A little while ago someone asked me some questions about blogging. They were planning on starting a blog and because of where they worked they specifically wanted to know about how to keep a blog secret.
My response freaked them out and woke them up to the realities of the Internet because, in less than ten minutes and using only the tiny amount of information I had access to, I knew exactly where the person worked.
“Exactly” meaning not only state, city and county but also building. If I had pushed a little further I’m pretty sure I could have found their work schedule… I did that using only the information given to me by WordPress when people leave a comment on my blog, and a free Internet-based hit-counter called SiteMeter which told me the name of their Internet Service Provider.
There’s almost a wilful blindness when it comes to the Internet and the technology surrounding it. It’s amazing how so many people are dismissing the theft of their material, including photographs of their children, just to publish their thoughts in a forum consisting of total strangers.
.
I’m a reporter. I covered Internet privacy policy and I did it very well. I’ve interviewed, gotten to know and had drinks with the people who wrote the Canadian laws regarding Internet privacy, I’ve also interviewed Internet specialists at the FBI, RCMP, OPP and CSIS. I don’t know much about the technology side (RAM?), but I definitely know how the system works and how your personal and private information is traded, sold and stolen.
There are people who I blog with who have no idea about the information they’re leaving behind, or offering up. Including some who use their primary and named email address, and their work computers IP address.
Of course most people don’t even understand that their name, address and phone number are stored and available for free online in an easily searchable format. If you’re in the phonebook, your numbers are on the web.
Even if you are careful and don’t use your real names when you leave comments or make sure you blog from home and not work, if you use your “codename” long enough people such as myself can track you back over years of blogging records to find information you might not want me or others to know.
And once someone with some skills has that one piece of connecting information… like your real first name, your blogging name and the city you live in, it’s extremely likely that not too long afterwards that someone will have your phone number and home address. I’ve done it several times just to prove I could.
I actually did it last week when a blogger pissed me off. She blogs somewhat anonymously, she has an anonymous email address and you’ll never find her real name or a photo of herself on her blog. But it took me all of fifteen minutes and I had her full name, three photos of her, the names of four associations she belongs to, information about her company, her home address and her phone number.
Another blogger pissed off a friend of mine and I had the same information about that blogger, and more, within ten minutes. Albeit in this case she was blogging under her real name. Which is not a smart idea. Having a recovery or personal blog under your real name is just a bad idea altogether. Especially, as in this bloggers case, if you’re going to be posting insults.
If you’re a known personality, or you’re running a reporting site and are willing to be a target, great. If you’re sitting at home writing about your personal life… not so great.
Of course course I’m not going to do anything with the information. For me it’s just an occasional academic exercise in blowing off steam.
So, the very basic stuff you have to understand is every computer using the Internet is given an IP Address consisting of four sets of numbers (IP = Internet Protocol); every website/blog you visit logs that number, it acts like a Nielson Rating… the website now knows where people are coming from and can target their services appropriately.
“As you visit Web sites or other Internet servers, that public IP address is transmitted and recorded in log files kept on those servers. Access logs leave behind a trail of your Internet activity.”
Then, to keep track of who you are and where you’ve been, every website/blog puts a “cookie” into your computer.The cookie is like a movie ticket. It has the time and date you were on the site, plus the address of the website… then the next site you visit looks at your cookies to find out where you’re coming from.
The next thing you must know is if you have photos online someone is going to steal them. Especially photos of children. There is no way, if I were a parent and knowing what I know, I would ever put photos of my kids online. If a family member wanted to see them, I’d email them with the caveat they would never be distributed.
I’ve interviewed the police officers (OPP and RCMP) who hunt people who make, distribute and enjoy kiddie porn. These officers think people who post photos of their children in open forums are… misguided.
There was a case reported on last year of a woman who posted hundreds of photos of her kid over a two year period on Flickr. The photos of her young child were stolen and ended up on a site hosted in Venezuela or Argentina surrounded by poems bordering on child pornography.
She thought the photos were safe because she assumed there was some kind of inherent protection in posting them to her Flickr account. There are none. She also believed copyright laws would mean something. They mostly don’t. Her only recourse was either to hire a lawyer in a country with no enforceable online copyright laws and hope for the best… or live with the idea someone was masturbating to photos of her baby.
Yes, I’m using dark imagery to make a point… people do things online they would never do offline, and one of those things is to hand out free copies of photos of their children to absolute strangers.
Since there are no programs or funds available to be fighting for your online copyright claims in most countries which actually have online copyright laws, it was no surprise the single mother had no recourse. She did close her Flickr account.
After explaining a few of the dangers to the person who contacted me, and how easy it was to find them, I also wrote “blogging privately can be done, and thanks to the WordPress privacy settings it can be done easily. But you have to be very careful, very selective in who you allow to read it… not only for security purposes, but having people you know reading it makes it very difficult to be honest.”
The first step is to create an anonymous email address. You’re allowed to lie to Gmail and Yahoo… you can lie about your age, profession and everything else while creating the address. In fact, if we all did it, online advertising would be totally useless.
Use this new address to blog with, use your primary address as your communication tool with family and friends only.
The second step is to make sure your name, where you live or any other identifying names are nowhere near your blog. Use pseudonyms or initials when writing about family and friends. This includes universities and work.
If you absolutely want to keep your blog or your Internet activity private, there are downloads available which give out a false IP address by putting an anonymous proxy server between you and the site you’re visiting.
“Several related software tools (both free and paid versions) support anonymizing [their made up word] proxies. The Firefox extension called “switchproxy,” for example, supports defining a pool of proxy servers in the Web browser and automatically switching between them at regular time intervals.”
For whatever its worth the best example I’ve found of anonymous blogging is Experimental Chimp.
I think I’ve managed to maintain a moderate level of privacy on my blogs. When I first started out in 2006, however, I was using my email address attached to my real name. At least my real first initial and my real last name.
Someone used that information and found my original website which gave them access to my mom’s email address. But they didn’t go that far, and I took everything down before they could.
Then I had my full name on [my other blog] (albeit hidden) so people putting it into Google could find me. That was silly as well.
Rookie blogging mistake. I do go back and test my blog once in awhile, and if I find something identifiable I’ll change it…
In the end, if you want to blog please use a pseudonym. If you want to reveal your blog to your friends and family, make sure it’s a hobby blog. If you’re writing a recovery blog you do not want people finding you. Employers do Google you even after you’ve been hired, and so do stalkers… and advertisers.
Bonus post on the topic of privacy…
I rode along with a group of university students a few years ago as they travelled to an anti-Something protest in Ottawa. It was fairly high profile so they were preparing for the possibility of being arrested by writing the phone numbers of lawyers on their arms in permanent black ink, and making sure they were registered with the strike organizers.
I listened to them as we travelled all the way from Toronto to Ottawa in yellow school buses, and just past Kingston I asked one of them if she knew about facial recognition software. This was eight years ago, and these kids were mostly Art Majors so of course she hadn’t. I tried to explain to her and the kids immediately around me that the RCMP use digital cameras to take movies and photos of people in a crowd.
Those pictures are sent immediately to a nearby mobile communications truck where they’re downloaded. Once in the computer a program selects the faces and compares them to a database of faces they’ve been collecting since the camera was invented. If your face pops up, and you’ve been processed before, then they have your name, current address and you’ve been tagged and if you’ve got a red mark next to your name then they will target you for the rest of the protest.
The kids looked at me like I was speaking in tongues. Sure enough, we park the bus just outside of downtown Ottawa and there are six Ottawa Police people, all with digital cameras, waiting for us to disembark. Every single kid getting off the bus was photographed and put into the database forever.
I hid behind my camera and took photos of the cops taking photos of the kids. But considering how many protests I took photos in during the 1990’s I’m definitely in the system somewhere.
…a rookie mistake.
.
.
01
06
...salted lithium. 
Tremendous amout of important info here, Gabe, thanks.
I have a follow-up question for ya on the topic of photos online. I do not put any pics of my child online. Ever. BUT, my brother and SIL use that Kodak program to disperse pics of my niece to our family. Is this also a format from which photos could/would/do get stolen? I want to let them know, if so.
Thanks bromac. If you mean “Kodak Gallery” I’ve never used it so I don’t known what security they have. Personally I wouldn’t, but with Yahoo’s Flickr and Google’s Picasa there are privacy options available which allow you to keep your photos out of search engines. They work a lot like WordPress… don’t use tags, don’t hand the URL out to non-family members and don’t leave messages in the Forums because there’s usually a link back to your account attached to your name.
It’s perfectly okay to have more than one photo-sharing account (I have five, one for each of my WP blogs and one for me). Just make absolutely sure the private one where family can see the kids in action (or inaction) is actually Private and accessible only to people you want. Check the FAQ section and the user agreement, and ask the support staff for help before you start posting photos of the kids.
Then have another for your art stuff and photos of travel and whatever that you can share in an open forum, or if you want to have the Flickr widget in the sidebar of your WP blog. For these photo accounts it’s still a really good idea to put an identifier on your photos, like a copyright symbol and the address of your photo account. A lot of people, for example, believe Flickr and Photobucket are just storage areas for free graphic design material. There are hundreds of cases of photos being stolen and used in magazines or work presentations. The architectural firm my step-father works for, as an example, steals shots for their presentations all the time.
I wish all those mommy blogger who regularly post pictures of their kiddies would read this. I’v always found that such a scary practice. Thanks for all the info.
I blog under my real name. For me personally, it keeps me honest and if there is something I don’t want the world to know, I don’t write about it. I’ve also been in the Washington Post and a local paper and the Richmond Times Dispatch as a psychiatric survivor, I would be fooling myself to think anyone couldn’t find out I am a psychiatric survivor any time they wanted to. And as a transplant candidate, anyone can call up my transplant center, pretend they want to donate and find out I am on the List. There is no privacy anymore except keeping secrets to yourself alone. I agree about the kid pictures though, it freaks me out the number of folks who post pictures of their kids online as if no one would use them for bad purposes.
Course I’m not looking for a job with my disability and I own my home, others milage definitely will vary.
Though on further thought, you make some very good points about people doing recovery blogs who use fake names and think they are anonymous. If you really want to be anonymous, you can’t be giving out your real name and phone number to folks you then start trashing behind their backs. They could replace your pseudonym with your real name any time they felt like it on their blog. Yeah, people don’t really think these things through, do they?
Pingback: Tweet Tweet I Want To Kill Your Children LOL « …salted lithium.
Pingback: How To Protect Yourself From The People Who Want To Find You « …salted lithium.