The Blog

Featuring fresh takes and real-time analysis from HuffPost's signature lineup of contributors

David Emm Headshot

Social Networking or Identity Sharing: What Information Should You Give Away Online?

Posted: Updated:
Print Article

There has been a lot of debate recently about how much information we should give away online. Just a couple of weeks ago, Cabinet Office Internet security chief, Andy Smith, publicly suggested that we should use fake details online in order to protect our security. But is this really the right approach to staying safe online?

To suggest that we should provide fake information across all online sites and services is unrealistic. Many providers of online services - not just the government - insist that you use your real details when creating an account; and in the case of an online payment site, you will be required to enter accurate information at some point anyway.

However, on the other hand, it's important to realise that there is a risk when sharing information online. Think about all the information you have ever shared on social networks or other websites. To you it may seem like harmless information, but when aggregated, this information becomes a lucrative goldmine for today's cybercriminal.

The security threat posed by social networks is not new. In fact, the danger of revealing too much on these sites was demonstrated a couple of years ago by the website Please Rob Me that cleverly combined Foursquare data and Twitter messages. Those accessing the site could quickly determine where the members of these social networks actually lived and whether they were currently at home providing the perfect itinerary for any burglar.

Those who reveal small snippets of information about themselves in various places must assume that resourceful third parties could combine this information to create a complete picture. For example, if your email addresses, telephone numbers, hobbies and preferences are publicised on the Internet, then it should hardly come as a surprise if you are bombarded with targeted advertising. Such data is often not intentionally made available to prying eyes, but the default settings on social networks are simply not strict enough.

Social networks are often subject to phishing attacks, for example trawling for passwords or access IDs, so if this data can be acquired, then identity theft is just a few steps away. For example, there are known cases of identity theft where hackers took control of a social media account and then feigned an emergency in order to ask friends for financial aid. A more common approach is to use a hacked account to spread malware via messages to the victim's contacts.

A well-known example is the Koobface worm, which is spread via Facebook and MySpace. Invitations to look at a video were sent to users from accounts that had been hijacked beforehand. However, when recipients clicked on the specified link, they were directed to a counterfeit Facebook or YouTube page where they were asked to download 'Flash Player' - which turned out instead to be a worm that could continue spreading in this way.

Sometimes malware is also hidden in add-on applications for social networks. Very popular for example are mini-games, which users can also play across a network. The problem is that these applications originate from third-party providers whose security standards do not necessarily have to correspond to those of the social networks.

With the security risks laid bare and the knowledge that cybercriminals are constantly on the lookout for personal information, we all need to be wary about the data that we disclose online - in particular on social networking sites. It's not just ourselves that we put at risk when we over-share online: we may also let slip incidental information about our employer that could help cybercriminals to set up a targeted attack on that company.

While giving false information across all online sites is unrealistic, not all such information needs to be accurate. To falsify a date of birth, for example (or adjust it to remove the day of birth, or to change the month) isn't fraudulent in my view, just prudent. And there's no good reason why your answer to 'mother's maiden name' (or other information used to verify your identity) needs to be true.

We all know that the world can be a dangerous place, but we don't stay at home for fear of these things - we take sensible precautions to mitigate the risk. The same should apply online. By thinking twice about what information you are sharing online and the use of the right technology, there's no reason why you can't bank, shop or socialise online without compromising your identity.