Personal blogging and online privacy

Continuing from my post yesterday about the IndieWeb, rel=me and anti-patterns, I’ve also been considering adding h-card information to my sidebar. Many blogs do this in effect by having an author photo and bio either in the sidebar or associated with each post. The h-card formats this into something that computers can interpret as well as humans.

My next question then becomes, “What information and how much detail should I put into such an h-card?” Which then brings up the issue of how safe is it to include personally identifying information on my website where anyone can see it?

The concern is that oversharing could leave me open to identity theft, which is an increasing problem worldwide. While this is an international problem, I am going to look at it from a New Zealand viewpoint.

Identity theft

The fear I have is that some personal information in the hands of criminals can enable identity theft. This is where someone uses another person’s personal information in order to access money or services under their name. My gut reaction to this idea is that you would be a mug to want to be me! I don’t exactly have a dream life or loads of money so it’s not worth the trouble. Apparently this is a common reaction and leads many people to have a false sense of security that makes it even easier to steal from them.

How common is identity theft?

As many as 133,000 New Zealanders may be victims of identity theft annually. (NZ Department of Internal Affairs). An interesting comment I found on the Equifax site is that:

identity fraud victims typically know the person who uses, or tries to use, their identity.

The cost of this crime to New Zealanders may be as much as NZ$200,000,000 every year. Globally many millions of people are affected, with billions of usernames and passwords stolen in 2016.

What is personal information?

What is considered to be personally identifying information varies, but a consensus would be:

  • Full name
  • Date of birth
  • Place of birth
  • Current address
  • Previous residential addresses
  • Phone number(s)
  • IRD number
  • Credit card information (card number, expiry date, verification code)
  • Banking login information such as PIN or security codes
  • Email address (and password)
  • Driver’s licence number
  • Passport number
  • Birth certificate
  • Current location
  • Place of employment or study
  • Interests, activities and connections (movies you watch, where you went for a run this morning and who you are friends with or work alongside).

It can be deceptively easy to leave snippets of valuable information all over the internet (and real world) which if collected together could enable someone to steal your identity. This digital footprint includes browsing history, device usage patterns, interests, perceived loyalty to a service, marriage status, preferences and income level (see this article by Netsafe). Most commonly such information is used to target advertising, but could also be used to manipulate people into divulging other, more valuable, information.

Are bloggers at more risk?

So far I’ve not found any indication that bloggers are at any more risk than other groups of people. In fact the high risk groups tend to be teenagers (who think nothing will happen to them) and older people (who can be more trusting). While bloggers may share more of their lives online, they do make conscious choices of what to share so may be less likely to accidentally share sensitive information than someone who doesn’t understand their social media privacy settings.

What I discovered in researching this post is that identity theft can affect anyone and often it is information that is inadvertently made public, stolen or leaked by hackers that enables criminals to steal an identity. There is a massive black marked on the dark web for this sort of information and even ‘kits’ which enable miscreants to lure people into divulging the information the scammers want (phishing). The best protections seem to be using long, unique passwords for every site or account, guarding email carefully and being suspicious of anything that tries to wheedle login details out of you.

Be careful out there.

Sources of reliable information