What Web Surfers Can Find Out About You

cweditor writes in with an updated version of a story the likes of which you might have read before, What the Web Knows About You. But reporter Rob Mitchell found out vastly more about himself (his research subject) online than he could have even a year or two ago. The big difference is that state and local governments are putting online digitized records, often with Social Security numbers and other personal details intact. Mitchell ends by questioning how much good it does for banks or credit card companies to require 4, 5, or more independent identity "factors" before providing access to account details, when most or all of the factors they request can be found online about nearly anyone.

CWEditor can grab a spoon and eat my ass

Nice MASSIVE WALL of ADs, you douche.

Stupid Slashdot.

[Creepy+Crawler]

<Page 1>
Why
Cant
You

<Page 2>
Provide
A
Link

<Page 3>
So
Everything
is

<Page 4>
on
One
Page?

how abut a link here

Re:ID information available to the public

[zehaeva]

why not just put in a odd answer? for city of birth put the city of your fathers/mothers birth, or the name of your first pet? and for your mothers maiden name your grandmothers maiden name or the city of your birth? or the title of your favorite book, or the name of your favorite author. so long as you know what to substitute all should be fine.

Just make an answer up

[dfm3]

I treat "verification questions" as another password. City of birth? gc5f*kmn. Mother's maiden name? r4#dcViop. And so on. Most institutions don't have a problem with it. And if they do, you can still just use a random word. "Okay, okay, my first pet's name was really Albuquerque."

Re:pipl

Not surprising in the least. There are many of these services online and the free ones are little more then goggling your own name if anything.

OTOH there are pay services like lexis.com and others that i used to use in my skip tracing days. Now with nothing more then a name and a county i could usually get everything from SSN's to VIN numbers of cars you have/do own. DL number's phone number's (including potentially unlisted). Hell itll tell me if your married divorced (with links to the pdf's of the court papers if available). Employment history (with a list of associates employed at the same places around the same times as you.

About the only thing it wont tell me is your dog's name so there is no surprise to me.

I dont even have to go online to find out your address and phone numbers. If i know what kind of car you drive. Chrysler has an 800 number that you put in the first 5 digits of the last name and it will give me address and phone number on record...

Re:ID information available to the public

Why can't I use my own security question and pick something that I actually am one of the few people that know (me and maybe my wife or something)?

A while back, a friend of mine was running a student forum, which used ID numbers as a login, and allowed people to set their own question for password resets. He was having a serious problem with people claiming their accounts were being broken into. After a while, he noticed that only men were complaining. He ran a script to pull out the answers to the security questions, and found that 20% of the answers were "8 inches".

Re:Multi-Factor Authentication

[bakuun]

In Sweden, all banks provide a challenge/response - based physical keyfob to their customers, for free. I still find it amazing how bad bank security is in most other countries. Many banks just have passwords... all it takes is a keylogger. Insane.

Re:Times Changes

[KPexEA]

We have a small mail-order business in Canada selling die-cast model cars and if a US customer orders over $200 worth of model cars, we need to supply Fedex their SSN so they can pass that along to Homeland Security so the shipment can clear US customs. We do get a fair number of customers who refuse, but there is nothing we can do about it, most of our long-term customers don't have a problem with it.

Re:It's worse than that

[roc97007]

Oh, don't be like that.

Let me give you an example. When I got my American Express corporate card, part of the activation process was to create a PIN. The process is done through a voice menu system. The message suggests that you use your mothers birthdate (month and day).

My intention was to make the PIN a random four digit string. Turns out the system would not accept a four digit string that was not a valid month and day. They actually had software in place to make sure you didn't pick the 32nd of Grune.

So, yeah, I am surprised that this system would accept a grandmother's middle name that included numbers and punctuation characters. Or a "first pet's name" of "Your mother was a hamster and your father smelt of elderberries". ("By the time I had finished calling him in to dinner, he starved to death." But I digress.) Or that it didn't bother to check that my daughter's high school, hospital where she was born, and maternal grandmother were all coincidentally named "none of your damned business, monkey boy". [1]

I half expected to see the message "That name is not valid. Your grandmother's middle name must match an entry in 'The perfect book of baby names'. Available on Amazon." Or, more likely, get an email from the bank something to the effect "Our IT department does not appreciate your thoughts on their personal habits. You will have to re-enter your personal information to access your account."

[1] None of those are the real passphrase, of course.

Re:Bad News

[jdmetz]

I know you're joking, but apparently all that is needed for the Social Security agency to declare you dead is for a coroner to mistakenly type your SS#. From there it will get to your credit reports and pretty soon all your accounts will be frozen. Here's someone who had it happen recently.