Two intersecting trends are challenging the very concept of privacy: the first is the enormous amount of digital information transmitted every day; the second is the growing number of techniques being developed to capture, search and analyze that data. Here is a short anthology of some interesting and inventive methods that may be used to steal your data and identity.
This aptly named "geolocation aggregator" gathers location data from social networking sites and image hosting services.
Digital image files contain EXIF tags which record the image's date and time stamp information. Some cameras and smart phones can also provide GPS data along with the time stamp. So, by using Creepy to collect information from Twitter, Flickr and other apps, you can track a subject's movements and create a composite map.
According the Creepy website, "Using Creepy for any illegal or unethical purposes is strictly forbidden and the developer assumes no liability." Even so, this application is a stalker's dream.
I took Creepy for a test run using a couple of colleagues as guinea pigs. Both are involved in the security industry, and both Tweet. A lot.
I began my tracking exercise by entering my first subject's Twitter Username and clicking "Geolocate Target." Then I went for a snack, because it takes time for this program to scan the Twittosphere. A few minutes later, however, Creepy had retrieved over 2200 Tweets and extracted 115 locations. Not only did I get a map with each location pin marked, but I also had a list of lat/long, time and date.
Scanning my next subject kicked up a comparable number of Tweets. But out of almost 2,000, Creepy only extracted one location. So while my first subject was as easy to follow as Hansel and/or Gretel, number two was virtually invisible.
The difference in results is easy to explain. Twitter has a Tweet Location feature that users can opt into on their account settings page. For privacy reasons, Twitter leaves this setting off by default. The Twitter Help Center also offers this bit of advice:
Be cautious and careful about the amount of information you share online. There may be some updates where you want to share your location ("The parade is starting now." or "A truck just spilled delicious candy all over the roadway!"), and some updates where you want to keep your location private. Just like you might not want to tweet your home address, please be cautious in tweeting coordinates you don't want others to see.
Stealing Identities with a Webcam
Today, Facial Recognition scans require specialized tools. But the time may be approaching when anyone with a webcam can obtain your name, birth date and Social Security Number.
Alessandro Acquisti (the same Carnegie Mellon professor who figured out how to reverse engineer your Social Security number) has developed a method for identifying individuals with only a webcam image.
Acquisti's process goes something like this:
- Take a webcam photo of the subject;
- Use a facial recognition tool called PittPatt (developed by Carnegie Mellon researchers) to match the webcam image to a Facebook profile image;
- Using the profile information posted on Facebook and the professor's previously developed SSN formula, divine the subject's Social Security Number.
Don't have a Facebook profile? That's ok, because a tagged image of you on someone else's page may work too.
Acquisti says that this method has "ominous implications for privacy." Facial recognition and search engine technologies are developing to the point where you may soon be able to snap a picture with your BlackBerry and instantly pull down enough information to steal an identity.