AUTHOR’S NOTES: Firstlly, there is some disturbing stuff in here, but this entry is all about keeping yourself and others safe from the disturbing stuff. I’m not sharing any lurid stories or anything like that, but there is information about why some common mistakes are dangerous, and I know I found some of it freaky when it was first explained to me. Finding out how little privacy we have can be paranoia-inducing and frightening. But if you think you’ll be able to handle it, if you won’t be specifically triggered by these issues, I urge you to take a look anyway, and maybe pass on some of these tips.
Secondly, I want to make clear that when someone is tracked down through the internet, and victimized in some way, it is NEVER the victim’s fault. It is always, ALWAYS the fault of the perpetrator who takes advantage of the situation.
I’d just like to see it made a little tougher for those bastards to do, is all.
A while back, I had to take a course for my professional development credits on internet safety. Through this and a subsequent course I completed voluntarily, I actually became certified to teach internet safety to teens and adults along with other content. It became an interest of mine, and I continued to do research on the topic, including research on how agencies like the FBI work to protect people who have (inadvertently or otherwise) exposed their personal information on the internet, or people who have had it exposed by others and are seen as high-risk for targeting by violent crime. I also learned how information is gathered about people from their public information on the internet, and it gave me chills.
As a result of that training, I completely freaked out when the GoogleBuzz debacle happened, and here’s why. During the brief period when GoogleBuzz existed, before Google realized they weren’t going to win any love with the way they were going about starting a social network, scrapped the plan and started over with what eventually became Google+, all account holders with any Google service were automatically signed up with Google. You may remember this, if you were an account holder – you received a message saying your account had been activated, and you could deactivate it any time you wanted. Here was the real issue, though: information about each user was added automatically, extracted from the user’s emails, messages, etc., and posted publicly. After an immediate privacy and security outcry, these items were all made private, and were only public for a few hours at most, so in all likelihood the personal safety of users was never really compromised in any major way, and in fact the whole thing disappeared just a short while later.
So if it was all taken care of, why was I so upset? Well, here’s why: those few hours were enough for automatic information aggregators. Information aggregators are computerized search bots which gather information about people automatically from text available on the internet, and keep them for privately owned business services which sell them to people, for the profit of the business owners. The few upsides: the business owners can’t actually view the data themselves; all data beyond certain basics is restricted access and requires a license for private investigation; because the whole system is automated, there are often errors in the data gathered. But if you want to see something terrifying, look yourself up on Spokeo.com, the easiest to find of those services. You’ll probably find a mix of frighteningly correct and hilariously incorrect information about yourself, all available for anyone who knows your name or enough other information to search you by.
Ah, you say, but I don’t use my real name on the internet, and there’s no way to find me other than that. Maybe so. Maybe you’ve done a really good job of protecting yourself. But many people I know who have prided themselves on protecting themselves really well have fallen into some very basic schemes that could harm themselves or others, or have revealed important information about themselves without thinking about it. Here are some of the ways I’ve seen people make major internet safety mistakes without realizing it:
1. Posting “Missing Persons” graphics from unknown sources
Okay, this is the one that’s most likely to get someone hurt that you don’t even know, rather than you or a friend. Some of these are completely legitimate, others are made and posted by abusers or stalkers looking to track down victims, or simply people who have lost custody battles and such trying to find their way around legal restrictions – but without more information, we should really assume for the safety of the people in those photos, that those restrictions are there for a reason.
I completely understand the urge to help in these situations – hearing that someone’s loved one or child or pet or whoever is missing is a wrench, especially if you’re imagining yourself in either position in that situation. You have the best of intentions when you re-post these, and I respect that.
And sometimes, re-posting them is a good idea. But here are some precautions you need to take first:
Step 1: Do a reverse image search, to check and see if it’s actually from the police. If it’s an official police post, please go ahead and share.
Step2: Search the person’s name in the photo, and see what information you can find about the case. This may give you enough information to determine whether or not you should share the image.
Step 3: If there is a number, search it. If you get a law enforcement agency, or a child services agency, or a school, go ahead and share it. If it’s a law office, you’re probably okay as well, especially if the law office is mentioned on the image.
Step 4: If it’s not an official police photo, and you can’t find the case on the net, and there’s no phone number on the image, just something asking people to post information if they see the person/pet/whoever, OR if there’s a personal phone number on the image (i.e., someone’s house phone), DO NOT SHARE IT. Those are all red flags.
Step 5: If there’s an image of a person that says “Please contact police if you see this person, they’re missing,” go ahead and share it. The worst that happens there is that someone sees the person, calls the police, and it turns out it’s not actually real, and some time is wasted. All the police I’ve talked to about this have said they’d rather have their time wasted a little than have people not call when they think they have a lead on a missing person. (By the way, call the non-emergency number. They’ll know if it’s real, and they’ll direct you appropriately.)
2. Claiming to be a local fan of a specific sports team
I understand that sometimes local fans of whatever team consider themselves to be more “authentic” than fans from out of town. They’re fans because these are the guys and gals from the home turf, not because the team racks up wins. Okay, fine, that’s awesome, I’m glad you love your team. I’m glad you have something you’re interested in that gives you joy and pride, and that you can bond with friends over. I think it’s great.
But please be aware that when you say you’re a local fan of a sports team, you’ve just given away your location to every information aggregator on the internet. They do actually look for information like sports teams precisely because local sports loyalty is such common information to find posted publicly, and now someone trying to find out information about you knows the basic area in which you live.
By itself, “X City metropolitan area” may not be a huge deal in terms of tracking you down. But combine that with “so proud of my students – the soccer team I coach just won second place in the state today,” which you share on your carefully locked down Facebook, which someone else shares on their not-so-private Twitter, to congratulate you. Now the information aggregator, or someone tracking you, knows what school you teach at. And a person can probably find your photo and name on the school website. And if you were a Google member at the time of the GoogleBuzz debacle, they’ve now found your name, address, and telephone number at that time. If your number is in the phone book, it’s probably also now available on the internet for anyone to find, based on, say, “local Orioles fan” and “coach of the 2nd place soccer team in the state,” through information a friend shared about you in all innocence from your original post made with all due precaution.
3. People putting info about themselves in publicly-posted email addresses
This is a twofer, actually, because there are two separate problems here. I’ve seen people combine this one with #2, also, using email addresses with a formula of “email@example.com” and it makes me cringe every time.
First of all, you should protect your personal email address in public places; internet harassment is becoming more and more of a safety issue these days, and access to your email is one of the easiest avenues by which someone can seriously inconvenience you and try to silence other activity you may participate in. I’ve received some (relatively mild, compared with others’ experiences) harassment since my Gamergate post, but fortunately my current email address has been shielded from it. All harassing emails have gone to an email address I no longer use precisely because it was compromised.
Secondly, don’t put personal information about yourself in any email address you’re planning on giving out to anyone you don’t know well. It can be used to find out other information, similarly to what is illustrated above. The four most common examples I see are these: a) teens using their age as a number in their address, which can attract predators; b) people naming an interest, which can be used to become close to them in an online conversation; c) identifying occupation, which can be combined with other information to reveal more than you want; d) identifying information you don’t want employers to see, such as political leanings or disability information.
4. Athletes posting their jersey numbers
This is another that’s often combined with the email address issue.
If you participate in any form of community athletics, your team probably has a website. If you are part of a college, university, or any other level of academic institution, and participate in their athletics, your team almost definitely has a website. Photos showing jersey numbers, or photos captioned with jersey numbers included, are really common. Once someone is able to track you to your location, they can identify you by your photo, and then simply turn up at your practice and identify you visually. At which point, you’re at risk. Fortunately, this is actually one of the safety violations the FBI looks out for, but FBI intervention at exactly the right time is obviously not something you want to depend on.
5. Posting selfies that include where you’re staying when you travel
Oh gods, this one makes me want to shake people. I see exactly where the urge to post these comes from, because there are a lot of awesome hotels out there that have wonderful character and look really cool in the background of pictures of you and your friends. There are places that you stay over and over again, that become a home away from home. There are places you’ve been excited to stay for as long as you can remember, and you’re finally getting an opportunity to stay there. I get it, I really do. There are places I’ve stayed that I’ve taken pictures of, just like that.
But please, for the love of all that’s holy, don’t post those pictures publicly while you’re still traveling! If you must post them publicly, which I don’t recommend anyway, keep them private for your safety, post them after you get home. If it’s a place you stay repeatedly, don’t reveal that in any public place. You do NOT want someone to be able to track you to where you’re staying. It’s one thing to post a selfie of yourself with some awesome monument – yes, anyone in NYC for the first time is going to post a selfie with the Statue of Liberty in the background, anyone in Paris for the first time is going to post a selfie with the Eiffel Tower – and nobody is going to automatically assume you’ll go back to that location, so it’s not going to help anyone find you who might be looking. Those selfies, while I still don’t recommend posting them publicly at all, and still preferably not until you’re home, are still vastly safer than the hotel pictures.
While we’re on this topic, don’t post your future travel plans in public places. Just don’t.
6. Putting personal information in photographs taken at home
This is a shockingly easy one to do by mistake. I can’t tell you how many times I’ve emailed a friend to say, “Hey, you want to take down that photo of yourself outside your house – not only can I see your house number, but the street sign with the name on it is reflected in the window, so someone can get your whole address.” Or “be careful with that photo of your new hairstyle, your driver’s license is sitting on your desk, reflected in the bottom left corner of your mirror.”
Before you put any photograph of yourself on the internet in a public place (again, a practice I discourage in general, in the strongest terms possible, i.e., IT’S FUCKING DANGEROUS, DON’T EVER DO IT, keep your photos private), go over it carefully to make sure you’re aware of any and all details about you that can be gleaned from it. Are you wearing a sweatshirt that can identify your current school or athletics team? Is your house number or car license plate visible? Are you wearing a name tag or badge of any kind that reveals anything about you? Is there a “happy 24th birthday” sign or something like that in the background which gives away your age?
7. Assuming that because you posted something privately, it will stay private
This one makes me sad, because it should be okay to do this, it really should. But unfortunately, people make mistakes.
Two rules to remember:
Rule 1: The Internet Never Forgets.
Rule 2: The Internet Is Always Public.
Keep in mind that just because you posted something privately, someone else may not know as much as you do about internet security, and may re-post something by copy/paste, or by transferring from one platform to another, without taking proper precautions, and now that personal photo you took is available for all to see. This is how careers are ruined, people. Be careful. Because once something is out there, you can’t take it back. And it’s not just stalkers or whatever that can make this happen – sometimes it’s just someone who doesn’t know how to update security settings.
If nothing else, the number of people who share those Facebook copyright hoaxes every time they come around, should indicate how much of a danger this really is.
8. “I’m not worried – I can defend myself at home.”
Okay, don’t. Just don’t.
All right, fine. Maybe you have a semi-automatic and three handguns at home, and you’re trained to use them, and you have six guard dogs and four black belts. Awesome. Good for you. And I mean that in all seriousness, as long as you’re practicing proper safety with all of those things. I’m glad you’ve taken precautions to defend yourself.
But sometimes people go to the wrong house, and someone else gets hurt. Or maybe someone you live with gets hurt while you’re defending yourself. Or you get hurt while they’re defending themselves. Or maybe whatever happens, doesn’t happen at home. Or maybe someone gets to your house before you get home from the grocery store, and now those handguns are used against you. It is flat-out impossible to plan for all contingencies, and there are safety issues for other people than yourself.
Wouldn’t it be better just to avoid the issue altogether and protect your personal information on the internet?