The Annoying Internet - Invasion of Privacy
July 19, 2012
This hub is going to examine some of the common sources of privacy failures on the internet that many people are likely unaware of as well as some steps that people can take to protect themselves. Specifically it will look at issues of unprotected directories, domain registrations, property tax records, and people search websites.
A directory is a folder accessible via the internet showing a list of files. Many directories contain a file which contains code that generates a web page when you access the directory (usually an index.htm, index.html, or index.php). If you, for instance, type the following into your browsers address bar http://volcanoes.usgs.gov you will not get a directory listing, you will get a webpage because it contains such a file.
Not all directories have such a file, and if they are not password protected, accessing them will generate a directory listing. The following is an example from the same server: http://vulcan.wr.usgs.gov/Imgs/Jpg/. This gives you a directory listing with a list of folders containing photos. The USGS, of course, has no need to protect these files, as they are all meant for public consumption and are probably linked to by other webpages. Below is a screen shot of an open directory on the USGS site.
Not everybody, however, understands the issue of unprotected directories, and there are lots of examples of people who put files into these directories thinking that no one will ever see them or be able to find them.
The other day I randomly stumbled into one which contained a number of folders containing photos of a young couple. For the most part they were very ordinary photos you would expect to find in a photo album out on the coffee table: BBQs, birthdays, vacations, etc. But there was one folder which contained photos of the lady that were clearly meant to be for a boyfriend's eyes only.
I was a bit conflicted on whether I should say something or not. Do I violate her privacy by letting her know which would allow her to secure the content? Or do I leave her in ignorant bliss and hope no one else ever sees them? I asked this question to the Hubpages community and the overwhelming response was that I should try to let her know.
Up to this point, however, all I had were first names, Bob and Betty (not real names) and no contact information. So what's the next step?
Domain registrations require a name and address. It is a reasonable assumption that a large piles of photos like what I had found are located on a personal domain. Domain registrations are for the most part publicly viewable and easy to find. There are many sites which provide this information. I don't have a particular favorite so will usually just type a search into Google. Something like this: <"www.exampledomain.com" domain information>. Running a search for the domain in question found a domain listed with Godaddy. Seen below.
This is a fairly standard listing that you will find. In this case, the listing is for a man, matching the first name of the man in the photos, and includes what appears to be a home address.
Property Tax Information
It is reasonable to assume that the last name of the man is the last name of the woman (amongst the photos were wedding photos of the two). To double check, property tax records are another source of information which is easy to check. Most counties these days have this information searchable online. The county in my case is Denton county, Texas. Here is their search site: http://taxweb.dentoncounty.com/taxwebsite/. A search for the property revealed by the domain registration reveals the following information:
You can see a variety of information is listed including in this case the name of the woman with her middle initial along with her husband as owner. Johnson Bob & Betty R (not real names).
There are a LOT of people search sites out there. PeekYou, I think is a pretty good one, but there are many others.
WARNING: Avoid MyLife and any other of these types of sites which require registration. This just gives them even more information about you.
With just a first and last name, these sites aren't always very helpful, especially if it is a common name. Every extra little piece of information greatly reduces potential matches. These extra data points include middle initials, states of residence, and age range.
As an example I ran searches on PeekYou for the actual Betty Johnson. For state I used Texas and age range I used 25-35. Results are shown in the chart below. You can see how dramatically the extra information starts to reduce the number of possible matches. For a less common name, the list would be very manageable.
Depending on the person, PeekYou (and similar sites) can have a variety of information, including possible aliases (which for ladies is often a maiden name), possible relatives, partial addresses and phones, employers, links to social media profiles, ages, etc.
With the information I have it was not difficult to find a Facebook profile for Betty Johnson (not real name) and her husband. Facebook is a privacy nightmare. That's all I'm really going to say about it. One of the big mistakes, in my opinion, is listing family relationships. At any rate, from Facebook, I found additional photos, husband's employer, Betty's high school, etc.
What I have done so far is not really difficult or time-consuming (was about 20-30 minutes of work). It required nothing illegal, no money spent and no registrations on websites. Everything I have gathered is publicly available and free to anyone with an internet connection.
In that half-hour I have collected (or could have collected) a large pile of photos of this young lady, her husband, friends, and family; some photos of her half-nude; a full name, including middle initial; maiden name; husbands employer; lady's high school; home address; Facebook profiles; a list of relatives; and her age. So you can only imagine what can be collected with more time, a willingness for illegality, and spending some money.
So, what can You do?
Don't put personal files in unprotected directories. That's a pretty simple one. Protecting a directory can be done by adding passwords or simply by adding a blank index.html file in the folder. This isn't a problem for all servers. Some automatically add a blank index file. Others prevent access to them entirely. If you don't know test it out for yourself.
Consider registering with a company which will hide your personal information. NearlyFreeSpeech.net is one which does so. Others might as well, but probably charge a small fee.
Property Tax Records
There probably isn't much you can do about this one. If you are married you could limit the listing to one name. You could also leave out a middle initial. Honestly, I really don't know why this information is public. There may be some counties which allow people to opt out of their property being publicly listed, but I really don't know. It isn't really the worst in terms of privacy, because it is probably pretty rare to have someone's address and not their name, but still it is something to be aware of.
People Search Sites
There isn't much you can do about the information contained on these sites, but it is worthwhile to know what information they do have on you. Go ahead and pop into a few of them and run your name. If you have never done it, you may be quite surprised.
You have to strike a balance between paranoia and prudence. It's pretty much useless to try to keep all personal information off of the internet. It is inevitable. However, that doesn't mean you should be careless. I am always surprised by some of the photos I see of people that are publicly available online, especially involving children. Photos often contain a lot of information that people just don't even think about that can provide information such as names and locations. Be careful with photos and information you place on social media sites. Especially Facebook.