Ho Lin knows the worst that could happen. So he embarked on searching for his personal details online without the rose colored glasses.
“I’d like to say I’m surprised to see my addresses and phone numbers show up on sites I’ve never been to, like clustrmaps.com or nuwber.com, but having been a victim of identity theft in the past, I know how easy it is for information to get out there,” the Corte Madera writer says.
How can personal details and contact information on the internet lead to fraud? Lots of ways. For instance, Marin residents have lost thousands of dollars to the “grandparent scam,” a trick where a crook gleans information about older peoples’ families online, then, posing as a grandchild, asks for cash to get out of a jam.
“The more information there is online about you, the easier it is for you to be defrauded,” warns Thorin Klosowski, security and privacy activist for San Francisco’s Electronic Frontier Foundation.
Klosowski recommends several steps to draw the digital curtains:
Step 1: Get your address and phone number off the internet.
The simplest way to check on what’s out there about you is to Google yourself. Search for your full name, in quotation marks. You can also try searching your name along with your address, phone number or email address.
You could also do what Lin did and use Google’s Results About You, a tool designed to help users find such details. Results About You asks you to fill in your name and a few other details, then wait a few days. After that, Google will email you to let you know what it found, and give you the opportunity to request that certain details be removed from search results.
Going through that process is a good start, but Klosowski recommends going farther. The Google tool may scrub your address from its search results, but the information is still up on the internet, visible to anyone who goes straight to the web site listing it, or who searches using Bing or another engine.
Unfortunately, purging your personal details from the internet altogether will take some work. Klosowski recommends contacting each site individually and demanding that they delete your information. To find the sites’ contact information, he uses a list compiled by Consumer Reports journalist Yael Grauer.
“It is a pain in the butt to do it manually, but it is possible,” Klosowski says. You can also try sites that charge to remove your information for you, such as Kanary ($144/year) or DeleteMe ($129 a year).
Step 2: Audit your social media presence.
While most of us think of posting to Facebook, Instagram or other sites as sharing with friends, you may not realize just how many people are able to see your posts. The first thing Klosowski recommends is checking the settings on these sites to make sure you are sharing to friends only, not the public. You may feel OK about sharing your cruise photos with your 50 closest friends, even if this lets them know that you’re out of town at the moment. But if you are unwittingly announcing your absence to the whole world, you could be putting yourself at risk for burglary.
Next, consider whether you may be oversharing.
“Make sure you’re not dumping a bunch of details, like answers that come up as security questions,” Klosowski says, referring to those questions that web sites sometimes use to identify you if you’ve forgotten your password. Pet’s name? High school mascot? If this type of information appears on your social media profile, it may be time to clean things up.
Step 3: Do what you can to hide your face from robots.
You may have heard companies such as Clearview AI are helping law enforcement and other organizations link images to names using artificial-intelligence-powered facial recognition software. If you think that sounds scary, you’re not wrong, Klosowski says.
“It has the potential to be the end of privacy as we think of it,” he warns. Already, people have been wrongly arrested by police using faulty facial recognition software. As the technology develops, it could be used to violate privacy in all kinds of ways, from allowing stalkers to find the social media profiles of strangers on the subway, to exposing undercover agents’ true identities.
What can you do? First of all, go back to Step 2 and make your social media accounts aren’t publicly viewable. Facial recognition companies may be scraping faces and personal details from the internet, but they can’t take them from private accounts, Klosowski says.
Another thing you can do — as long as you live in California or another jurisdiction with certain privacy rights — is request that Clearview AI remove your face from the billions in its database. To do this, visit Clearview AI’s web site, scroll down to the bottom and click “Privacy & Requests.” There you can choose from a number of requests, including regarding your information, including “access,” “delete” and “correct.”
Step 4: Stay vigilant, but accept that privacy is a balancing act.
If you follow the first three steps on this list, you have a good start on limiting how much people find out about you on the internet. Unfortunately, you can’t just call it a job well done and forget about it. Threats to online privacy and security are constantly evolving, and there’s always more you could do.
On the other hand, how private you want to be is a personal choice. While some people would rather never see their name or face on a screen, others accept the utility of sometimes appearing online.
Lin falls into the latter camp.
“I plan to have all my info scrubbed from the sites I’m not familiar with, but as the editor of an online publication and a writer with a social media presence, I also noticed results that are the natural outcome of ‘getting my name out there.’ I plan to keep those,” he says.
Resources to help you stay on top of online privacy:
- Google’s Results About You tool: https://myactivity.google.com/results-about-you
- How to get your personal details deleted: https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
- Clearview AI’s Privacy & Requests page: https://www.clearview.ai/privacy-and-requests
- EFF tips on using social networks wisely: https://ssd.eff.org/module/protecting-yourself-social-networks.
- The Federal Trade Commission on protecting online privacy and security: https://consumer.ftc.gov/identity-theft-and-online-security/online-privacy-and-security
Take control of how companies collect and use your data with Consumer Reports’ Permission Slip app: https://permissionslipcr.com/.
Think about everything in your life that is protected by a password: Your bank and credit card accounts, your social media profiles, your messaging services. Someone who gets hold of all of your passwords could steal your identity, rob you and destroy your social relationships.
Now consider that hackers attempt to steal passwords 921 times every second, according to Microsoft.
“If you have a weak password, something that can be guessed easily, then you just gave them the keys to the kingdom in terms of your personal and financial information,” says Jason Balderama, Marin county’s chief information security officer. “The worst case scenario I’ve seen is scammers using passwords to access peoples’ bank accounts and literally taking their money.”
Now that we have your attention, some good news: Smart password practices can make it a lot harder for criminals to break into your accounts:
- Use a different password for every site. That way, if your Uber password gets stolen, hackers can’t also use it to get into your brokerage account.
- Longer = better. A phrase is better than one word. Modern computers allow hackers to try every possible word/character combination, known as a “brute force attack.” The longer (and more complicated) the password, the longer it takes to crack. Security.org offers a password tool where you can type in a potential password and see how long it would take a computerized attack to figure it out. The password “Marin” could be cracked in just 9 milliseconds. “Marin!Ice,” one week. “Marin!IcePeanut”? One billion years.
- Use multifactor authentication. Many web sites and apps now offer the option of going through a second security step after you enter your password. They may text or email you a one-time code, or, depending on what device you’re using, prompt you to use facial recognition or your fingerprint. Always turn this option on. “Multifactor authentication can help thwart 90%-plus of attacks where the attacker has the password,” Balderama says.
- Make your password random. Your kids’ names, your address or your favorite sports team are all things that a hacker could find out, especially if they have access to your social media posts. Instead, use combinations of characters that have nothing to do with you.
Balderama has an answer for that common complaint: Use a password manager. This type of app — which typically charges an annual fee — can save all your passwords on your computer and your phone. That way, all you have to remember is one “master password.” These apps can also generate super-secure random passwords for us. Think, “X8u$be$t6W-4j[0!” Not easy to remember or type — but since the app enters the password for you, you should never have to think about it. There are lots of password managers available, including 1Password and Keeper.
Despite all this focus on picking secure passwords, Balderama says we are actually heading toward a “passwordless society” — and for good reason.
“Passwords are not the best security tool,” he says.
Instead, many companies are starting to offer something called a passkey — basically, a way to sign on to sites and services that skips the password hassle. A passkey can be a bit of code stored on your device, and it could use biometric authentication, like a fingerprint or facial recognition, to make sure it’s really you. If you’re extra serious about security, you can even buy a physical key, known as a hardware token, to act as a passkey. These tokens often look like a USB drive, and plug into a port on your device.
To get more tips on safe technology use, subscribe to Marin country’s cybersecurity newsletter at: technology.marincounty.gov/cybersecurity
Carrie Kirby spends a lot of time asking people about something they think about but rarely talk about: money. Her work on personal finance, business and technology has appeared in San Francisco Magazine, The San Francisco Chronicle, Wise Bread and more publications. She lives on an island (Alameda) with her husband and three kids, and blogs about family travel and mileage rewards at The Miles Mom.