Remember years ago when the first noises were being made about protecting your data online, a lot of naysayers would respond "If you're not doing anything wrong, you have nothing to be afraid of"? Keep tellin' yourself that, pilgrim!
In the early days of the Internet, few people had much concern about online security, in terms of their personal information. After all, there was no eBay, Amazon or online banking available to the rank and file users. That gradually changed, as it became possible to give a credit card number for orders of services and products.
Safeguarding credit card information, of course, was no new issue. By that time, it was already possible to order some things by credit card over the phone and a few horror stories spread like wildfire, making even the most obtuse users act cautiously.
As ecommerce began to be more common, particularly with a few big brands shifting their attention to connected users in a new market, a flood of warnings surfaced. Many banks and card providers included security precautions in their customer service information. The public (at least the portion that had some common sense) began to be selective of when and how they would use their credit card online.
About this time, merchant account providers began requiring that pages that accepted financially sensitive information be secure and services began cropping up to ensure compliance with certain levels of data security.
Governments began establishing regulations regarding what financial information could be stored, by whom and how. There was a wider general awareness of the risks of making online purchases and the measures one could take to minimize those risks.
Hackers didn’t just come into existence at this point, of course… they had existed for as long as the Internet. Prior to that, though, they weren’t much talked about, at least outside of webmasters and IT admin circles. With more targets, though, and with those targets presenting a lot of harvestable (and potentially profitable) data, the population explosion was inevitable.
And not surprisingly, hacking took on a new profile. In the early days, there were basically two kinds of hackers:
As online spending became more prevalent, a third type of hacker evolved:
And because there was no longer such a necessity for a hacker to be a master of code, the barrier to entry was lower. That resulted in a lot more hackers, particularly in the third category.
That category has turned into an underground industry, responsible for billions of dollars in losses every year. Use of stolen credit card information is one part of it. Identity theft is another, broader part.
During World War II, “Loose Lips Sink Ships” was a motto coined by the U.S. government, to caution both military members and civilians to be careful not to let slip innocuous comments that, by themselves, might be harmless. But when assembled with other innocuous comments, could construct enough information to allow the enemy to know when and where a troop movement might be taking place.
Example:
Anyone that can put that information together could surmise that whatever ship Rob, Al or Antonio are on will be sailing Saturday morning for Italy. A lot of ships were attacked by submarines with as little information during the war.
Most of us are bright enough not to put too much of our online information in one place. But when those bits and pieces you have scattered about are all pulled together, they form a pretty complete picture.
If, for instance, you’ve fleshed out your Google+ account’s About page like I have, with a lot of different places you’ve written and a lot of different social media accounts and profiles, you’ve planted quite a bit of information on yourself.
For instance, maybe you used to use a different email address on different types of profiles and also used some different user names on some venues. But if those profiles and venues appear on your G+ account, they can all be tied together. Maybe you were careful not to list those accounts that have different usernames and emails. Did you use the same avatar, though? If so, guess what – they’re still linked.
Did you really believe that Google+ was ever intended to be a social media network? Think again. It’s an information network. It was built to gather information, to tie people to data, to flesh out the graph. Nothing more.
And it doesn’t take a couple of Google PhDs to build an algorithm that can tie all your online information together. Hell, it can be done manually, if someone’s interested enough in you. In a few hours, you can put together a pretty comprehensive dossier on anyone with a reasonably complete Google profile.
I remember years ago when the first noises were being made about protecting your data online, a lot of naysayers would respond “If you’re not doing anything wrong, you have nothing to be afraid of”.
Keep tellin’ yourself that, pilgrim!
Don’t run out and buy a roll of tinfoil to make yourself a shiny new fedora, though. It’s not like Big Brother is really watching, right?