Note to Self:

From now on, make sure that the vanity searches originate from a different IP address than the how-to searches regarding killing, maiming, and dead people…

The AOL search data scandal is a welcome wakeup call. It is useful to remember that even a common, theoretically harmless internet activity might be used to correlate between normally segmented parts of a person’s identity. Data that people believe goes no farther than from the chair to the keyboard gets published, and one more illusion of privacy goes out like the baby with the bathwater.

Ever heard the abbreviation “TMI”? It means “Too Much Information”. Generally it applies when somebody volunteers embarrassing and/or revealing information over and above what is necessary in the context of the conversation, resulting in discomfort and/or disgust on the part of the conversational partner.

We are, as a population, entering the age of TMI. Scores of people (including myself) are busily working on data entry: their thoughts, biographies, portraits, proclivities, and personal habits are being eagerly keyed in. Some of them are bright enough to do so pseudonymously or anonymously. Regardless of how they do it, it seems to me that there is no guarantee whatsoever that their anonymity or pseudonymity, or even their expectations of freedom from webcrawler indexing will stand the test of time.

I think most people, whether they are aware of it or not, still believe in security by obscurity. Sure, if somebody worked hard it might be possible to realize that Mary Smith is “concernedParent” on, but “naughtyGirl” on, but why would anyone think to correlate those identities together? Such a correlation today takes an active effort, and it’s difficult to conceive of why anyone would even bother.

Of course, security by obscurity definitely didn’t work for Thelma Arnold. Her identity was extracted using the AOL dataset and other publicly available information for no other reason than because it could be. I’ll bet the phone calls from the reporters were an unwelcome shock. Even data that cannot quite personally identify someone now might cumulatively do so later. Perhaps the AOL dataset links “concernedParent” to “naughtyGirl”, but one year later, a different body of data manages to link “concernedParent” to Mary Smith. At this point the link between Mary Smith and “naughtyGirl” is there for the farming. Imagine what will happen if anyone on the internet figures out who user #17556639 is. Even worse, imagine if they get it wrong.

So when will be the day that the right body of personally correlational data combines to reveal your secrets? Maybe never. Maybe tomorrow. Just because it is obscured now, doesn’t mean it will be forever. And once an internet search for Mary Smith links to “naughtyGirl”, it won’t go away — the problem with a TMI situation is that the damage cannot be undone.

All I can think to hope for is a partial solution: mutual assured TMI. If everyone has as much dirt as everyone else, the dirt might become less significant. At least the excusable indiscretions might be overlooked. MySpace, you might save us yet….

5 thoughts on “Note to Self:

  1. Did you know there is no site called sexymommies I looked. :) The rest of this content is OK but is it just me or should this not be obvious to people? I mean really you have no privacy and the technology industry makes no bones about the fact they store and model everything. When was the last time you went to a web site and the content was modelled to your geographical location or or age group or your sex or etc….

    Storage is cheap and with enough data they can sell anything.

    I guess I am just paranoid!

    Pam says: Hi Cleve! As a matter of fact, I didn’t look for sexymommies on purpose, ’cause I started with a different site name that made me sorry I checked :-). I would say that the idea of cross-indexing is becoming more understood but people still assume that the combination of separate identity silos and separate handles will keep their secret lives safe. This false sense of complacency is what really frightens me.

  2. A search proxy solves the AOL issue and the GOV in my google issue.

    Just find one thats cool and free. Heres a start.
    Once you get the hang of it move on from there.

    Pam says:  sweet, I’ll check it out! I’ve been looking at Torpark too.

  3. I’ve always thought the best way to protect my identity is to assert it. Maybe that’s not bright, but it’s my working theory. Knowing that my name is out there hasn’t always helped me keep TMI to myself. Then again, we have as an excellent example of how security by obscurity can fail, and then open the door to financial success.

    There are clearly many people participating on the Internet that want to maintain a discrete distance from their alter-ego. Many people, I suspect, fear the concept of strong identity on the Internet. What happens if people really know who they are? This thought may concern folks who do nothing to be embarassing or shameful. Who do you trust with your identity?

    I’m still looking forward to the day when we have fully proofed digital signatures and encryption certificates in common usage. It doesn’t look like that’s happening anytime soon, except in corporate life.

  4. It’s a nasty quagmire we’ve gotten ourselves into.

    On one hand, it’s nice to see all the nasty things that we’ve said about one another in the past, but it’s another thing to have one’s identity defined by the questions(searches) that you’ve had.

    What are you going to do? Not use search engines? Not Likely.

    Heck the “G” has done a rather fine job of making sure that when I want to search, it’s there.

    Our world is shrinking, yet getting bigger all at the same time.

    At least I know for a fact, that I’m the only Garrett Serack out there. Well, except for that granola-eatin’ tree-huggin’ Linux guru… That couldn’t have been me… I work for the “M”

    In any event, what you have to ask yourself is, how would you behave if someone was looking over your shoulder? Is that not what’s happening?

    A wise man once told me that “A hero, is a person who does the right thing when nobody is looking”.

    Sure, I think it’s probably not really anyone’s business what kind of particular things I search for on the Internet, and frankly I’m really not thrilled about the ‘virtual profile’ that is being assembled about me. Not because of its existance mind you, but because there’s a bunch of people who are doing things with that information that they wouldn’t if someone was watching them.

    So, what’s the solution?

    NOISE. and VOLUME.

    I’m thinking about writing a random phrase searching tool, which will start picking random phrases upon which to search, all with my cookie. And I’m going to write it to be a screensaver, so everytime I’m away from my PC, it starts filling the search engine’ssearch logs with completely useless information. If you want to make sure that they can’t track what you’re doing, drown them in crap.

    What possible good will having the data do them, once you’ve started clogging the profiler? Hopefully none.


    Pam says:  Garrett, that is BRILLIANT!  Can I have a copy of it when you’re done?

  5. Pingback: Garrett Serack: CardSpace and more... : Losing our Anonymity?

Comments are closed.