Login or Register

Sign in with Facebook

We tend to think of identity theft as a crime perpetrated exclusively on stupid people. Sure, you don't fall for that Nigerian prince schtick and you don't send your login information to "official" emails that misspell "PayPal."

Well, you'd best take a slice of humble pie, because there are lots of things that you do every day, that you're probably doing right now, that are putting your personal information at risk. Things like ...

Playing Facebook Games


After a long, hard day of playing Facebook games and pretending to work, there's nothing quite as relaxing as heading home to unwind and play Facebook games without pretending to work. It's an innocent exchange. You get a few hours of entertainment in turn for nothing more than your time and willingness to glance at a couple of ads.

"Before 'Farmville,' gin was the only thing that could get me through a day of work."

We've already discussed how Zynga, the operators of "Farmville," are evil masterminds. What we didn't tell you is how you're pretty much opening your entire life to them whenever you play. And, if you don't happen to use any of their games, you can rest assured that the same is true of virtually every app on Facebook. Last month, the security firm Symantec uncovered a security hole in the social network that gave third-party clients access to the entirety of a user's account.

But hey, 'Mafia Wars'!

And we don't just mean they could see all those pictures of you drunkenly fingering that elephant pinata at your cousin's birthday blowout. Facebook was accidentally leaking access tokens to advertisers, developers, every-damn-body. Theoretically, these tokens could give a third party the ability to post as you on your profile, as well as look through literally everything you've ever posted on Facebook. As many as 100,000 apps had tokens leaked to them over a period of years.

"What other social network are you going to use -- MySpace?"

It's not directly Facebook's fault, except where they've been completely negligent about what goes on on their servers. Most Facebook apps are developed by third parties that can basically hijack the service for whatever dubious purposes they like, as evidenced by the plague of Facebook app viruses that spread thanks to people's tendency to click on anything that looks vaguely like a picture of boobs.

"Tits? Hell yeah I'll let you have access to my hard drive."

Now, here's the good news. Facebook doesn't think that any of the third-party sites actually took advantage of this hole when it was open. But that doesn't mean advertisers and app developers don't love spying on you. Facebook's privacy policy does forbid any app from sending user data to third parties, but The Wall Street Journal conducted a study at the end of 2010 which showed that 10 out of 10 of the top Facebook apps were in violation. Those apps sent off user ID data on millions of users to "outside companies," which means millions of people found their names, app preferences and friend lists leaked out to admen.

"Can you believe Bill is flirting with Jane and Sarah? Let's try to sell penis enlargers to all of them."

In other words, information sharing is against Facebook's privacy policy in the same sense that jaywalking is against the law. The rules are there, but nobody tries very hard to enforce them.

Using Public Wi-Fi


About one-fifth of Internet users have used a public Wi-Fi network, be it at Starbucks or an airport or any of thousands of other locations where people just can't bear to be out of contact with their Facebook wall. Most of those users probably weren't aware that they were putting everything from their email password to their PornHub account at the mercy of anyone who happened to be paying attention.

"Would you like a croissant or some identity theft with your coffee?"

And we literally do mean anyone. There's a program called Firesheep that allows the user to intercept your Wi-Fi connection and gather the cookies from whatever sites you visit. The cookies, of course, being the files containing the info that lets you automatically log into sites the next time you visit. Once they have those cookies, they can gain access to your accounts. The Internet's propensity to give everything a geeky nickname has dubbed this process "sidejacking."

The creators of Firesheep are adamant that they don't intend for anyone to actually use this freely distributed program, but wanted "to demonstrate just how serious this problem is." Which is kind of like building a doomsday device to save the world from doomsday devices.

"There. Now the world is safe."

A recent British study hired a security expert to find out just how easy it is to leech sensitive information out of the public airwaves, and the guy wound up breaking into the accounts of 350 people in one hour, each "sidejack" taking as little as five seconds.

Worse, the hacker doesn't even need to stick around to continue harvesting your passwords. Open Wi-Fi is like an orgy during a latex shortage. Much like governments ill-advisedly developing anthrax and rage viruses, one lab recently developed what they call "Typhoid" malware, which can surf the Wi-Fi networks and infect computers that are in proximity to each other.

Because the original typhoid was such a good time for everybody.

Continue Reading Below

Following Celebrities on Twitter


The invention of Twitter has been useful primarily in maximizing the ability of celebrities to expose us to their shockingly dull and inane lives. But the mass adoption of the medium combined with the childlike trust we have in famous people creates just another opportunity for scammers to exploit.

"Taylor Hicks wants to worship the dark god Set? Count us in."

The fact is, celebrity Twitter accounts are easier to break into than a convertible sedan, as we saw in January 2009 when 33 different celebrity or corporate Twitter accounts were hacked. It began with a tweet from Fox News that read "Breaking: Bill O Riley [sic] is gay" and didn't stop until Rick Sanchez of CNN had admitted to being high on crack and Britney Spears informed a shocked nation about her four-foot-wide vagina.

Okay, so the Rich Sanchez = crack thing makes sense.

So why should you care that strangers are taking over Twitter accounts and making celebrities say ridiculous things? Well, the very same week this article was written, actor Simon Pegg's Twitter was hacked, telling his followers to download a Paul screensaver. Those who did found themselves infected with a Trojan designed to steal their online banking login information.

Which is, arguably, a better fate than watching Paul.

Just a couple of months earlier, Lady Gaga sent out an oddly worded tweet that purported to include a link to one of her banned music videos. The link led to a bogus site that attempted to hijack your Twitter account, using it to spread the same tainted message to all of your followers. Gaga wasn't the origin of the tweet, but she fell for it like thousands of other people and ended up exposing her 9.6 million followers to scammers as a result.

How could she have been outwitted?

You'd think it's their own fault for trusting somebody who once wore a gown made of meat, right? You'd be less inclined to expect scammers distributing links through Barack Obama's Twitter. Except, oh wait, that totally happened. Having lots of money and the ability to order a nuclear strike doesn't render you immune to 18-year-old kids with an Internet connection and buckets of free time.

"He's a nerd, gentlemen. The only way to stop him is a girlfriend who puts out."

Having a Cellphone


OK, you know your phone is capable of gathering data on basically everything you do. But say you've read your EULAs and check out the privacy settings on any service you use. If you disable the storing of location data and steer clear of apps that comb your private info, there's not much to worry about. Just using your navigation app doesn't mean you're broadcasting sensitive data to anyone interested in looking, right?

Allow us several seconds to laugh at your naivete.

As it turns out, the ability to "opt out" of location sharing is only really offered as a "wink wink, nudge nudge" sort of deal.

Apps for both Android and iOS are required to inform you of just what parts of your phone they'll need to access. An e-book reader probably doesn't need to talk with your sent email folder, and your maps app doesn't have much cause to log your calls. That's how it ought to work, in some far-off dimension where advertisers don't treat your phone like a magical market research box. Scientists from Penn State recently looked at 30 popular Android apps and found that two-thirds of the apps misused or suspiciously used private user data.

"Our goof! We promise it won't happen again often."

Innocuous apps were found storing and transmitting location data with "no obvious way" for the user to know. Even when the developers warn you, they bury that warning deep beneath a thick layer of legalese. How many people who give an app access to their Google accounts and network communication realize they're potentially handing the content of every email and text message they send over to marketers? You're probably fine with a location-based app using your GPS data to provide you with a service, but you may not be OK with that same app sending that data off to a marketing firm. Along with your phone number.

"Hey, Sandra! This is Anne with Conglomerated Marketing. I'll be calling you three times a day at wildly unpredictable hours until you decide it's time for Botox."

Several popular apps, like Color, even tap into your handset's microphone to pick up ambient sound data about your surroundings. Users of Color know that they're throwing pictures and other content out onto an unprotected network. But the app contains no explicit warning that installing it turns your phone into a 24/7 listening device.

You should never trust an app with a logo that lazy.

So how about just avoiding apps entirely? First of all, good luck with that. Second, even that won't be enough to protect your location. Apple recently made headlines when researchers found that the iPhone and iPad were storing user location data in an unencrypted file. So even if you do everything right and practice perfect information awareness, it all goes out the window the minute someone forgets to use the padlock.

"We feel super terrible. Please continue to send us money."

Continue Reading Below

Trusting the Experts With Your Data


Let's say you've internalized the lessons of this article well. You don't download any apps on your phone, you never use open Wi-Fi networks and you stay the hell away from Facebook and Twitter at all times. Your Internet experience kind of sucks now.

"I might as well go read a book or something.

You still hand over your data if you know it's going to a giant, trustworthy company, or if the government asks for it. One, you don't have a choice in many cases and two, those guys pay millions of dollars to protect your data from hackers. It's probably safer with them than it is on your hard drive!

Unfortunately, the government, the giant corporations and your hard drive all have one fatal flaw in common: human beings. At some point along the line, your information security rests in the hands of people no more competent than you. They have shitty days, get drunk and go to work with painful hangovers, too.

Above: The guy who keeps your Social Security number secret.

Take the Comptroller's office of the State of Texas. They recently copped to exposing the private data of 3.5 million people. Teachers and former government employees from across the state found that their Social Security numbers, drivers license numbers, names, addresses and birth dates were revealed on the Internet. And it wasn't the work of some nefarious hacker. The Comptroller's office accidentally posted the information on a public, unencrypted Internet database.

The U.S. doesn't have a monopoly on this kind of fuckup. In 2006, Britain's senior tax official mailed off two CDs loaded with personal data for 25 million people. Both disks -- which were not encrypted -- were "lost in the mail." The U.K.'s government topped themselves in 2008, when an estimated 37 million items of personal data were lost across all levels of the government.

We always sort of assumed these guys were more diligent.

And if the government treats your data with all the care of a serial crack mother, private enterprise is no better. We all remember when Sony's PlayStation Network leaked the names, passwords and private home addresses of 77 million users. British Petroleum, too, in an apparent attempt to prove their mastery over all manner of leak, had another disaster in March of 2011. A BP employee "accidentally" lost a laptop filled with unencrypted private data for 13,000 people. And those people were all damage claimants seeking compensation for the Gulf oil spill. If you're paying attention, BP has finally crossed the line from "incompetent evil" to "cartoonish supervillainy."

We're all very proud.

Here's a simple rule to live by: if you put the information online, people can get at it. And if you choose to trust a third party with your data, they reserve the right to get hammered and forget to encrypt it. We all live in glass houses now. Even if you use black construction paper to cover your walls, someone can still shine a flashlight through and get a pretty good idea of what your naked body looks like.

Robert Evans writes about technology for I4U News, and the practical aspects of fish-fighting on his blog.

For more things you haven't realized about this here internet, check out 6 Things Our Kids Just Plain Won't Get and 7 Reasons Computer Glitches Won't Go Away (Ever).

And stop by LinkSTORM to cleanse your palette of all this sticking it to the man.

And don't forget to follow us on Facebook and Twitter to get Cracked articles sent straight to your news feed.

Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infograpic and you could be on the front page of Cracked.com tomorrow!

To turn on reply notifications, click here


Load Comments