5 Seemingly Innocent Ways You Risk Your Identity Every Day

It's not directly Facebook's fault, except where they've been completely negligent about what goes on on their servers. Most Facebook apps are developed by third parties that can basically hijack the service for whatever dubious purposes they like, as evidenced by the plague of Facebook app viruses that spread thanks to people's tendency to click on anything that looks vaguely like a picture of boobs.

Now, here's the good news. Facebook doesn't think that any of the third-party sites actually took advantage of this hole when it was open. But that doesn't mean advertisers and app developers don't love spying on you. Facebook's privacy policy does forbid any app from sending user data to third parties, but The Wall Street Journal conducted a study at the end of 2010 which showed that 10 out of 10 of the top Facebook apps were in violation. Those apps sent off user ID data on millions of users to "outside companies," which means millions of people found their names, app preferences and friend lists leaked out to admen.

In other words, information sharing is against Facebook's privacy policy in the same sense that jaywalking is against the law. The rules are there, but nobody tries very hard to enforce them.

And we literally do mean anyone. There's a program called Firesheep that allows the user to intercept your Wi-Fi connection and gather the cookies from whatever sites you visit. The cookies, of course, being the files containing the info that lets you automatically log into sites the next time you visit. Once they have those cookies, they can gain access to your accounts. The Internet's propensity to give everything a geeky nickname has dubbed this process "sidejacking."

The creators of Firesheep are adamant that they don't intend for anyone to actually use this freely distributed program, but wanted "to demonstrate just how serious this problem is." Which is kind of like building a doomsday device to save the world from doomsday devices.

A recent British study hired a security expert to find out just how easy it is to leech sensitive information out of the public airwaves, and the guy wound up breaking into the accounts of 350 people in one hour, each "sidejack" taking as little as five seconds.

Worse, the hacker doesn't even need to stick around to continue harvesting your passwords. Open Wi-Fi is like an orgy during a latex shortage. Much like governments ill-advisedly developing anthrax and rage viruses, one lab recently developed what they call "Typhoid" malware, which can surf the Wi-Fi networks and infect computers that are in proximity to each other.

The fact is, celebrity Twitter accounts are easier to break into than a convertible sedan, as we saw in January 2009 when 33 different celebrity or corporate Twitter accounts were hacked. It began with a tweet from Fox News that read "Breaking: Bill O Riley [sic] is gay" and didn't stop until Rick Sanchez of CNN had admitted to being high on crack and Britney Spears informed a shocked nation about her four-foot-wide vagina.

So why should you care that strangers are taking over Twitter accounts and making celebrities say ridiculous things? Well, the very same week this article was written, actor Simon Pegg's Twitter was hacked, telling his followers to download a Paul screensaver. Those who did found themselves infected with a Trojan designed to steal their online banking login information.

Just a couple of months earlier, Lady Gaga sent out an oddly worded tweet that purported to include a link to one of her banned music videos. The link led to a bogus site that attempted to hijack your Twitter account, using it to spread the same tainted message to all of your followers. Gaga wasn't the origin of the tweet, but she fell for it like thousands of other people and ended up exposing her 9.6 million followers to scammers as a result.

You'd think it's their own fault for trusting somebody who once wore a gown made of meat, right? You'd be less inclined to expect scammers distributing links through Barack Obama's Twitter. Except, oh wait, that totally happened. Having lots of money and the ability to order a nuclear strike doesn't render you immune to 18-year-old kids with an Internet connection and buckets of free time.

As it turns out, the ability to "opt out" of location sharing is only really offered as a "wink wink, nudge nudge" sort of deal.

Apps for both Android and iOS are required to inform you of just what parts of your phone they'll need to access. An e-book reader probably doesn't need to talk with your sent email folder, and your maps app doesn't have much cause to log your calls. That's how it ought to work, in some far-off dimension where advertisers don't treat your phone like a magical market research box. Scientists from Penn State recently looked at 30 popular Android apps and found that two-thirds of the apps misused or suspiciously used private user data.

Innocuous apps were found storing and transmitting location data with "no obvious way" for the user to know. Even when the developers warn you, they bury that warning deep beneath a thick layer of legalese. How many people who give an app access to their Google accounts and network communication realize they're potentially handing the content of every email and text message they send over to marketers? You're probably fine with a location-based app using your GPS data to provide you with a service, but you may not be OK with that same app sending that data off to a marketing firm. Along with your phone number.

Several popular apps, like Color, even tap into your handset's microphone to pick up ambient sound data about your surroundings. Users of Color know that they're throwing pictures and other content out onto an unprotected network. But the app contains no explicit warning that installing it turns your phone into a 24/7 listening device.

So how about just avoiding apps entirely? First of all, good luck with that. Second, even that won't be enough to protect your location. Apple recently made headlines when researchers found that the iPhone and iPad were storing user location data in an unencrypted file. So even if you do everything right and practice perfect information awareness, it all goes out the window the minute someone forgets to use the padlock.

You still hand over your data if you know it's going to a giant, trustworthy company, or if the government asks for it. One, you don't have a choice in many cases and two, those guys pay millions of dollars to protect your data from hackers. It's probably safer with them than it is on your hard drive!

Unfortunately, the government, the giant corporations and your hard drive all have one fatal flaw in common: human beings. At some point along the line, your information security rests in the hands of people no more competent than you. They have shitty days, get drunk and go to work with painful hangovers, too.

Take the Comptroller's office of the State of Texas. They recently copped to exposing the private data of 3.5 million people. Teachers and former government employees from across the state found that their Social Security numbers, drivers license numbers, names, addresses and birth dates were revealed on the Internet. And it wasn't the work of some nefarious hacker. The Comptroller's office accidentally posted the information on a public, unencrypted Internet database.

The U.S. doesn't have a monopoly on this kind of fuckup. In 2006, Britain's senior tax official mailed off two CDs loaded with personal data for 25 million people. Both disks -- which were not encrypted -- were "lost in the mail." The U.K.'s government topped themselves in 2008, when an estimated 37 million items of personal data were lost across all levels of the government.

And if the government treats your data with all the care of a serial crack mother, private enterprise is no better. We all remember when Sony's PlayStation Network leaked the names, passwords and private home addresses of 77 million users. British Petroleum, too, in an apparent attempt to prove their mastery over all manner of leak, had another disaster in March of 2011. A BP employee "accidentally" lost a laptop filled with unencrypted private data for 13,000 people. And those people were all damage claimants seeking compensation for the Gulf oil spill. If you're paying attention, BP has finally crossed the line from "incompetent evil" to "cartoonish supervillainy."

Here's a simple rule to live by: if you put the information online, people can get at it. And if you choose to trust a third party with your data, they reserve the right to get hammered and forget to encrypt it. We all live in glass houses now. Even if you use black construction paper to cover your walls, someone can still shine a flashlight through and get a pretty good idea of what your naked body looks like.

Robert Evans writes about technology for I4U News, and the practical aspects of fish-fighting on his blog.

For more things you haven't realized about this here internet, check out 6 Things Our Kids Just Plain Won't Get and 7 Reasons Computer Glitches Won't Go Away (Ever).

And stop by LinkSTORM to cleanse your palette of all this sticking it to the man.

And don't forget to follow us on Facebook and Twitter to get Cracked articles sent straight to your news feed.

Do you have an idea in mind that would make a great article? Then sign up for our writers workshop! Do you possess expert skills in image creation and manipulation? Mediocre? Even rudimentary? Are you frightened by MS Paint and simply have a funny idea? You can create an infograpic and you could be on the front page of Cracked.com tomorrow!