Blog

How Easy is it to Identify Someone Online? Really Easy!

Ara Trembly
Insurance Experts' Forum, February 1, 2010

In other columns, I’ve had quite a bit to say about the questionable security of social networking sites—especially where insurance and financial services entities are concerned. A recent visit to the Electronic Frontier Foundation Web site, however, has significantly upped the ante in the game of privacy. 

An article there by Peter Eckersley lays out just how easy it is to use a few pieces of information to deduce who you are—and chances are someone trying to do that has a nefarious purpose in mind. According to Eckersley, “If all I know about a person is their ZIP code, I don't know who they are. If all I know is their date of birth, I don't know who they are. If all I know is their gender, I don't know who they are. But it turns out that if I know these three things about a person, I could probably deduce their identity!”

This deduction happens by way of a statistical formula that you can check out in the article. OK, so someone looking on my Facebook account can mathematically deduce who I am. So what? After all, I probably have lots of personal information on my Wall, but only my “friends” can see it, right? Not so fast! EFF says the same methods can also be used to tell Web browsers apart, or to identify subtle and unique differences in my browser that positively identify me, even when I have provided no information. Thus, even when I am operating in a more “secure” online environment, someone utilizing these methods could conceivable identify my computer and gather information on me. It could be used to determine when I visit a particular Web site, and what parts of the site interest me. In short, it puts my privacy at great risk.

How unique is the “fingerprint” of my particular Web browser? It turns out that EFF has a software tool on its Web site that can determine that. When I pushed the test button found at http://panopticlick.eff.org, it took only a few seconds for the application to find aspects of my browser that are unique—that identify me without any help from foolish actions such as placing personal information on public social networking sites where my well-meaning friends have other “friends” who can now access that data. In another EFF article, Seth Schoen writes: “Our intuition that certain information is ‘anonymous’ is often wrong. Given the proper circumstances and insight, almost any kind of information might tend to identify an individual; information about people is more identifying than has been assumed.”

Perhaps you’re OK with the notion that someone using such snooping methods can follow your every movement. Then again, maybe the idea that someone is watching and formulating plans to send you targeted spam is a bit disquieting. And it could get worse—to the point where identity theft and other criminal activity is involved. Why? Because it’s profitable! In fact, online sources report that stolen Twitter account information, for example, can be sold for hundreds of dollars.

This very real possibility again points to the heightened vulnerability of our online information—whether or not we post it on a social networking site. The very idea of personal privacy seems ludicrous in such an environment. It remains to be seen whether or not technology can be developed to block the near instant harvesting of such identifying information.

It begs the question: Do insurers—whose livelihood is based on public trust—want to be named as part of the chain that takes down the privacy of an individual or group, doing financial and emotional damage? Can carriers and brokers really take that kind of hit—or must they do everything possible to limit their own online exposure to protect their most valuable asset—customer information?

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Don’t Wrap Your Organization Too Tight With Metrics

Metrics provide a picture of how business is going, and systems are performing. But do they provide the right picture?

Insurance: The Original Shared Economy

Insurers should look to revisit the roots of the insurance process.

The Seven Flavors of Virtualization

There is no one single form of virtualization rather, different parts of the IT infrastructure require different approaches.

Can New Technology Turn Older Cars into Safer Cars?

Unless you have the means and motivation to buy a new car every year, your newest car is quickly about to become an older car.

What if Someone Kickstarted an Insurance Company

Our industry is evolving and implementing new innovations, particularly focusing on the customer experience, including the web and mobile.

The Transformative CIO

Today's technology leaders are expanding well beyond their traditional role.