Blog

How Easy is it to Identify Someone Online? Really Easy!

Ara Trembly
Insurance Experts' Forum, February 1, 2010

In other columns, I’ve had quite a bit to say about the questionable security of social networking sites—especially where insurance and financial services entities are concerned. A recent visit to the Electronic Frontier Foundation Web site, however, has significantly upped the ante in the game of privacy. 

An article there by Peter Eckersley lays out just how easy it is to use a few pieces of information to deduce who you are—and chances are someone trying to do that has a nefarious purpose in mind. According to Eckersley, “If all I know about a person is their ZIP code, I don't know who they are. If all I know is their date of birth, I don't know who they are. If all I know is their gender, I don't know who they are. But it turns out that if I know these three things about a person, I could probably deduce their identity!”

This deduction happens by way of a statistical formula that you can check out in the article. OK, so someone looking on my Facebook account can mathematically deduce who I am. So what? After all, I probably have lots of personal information on my Wall, but only my “friends” can see it, right? Not so fast! EFF says the same methods can also be used to tell Web browsers apart, or to identify subtle and unique differences in my browser that positively identify me, even when I have provided no information. Thus, even when I am operating in a more “secure” online environment, someone utilizing these methods could conceivable identify my computer and gather information on me. It could be used to determine when I visit a particular Web site, and what parts of the site interest me. In short, it puts my privacy at great risk.

How unique is the “fingerprint” of my particular Web browser? It turns out that EFF has a software tool on its Web site that can determine that. When I pushed the test button found at http://panopticlick.eff.org, it took only a few seconds for the application to find aspects of my browser that are unique—that identify me without any help from foolish actions such as placing personal information on public social networking sites where my well-meaning friends have other “friends” who can now access that data. In another EFF article, Seth Schoen writes: “Our intuition that certain information is ‘anonymous’ is often wrong. Given the proper circumstances and insight, almost any kind of information might tend to identify an individual; information about people is more identifying than has been assumed.”

Perhaps you’re OK with the notion that someone using such snooping methods can follow your every movement. Then again, maybe the idea that someone is watching and formulating plans to send you targeted spam is a bit disquieting. And it could get worse—to the point where identity theft and other criminal activity is involved. Why? Because it’s profitable! In fact, online sources report that stolen Twitter account information, for example, can be sold for hundreds of dollars.

This very real possibility again points to the heightened vulnerability of our online information—whether or not we post it on a social networking site. The very idea of personal privacy seems ludicrous in such an environment. It remains to be seen whether or not technology can be developed to block the near instant harvesting of such identifying information.

It begs the question: Do insurers—whose livelihood is based on public trust—want to be named as part of the chain that takes down the privacy of an individual or group, doing financial and emotional damage? Can carriers and brokers really take that kind of hit—or must they do everything possible to limit their own online exposure to protect their most valuable asset—customer information?

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

On Thanking the Regulator … Really

The Financial Conduct Authority is demanding higher standards of consumer protection from insurers, which could lead to greater customer engagement and understanding.

Competing with the Coasts for Tech Talent

Are heartland-based insurers at a recruiting disadvantage for tech skills?

Putting Your Investments Where Your Transformation Is: Part 2: Optimizing Your IT Investments Portfolio

Sam Medina continues a 3-part series on Transforming the IT Investment Budget in order to fund new programs and initiatives without the necessity of additional capital expense.

Boosting Performance with Integrated Underwriting Tools

A unified, comprehensive platform can help underwriters perform their jobs more efficiently and profitably.

Apply Mindfulness to Leadership

Managers can benefit from applying this theory both to their career aspirations as well as to interactions and expectations of staff.

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

Advertisement

Advertisement