Yikes, has it really been almost a year since I last posted? Very sad…
My confession is thus: I’ve been dialing back my online footprint for a while now. In this volatile day and age, it’s a wise decision. And already, I see the confused look on your face. I’m moving too fast, please forgive me.
First, we need to define an online footprint (or digital footprint):
1. one’s unique set of digital activities, actions, and communications that leave a data trace on the Internet or on a computer or other digital device and can identify the particular user or device:
Our online browsing habits are part of our passive digital footprint, created without our consent or knowledge, but our active digital footprint, especially on social media, can more easily be managed.
2. one’s overall impact, impression, or effect as manifested on the Internet; online presence or visibility, as of a person or company: a celebrity with a large digital footprint;
Your online footprint is, in essence, the sum of your online persona. It’s everything you have ever done, online. It consists of what you post, what you say. Where you’ve been, what you’ve shared, what you’ve bought. Every photo and Twitter and comment and like. Each little piece is a cell in this organism called your digital footprint – and it’s much larger than you could imagine.
This information – this persona – can be a very significant liability.
People lose their jobs and livelihoods as a direct result of their online personas. People don’t get the jobs they want as a direct result of their online personas. People kill themselves as a direct result of their online personas. Marriages end as a direct result of their online personas. Entire fortunes have been made and lost as a direct result of online personas. The list goes on, and on, and on.
Online personas are a profitable source of revenue.
My darling Pooky claims that her phone listens to her. And while I playfully say she is crazy, there are many documented instances of this actually happening. Let me elaborate. Things that you say in the privacy of your own home have been picked up by listening devices, and used to turn a profit. This information has been sold to marketing firms, who send specific advertisements to you, based on what they believe will sell more of their widgets. There are myriad documented cases of this happening – this isn’t tinfoil hat stuff. Cell phones are the most common culprit, though devices like Amazon Alexa are making it even easier. These devices have tossed off all pretense, and are advertised as devices that sit in your home, and listen to everything that goes on, waiting for you to need something from them. All you have to say is something like “hey Alexa – what is the capital of Nigeria?” and it responds with an answer. The privacy concerns over such a device came to the front in a court case out of Arkansas, where Amazon was coerced to turn over the recorded audio (gathered without the homeowner’s knowledge) during a murder trial where an Alexa was in the home. Amazon provided a pile of information that they had about the homeowner’s smart device data, including the smart water meter readings that indicated the person on trial had used a boat load of water to fill a hot tub AFTER the victim had supposedly drowned in said hot tub. But Amazon refused to turn over audio data gathered by Alexa – and it’s unclear just how much they are actually gathering, analyzing, and churning for a profit.
This may well be the more nefarious end of the story – but similar events happen all the time. For example, if I search for a Martin guitar on Amazon, my Facebook feed immediately changes as a direct result, and serves me up advertisements for guitars. News feeds immediately change to more musically themed stories. Friend suggestions of other musicians pop up. And this behavior follows me across all of my connected devices – computers, phones, ipads, etc. All of these sites are connected in an attempt to harvest information from me (with or without my consent) and churn that data over in a quest to make money. Advertisements abound. Everything is connected. Nothing is secure.
There are numerous cases of people losing their jobs as a result of their private online activity. On June 18, 2016, Lydia Price wrote an article for People magazine entitled “20 Tales of Employees Who Were Fired Because of Social Media Posts” that provides further evidence that your online footprint can have negative repercussions. I’m sure we all remember the guy who recorded his trip through the Chic-Fil-A drive thru, with the intent to harass the young employee there about the corporate values with which he disagreed with. His attempt to grab his Warhol 15 minutes of fame backfired spectacularly.
Side Note: Andy Warhol, the famous artist, said that “In the future, everyone will be world-famous for 15 minutes”. The Internet is a bloated market where many people seek to cash in on this goal.
So anyhow, this guy harassed the girl working at Chick-Fil-A, and published the video on Youtube. Later that day, he lost his job, and to date still can’t get hired anywhere. He has since then battled depression and thoughts of suicide. The mob mentality of the public Internet is a harsh and unforgiving master. Understand – I do not at all condone what he did. But there is much debate from free speech advocates (and just about everyone else) whether or not his punishment fit the crime. Either free speech is always free – even for those with whom we disagree – or it’s not free at all, and we are slaves to mob rule. Ah that’s an entirely different topic, I digress. The key takeaway here is that whatever you say online can cause you permanent harm. This extends to the pictures you take on your phone. Your phone is connected to the cloud (a fancy term for “someone else’s computer”). A photo you take on your phone is often backed up automatically to the cloud, where it is fair game (albeit illegal fair game) for others to access. The list of people who have suffered when their personal photos were smeared across the Internet is longer than we could imagine. As part of your digital footprint, photos can (and often do) harm you.
And now we arrive at the most obvious threat: teh h@x0r.
The last little bit about photos getting leaked was a sequeway into this topic. Plenty of your information is being leaked out through legitimate (albeit frightening) ways. Your search history, your browsing habits, your Facebook and Twitter posts, even the words you speak in the privacy of your own home – all this information is most likely covered by some sort of Acceptable Use policy that you signed off on. To say it differently, you are willingly GIVING this information away. But there are other methods of accessing your information without your consent.
In 2016, a Lancaster, PA man hacked about 50 Apple iCloud accounts of many celebrities. This man then accessed (and posted online) the personal photos of many celebrities from their iCloud accounts, without their consent. In 2008 the personal email of then Vice Presidential candidate Sarah Palin was hacked by the son of a politician from the other side of the aisle. The stolen emails were then leaked online, a term called DOXING. Bringing the discussion into 2017, the news is flooded every day with information about Russian hackers and Democratic emails and Wikileaks.
If the allegations against Russia are somehow proven beyond all doubt (a monumental task), they are pretty severe allegations. But let’s not forget that Iran, China and Syria also have sophisticated cyberwar capabilities that include hacking. And lest I be guilty of patriotic tunnel vision, the United States also has highly sophisticated offensive cyberwar capabilities that it employs across the globe. The targets of this elite government-sanctioned hacker group (can I use the term TAO out loud?) includes private citizens, foreign governments, friends, foes, and all points in between. Thanks to the Patriot Act and 9/11, nothing is off limits for the elite cyberwar arm of Murrica. I imagine the chances of Russia coming clean on its election shenanigans is about as likely as our government coming clean on the existence and use of the Stuxnet virus against Iran.
Think Like The Bad Guy.
How do the bad guys get our stuff? Why I’m glad you asked. Studies show that most hacking attacks generally begin with a phishing campaign.
The more information we provide online, the more of an advantage we provide to a hacker. I’d be willing to bet that if you’re on Facebook, you have already been approached by someone you thought was a “friend” but who actually turned out to be a hacker or phisher. Why this just happened to me not long ago. I got a friend request from my oldest brother, and it looked legit, as the profile picture was of him (which the hacker got by looking at his public profile). So I accepted the request, and within seconds, my “brother” had initiated a chat window with me. What was the hacker’s goal? To get me to click on a link he sent me. And have no doubt – that link (should I have been foolish enough to click on it) had a virus attached to it. A virus that could have given the hacker complete access to my computer. From there, they could suck out my passwords, bank account information, or *shudder* dump ransomware that could encrypt my hard drive, demanding money as a ransom.
I’ve seen so many of these phishing attacks over the years. I’ve gotten calls from “Microsoft” who said I had a virus and I needed to let their technician into my computer. I’ve had popups from websites that declared that I had won something, and needed to click on a link to claim my prize. I’ve gotten texts from people claiming that my account for ABC was locked, and I needed to tap on their link to unlock it. All over the Internet, hackers are after our stuff. Any information we give them via our online footprint can (and often is) used against us in pursuit of our stuff.
So now that I have you thoroughly freaked out, what can you do?
- Back your stuff up. Back up your documents and photos weekly to an external USB hard drive. And after each backup, unplug the drive from your computer.
- Minimize your online footprint. Don’t share information that could be used against you by a hacker. Do you really think the whole world really needs to know where you eat or when you’re at the pool? Think like a bad guy – you’ve just told me valuable information that I can use against you.
- Maximize your privacy and security settings. On sites like Facebook, disable features that allow strangers to see any of your information.
- Question the motives of everyone who asks you for information online. And don’t share it.
- Never take photos of yourself that you wouldn’t want your parents or children to see. Yeah you know what I’m talking about. Just don’t do it.
- Search for yourself online. Searching for your name, in quotes, in Google is a nice way to start. Or use a site like PIPL to really get freaked out.
- Don’t click on links unless you are confident that they are legit. Especially via chats, via emails, via message boards, via social networking sites, etc. Clicking on a bad link can cause you immense pain and suffering. You will get viruses. You will get hacked. You will get ransomware.
- If you have children, keep tabs on their activity. I cannot in good conscience recommend that any parent buy their child a smartphone, ever. You can easily control what happens on your home computers. Not so much, on a smartphone (ie. Android, iPhone, etc.). I know this is unpopular – but I’m serious. If you want your kid to have a phone, get them an old school flip phone, or something without a data plan and web browser. The social, mental and emotional drawbacks to smartphones are myriad and well documented. Resist the urge to give them any device that you can’t easily control or monitor. Protect them from sexting and cyber bullying and porn and cyber stalkers.
OK so a hearty welcome back to me. I can’t guarantee I’ll be posting again soon, my apologies. But if you have any questions about anything I’ve said, feel free to send me a comment. I do read them. I do respond. I do care.