Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Privacy Redux
Old 01-16-2013, 05:00 PM   #1
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Privacy Redux

Apologies in advance, as I expect to make more than one post on this subject, and it may be a bit overwhelming.

We have had a number of threads covering the subject, but there is nothing
like real life experience to bring home the importance of privacy, and to understand the degree of seriousness of thing that can happen in innocence
or from ignorance.

Let me begin with a real life episode that is in the process of destroying a persons' life.

A member of a large law firm recently received an email from a disgruntled and vindictive male which contained a threat. This person was writing the senior member of the firm to state that he had been having an affair with another "not quite senior" married female member of the firm. She had terminated the affair, and he, was angry. In his letter to the senior member he stated that he was going to send indiscreet pictures to the senior member as well as all of the senior members, and also to the firm's clients.

If and when this happens, the firm will have to terminate the female member, and go to risk management. Doubtless, this will be very expensive for all involved, and in the end, there may be no legal recourse.
The losses could be into the millions.

The initial point to be made here, is that anything that has been placed on the internet, in any form... today or twenty years ago, is, in effect, in the public domain.

The obvious first place to come to mind here, is Facebook, but that is only the tip of the iceberg. Subsequently, I hope to outline some risk factors to which all of us are subject. Especially for those (like myself) with lives that are an open book.

For starters, consider the simplest non-stealthy means of obtaining information... ie. just reading the postings of an individual here on ER.

With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow.
__________________

__________________
imoldernu is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 01-16-2013, 05:23 PM   #2
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,412
Quote:
Originally Posted by imoldernu View Post

With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow.
Shiver me timbers, thee found me treasure chest? Arghhh
__________________

__________________
MichaelB is offline   Reply With Quote
Old 01-16-2013, 05:31 PM   #3
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
REWahoo's Avatar
 
Join Date: Jun 2002
Location: Texas Hill Country
Posts: 42,074
I knew using some poor unsuspecting guy's identity when I registered here was going to pay off someday, but I had no idea it would turn out to be so much fun...
__________________
Numbers is hard

When I hit 70, it hit back

Retired in 2005 at age 58, no pension
REWahoo is offline   Reply With Quote
Old 01-16-2013, 05:46 PM   #4
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 16,372
Quote:
Originally Posted by MichaelB View Post
Shiver me timbers, thee found me treasure chest? Arghhh
My monkey's bank doesn't need no stinkin' password.
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 01-16-2013, 06:13 PM   #5
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by imoldernu View Post
With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.

Not being super savvy in detective work, I was able to get down to the individual's bank account, lacking only a password spinner to access.
More to follow.
Every time you hand over a check you are giving your name, address, and bank account details. However, to acces their bank account you need more than a password spinner to get access. Unless you know some techniques to guess a username as well a password and get that combination right in 3 attempts from a computer that is not registered with the bank then you could have been rich, or in prison, years ago. ( these days I believe all banks use 2 level authentication the first time you access your account from a different computer)
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-16-2013, 06:19 PM   #6
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Here's some of the process... Starting with the Avatar alone.

Copied the Avatar, and dropped it into "Google Image Search". In this case, the same avatar had been used in different forums, by the same person. In those forums, the name was different, but after reading a post or two, it was easy to see it was the same person. The personal info in the "User Info" section brought up considerable more information, as to location, interests and in one case, a link to a personal webpage, that by itself was anonymous, but with other information, led to a user name that was probably, and turned out to be an almalgamation of the the actual name. From there, it was easy enough to use location and last name to do a telephone number search. This led to the names of others in the household, as well as neighbors names and addresses.

Since one of the household member's names was likely a childs name, it was a matter of searching for any posts under that name... It turned up in a facebook page, and you can guess the rest...

Now once the name and address is known, it is easy to go on to Google maps and get a birds eye view of the house, and to Zillow to find the estimate of the house's value.

Next, to use Google maps, to locate the town, and area where the person lived, and then to seek out local banks. Knowing that most people are creatures of habit, and often likely to use their email or blogsite address as a username for other websites, going to a bank website and attempting to sign in with a user name, only gets one as far as the password.... that's usually the stopping point.... but it's not impossible to guess passwords.... especially when the name and birthdate or the household pet's name is involved.

Where test questions come up, it's pretty easy to go to a genealogy site and look up mother's names, or to find records of birth... (town where you were born), or high school or grammar school...

Of course the easiest way to access information, is to obtain the sign on password for email... Then one's life becomes an open book.
.................................................. ......................
Now, I want to recount a frightening experience that happened to me this summer... Our campground has internet access, but none to the camps. We have an internet cafe type of arrangement that you can use, with the campground computers. Since it was a quiet day, and no one waiting, I signed on to my homepage, and spent a few hours browsing. I signed off and left...
The next morning, I went back to do some more emails and browsing, and went back to the same computer. There... on the opening screen, was a direct link to my homepage, with automatic sign-on... As public as public could be.

Another few hours wasted, changing passwords, screen names etc, etc, and who knows what info someone may have taken.
Strong lesson learned.

So... pretty easy to find out info. Here are some things that come easy... I'll use the word "you".
Places where you lived... White pages
Neighbors names and addresses (same)
Persons you are in contact with (same)
Persons with the same last name... children other relatives (same)
Usernames on forums... including alternates
Place of work ... Linked In
Family information Facebook... including friends, and friends of friends.
Personal information about friends and relatives, using pictures from facebook or a home page, to do a search on "Google Image Search"
Possible picture of cars and belongings... Camper, boat, etc, from Google maps or the "Neighborhoods" search engine.
Depending on the depth of information... it's very easy to find the probable ISP...
Hobbies, interests, spouse occupation, workplace, probable salary range,
and even... ala RE, probable wealth...

All of this, and much, much more, in the public domain, and most available to a geeky 14 year old.

The real problem is, it's very much like a Tattoo... not easy to escape or erase.

The father of a teenager told me that his daughter told him, that almost every girl in her school, had pictures or information that was openly available on the internet, to anyone.

I'd like to think that my life is an open book, and that short of criminal activity, there is nothing to worry about... still, in the 35+ years that I've been on bulletin boards or the internet, and that day at camp... there's bound to be something that could jump up and bite...

Biggest, widest danger that I see today, is Facebook... a Tattoo that's going to be hard to erase. More social websites coming.
__________________
imoldernu is offline   Reply With Quote
Old 01-16-2013, 06:19 PM   #7
Moderator
rodi's Avatar
 
Join Date: Apr 2012
Location: San Diego
Posts: 8,802
Heck - my credit union interrogates me thoroughly even from known computers. Drives Quicken's auto update batty.
__________________
rodi is offline   Reply With Quote
Old 01-16-2013, 06:30 PM   #8
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
My banks don't have simple security questions that are easily guessable, but more important is that the 2 level authentication means sending a text with an authorization code to the cell phone registered with the account.

Even GMail allows 2 levels of authentication which involves a text message the first time you access it from a new device, and I would recommend all Email users to have a 2 levels of authentication if their mail system allows it.

I agree with your arguments about the lack of privacy these days, I am just trying to bring a bit of reality into the ease of breaking into a person's bank account knowing personal details about them.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-16-2013, 06:33 PM   #9
Thinks s/he gets paid by the post
Major Tom's Avatar
 
Join Date: Nov 2009
Location: SF East Bay
Posts: 3,128
Quote:
Originally Posted by imoldernu View Post
With some time on my hands, and curiosity to satisfy, I took an Avatar... no name or username, and was able to find information that I'm certain that person would never guess to be available in the public domain.
Uh-oh. Are you going to ceremoniously blow our covers, one by one?

Gulp
__________________
ER, for all intents and purposes. Part-time income <5% of annual expenditure.
Major Tom is offline   Reply With Quote
Old 01-16-2013, 07:32 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
RonBoyd's Avatar
 
Join Date: Dec 2007
Location: Denver, Colorado
Posts: 5,280
Use this Google search to bypass the NYTimes paywall (Hmmmm... kinda ironic):

https://www.google.com/search?source....0.LnAWj0GoGOo
__________________
"It's tough to make predictions, especially when it involves the future." ~Attributed to many
"In theory, there is no difference between theory and practice. But, in practice, there is." ~(perhaps by) Yogi Berra
"Those who have knowledge, don't predict. Those who predict, don't have knowledge."~ Lau tzu
RonBoyd is offline   Reply With Quote
Old 01-16-2013, 08:04 PM   #11
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Quote:
Originally Posted by Major Tom View Post
Uh-oh. Are you going to ceremoniously blow our covers, one by one?
are you kiddin'? Y'all have more on me than I have on myself... AZ dontcha know?


Anyway... back to the first post, and something that not everyone knows...
Re: the indiscreet lawyer... case pending for now... but an aside to the case.

In this case, and in many other companies, where moral and ethical integrity are the hallmark of the corporate reputation, upper level employees are contractually required to be above reproach of any kind. the company car, and the company cell phone are GPS enabled to allow tracking, so that the stated departure for a doctors visit, can be shown to be a trip to the next town, and the parking lot of a LaQuinta.

Most major corporations have a "moral conduct" department (or some equivalent) that is there to protect the reputation of the company, and to oversee possible violations of expected behavior or any other action that might negatively reflect on the company. Often these departments are open to public comment, providing a whistleblower effect.

FWIW, in cases where a dispute or bad service seems to be intractable, locating and contacting this department can resolve difficulties.

So we live in a world of spies.
__________________
imoldernu is offline   Reply With Quote
Old 01-16-2013, 08:39 PM   #12
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
One more little trick that you should know about, re: Password protection.

There are a number of ways to obtain a list of passwords stored on a Windows computer.

The first is a little tricky... go to the DOS prompt (Run) and type in "keymgr.dll"
locate the site, and right click for "properties"

Another way is to load SIW (System Information Windows) open anf go to "Passwords" All of the stored URL's, user names, and passwords are listed.

IMO, SIW is an absolute "must" for Windows.

The reason for mentioning this, is that a savvy thief could download all of your passwords in the matter of a few minutes or less.
__________________
imoldernu is offline   Reply With Quote
Old 01-16-2013, 08:49 PM   #13
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Quote:
Originally Posted by RonBoyd View Post
Use this Google search to bypass the NYTimes paywall (Hmmmm... kinda ironic):

https://www.google.com/search?source....0.LnAWj0GoGOo
Thanks... good article....

BTW... did everyone catch the implications of young teen girls posting pictures on Facebook and in emails to their young boyfriends? My friend and his wife are still in total shock since they found out the extent of this in their local high school. The media is beginning to discuss and feature the number of teen suicides stemming from this.
__________________
imoldernu is offline   Reply With Quote
Old 01-16-2013, 09:07 PM   #14
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Quote:
Originally Posted by Alan View Post
My banks don't have simple security questions that are easily guessable, but more important is that the 2 level authentication means sending a text with an authorization code to the cell phone registered with the account.

Even GMail allows 2 levels of authentication which involves a text message the first time you access it from a new device, and I would recommend all Email users to have a 2 levels of authentication if their mail system allows it.

I agree with your arguments about the lack of privacy these days, I am just trying to bring a bit of reality into the ease of breaking into a person's bank account knowing personal details about them.
I agree with this, and my bank uses the same kind of authentication...
Instead of trying to guess the password, the seemingly less important email password would allow the thief to use the "lost password" function and then open the mail account long enough to get the key, and delete the message. I make frequent changes to my mail account password for that reason.

I'm not sure I know about the 2 levels of email authentication. Got kind of screwed up when trying to go to the advanced security for my email, with trying to sync it with three computers.
__________________
imoldernu is offline   Reply With Quote
Old 01-16-2013, 09:36 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Ed_The_Gypsy's Avatar
 
Join Date: Dec 2004
Location: the City of Subdued Excitement
Posts: 5,292
Interesting. You provoked me to reflect upon my cyber profile.

I do not have a FaceBook account. I used to have a LinkedIn account but closed it over a year ago. I use a different nom de plume on every board (maybe one duplicate but very dormant) and this is the only avatar I have. Almost no personal information. There are many people with my name around the country. I am even there twice in different places! If you Googled my name, there would be one photo of me on-line. That might be enough to find my home base.

I figure I am most at risk from someone raiding my snail-mail mailbox at home. That has happened in my town. I would be more concerned about that.
__________________
my bumpersticker:
"I am not in a hurry.
I am retired.
And I don't care how big your truck is."
Ed_The_Gypsy is offline   Reply With Quote
Old 01-16-2013, 09:47 PM   #16
Moderator
Alan's Avatar
 
Join Date: Jul 2005
Location: Eee Bah Gum
Posts: 21,077
Quote:
Originally Posted by imoldernu View Post
I agree with this, and my bank uses the same kind of authentication...
Instead of trying to guess the password, the seemingly less important email password would allow the thief to use the "lost password" function and then open the mail account long enough to get the key, and delete the message. I make frequent changes to my mail account password for that reason.

I'm not sure I know about the 2 levels of email authentication. Got kind of screwed up when trying to go to the advanced security for my email, with trying to sync it with three computers.
Gmail's 2 level authentication is that if you try to log onto your account from a different computer then it sends an authentication code to the cell phone you have registered and then you have to type in the 6 digits you received. (You also need your password).


I don't know how other mail systems work, except Lotus Notes, which was our corporate email.
__________________
Retired in Jan, 2010 at 55, moved to England in May 2016
Now it's adventure before dementia
Alan is offline   Reply With Quote
Old 01-16-2013, 09:51 PM   #17
Moderator
MichaelB's Avatar
 
Join Date: Jan 2008
Location: Rocky Inlets
Posts: 24,412
Quote:
Originally Posted by imoldernu View Post
Biggest, widest danger that I see today, is Facebook... a Tattoo that's going to be hard to erase. More social websites coming.
Dude, you're posting on a social website. . Besides, drones are far more dangerous. Read Francis Fukuyama.
__________________
MichaelB is offline   Reply With Quote
Old 01-16-2013, 10:34 PM   #18
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Quote:
Originally Posted by MichaelB View Post
Dude, you're posting on a social website. . Besides, drones are far more dangerous. Read Francis Fukuyama.
Stopped after PNAC
__________________
imoldernu is offline   Reply With Quote
Old 01-17-2013, 06:40 AM   #19
gone traveling
 
Join Date: May 2012
Location: Fairfax, VA
Posts: 211
Personally, I don't post anything online that I wouldn't want a friend to know. Sure, I post finances on a lot of ER-type boards, but only some people think that's taboo.

I have Facebook and many other social media accounts, some repeat user ID's (shoot, part of my name is in my user ID).

I don't really have a problem with it, as I express myself as I would in a public forum in person.

I do however wonder how politcal campaigns are going to look in 20 years. "Sir, it says here that in 2012, you posted a picture of yourself on Facebook participating in some rather lewd activities. Do you care to comment?"
__________________
bo_knows is offline   Reply With Quote
Old 01-17-2013, 07:27 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 8,634
I too worry about identity theft and recognize that I my identity would be quite easy to suss out by browsing forums I frequent. I also suspect that a very competent black hat could crack through my defenses but I doubt there is a rock solid defense short of going virtually dark. In my defense I use complex passwords and avoid logging onto secure sites from public computers. But, as someone mentioned above, the bad guys can easily start their search from a credit card slip. And selecting your targets from patrons of luxury hotels and restaurants is probably more productive than an internet forum.

The statistics say some of us will eventually get whacked. Luckily, most compromises are more of a PITA than a disaster. I haven't read of people loosing their life savings to identity theft, although it is fairly common for people to lose them to cons. Still...
__________________

__________________
Every man is, or hopes to be, an Idler. -- Samuel Johnson
donheff is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 08:42 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.