You don’t have to look far to find evidence that our identities are alarmingly unprotected and constantly under attack. Go read Symantec Corporation’s recent report on stolen information markets, which collect information from phishing sites and resell them for as little as $10. Such scams are becoming increasingly frequent—up 167 percent since the beginning of 2007, according to Symantec. Indeed, RPI itself was the victim of a phishing attempt on April 1, when an e-mail claiming to be from the Help Desk asked students and administrators for their RCSIDs and passwords.
And don’t think that replying to e-mails from Nigerian princes is the only way to end up with your bank account being drained. Flip back to page four and read up on HSBC’s reissuing of thousands of debit cards due to data theft. Or pull up yesterday’s The Daily WTF and read about how the Oklahoma Department of Corrections website leaked the Social Security numbers of 10,597 offenders. It seems that every week some government or corporate laptop, inexplicably loaded up with gigabytes of personal information, is left in a taxi and finds its way into the hands of an unintended recipient.
The biggest consumer of leaked information crawls the web with an armada of spiders that download, catalog, and publicize every kilobyte they encounter. It’s likely they have something on you. In my case, they have 1,310 pages of dirt, including hundreds of e-mails I’ve written since the age of 12.
They’re Google. Everything online, whether it is meant to be found or not, winds up in their massive database. (Just look up the Google Hacking Database, which will teach you how to find Web-accessible security cameras that aren’t password protected.) This doesn’t just include things like the source code to MS-DOS that Google Code Search™ stumbled upon a year and a half ago; it also includes your Facebook profile where you list your favorite drinking games and a cached version of the LiveJournal you thought you deleted years ago.
It’s important to realize that once something is published online, be it your bank account number or your anti-Scientology diatribe, it’s next to impossible to revoke it; anyone can pull it up in seconds on a whim. And they do. Employers are known to extensively investigate their prospective hirees, a practice which has led many to actively scrub content about them from the Web. The Polytechnic itself has been contacted twice in regard to expunging articles from its online archive, simply because they painted an unfavorable picture of their subjects.
It is an unwinnable battle, but it is at least preventable. As careful as you are to protect your credit card number from shady eBay sellers, you should be twice so to protect your reputation when communicating under your real name online. Present yourself courteously and spend time developing your arguments before you share them. Don’t put anything online that’s just meant for your friends; assume anyone can and will see it—if not to preserve your own image, then to preserve that of the guy who stole your Social Security number.
