals in petroleum.
So you can see how people still call it by its old name.
Also, whether you have a Facebook account or not, everytime you go to a page that has a Facebook "Like" button on it... that button comes from a Facebook server. They now have a record of your computer's IP address accessing that button (and therefore visiting that page), even if you don't click it. So just surfing the web provides Facebook with a ton of data about you.
ReplyIf the page uses Google Analytics, Google gets all that same data and more, except there's no big Google button on the page.
Something about Facebook I noticed when I had to make my privacy settings stronger. (Somehow a gift had been sent from Zoo World to a friend of mine... at a time when I didn't have Facebook open.)
ReplyMaking my security settings even moderately stronger has made it a pain rear to do anything that doesn't access my wall or newsfeed. That includes accessing apps, games, and other stuff, including those I *already* used.
Reading this article, I really have to wonder: Unthinking programmers, or programmers who thought *too* much.
I'm not saying this is the way every company works, just speaking from 30 years experience as a programmer, in everything from very small companies to world-wide mega-corporations: A very small number of high-level technology officers and marketing types come up with the strategy. The work is chopped up, so the right hand doesn't know what the left is doing. The reasons for this are threefold: 1. They think the more people you throw at it, the quicker it'll get done (which only works to a point), 2. They don't want the worker bees to have the big picture, because they're paranoid they'll take that knowledge elsewhere, and 3. *IF* they're doing something of which the public wouldn't approve (and I don't believe I've ever been involved in one of those situations), they maximize their ability to prevent or discredit leaks by keeping the full story to themselves. They give you a ridiculously short deadline. You work tons of unpaid overtime, go without sleep, are kept completely off balance, and certainly these days, you're told you're lucky to have a job. Quality, security and stability all take a back seat to time to market. That's one of the big reasons for security holes. The programmers are just pawns in this game. Prior to 2000, 2001, programmers were well paid and treated as professionals, but that era came to an end with offshoring of high-tech jobs.
That is why I live in a cave. :)
ReplyDon't say anything down a phone line (mobile or landline) that you wouldn't say out loud in a public place.
ReplyTrue but about as idealistic and impractical as "abstinence is the only safe sex."
It's not impractical at all. I don't use Public Wi-Fi, I'm not on Facebook or Twitter and I don't own a cell phone. And my Internet experience is just fine, thank you.
"Sony's PlayStation Network leaked the names" is so f*****g wrong.. they didnt leak anything, they got hacked by a bunch of extremely skilled guys.
Replylol "extremely skilled" against non-existant security and plaintext information. Yup EXTREME SKILLZ
girls like guys with skills
And then it ends with... "And don't forget to follow us on Facebook and Twitter to get Cracked articles sent straight to your news feed."
ReplyKind of funny that when you think about it, human society still have dominant traits of the wild: one can f**k another up because one can and because one likes it that way. I'm not yearning for perfection in this world because it's impossible, but frankly this is messed up beyond the impossible. It's a wonder human society has not collapsed entirely during any point in history...
ReplySo uh... What's Facebook?
ReplyDude, even Osama had Facebook.
"He's a nerd, gentlemen. The only way to stop him is a girlfriend who puts out." Oh god, we are doomed.
ReplyEven though Sony didn't actually leak the information, interesting article
ReplyWho cares, f**k Sony. They killed Aiwa.
What's an Aiwa? Is that a guy?
really amazing I paid $32.67 for a XBOX 360 and my mom got a 17 inch Toshiba laptop for $94.83 being delivered to our house tomorrow by FedEX. I will never again pay expensive retail prices at stores. I even sold a 46 inch HDTV to my boss for $650 and it only cost me $52.78 to get. Here is the website we using to get all this stuff, BidsNew.com
ReplyWhy would anyone want a piece of junk like that?
I wish I could teabag spammers through computer monititors.
I'm #1 ! That hungover guy who is hungover and at their first job out of college, and looking at social security numbers too often. We had consultants come in & one of them freaked out when they saw our file room. It went along the lines of this: "So anyone can walk in, pick up a file, and walk away? Not even a check-out sheet?!" The consultants eventually got fired. Probably for pointing that out and considering reporting it. Luckily no one with a brain would even start our online application.
Reply