How Easy is it to Identify Someone Online? Really Easy!
Insurance Experts' Forum, February 1, 2010
In other columns, I’ve had quite a bit to say about the questionable security of social networking sites—especially where insurance and financial services entities are concerned. A recent visit to the Electronic Frontier Foundation Web site, however, has significantly upped the ante in the game of privacy.
An article there by Peter Eckersley lays out just how easy it is to use a few pieces of information to deduce who you are—and chances are someone trying to do that has a nefarious purpose in mind. According to Eckersley, “If all I know about a person is their ZIP code, I don't know who they are. If all I know is their date of birth, I don't know who they are. If all I know is their gender, I don't know who they are. But it turns out that if I know these three things about a person, I could probably deduce their identity!”
This deduction happens by way of a statistical formula that you can check out in the article. OK, so someone looking on my Facebook account can mathematically deduce who I am. So what? After all, I probably have lots of personal information on my Wall, but only my “friends” can see it, right? Not so fast! EFF says the same methods can also be used to tell Web browsers apart, or to identify subtle and unique differences in my browser that positively identify me, even when I have provided no information. Thus, even when I am operating in a more “secure” online environment, someone utilizing these methods could conceivable identify my computer and gather information on me. It could be used to determine when I visit a particular Web site, and what parts of the site interest me. In short, it puts my privacy at great risk.
How unique is the “fingerprint” of my particular Web browser? It turns out that EFF has a software tool on its Web site that can determine that. When I pushed the test button found at http://panopticlick.eff.org, it took only a few seconds for the application to find aspects of my browser that are unique—that identify me without any help from foolish actions such as placing personal information on public social networking sites where my well-meaning friends have other “friends” who can now access that data. In another EFF article, Seth Schoen writes: “Our intuition that certain information is ‘anonymous’ is often wrong. Given the proper circumstances and insight, almost any kind of information might tend to identify an individual; information about people is more identifying than has been assumed.”
Perhaps you’re OK with the notion that someone using such snooping methods can follow your every movement. Then again, maybe the idea that someone is watching and formulating plans to send you targeted spam is a bit disquieting. And it could get worse—to the point where identity theft and other criminal activity is involved. Why? Because it’s profitable! In fact, online sources report that stolen Twitter account information, for example, can be sold for hundreds of dollars.
This very real possibility again points to the heightened vulnerability of our online information—whether or not we post it on a social networking site. The very idea of personal privacy seems ludicrous in such an environment. It remains to be seen whether or not technology can be developed to block the near instant harvesting of such identifying information.
It begs the question: Do insurers—whose livelihood is based on public trust—want to be named as part of the chain that takes down the privacy of an individual or group, doing financial and emotional damage? Can carriers and brokers really take that kind of hit—or must they do everything possible to limit their own online exposure to protect their most valuable asset—customer information?
Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.
Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at firstname.lastname@example.org.
The opinions posted in this blog do not necessarily reflect those of Insurance Networking News or SourceMedia.
Add Your Comments...
If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.
You must be registered to post a comment. Click here to register.