Slashdot Mirror
How Your Username May Betray You
An anonymous reader writes "By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users."
Couldn't they already do this with cookies?
In other news.. the gentleman wielding the running chainsaw could probably kick you really hard with those steel toe bootsand maybe even poke you in the eye!
that my username won't betray me...
I thought this was the whole point of using a unique username. If I didn't want a unique identity, I wouldn't have created one for myself.
And when they find me, how will I resist their clever and informative advertising?
Oh that's right, I'll just ignore it like I always do.
That's why I have several aliases I use online, and will never use anything relating to my real name. The one you see here is for fairly anonymous forums. I have one that's used strictly for gaming and game related material. I have one that I use for throw-away accounts (spam e-mail, etc). Then I have a few super generic ones that I use for...shall we say... less honorable activities? ;)
"He who can destroy a thing, controls a thing." --Paul Atreides, Dune
While this is no doubt true, it is virtually meaningless. How many companies are really going to spend the time, effort and cost to put these things together, on the vague hope that it will somehow magically increase sales?
Seriously, that's almost precisely why I've the same username all over place (amusingly, almost except /.) - so that people who know me on one might recognise me on another.
I'd imagine that anyone with a desire to not let anyone know where else they go on the net already gets all their usernames out of pwgen or something.
I mean, we have to accept at some point that we are all in a public place. I for one don't want to have to live life online like a fugitive. Constantly changing my identity and browsing habits just to throw off marketers. And if you are smart you can easily avoid scammers by being more vigilant with your important information.
someone down named Analintruder?
"You'll get nothing, and you'll like it!"
As long as they can't link my username to my real name, I don't care. They can collect information about "some dude who goes by GameboyRMH" all they like.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Build a username which uses Acrostics or Chunking of the place you are going.
My Yahoo account is GPLDANJCYS, which stands for me + Jesus Christ Yahoo Sucks.
Then, you know exactly who is leaking and linking your information, and how you feel about them to begin with.
Hey slashdot, why don't you be ahead of the curve on this and let posters change their username associated with their comments once every few years. Also, being able to delete an occasional comment would be thoughtful too. It's not 1995 anymore on both accounts.
It does not help when you write something that implicitly also utilises your handwriting too! ;)
I get the feeling from a privacy POV, my user name fairly low on my priorities
http://liqbase.net/liq.20110208_002.liqbook.on.meego.ideapad.jpg
liqbase
And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.
Try this web site for an idea of how these factors can (in combination) uniquely identify you:
https://panopticlick.eff.org/
I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.
Umm . . . obvious, per chance? It seems to me that this is sort of . . . common sensical. Many people (myself included among that set) use a common username across multiple sites for that very reason mentioned in the article. To enable others to track us via our username. Of course, the intended audience is not the scammers -- oh, sorry, "marketers" -- but rather fellow hackers. But it's a double-edged sword. Perform an action, and the consequences will arrive, knocking on the door in the middle of the night. Welcome to the world, people.
Transparent.
One sales droid's abject terror is another sales droid's golden opportunity.
Police State UK - news and
Be at least 8 characters long. Have at least one upper and one lower case letter, a number, a symbol and an RGB code for your favorite color. Oh and change it every 6 months too.
Sorry about the mess.
Are we looking at a sever breach here if researchers have access to username on Google and Ebay? And what security do they have to keep those lists out of others hands. Probably the student in the University will keep all that information secure...
Yah right.
Give it up. Privacy is gone.
So does this mean that Cowboy Neal is screwed?
"Waste not one watt!" - CZ
plenty of bullshit.
always nice to mess with the data.
thank God the internet isn't a human right.
Could we just move tautologies to idle? Or maybe we need a /. section called duh...
I work for a growing software company and I have basically used this technique for doing basic background checks on job applicants.
Back in about 2006 we had someone apply who had a distinctive username that returned a handful of results via a careful google search. Almost all of them were to "alt.drugs.bongmaking" or something similar.
I didn't care whether the guy/girl had used drugs, but about the complete lack of discretion in the posts. He had actually used his full name and detailed personal information that positively identified him as our applicant. Really sad, and not the only time something like that has happened.
That's the point dumb asses. So you market to this useless account that you think you have nailed demographically. Can't sneak nothing past you guys.. And yes I would like a subscription to O magazine because as an older woman I love Oprah.. fucking morons.
Tiger Blooded Bi-Winning Machine
...don't get online. Don't post more info about yourself than you want to have distributed. Don't assume your username or password gives you any anonymity. If you're concerned about tracking, use a password manager and use a unique username/password for every site. If you're not that concerned, use 3-5 different user names with different passwords, they may be able to link some of your info, but not all of it.
make imaginary.friends COUNT=100 VISIBLE=false
You see, that's really THE WHOLE POINT of using the same username in multiple venues. In fact, it's the whole point of having a publicly visible username at all.
It's there to promote continuity between your various posts. It builds a "brand identity", if that's a phrase that you can use without wanting to punch yourself. If that wasn't what you were trying to do then you shouldn't have registered a user name in the first place.
I wonder how many people use the same username as their email address.
Honestly, who thinks it would be that hard to go through and scan the internet for usernames, and then append every popular domain name after them.
Add to that the profiles that could be scanned, and combined, along the way, and you can probably find pretty good, targeted ads in a very automatable way.
Honestly, I don't care. I don't want government to have the power to track me, but if a marketer figures out in his database that the same person who posts on Slashdot also posts on a filmmaker site and a college football site, well, who cares? If I happen to want to do something where nobody can know who it is, yeah, I'll create another identity. But for the vast majority of what I do today, I've taken to using my real name as my user name. I can't figure out why people think a user name "betrays" you because it connects you to something you've said elsewhere. In real life, I already have something like that. It's called my name. So more and more, I'm using it online except in the VERY rare cases I want to protect my identity. This is not rocket science, IMO.
Its called 'online presence' and it kind of the point isn't it?
I've used "Cro Magnon" several places, so one could assume it's the same person (especially if I make a referrence to one of the other sites). However, on at least one site, "Cro Magnon" is used by someone else, and my username is something entirely different.
Also, I'm on plenty of sites with totally different usernames.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
I've been tracking all of your posts my friend and let me tell you, you've been busy!! :)
my advice to you, take a break once in a while :)
Never antropomorphize computers, they do not like that
WHO CARES! Should we all just unplug our computers and go cower in a corner, afraid some advertisers might profile us, or a scammer might track us? Oh my. YA KNow.... isn't the solution just a little obvious? Why did this subject even make it to /.???
If someone sees that I buy a lot of stuff from bestbuy, and that I am a programmer because I have accounts on sqlserver.com and vb.net mag .com and also see i post a lot about tech stuff on /., etc...etc... guess what , they wont bother sending me spam about viagra, they will send me spam about the latest tech stuff for sale, which is just fine by me....allows less spam making it's way into my mailbox....
Wait until your are done explaining it to her, and some smart ass comes behind you and point out to her that, since marketers are using her username from different sites to link them and track them as the same person, ANYONE could create an account on any porn site on the internet, and user her AOL/MSN name for their account, thus linking her to any activity they do on the porn site. They could be extra helpful by explaining to her that the only way to stop them from using her username on those sites is for her to register it first.
Just wait until you get the call from her explaining that she made a typo, and wants you to help correct her username on 'iwantmyhorseporn.com'.
This kind of tracking is easy to avoid. Just do like me and never post on discussion forums like this one.
For every post, there is an equal and opposite re-post.
This may shock you but I am neither mexican nor little
i googled my /. username and found more than one site duping /. articles:
http://jetlib.com/news/tag/earth/page/20/
http://pubsub.com/Puck-Daddy-Mini-Doc-Talking-2010-NHL-Draft-and-dream-cars-with-Taylor-Hall-Tyler-Seguin-and-Cam-Fowler-Sunny-the-Sun-n-cpTsvVWHWnSS
plus a lot of other stuff i knew would be found if anyone did that. so i don't feel betrayed at all.
Speak for yourself... my wife kinda objects to my stalking hot girls online, so I don't do it.
I've abandoned my search for truth; now I'm just looking for some useful delusions.
Same problem also exists with people. I don't necessarily want people to track me down all over the web. Easy fix though:
Randomly generated password for each.
It isn't just Europe.
The WSJ ran an entire series of articles about scary analytics and their evil quant masters. NPR "Fresh Air" then ran an hour long episode quoting the WSJ. The horror! I was shopping for shoes and then shoe adverts started popping up! Dammit, they know EVERYTHING!
why would anyone wish to hide what brand of jeans they like to wear?
Because it's none of their business?
I for one would very much prefer that marketers and ad networks had a good picture of my product preferences so that instead of ads for mortgage refinancing and painfully unfunny t-shirts, I would get advertisements for things that I might actually be interested in.
There are ads on the Internet?
Thats right, that Lee :)
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
My reputation is too important for me to want to change my nick just to avoid marketing. It's useful for recruiters or prospective employers to be able to do a quick search and find out more about me. It's like an implicit and well-earnt LinkedIn.
a unique username on every site:
head /dev/urandom | md5sum
I'm not a lawyer, but I play one on the Internet. Blog
I cover my tracks by using my username everywhere, registering for places I don't go, subscribing to magazines I don't read, and I buy everything, from ladies slacks to chain mail. I join groups I disagree with, donate money randomly, buy clothing that won't fit me, bid on items I don't really want, all to confuse the heck out of these people who want to know about me. A person who comes from everywhere comes from nowhere at all. If everyone got cookies from every website, we'd ALL be Spartacus. That's my plan anyway, if I wasn't so lazy.
Gently reply
Trying to hide from the marketers is almost a Hobson's choice. If I want to obscure my identity, I must:
- Use multiple identities. Complexity and failure due to other means of tracking me make this fairly pointless.
- Stop using cloud-based services. There goes Gmail and a bunch of other stuff. So I should be running my own webmail gizmo?
- Opt-out of all marketing opportunities. Sure, and opting out is actually respected by how many? ESPN keeps turning video autoplay back on when I go there, as if they are going to respect my opting out of newsletters, sharing with other entities that have 'items of interest' to me.
- Unsubscribe from services when I'm done with the business at hand. And re-enroll two weeks later. Nice, I get to play whack-a-userID as much as I do the thing I actually wanted to do.
So I don't bother. I'm fairly immune to the sidebar ads I get, I never respond to spam ads, and I am now tending to avoid retailers that obviously use deceptive means to target me. Screw 'em.
As an example of hilarity; I looked into getting a used shipping container a few months ago to use for storage. Turns out even old beatup ones are pretty expensive. For weeks after that, I would see sidebar ads for shipping containers 'everywhere'. Even today I coudl get one if I go to the 'wrong' site. I was never seriously in the market for containers, but it's a competitive market, and they are persistent.
Another example; I made the rare mistake of going to a buy.com (or was it nextag.com?) link for an item. Aw, crap. Now I get those ads all the time. But I recognize them schlepping me ads for 'djebme strap' and ignore them.
A final example; How often have I actually clicked a link to nextag.com to look for something specific, as a last resort, and find that they actually don't have ANY sources, but 'check back real soon'! Argh. And you can be sure I'll be peppered with ads for that item for a while. Grrr.
It's a lot like old fashioned junk mail, except I don't even need to carry it to the dumpster. It could be worse.
And it probably is. My only fear is that I will eventually get categorized, and red-lined so that I never see ads for what I actually want, but I see ads that are shoveling me something I don't want, but 'they' are trying to steer me to. This is entirely illegal in financing, but not quite yet in retailing. We'll see if it should be or not.
deleting the extra space after periods so i can stay relevant, yeah.
Sure, if some jerk has it out for you and you get stuck in one of these nets you'll never escape.
Big Picture, we're thrashing through a ton of social change with this here Net thingie.
My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
The marketers/spammers must have traced my username around the web and revealed my interest in sex. Apparently they worked out my email address too, because my inbox has been full of porn and viagra ads for years. And all this time, I thought _everybody_ got those kinds of emails. I can't believe this!
ok, so obscurity isn't working... time for something different.
Use a username that is a slight modification of a VERY common person. bradpitt, obama, billgates, sjobs, stevejobs, ibm, microsoft, etc etc.
then, when some marketing puke googles that : the s/n ratio blows their little analytics apart.
-- john smith
jp
Oops. :)
I think this is related to the way in which brands don't just sell us products, they sell us identities. So the underlying worry is that, if our consumption habits are really just data that marketers can aggregate, then the brand of jeans we buy and the music we listen to and the films we watch don't actually make us the special snowflake we would like to imagine.
If you get my real name, you can easily find me through canada411.com, and I'm pretty sure they have these online "phone books" in every developed country. So, technically, even if you're not online, your name is still an easy way to track you. Marketers have been tracking people since the phone book has been invented. And even if they don't know my usernames and don't track me, I will still be getting full mailboxes of Medicine ads, bodily inflation ads or cheap garbage for sale ads. Thanks to the adblock folks, and to a couple of other add-on scripts for firefox, most of the ads are gone.
-- http://www.doczayus.com/
Don't be an internet celebrity if you plan on applying for any job. Same thing vice versa. This economy punish creativity totally.
Unless, of course you are living off from a trust fund, then you can afford to act in a civilized manner like Lindsey Lohan.
New Economic Perspectives
Not sanguine about this.
No, no, you're not thinking; you're just being logical. --Niels Bohr
IE9 crashes hard on that page.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Why does everybody act surprised when there is a news story telling us that using a communication as ubiquitous and publicly accessible as the Internet allows people to find us? That's kind of the point, isn't it? My tin foil hat is every bit as shiny as anyone else's here on /., but seriously, this kind of seems like a "Meh..." story to me. If you don't already realize that using the same user name on multiple web sites will allow someone to correlate your on-line activity, then you probably shouldn't be allowed outside alone. Just sayin'
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
For marketeers is is NOT a tool that will be used. Say you are on 2 technical sites and one social one, the marketeers won't say "We will send him technical ads." The will say "We will send him technical ads, social ads and some unrelated ones just to be sure."
Just like saying "NO" to a marketeer means to him that he has not explained it well or often enough and if you say YES, it means it will work again.
Don't fight for your country, if your country does not fight for you.
Please Mr Marketer, read the history of everything I've posted, know my likes and dislikes, and cater the marketplace to me.
How is this a bad thing?
So my online user name may identify in multiple places just like my real name allows people to know who I am? Who would have imagined that?
no comment
I use Yvan256 for Slashdot, Yvan257 for Twitter, Yvan258 for Facebook, etc. No criminal mastermind could ever crack my username pattern!
Stalk your wife online instead. Flattering for her, informative for you!
Well, since using lastpass, It's been much easier for me to create various usernames and I have been doing so. I no longer care to have a complicated username that's unique just so I can remember it everywhere. I just pick whatever comes to mind. Thanks lastpass
That goes both ways. You're making it simpler for everyone else in the world to not remember or learn your multiple usernames. And the notion that you are the only unique snowflake in the whole world who visits one particular pair of sites is hopelessly naive.
A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, and each randomly selected for each site visit, which are only done from a Tor onion connection running inside of the VM, which is in turn routed through a Tor onion connection running from the top-level main desktop that you're doing all this from, and each VM is promptly rolled back to pre-website status after your visit is done--and that's for EVERY SINGLE VISIT. ANYTHING LESS THAN THIS LETS THE INTERNET RAYS PENETRATE YOUR TINFOIL THINKING CAP.
Dude, where's my packet?
I could be a kid, who lives on a polygamous ranch . . . or a polygamous kid, who lives on a ranch . . . "Mom, I need more huevos rancheros here down in the basement! Yes, I know that the magic word is 'please'"
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I'm fucking tired of all this "THEY ARE AFTER YOU!!!" so-called research. When I walk down the street, I don't constantly look around me to check if someone is following me, or typing down my movements to design a marketing campaing and slip a note under my door. My crazyass, paranoid, neighbour is, though. Let me be, motherfuckers. They're NOT out to get me.
Perhaps I'm trolling, perhaps I'm not.
I'm Opportunist. Here. Nowhere else. To use this opportunity, and even be on topic with it, NO, the Opportunist you saw in $other_board was certainly NOT me. I can say that with quite a bit of certainty.
For the same reason, I do not reuse passwords. So, in case you find my password here, all you get is one combination of characters you need not try on any other account of me.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Not to mention PETA...
Seven puppies were harmed during the making of this post.
In my case, a Google search of this username comes up with a completely different meaning of the name than I intended (I work in IT, and am not... whatever "the 'it' girl" is supposed to mean). Also, my real name is the same as that of a porn star, so anybody who started looking for me would get distracted long before they found me. I'm safe!
10 FILL MUG WITH COFFEE
20 DRINK COFFEE
30 GOTO 10
Using your real name at different places in Real Life(tm) can betray the pattern of places you visit.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Now I'll need to get rid of nethead.com, nethead.org, nethead.us and nethead.org.uk.
-- I have a private email server in my basement.
...I'm Stealth Finger, feel free to advertise to me, I still won't buy it.
Wanna buy a shirt?
https://www.redbubble.com/people/stealthfinger/shop?asc=u
So what if spammers track and profile me? I'm not buying their erection pills anyway.
Mod Me Up. You'll make a grown man cry.
"Four researchers from the French National Institute of Computer Science" ...worked out what any single regular person with an ounce of common sense already knew. Well done, researchers.
I'm guessing this is why firefox has a "accept third-party cookies" checkbox.
I'm neminem here, there and everywhere (unless that name contains capitalization in a location where capitalization isn't forced, in which case I'm not. I'm not, for instance, NemineM.) Marketers: go ahead and do what you like, I'm ignoring you anyway. Why should I care?