Bryan Hadaway's Blog
Your Account:   subscribe

bhadaway@gmail.com | Social: Facebook Twitter LinkedIn Google+

Privacy Mistakes that Never Even Occur to Most People





I think most people these days are pretty savvy to obvious security and privacy concerns with say, using Facebook and Google for example. However, listed below are some common, but often overlooked (even ironically counter-productive in some cases) privacy issues.

Shredding Documents

I personally think this is the dumbest and most widely used privacy mistake of them all. Most people shred documents that may contain very private info like social security numbers and credit card information, but then directly proceed to throw them in the trash.

Basically, all you’re doing is drawing a big target for would-be criminals sifting through your garbage saying “Hey criminals, here are the really important documents that I don’t want you to read. See, I’ve cleverly shredded them, now you can’t read them haha, suckers!

It’s ridiculous, this has now made it very convenient for criminals to grab just what they need, go home and put the puzzle pieces together. I wouldn’t even consider shredding documents a deterrent. If something is important enough that you would shred it, incinerate it! Don’t live somewhere where you can burn a whole stack of documents? Tear just the private pieces of info out of documents, hold them over the toilet and take a lighter to them, then flush the ashes.

Using a Safe

Especially one light enough or not secured to the ground, where someone could just nab it, head home and take as much time as they need getting it open. All you’re doing is putting all your most important files, money, jewelery together in one convenient spot and saying “Hey criminals, I obviously have valuable enough assets to put here in this safe, this impenetrable safe.

There is no such thing as an indestructible safe. And the criminals that are going to be going after safes in the first place probably know more than you or even the security company about safes and their security, weak spots etc. You’d be better off not even letting anyone know what valuables you have in the first place and hiding them, not “securing” them. If you’ve got something you want really protected, I would probably hide it off-site. Obscurity is always better than security unless we’re talking Fort Knox.

Registering to Vote

I know that voting is important to a lot of people. But, did you know that in order to vote you have to severely endanger yours and even your family’s security and privacy? You might find it shocking that because you registered to vote, by law, your home address has to be posted online publicly for ANYONE to be able to access.

That doesn’t just include political campaigns that want to look at your voting record (which is also fully available) in order to spam you with better-targeted material. It also includes bill collectors, hackers, spammers, scammers, exes, stalkers or anyone else that wishes to obtain your home address for malicious purpose.

Waiting On-hold with Customer Service

We’ve all heard the “This call will be recorded for quality assurance.” message while waiting on hold. What many people assume is that that only applies to once you’ve actually been connected to an operator, not true!

A lot of companies don’t differentiate any sort of “connected” mode. You’re simply recorded 100% of the time once you’ve called in. So, every time you’ve gone off the deep end complaining about the company and customer service, fought with your spouse, yelled at your kids, took a restroom break or did or said any number of embarrassing or confidential things there was very possibly someone listening the WHOLE time and possibly even saving the recording for a good laugh later or worse.

You’re fully within your rights to request that you not be recorded. However, there’s no way to know if they’re actually complying with this. So try to remain as calm and polite as you can, basic decency dictates that you should be trying to do so anyways. But, that’s certainly easier said than done in stressful situations.

I personally just put my phone on speaker and work on other things while I’m waiting, remaining silent. For others, perhaps with screaming children that’s not a good option. You can simply mute the mic on most modern phones while on hold.

Password Reset Questions

To this day I still have yet to see one company implement this in even a semi-intelligent way (and give users/customers good advice on how to answer security questions). Besides having your password phished or social engineering, this is probably the most common way people get into your accounts. If you can avoid setting up password reset questions in the first place, do. This only adds a vulnerability to your account.

Now if you have to setup security questions for an account, whatever you do, DO NOT give real answers. You probably feel you can trust your family and friends, but you never know and that’s really not the point of security anyways – you don’t make exceptions. The best thing to do is simply also use passwords for the answers, for example:

Q: What’s your favorite pet’s name?
A: ?X+0^w#`Z DX=FgI(AUpqrRsleV[oHKMkSc8uyLvoJeRE07:KG`NJImG]Jn[p!x9

Now, if you’re prone to forgetting your passwords a lot and needing to use the reset that won’t work for you. One trick could be to give an answer, but obscure it in a way that no one could ever guess, for example:

Q: What’s your favorite pet’s name?
A: CujoBadDogYay!

Just enough so that no one could reasonable assume you did something clever (or even be able to figure it out if they did), but not so clever that you cannot remember it yourself.

Using a Library or Friend’s Computer to Log Into Your Accounts

One word, keylogger.

Using Public WiFi

Just don’t do it. If you absolutely must, make sure that you only log into accounts that offer https/SSL encrypted logins. That way, even if a shady person is capturing your data, your passwords will be encrypted and there’s really no way they’re going to decrypt it. It wouldn’t even be worth that much effort if they could.

Using Cloud Apps or Devices

I’d like to also file this one under Just don’t do it. Convenience will always come at a price. The moral of the story is not to secure your accounts more vigilantly, it’s to never have personal files and pictures accessible by or stored on the internet in the first place! Keep your important stuff offline.

Signing the Back of Your Credit/Debit Cards

I always found this one odd, you’re always advised not only to sign the back of your cards, but to do so “immediately”. All that you’re doing is making it easier for someone if the they get their hands on your wallet/purse.

Ideally, not signing should give you an extra layer of protection in that if you try and pay with an unsigned card the cashier is suppose to check your picture ID to verify it’s you, and I doubt most robbers look just like their targets.

However, keep in mind that depending on the circumstance/cashier, 90% of the time they won’t check out of laziness, incompetency or any number of other reasons. Still, why give your robbers more info about you like your signature?

Conclusion

That’s about all that I can think of for now as far as specific issues that many many people haven’t even considered. For your every day security/privacy screw ups, the sky is the limit, but that’s not what we’re discussing. I’ll add more unique examples if they come to me.

I realize a lot of these may be silly to most, but being smart is about all the little measures you take that add up to giving you just that certain percentage of a higher chance/edge from becoming another victim.

What are some commonly overlooked or not even considered before unique security/privacy issues you’ve come across? I’ll add them to the list.

Thanks for reading, Bryan

Other Reads