Slashdot Mirror
How Your Username May Betray You
An anonymous reader writes "By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users."
Couldn't they already do this with cookies?
In other news.. the gentleman wielding the running chainsaw could probably kick you really hard with those steel toe bootsand maybe even poke you in the eye!
that my username won't betray me...
I thought this was the whole point of using a unique username. If I didn't want a unique identity, I wouldn't have created one for myself.
Seriously, that's almost precisely why I've the same username all over place (amusingly, almost except /.) - so that people who know me on one might recognise me on another.
I'd imagine that anyone with a desire to not let anyone know where else they go on the net already gets all their usernames out of pwgen or something.
someone down named Analintruder?
"You'll get nothing, and you'll like it!"
Hey slashdot, why don't you be ahead of the curve on this and let posters change their username associated with their comments once every few years. Also, being able to delete an occasional comment would be thoughtful too. It's not 1995 anymore on both accounts.
And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.
Try this web site for an idea of how these factors can (in combination) uniquely identify you:
https://panopticlick.eff.org/
I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.
Umm . . . obvious, per chance? It seems to me that this is sort of . . . common sensical. Many people (myself included among that set) use a common username across multiple sites for that very reason mentioned in the article. To enable others to track us via our username. Of course, the intended audience is not the scammers -- oh, sorry, "marketers" -- but rather fellow hackers. But it's a double-edged sword. Perform an action, and the consequences will arrive, knocking on the door in the middle of the night. Welcome to the world, people.
Transparent.
Be at least 8 characters long. Have at least one upper and one lower case letter, a number, a symbol and an RGB code for your favorite color. Oh and change it every 6 months too.
Sorry about the mess.
Could we just move tautologies to idle? Or maybe we need a /. section called duh...
I work for a growing software company and I have basically used this technique for doing basic background checks on job applicants.
Back in about 2006 we had someone apply who had a distinctive username that returned a handful of results via a careful google search. Almost all of them were to "alt.drugs.bongmaking" or something similar.
I didn't care whether the guy/girl had used drugs, but about the complete lack of discretion in the posts. He had actually used his full name and detailed personal information that positively identified him as our applicant. Really sad, and not the only time something like that has happened.
You see, that's really THE WHOLE POINT of using the same username in multiple venues. In fact, it's the whole point of having a publicly visible username at all.
It's there to promote continuity between your various posts. It builds a "brand identity", if that's a phrase that you can use without wanting to punch yourself. If that wasn't what you were trying to do then you shouldn't have registered a user name in the first place.
Its called 'online presence' and it kind of the point isn't it?
This kind of tracking is easy to avoid. Just do like me and never post on discussion forums like this one.
For every post, there is an equal and opposite re-post.
How about: they start creating a fake account with your user name on facebook, become friend with some of your linkedin contacts, post on your new friends walls a scam using distorted extracts of what you posted on slashdot. Ok, you did a decent job of hiding your true name with that GameboyRMH ID, but still, if you use the same ID on lots of sites, you're still vulnerable to the kind of scenario I mention above. Personally, any online account that is indexed by search engines, I use a fake ID, and move to another one every 2 years, and it's not the same as my email address, etc ...
why would anyone wish to hide what brand of jeans they like to wear?
Because it's none of their business?
I for one would very much prefer that marketers and ad networks had a good picture of my product preferences so that instead of ads for mortgage refinancing and painfully unfunny t-shirts, I would get advertisements for things that I might actually be interested in.
There are ads on the Internet?
Trying to hide from the marketers is almost a Hobson's choice. If I want to obscure my identity, I must:
- Use multiple identities. Complexity and failure due to other means of tracking me make this fairly pointless.
- Stop using cloud-based services. There goes Gmail and a bunch of other stuff. So I should be running my own webmail gizmo?
- Opt-out of all marketing opportunities. Sure, and opting out is actually respected by how many? ESPN keeps turning video autoplay back on when I go there, as if they are going to respect my opting out of newsletters, sharing with other entities that have 'items of interest' to me.
- Unsubscribe from services when I'm done with the business at hand. And re-enroll two weeks later. Nice, I get to play whack-a-userID as much as I do the thing I actually wanted to do.
So I don't bother. I'm fairly immune to the sidebar ads I get, I never respond to spam ads, and I am now tending to avoid retailers that obviously use deceptive means to target me. Screw 'em.
As an example of hilarity; I looked into getting a used shipping container a few months ago to use for storage. Turns out even old beatup ones are pretty expensive. For weeks after that, I would see sidebar ads for shipping containers 'everywhere'. Even today I coudl get one if I go to the 'wrong' site. I was never seriously in the market for containers, but it's a competitive market, and they are persistent.
Another example; I made the rare mistake of going to a buy.com (or was it nextag.com?) link for an item. Aw, crap. Now I get those ads all the time. But I recognize them schlepping me ads for 'djebme strap' and ignore them.
A final example; How often have I actually clicked a link to nextag.com to look for something specific, as a last resort, and find that they actually don't have ANY sources, but 'check back real soon'! Argh. And you can be sure I'll be peppered with ads for that item for a while. Grrr.
It's a lot like old fashioned junk mail, except I don't even need to carry it to the dumpster. It could be worse.
And it probably is. My only fear is that I will eventually get categorized, and red-lined so that I never see ads for what I actually want, but I see ads that are shoveling me something I don't want, but 'they' are trying to steer me to. This is entirely illegal in financing, but not quite yet in retailing. We'll see if it should be or not.
deleting the extra space after periods so i can stay relevant, yeah.
Constantly changing my identity and browsing habits just to throw off marketers.
Marketers are the least of our worries. The problems come from those who would use the marketers' databases for purposes other than marketing. Things like blackmail - such as a "straight" married politician who frequents a lot of gay websites. Or barratry (which is generally not illegal) such as Sony trying to subpoena youtube's records of everybody who has viewed a video on how to crack the PS3. Or the police state gone awry where they use the data from those gps services that record your position to back-fit cases to people who have done nothing more suspicious than be within a few blocks of a crime.
The list of potential abuses of this sort of information is practically infinite - you may never be personally bothered by it, but then again relatively few people are ever assaulted or robbed or had their car stolen, but we still take precautions against all of those too.
When information is power, privacy is freedom.
A Real Man who wants to visit websites will load each site in a separate browser instance with a unique agent string and a different browser vendor and build each time with all cookies and scripts (1st, 2nd, 3rd, 87th party, etc.) hard-blocked, and only from within a series of totally unique VM environments of no less than Windows XP (Home and Pro), Vista (all 4,556 varieties), Win 7 (all varieties) and no less than 1,396 versions and flavors of Linux or Unix derived operating systems, and each randomly selected for each site visit, which are only done from a Tor onion connection running inside of the VM, which is in turn routed through a Tor onion connection running from the top-level main desktop that you're doing all this from, and each VM is promptly rolled back to pre-website status after your visit is done--and that's for EVERY SINGLE VISIT. ANYTHING LESS THAN THIS LETS THE INTERNET RAYS PENETRATE YOUR TINFOIL THINKING CAP.
Dude, where's my packet?