Privacy Redux

imoldernu

imoldernu

Gone but not forgotten
Joined
Jul 18, 2012
Messages
6,335
Location
Peru
Apologies in advance, as I expect to make more than one post on this subject, and it may be a bit overwhelming.

We have had a number of threads covering the subject, but there is nothing
like real life experience to bring home the importance of privacy, and to understand the degree of seriousness of thing that can happen in innocence
or from ignorance.

Let me begin with a real life episode that is in the process of destroying a persons' life.

A member of a large law firm recently received an email from a disgruntled and vindictive male which contained a threat. This person was writing the senior member of the firm to state that he had been having an affair with another "not quite senior" married female member of the firm. She had terminated the affair, and he, was angry. In his letter to the senior member he stated that he was going to send indiscreet pictures to the senior member as well as all of the senior members, and also to the firm's clients.

If and when this happens, the firm will have to terminate the female member, and go to risk management. Doubtless, this will be very expensive for all involved, and in the end, there may be no legal recourse.
The losses could be into the millions.

The initial point to be made here, is that anything that has been placed on the internet, in any form... today or twenty years ago, is, in effect, in the public domain.

The obvious first place to come to mind here, is Facebook, but that is only the tip of the iceberg. Subsequently, I hope to outline some risk factors to which all of us are subject. Especially for those (like myself) with lives that are an open book.

For starters, consider the simplest non-stealthy means of obtaining information... ie. just reading the postings of an individual here on ER.

With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow. :)
 
imoldernu said:
With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow. :)
Click to expand...
Shiver me timbers, thee found me treasure chest? Arghhh
 
I knew using some poor unsuspecting guy's identity when I registered here was going to pay off someday, but I had no idea it would turn out to be so much fun... :)
 
imoldernu said:
With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow. :)
Click to expand...

Every time you hand over a check you are giving your name, address, and bank account details. However, to acces their bank account you need more than a password spinner to get access. Unless you know some techniques to guess a username as well a password and get that combination right in 3 attempts from a computer that is not registered with the bank then you could have been rich, or in prison, years ago. ( these days I believe all banks use 2 level authentication the first time you access your account from a different computer)
 
Here's some of the process... Starting with the Avatar alone.

Copied the Avatar, and dropped it into "Google Image Search". In this case, the same avatar had been used in different forums, by the same person. In those forums, the name was different, but after reading a post or two, it was easy to see it was the same person. The personal info in the "User Info" section brought up considerable more information, as to location, interests and in one case, a link to a personal webpage, that by itself was anonymous, but with other information, led to a user name that was probably, and turned out to be an almalgamation of the the actual name. From there, it was easy enough to use location and last name to do a telephone number search. This led to the names of others in the household, as well as neighbors names and addresses.

Since one of the household member's names was likely a childs name, it was a matter of searching for any posts under that name... It turned up in a facebook page, and you can guess the rest...

Now once the name and address is known, it is easy to go on to Google maps and get a birds eye view of the house, and to Zillow to find the estimate of the house's value.

Next, to use Google maps, to locate the town, and area where the person lived, and then to seek out local banks. Knowing that most people are creatures of habit, and often likely to use their email or blogsite address as a username for other websites, going to a bank website and attempting to sign in with a user name, only gets one as far as the password.... that's usually the stopping point.... but it's not impossible to guess passwords.... especially when the name and birthdate or the household pet's name is involved.

Where test questions come up, it's pretty easy to go to a genealogy site and look up mother's names, or to find records of birth... (town where you were born), or high school or grammar school...

Of course the easiest way to access information, is to obtain the sign on password for email... Then one's life becomes an open book.
........................................................................
Now, I want to recount a frightening experience that happened to me this summer... Our campground has internet access, but none to the camps. We have an internet cafe type of arrangement that you can use, with the campground computers. Since it was a quiet day, and no one waiting, I signed on to my homepage, and spent a few hours browsing. I signed off and left...
The next morning, I went back to do some more emails and browsing, and went back to the same computer. There... on the opening screen, was a direct link to my homepage, with automatic sign-on... As public as public could be.

Another few hours wasted, changing passwords, screen names etc, etc, and who knows what info someone may have taken.
Strong lesson learned.

So... pretty easy to find out info. Here are some things that come easy... I'll use the word "you".
Places where you lived... White pages
Neighbors names and addresses (same)
Persons you are in contact with (same)
Persons with the same last name... children other relatives (same)
Usernames on forums... including alternates
Place of work ... Linked In
Family information Facebook... including friends, and friends of friends.
Personal information about friends and relatives, using pictures from facebook or a home page, to do a search on "Google Image Search"
Possible picture of cars and belongings... Camper, boat, etc, from Google maps or the "Neighborhoods" search engine.
Depending on the depth of information... it's very easy to find the probable ISP...
Hobbies, interests, spouse occupation, workplace, probable salary range,
and even... ala RE, probable wealth...

All of this, and much, much more, in the public domain, and most available to a geeky 14 year old.

The real problem is, it's very much like a Tattoo... not easy to escape or erase.

The father of a teenager told me that his daughter told him, that almost every girl in her school, had pictures or information that was openly available on the internet, to anyone.

I'd like to think that my life is an open book, and that short of criminal activity, there is nothing to worry about... still, in the 35+ years that I've been on bulletin boards or the internet, and that day at camp... there's bound to be something that could jump up and bite...

Biggest, widest danger that I see today, is Facebook... a Tattoo that's going to be hard to erase. More social websites coming.
 
Heck - my credit union interrogates me thoroughly even from known computers. Drives Quicken's auto update batty.
 
My banks don't have simple security questions that are easily guessable, but more important is that the 2 level authentication means sending a text with an authorization code to the cell phone registered with the account.

Even GMail allows 2 levels of authentication which involves a text message the first time you access it from a new device, and I would recommend all Email users to have a 2 levels of authentication if their mail system allows it.

I agree with your arguments about the lack of privacy these days, I am just trying to bring a bit of reality into the ease of breaking into a person's bank account knowing personal details about them.
 
imoldernu said:
With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.
Click to expand...
Uh-oh. Are you going to ceremoniously blow our covers, one by one?

Gulp :whistle:
 
Major Tom said:
Uh-oh. Are you going to ceremoniously blow our covers, one by one?
Click to expand...

are you kiddin'? Y'all have more on me than I have on myself... AZ dontcha know?
:LOL:

Anyway... back to the first post, and something that not everyone knows...
Re: the indiscreet lawyer... case pending for now... but an aside to the case.

In this case, and in many other companies, where moral and ethical integrity are the hallmark of the corporate reputation, upper level employees are contractually required to be above reproach of any kind. the company car, and the company cell phone are GPS enabled to allow tracking, so that the stated departure for a doctors visit, can be shown to be a trip to the next town, and the parking lot of a LaQuinta.

Most major corporations have a "moral conduct" department (or some equivalent) that is there to protect the reputation of the company, and to oversee possible violations of expected behavior or any other action that might negatively reflect on the company. Often these departments are open to public comment, providing a whistleblower effect.

FWIW, in cases where a dispute or bad service seems to be intractable, locating and contacting this department can resolve difficulties.

So we live in a world of spies. :cool:
 
One more little trick that you should know about, re: Password protection.

There are a number of ways to obtain a list of passwords stored on a Windows computer.

The first is a little tricky... go to the DOS prompt (Run) and type in "keymgr.dll"
locate the site, and right click for "properties"

Another way is to load SIW (System Information Windows) open anf go to "Passwords" All of the stored URL's, user names, and passwords are listed.

IMO, SIW is an absolute "must" for Windows.

The reason for mentioning this, is that a savvy thief could download all of your passwords in the matter of a few minutes or less.
 
RonBoyd said:
Use this Google search to bypass the NYTimes paywall (Hmmmm... kinda ironic):

https://www.google.com/search?sourc...l=hp....0.0.1.4238660...........0.LnAWj0GoGOo
Click to expand...

Thanks... good article....

BTW... did everyone catch the implications of young teen girls posting pictures on Facebook and in emails to their young boyfriends? My friend and his wife are still in total shock since they found out the extent of this in their local high school. The media is beginning to discuss and feature the number of teen suicides stemming from this.
 
Alan said:
My banks don't have simple security questions that are easily guessable, but more important is that the 2 level authentication means sending a text with an authorization code to the cell phone registered with the account.

Even GMail allows 2 levels of authentication which involves a text message the first time you access it from a new device, and I would recommend all Email users to have a 2 levels of authentication if their mail system allows it.

I agree with your arguments about the lack of privacy these days, I am just trying to bring a bit of reality into the ease of breaking into a person's bank account knowing personal details about them.
Click to expand...

I agree with this, and my bank uses the same kind of authentication...
Instead of trying to guess the password, the seemingly less important email password would allow the thief to use the "lost password" function and then open the mail account long enough to get the key, and delete the message. I make frequent changes to my mail account password for that reason.

I'm not sure I know about the 2 levels of email authentication. Got kind of screwed up when trying to go to the advanced security for my email, with trying to sync it with three computers.
 
Interesting. You provoked me to reflect upon my cyber profile.

I do not have a FaceBook account. I used to have a LinkedIn account but closed it over a year ago. I use a different nom de plume on every board (maybe one duplicate but very dormant) and this is the only avatar I have. Almost no personal information. There are many people with my name around the country. I am even there twice in different places! If you Googled my name, there would be one photo of me on-line. That might be enough to find my home base.

I figure I am most at risk from someone raiding my snail-mail mailbox at home. That has happened in my town. I would be more concerned about that.
 
imoldernu said:
I agree with this, and my bank uses the same kind of authentication...
Instead of trying to guess the password, the seemingly less important email password would allow the thief to use the "lost password" function and then open the mail account long enough to get the key, and delete the message. I make frequent changes to my mail account password for that reason.

I'm not sure I know about the 2 levels of email authentication. Got kind of screwed up when trying to go to the advanced security for my email, with trying to sync it with three computers.
Click to expand...

Gmail's 2 level authentication is that if you try to log onto your account from a different computer then it sends an authentication code to the cell phone you have registered and then you have to type in the 6 digits you received. (You also need your password).


I don't know how other mail systems work, except Lotus Notes, which was our corporate email.
 
imoldernu said:
Biggest, widest danger that I see today, is Facebook... a Tattoo that's going to be hard to erase. More social websites coming.
Click to expand...
Dude, you're posting on a social website. :). Besides, drones are far more dangerous. Read Francis Fukuyama.
 
Personally, I don't post anything online that I wouldn't want a friend to know. Sure, I post finances on a lot of ER-type boards, but only some people think that's taboo.

I have Facebook and many other social media accounts, some repeat user ID's (shoot, part of my name is in my user ID).

I don't really have a problem with it, as I express myself as I would in a public forum in person.

I do however wonder how politcal campaigns are going to look in 20 years. "Sir, it says here that in 2012, you posted a picture of yourself on Facebook participating in some rather lewd activities. Do you care to comment?"
 
I too worry about identity theft and recognize that I my identity would be quite easy to suss out by browsing forums I frequent. I also suspect that a very competent black hat could crack through my defenses but I doubt there is a rock solid defense short of going virtually dark. In my defense I use complex passwords and avoid logging onto secure sites from public computers. But, as someone mentioned above, the bad guys can easily start their search from a credit card slip. And selecting your targets from patrons of luxury hotels and restaurants is probably more productive than an internet forum.

The statistics say some of us will eventually get whacked. Luckily, most compromises are more of a PITA than a disaster. I haven't read of people loosing their life savings to identity theft, although it is fairly common for people to lose them to cons. Still...
 
bo_knows said:
....

I do however wonder how politcal campaigns are going to look in 20 years. "Sir, it says here that in 2012, you posted a picture of yourself on Facebook participating in some rather lewd activities. Do you care to comment?"
Click to expand...

I agree with this, but I'm a fuddyduddy. I think of the futuristic comedy "Idiocracy" and the question there would be, "Why didn't you have any cool naked drunk photos on Facebook?"
 
Aside from my secret treasure chest that no one knows anything about, and is filled with gold coins and precious jewels, I'm not clear what we should be afraid of. Loss of privacy?

bo_knows said:
I do however wonder how politcal campaigns are going to look in 20 years. "Sir, it says here that in 2012, you posted a picture of yourself on Facebook participating in some rather lewd activities. Do you care to comment?"
Click to expand...
I think we're already there. :(
 
MichaelB said:
Aside from my secret treasure chest that no one knows anything about, and is filled with gold coins and precious jewels, I'm not clear what we should be afraid of. Loss of privacy?

I think we're already there. :(
Click to expand...

No question about it... But isn't it interesting to see how many ways it's happening. Here's today's article about other ways we're compromised.
Similar to a previous discussion here on ER...

Customer Beware: You Are Being Tracked | Alternet

funny excerpt:
In some of the most sophisticated outlets, wireless transmitters are embedded in shopping carts and in overhead sensors. These devices map how a customer moves through the store, where she stops to read the label or compare prices. Of special interest to retailers is the time spent in front of a display or kiosk, in a dressing room or the lavatory.
Click to expand...

img_1272044_0_e600f4c9a7b9bd6eb0f6756fb0c5097b.jpg

Am thinking that the "spy" industry may employ enough people to solve our unemployment problem. :dance:
 
Last edited:
imoldernu said:
One more little trick that you should know about, re: Password protection.

There are a number of ways to obtain a list of passwords stored on a Windows computer.

The first is a little tricky... go to the DOS prompt (Run) and type in "keymgr.dll"
locate the site, and right click for "properties"

Another way is to load SIW (System Information Windows) open anf go to "Passwords" All of the stored URL's, user names, and passwords are listed.

IMO, SIW is an absolute "must" for Windows.

The reason for mentioning this, is that a savvy thief could download all of your passwords in the matter of a few minutes or less.
Click to expand...
Are you referring here to the Passwords that we allow our browsers to keep track of?

To clarify this question, when I log into a site for the first time the browser comes up with a question something like "Do you want to save this password?". For key sites, I always ignore this.

Also another question: Wouldn't the bad guy have to get access to my computer? He has to login with my password I think. If the password is strong how does he get that? He could try to get in through my Firewall I suppose. I try to have decent wi-fi security.

I appreciate your bringing up security issues Imoldernu. Now I need to know the details. :)
 
Last edited:
You must log in or register to reply here.

Similar threads

S
Wow - complete disregard for decedent
3 4 5
Replies
112
Views
8K
ivinsfan
ivinsfan
Chuckanut
Safe Driving Class
Replies
12
Views
378
audreyh1
audreyh1
FlaGator
Direct Marketing Incompetence – A Vexing Problem
2
Replies
35
Views
922
athena53
athena53
T
What's Your "Good Deed"?
Replies
12
Views
598
TickTock
T
Midpack
We've Been Using Apple Pay The Hard Way For More Than A Year!
Replies
14
Views
521
rk911
rk911

Latest posts

Back
Top Bottom