An email arrives from a company you’ve never heard of telling you about a change to their user policy. It could very well have been spam, except that the details are actually correct for a change, and you’re not being offered a credit card, mortgage, or a million dollars from a Nigerian general. The email details alterations to a privacy policy you probably never read, particularly since the company name itself doesn’t register. You’ve just stumbled upon your Internet trail, crumbs you’ve scattered around the place registering here and there over the years.
But just how big is your Internet footprint? If you’re a conscientious user who goes out of their way to protect their information and avoid pointless trivia on the Web, it could be that you’ve only left a few grains behind you. But for the rest of us, those little titbits could very well be quite liberally scattered throughout the Internet, potentially accessible to just about anyone with the time and inclination. Whilst the content we’ve created ourselves might be relatively humble, today’s social web has ensured that all but the most camera shy can end up having their pictures online for virtually anyone to see, and references to us can be found with just a few simple searches. But our Internet footprint isn’t just limited to those relevant bits which appear when we’re Googled—which after all is as much dependent on the uniqueness of our names or the fields in which we work—but simply, how many little instances there are of us out there.
Control of information
Just how much information about us is available out there on the Internet can sometimes come as an unpleasant surprise. French magazine Le Tigre set themselves the challenge of publishing the life story of a young French architect based solely on the information it could glean from Internet sites such as Facebook, Flickr and YouTube. The article appeared in the magazine in December, 2008, and a more tempered version that appeared at the gentleman’s behest can still be found here (in French). Certainly, the man in question was clearly au fait with the new world of social networking sites and the like, but none too concerned about his privacy. Information on his holidays, his former girlfriends, his work and friends, even such information as his mobile phone number and whereabouts were all gleaned from these sites with a scanty amount of detective work. In this case, the man was responsible for publishing a large amount of information about himself on the Internet, but how can any of us stop third parties doing the same? How many of the 350 million Facebook users has a real clue about its privacy settings? And how many of those are friends with people who are conscious about controlling the information available about them?
A captcha of logins
Signing up to a social networking site, you might be forgiven for thinking that at least then you can have some form of control over the information available about us. But there is more information available on the Internet for those with a desire to look for it. Just think about how many sites out there you have an account for. Just how many little instances of ourselves are there out in the wild? Email accounts, social networking sites, online banking, multimedia sites, shops, forums, services, blogs. Even just counting the ones we use with any amount of regularity, that could easily amount to a few dozen user accounts, and that’s to say nothing of the various gizmos we use that aren’t accessed via the Web, such as instant messaging platforms, backup or VoIP services, online games etc. More importantly, how many other extra accounts are there out there from services we’ve only merely sampled and don’t use with any frequency? How many accounts out there belong to users who have signed up to give a website a trial and perhaps never came back? Or worse, have been forced to sign up in order to access essentially free material, or to leave a one-off comment, and left their account ever after disused?
Personally, I would not be surprised if my own number of instances scattered around the Internet included over a hundred accounts. People more active on the web no doubt have many more. Those accounts may not all contain the same information—different usernames, passwords, email addresses, heck, sometimes even different names—but they are all linked to me, and the differences are not usually so bold. Most of us probably have a particular username and password combination that we like to use; it makes our lives easier if we only have to remember a single combination for all of our online activity. Occasionally those plans go awry when we find our username has already been taken, forcing us to adopt an arbitrary modification, like adding a number to the end, or an underscore in the middle. Other times our passwords have to change to accommodate some rules for a particular service, meaning our regular password has to suddenly grow or lose a number or special character, or grow or shrink accordingly. But in general, our online presences are cloned copies of our logins sprinkled across the Internet like a particular allele in the gene pool.
Well, so what? It’s not like these details are generally put on public display. Except that they can be. Try typing your own unique username into a site like User Name Check. And all it would take is for one of those sites to have a flaw in their security for someone to potentially have access to any number of services you’ve become a member of over the years. Only recently, a popular social website with over 30 million members proved to be a ripe source for the usernames and passwords of all its members. As detailed here, this represented a pretty basic flaw in security, yet despite its popularity, the site nevertheless failed to protect the information of its members. Would you really trust every little site and service you’ve signed up to to do the same?
The circle of trust
The web has to a large extent now grown to become an extension of the societies in which we live. Web presences have been something of a standard for most reasonable-sized businesses for a long time, and many small outfits have long since followed suit. Yet the last few years have seen that requirement spread to the general populace. It seems like every man and his dog has a Facebook account. ((Or else Bebo, MySpace, Orkut, Friendster, LinkedIn etc.)) Information about us that would once require some serious detective work can now be gleaned from the comforts of your own home, with a bit of patience and a supply of coffee. The potential is still there to control how some of that information is shared, but only to a certain extent. And how many people are actually aware or savvy enough to look after that information is an entirely different matter.
Nevertheless, we are usually willing to place a lot of faith in the many online services we subscribe to, often without so much as reading the privacy policy or terms and conditions. In order to save ourselves the heartache of memorising different usernames or passwords for those services, we tend to limit ourselves to a small handful, all too often to some of those found on lists such as this one. With the potential for any one of those services to become victim of an attack and reveal to unknown third parties information including, but not limited to, usernames, email addresses, passwords, personal and payment details, it seems borderline lunacy that we leave so many unnecessary little copies of our details scattered around the Internet. This latter point is particularly true if you use the same username and password combination for the majority of sites. On the Internet we are willing to accept many into our circle of trust, but it still only takes one site to be broken for us to have a potentially large headache on our hands.
So what can we do to minimise our risks? Simply follow the same rules of common sense you would adhere to in the real world: keep your passwords secure and make yourself a smaller target; actually read the privacy policies and terms and conditions before agreeing to anything; acquaint yourself with the privacy settings on social networking sites, and keep control of the information about yourself; if you run a site of your own, don’t force users to sign up for an account unless absolutely necessary; and as a general Internet user, try to limit the number of instances you create, and delete the ones you no longer use.