“Most people who have come recently to the web, say within the last two or three years, have no clue what the Internet is and what it’s capabilities are. Especially if they stay in their little chosen boxes. Four easy steps and they have a blog and a Twitter account and a MySpace page and maybe a Facebook profile… well two easy steps and someone with $10 and access to the [online] Yellow Pages can find out how much you paid for your house.”
Part of a comment I left on my post… “Tweet Tweet I Want To Kill Your Children LOL”; Jan. 7, 2009.
Since I was thirteen I’ve been a stone picker, farm hand, hunting guide, street punk, daycare manager, bouncer, large-installation landscaper, photographer, award-winning newspaper columnist and reporter — mostly I covered Internet Privacy Issues.
From my About Page.
Welcome to the Internet. The kindergarten without supervisors.
Comment someone left in a forum.
There’s an assumption of privacy people have when using the Internet which has no foundation in reality. That who we are is kept secret from others by virtue of an invisible shield of civility and fair play.
But the Internet, despite the hype, is not some Neverland where the rules of nature don’t apply.
Ask Thordora, who recently had the police knock on her door because someone in another country misinterpreted the twenty words Thor wrote on her own Twitter account.
Very real people can get really pissed off and motivated by what you have to say… or, more likely, at how they interpret what you say. And, if you don’t know what you’re doing, they can find you.
.
We must treat the Internet as being just like any other public space. You don’t stand around on street corners handing out maps to your home or pictures of your children to strangers, so why have you been doing it online?
I’ve tried to make this point before, both here and on other blogs, but I don’t think I was taken seriously. So this time I’m offering proof and the means to do it yourself.
All of the sites I’m offering are well known and can be found using simple Google word searches. These sites are not secrets.
So basically… this is how people can find you:
IP Address
Site used: American Registry for Internet Numbers (ARIN)
Unless it’s being used by a law enforcement agency it’s actually very difficult to find someone using just their IP address. Actually, for the average surfer it’s pretty much impossible. But your IP address will give someone clues. Like where you are.
An IP address can narrow a search for you down to a city. It’s not always accurate, the IP address left behind in a comment could be coming from your ISP, but it’s a tool. Where you’re located can be added as a search term to other searches to narrow the possibilities. If your IP address says Virginia, for example, I can now ignore any searches for your name from 49 other states.
Your IP address is actually a tool used by sites like Google and Yahoo to track the websites you visit. So… there’s that as well.
Quick Solution: search for “IP Blocker”, there are sites and software available which will mask your IP address. You can also search for “Hide my IP address”, you can even find information on how to change your IP address.
Other sites: find your IP address, and a definition of IP address.
Your ISP
Site used: Site Meter
There’s a free service called “Site Meter”, it’s primarily a “blog counter” tool, but by putting a simple icon on your blog you can also track personal information from the people who surf through. Details like your IP address, the State and Country where you visited from, your operating system, how long you stayed, where you went and your Internet Service Provider.
It might not seem like much, but using your work or school computer to visit a website can lead a trail straight back to you. Each ISP has a name… Bell Canada, Verizon and Comcast are the most popular. But schools and companies, even NGO’s, can have their own servers with very specific names… like Reed College, or XYZ Health Systems.
So if you’re visiting a site from your university the person will have the time you visited, the IP address of the computer you used, which campus you were at and the name of your school. If you surf while at the office the person whose site you visit will have all the same information, they’ll just have an easier time using it because there won’t be three thousand students using the computer.
It might not seem like much… but what if you left a comment on that blog? Now the person has all the information from Site Meter, plus your email address and your username. All they have to do is match the time of the comment, with the time of your visit.
Quick Solution: don’t surf from work if your office is running it’s own ISP.
Have you registered a website?
Site used: Better Who-Is
This is one of the easiest ways to find someone. When bloggers decide they’re ready for primetime they go out and register their blog name as a dot com. But someone can just copy and paste the URL, perform a two-step “Who Is” search and get your real name, your address and your phone number.
The best way to keep your information private is to register your site through a proxy. It costs a few bucks, but your name and numbers stay safe.
I’ve come across a lot of dot com blogs where the person has merged their work information with their private blog. Bad, bad, bad idea. Not only can a complete stranger now contact you, but they can contact all of your clients. Even if you don’t have a contact list on your mega-blog, what if someone contacted you pretending to enquire about your services and asked for references?
It’s always best to have a separate site for any resumé or work activities. One site for play, another for the business card. Combining the two is priming yourself for a disaster.
Quick Solution: use a proxy to register your domain. The one I see most used is called Domains By Proxy, but you can find others by searching for “domain registry proxy”. Basically it will be their information listed instead of yours.
Yellow/White Pages
Site used: Switchboard; Intellius; 411.ca; YellowPages.ca
The first time I reported on these types of sites was way back in 1999. I called them “stalker sites”. If you have a phone number then your address, and even a map to your home, are online for anyone to find.
Think about it this way… if you handed someone in a bar your phone number it would take them less than a minute to have your home address, and if you’re in a city they could also have the bus route to your front door.
But that was ten years ago. Today, if you’re an American, I can still get your phone number and address… but if I’m willing to pay a small fee I can also find out how much you paid for your house, who your closest relatives are, what their addresses and phone numbers are, how much they paid for their homes, all the places you used to live, what warrants are outstanding, how many times you’ve been arrested, how old you are, how many times you’ve declared bankruptcy… all from one search on one site.
So there are good reasons why keeping your name off your blog would be a good idea.
There are similar sites keeping track of Canadians, although not quite as detailed… it’s a fairly safe assumption there would be similar sites in Europe as well. From what I understand Australians are so busy getting eaten by sharks that the rapid turnover in apartments and phone numbers makes these sites meaningless.
Quick Solution: if you absolutely must blog using your real name, pay the extra ten bucks and keep your phone number unlisted.
Google Search
Site used: Google
The entire universe can be found in a search engine. If you have a Net presence you can be found on Google. Try it sometime. It’s called an “ego search”. Go through the first four pages and see what you can find. Then go to some random page, like eight or fourteen.
Now add additional keywords. Like your name plus the name of your high school, or the places you’ve worked.
Now Google the username’s you have for your blog, Flickr, Technorati accounts. Add some keywords, and see what comes up. Google your email address. Your email address is unique, so every time you’ve ever left your email address in a comment (“email me, we can chat”) or in a form (online petition) it becomes available through a Google search.
The most important test is a search for your name (first; last; first last) plus your username’s. You have to be aware if the two can be connected, or if one can lead to the other… especially if you’re leaving comments in heated discussions.
It’s not just the comments you have to be careful of, it’s the blogs you leave them on. Even if you’ve been extremely careful to maintain your privacy, it’s entirely possible you’ve left a comment on a blog written by a friend or relative who has, in their About Page or blogroll, information about you.
Quick Solution: email is absolutely 100% free. WordPress allows you to have as many username’s as you can think of, so do LiveJournal, Vox, Blogger, FaceBook, MySpace and pretty much every other social network ever created. Have a handful of email addresses and usernames, and use them in specific places.
Your Blogroll
Site used: Yours
Be very careful what links you place in your blogroll. If you’re doing your best to keep your private information private, what’s the point if your blogroll includes a link to your personal Facebook page? Or to your brother’s blog about his childhood memories of mom and dad? Or to your bridal registry?
Quick Solution: check your blogroll.
Internet Archival Project
Site used: The WayBackMachine
Along with personal privacy the other huge misconception about blogging is that by using some mystical universal force what we write will be kept secret, or if we delete something it’s gone forever. Well… you’re wrong. Taa-daa.
There are websites dedicated to archiving the Internet. The entire Internet. Everyday. The largest of them is called The WayBackMachine, and it has archives going back to 1999. There’s a six month lag, but whatever you wrote today, yesterday and last week will be available for free on their site in a searchable format… along with the other 85 billion web pages they’ve archived — that’s two petabytes of data and it’s “currently growing at a rate of 20 terabytes per month”.
Google also has a program called ‘Google Cache’ which will let someone find your deleted work, but it’s a short term thing.
Quick Solution: you can contact The WBM and ask them to not archive your material, and to delete your files. But the process takes some time.
How It All Works
Each site, on its own, is mostly harmless… without specific information each site, on their own, is actually pretty much useless.
But take the piece you have from one, and place it in another and just follow the trail. Someone leaves a comment on your blog (bettysue42@yahoo.com). Take the time they commented and match it with Site Meter, which gives you the name and URL of the organization where they work (XYZ Health Services), go to their about page and maybe there’s a list of employees. Find the one which matches the email they left with the comment on your blog.
Suddenly anonymous “bettysue42” becomes Betty Smith, chief administrator at XYZ Health Services in Canton, Ohio. And now you’re only one step from having Betty’s home address and phone number… plus all the other cool stuff, like her bankruptcy records and who her family members are, and where they live.
Now take her name over to Facebook… if she has an account now you have her photo. This process goes on and on and on. And people’s identities have been uncovered using exactly the process I just described.
I hope I’m making my point because, like I said, my friend Thordora had police officers knocking on her door just a few nights ago over a misunderstanding on her Twitter page.
Someone in Pennsylvania started a process which ended with Thordora’s two children standing in their pajamas in front of two Canadian police officers, explaining how their mother never hurt them. The police found her because Thordora had a link to a wish list in the sidebar of her blog.
I really don’t want to panic anyone. Really. I just think we need to be aware of what’s going on around us.
This is the 200th post published on Salted…
but I don’t look a day over 127.
.
.
01
06
...salted lithium. 
oh, and don’t forget-check the widgets you add and make sure they don’t have info on them. That was my big mistake really. Stupidity. Could have destroyed my family.
Wow – that’s quite comprehensive. Thanks. I try not to reveal too much personal information on my blog. I’m sure someone could find me if they really wanted to, but I don’t have to make it too easy for them.
Talk about timing… someone who has commented here in the past and just came back to blogging because they’d gotten over the panic of having people find out who they are, just registered a dot com site where they thought they could blog anonymously… only they registered using their real name and address.
I’m starting to wonder if I should be sending out emails to people to let them know what’s available online about their personal lives.
Xewe XUP… I’ve never really looked, but I’m confident you’ve been good at keeping your online and offline selves separated… although, you do occasionally surf from work.
Goddag Thor… you’ve got my full name and address and I have yours… actually you still owe me a book of some kind, and I’ve got a pile of PS2 games for you. So there’s not much anonymity there.
Now I’m scared.
I don’t have the time or the technological intelligence to figure out everything you have talked about.
I think I’ll delete the blog and stop commenting on others. My husband is the only one who reads it anyway.
I don’t trust human nature, in general, and believe most people are essentially evil because our society is so damn focused on self-centeredness.
See, that’s exactly what I don’t think you should do and why I’m so freaking torn about keeping this post up… there is a balance, and I think as long as you keep your online and offline pieces separate you’ll be fine. It’s actually pretty easy…
Look… with the privacy thing, use the quick fixes I offered and you’ll be fine. Don’t register a dot com; don’t use your regular email address, and definitely use a brand new one associated only with your blog (yourblogname@gmail.com) and don’t use it in any other context; be careful what you put in your blogroll, and; don’t surf from work.
I know that is exactly what you weren’t trying to instill, but still Gabe, it’s pretty fucking scary. Especially when you start throwing stalker talk in there.
I did a google search using my (now) full name and didn’t come up with much. I did find one business site that had the county I teach in. I did another search using my maiden name and came up with a lot. Most are college projects/papers. One alarming site, reunion.com I think, had my name, all my immediate family’s names and the all the towns each of us has lived in. That freaked me the fuck out, Gabe.
I should have spent some time calming myself down before I commented, and you can get rid of my first comment if you think it will perpetuate other readers getting freaked. Sorry, but the shit you know, and others out there, scares me.
I google myself from time to time-real name and pseudomyn. Nothing dangerous ever comes up, but I know that I could be found, with a little effort.
BUT, how much do I worry? Not a ton, or I didn’t. Now I pulled things in a little more.
I do owe you a book but I’ll be damned if I can remember. And the PS2 won’t play the blue disks, so we don’t play it much and haven’t gotten around to replacing it. I think I’ll play Just Cause tonight though….
“Occasionally” surf from work – har har har
As Gabe pointed out to me, I’m up a creek without a propulsion device.
I wrote a story way back in 1998 about the Internet privacy policy of the National Research Council in Ottawa… the policy was actually standard across the Government of Canada, but the NRC took it to a whole new level.
The NRC, like the GoC, kept records of the surfing habits of their staff. Except at the end of each week the NRC would list every website visited by every NRC staff member under the staffer’s name on their public bulletin boards… right next to the softball scores.
Most people who surf from work (and school) don’t understand their computer belongs to the office, and the office tracks every move you make on the web.
Pretty please… don’t shoot the messenger.
Justin, any problems with privacy you have can be minimized… just go to your WordPress accounts and change the email addresses to something less you, then change your username, click Save, go back and select the new username as your primary one. Any blog you have which could identify who you are can be made private in your “Privacy Settings”. Taa-daaa.
I’ll go back through Salted and remove any identifying marks you’ve left.
All: I should edit the post to include this… it’s important to understand any problem you think you have can be fixed.
Pingback: Big Brother/Internet Stalking « Chattering Monkey
Pingback: Friday Conversations With My Psychiatrist | January 9, 2009 « …salted lithium.
Clucking bell, or something that rhymes with it.
I only found one scary connection. In saying that I have given my address to this guy from the internet – is that cool?
Maybe two – crud buckets
Great article. I need to send this to several of my clueless friends. Ugh.
Hey Scooter… it’s great to see your atom on my blog again. I would suggest that handing out your address to people you haven’t had a longterm relationship with online is generally a bad idea. Make sure, if it’s something you’re going to do, you get the particulars of the other person as well. I’ve found it acts as a deterrent.
If you want to exchange gifts with someone a Postal Box is always good. But keeping your name off your blogs (large hint) is always the right thing to do… once it’s out there it’s very hard to make it private again.
Thanks Em… I’d suggest printing this post off, wrapping it around a bat or the head of a shovel, and beating your friends with it.
It’s like you and I share a brain sometimes. I’ve talked myself blue in the face (or maybe it’s the -45 that’s caused that…) with some people I know in the offline world about what they’ve been putting online. I’ve found exactly the same thing… people who think they’re anonymous who’ve registered a domain with a real name, address and phone number.
In the past I’ve also ‘stalked’ a random teen off one of my kids’ friends lists, to illustrate to them how if I, even as a dumba$$ middle age housewife, could figure out how to take just a few bits of info they were stupid enough to put on their profile pages, and use it to find their homes and know when and where to ‘get’ them if I was a stalker… then so could a real stalker.
I’ve been told off though, when trying to help others know this and protect themselves better. Some people just want to live in la la land.
And lastly…
This is a wonderful post, and Thodora’s story is worth blogging about. I myself, have joked on Twitter in a way that might make someone think something. I realized it and then had to post a ‘disclaimer’ about “what if the cops are reading…” so people would know we were joking. I’ll be linking to both of you, hope you don’t mind. 😉
Hi Gabe,
Wow, this is a brilliant post!
Pingback: Keeping yourself safe online « Feminist Philosophers
Really, everybody around me knows everything about me… so what´s the big scare? I don´t have no money, nor anything much. I have a huge and laaaarge family and everybody knows everything about everyone ;)…
I believe paranoia has a good place in the world but… well I just can´t even think of someone getting to know something about me that is not out there for everyone to know…
Hi tabi, thanks for commenting on my blog. This isn’t about a little bit of paranoia, it’s about being aware of what’s possible on the Internet, and what information we leave behind as we surf through it.
This stuff also isn’t about what the people you know do with the information you’ve left online.
*There is very little available online that isn’t available offline, but people have to be aware that once it’s online it’s available to anyone and everyone — unless they take precautions.
One of the biggest differences the Internet has introduced is the ease with which people can find out intimate details about perfect strangers.
Just a few years ago, for example, if I wanted to find you in the phone book I had to know the country, state and city you lived in and find a phone book that matched. Now all I need is your name.
The information about your career path was also protected by your general anonymity, as well as the general privacy policy of the company you worked for. A few years ago I couldn’t use your name to find your CV, now people are being told it’s a good idea to have their CV online.
People’s diaries or their kids’ soccer schedule were probably not available to the public either, neither were the photos people take of their kids. But now, if you don’t take precautions, all three are available to the public.
*I left most of this as a comment on another blog where people were discussing this post.
I also left this… which could be an extension of the original post:
There’s a trinity to the online security issue…
1. there’s what the government can do/does do, take a look at the FBI Carnivore program
http://www.howstuffworks.com/carnivore.htm
2. there’s what the web allows us to find as individuals — phone numbers, bankruptcy info, addresses etc.
3. there’s what companies do. Tracking cookies, for example. The information you give to Facebook, LiveJournal, Yahoo when we start accounts gets sold and used. Google and Yahoo, for example, also track your surfing habits in order to better target advertising to you. YouTube (Google) tracks your viewing habits and will suggest videos which are similar.
Credit card companies also collect all of the information you leave regarding purchases… like where, when and what you buy and develop profiles on you, the card user, to better target advertising. This information is also bought and sold as a commodity.
Pingback: Exposed « XUP