ProjectX

Cascade of Privacy Evaporation

When I came up with this article, I had so many things in mind which might lead to the violation of your privacy – online. Let me begin with something tangible: drunken mobile phone using. Am sure everyone has ‘a friend’ who did that, but let me elaborate on this issue for a while. When I was young, the worst thing you could do with a mobile when you are drunk is to physically destroy it or text you crush stuff you better don’t want to remember the next day. A bit later, accessing WAP services (early mobile phone Internet access standard) and therefore accumulating an awful lot of debt on your account could have been added to the list of things to do with your mobile when you are drunk. These days, you can post embarrassing things on Facebook and Twitter where they are read not only by your crush – but most likely also by him or her – but also by the rest of the world. You are even able to highlight your embarrassing state-of-mind by adding pictures or videos, that is if you are still able to use your phone properly while being on a Saturday night out.

One way of dealing with it is to ‘adjust’ your privacy settings. You access your social media account and change your tweets to being ‘protected’ and your Facebook pictures, messages and likes to ‘only close friends’. Next time you are drunk, at least only these people can read your ‘stories’. Even better if you create a list for ‘post to when I am drunk group’. These, what I call ‘fake privacy settings’, make you post even more embarrassing messages, pictures and videos, because ‘only close friends can see it’. So in a way you progressed from the *having-no-clue* person to the *feels-as-if-privacy-is-protected* person. Baby steps. The aim, as you climb the ‘paranoia-ladder’, is to achieve being the *what-the-fuck-do-these-information-have-to-be-on-the-Internet-at-all* person.

Some of you might now ask me: ‘Okay, so I just delete my accounts?’. This is an excellent question. There, we do enter the field of ‘impersonating’. If I want to harm someone and know some information about him, him not having social media accounts can get problematic for him. I will just register an email on his behalf like john.smith@gmail.com. I use this email account to register a Facebook account for him. Then, I add all the information I know and make friends online with all of his friends that are not to close to him. Et voila: First stage of impersonating done. You can do a lot of harm with that already. Therefore, it is somehow important that you have your own social media accounts. Just use them with caution, do not post anything you would not tell someone or a group of people you do not know in public. Maybe, I will put ‘how to impersonate someone’ on the blog articles to be written in 2012 list.

Let us go back to my initial remark about ‘fake privacy settings’. Today, there are lot of ways how you can ‘lose’ control over your accounts by someone getting your password accidentally. There are even more ways if someone really wants to get hold of your passwords. Let enumerate some ways and not go more into detail for this post:
– shoulder surfing
– network logers running on public wifi environments
– keylogers installed on your computer
– password-reminder ‘crack’ of email accounts and consequently password-reminder crack on social media sites etc.
– random hack of some site you had an account and you were accidentally using the same email and password as on your social networking site

The latter one is easy to avoid but in a lot of cases also the reason why people get access to our accounts. A weak password policy (let us be clear: using one password for everything is no password policy at all) might screw you big time. What do the privacy settings have to do with my password getting ‘stolen’? A lot. Once, someone gains access to your social media accounts he can not only impersonate you, post stupid things and annoy you BUT he can also read ALL the ‘private’ posts and notes you made. If the attacker is smart, he does not use his access to post stupid things but just to monitor what ‘private’ messages and notes you are creating. As long as you do not change your email and/or social media account password, the attacker will always be able to access it.

Lessons learned today:
1.  Smartphones are a stupid idea when you are drunk
2.Privacy settings should be called *attempt-to-make-users-more-secure-while-tricking-them-into-revealing-more-information-about-themselves-and-leaving-them-fucked-when-accounts-gets-hacked-settings*
3. I should really write a longer article on social engineering

Leave a Reply