Slashdot Mirror
How Your Username May Betray You
An anonymous reader writes "By creating a distinctive username—and reusing it on multiple websites—you may be giving online marketers and scammers a simple way to track you. Four researchers from the French National Institute of Computer Science (INRIA) studied over 10 million usernames—collected from public Google profiles, eBay accounts, and several other sources. They found that about half of the usernames used on one site could be linked to another online profile, potentially allowing marketers and scammers to build a more complex picture the users."
Couldn't they already do this with cookies?
In other news.. the gentleman wielding the running chainsaw could probably kick you really hard with those steel toe bootsand maybe even poke you in the eye!
that my username won't betray me...
I thought this was the whole point of using a unique username. If I didn't want a unique identity, I wouldn't have created one for myself.
Seriously, that's almost precisely why I've the same username all over place (amusingly, almost except /.) - so that people who know me on one might recognise me on another.
I'd imagine that anyone with a desire to not let anyone know where else they go on the net already gets all their usernames out of pwgen or something.
someone down named Analintruder?
"You'll get nothing, and you'll like it!"
Hey slashdot, why don't you be ahead of the curve on this and let posters change their username associated with their comments once every few years. Also, being able to delete an occasional comment would be thoughtful too. It's not 1995 anymore on both accounts.
And the installed fonts, and the screen resolution and color depth and the dozens of other factors that combined allow you to be tracked.
Try this web site for an idea of how these factors can (in combination) uniquely identify you:
https://panopticlick.eff.org/
I see that my browser is unique among the 1.4 million tested, with 20 bits of identifying information. Knowing my user name isn't going to compromise my privacy all that much more, especially compared to how Facebook screws your privacy every day.
Be at least 8 characters long. Have at least one upper and one lower case letter, a number, a symbol and an RGB code for your favorite color. Oh and change it every 6 months too.
Sorry about the mess.
Could we just move tautologies to idle? Or maybe we need a /. section called duh...
I work for a growing software company and I have basically used this technique for doing basic background checks on job applicants.
Back in about 2006 we had someone apply who had a distinctive username that returned a handful of results via a careful google search. Almost all of them were to "alt.drugs.bongmaking" or something similar.
I didn't care whether the guy/girl had used drugs, but about the complete lack of discretion in the posts. He had actually used his full name and detailed personal information that positively identified him as our applicant. Really sad, and not the only time something like that has happened.
How about: they start creating a fake account with your user name on facebook, become friend with some of your linkedin contacts, post on your new friends walls a scam using distorted extracts of what you posted on slashdot. Ok, you did a decent job of hiding your true name with that GameboyRMH ID, but still, if you use the same ID on lots of sites, you're still vulnerable to the kind of scenario I mention above. Personally, any online account that is indexed by search engines, I use a fake ID, and move to another one every 2 years, and it's not the same as my email address, etc ...
Trying to hide from the marketers is almost a Hobson's choice. If I want to obscure my identity, I must:
- Use multiple identities. Complexity and failure due to other means of tracking me make this fairly pointless.
- Stop using cloud-based services. There goes Gmail and a bunch of other stuff. So I should be running my own webmail gizmo?
- Opt-out of all marketing opportunities. Sure, and opting out is actually respected by how many? ESPN keeps turning video autoplay back on when I go there, as if they are going to respect my opting out of newsletters, sharing with other entities that have 'items of interest' to me.
- Unsubscribe from services when I'm done with the business at hand. And re-enroll two weeks later. Nice, I get to play whack-a-userID as much as I do the thing I actually wanted to do.
So I don't bother. I'm fairly immune to the sidebar ads I get, I never respond to spam ads, and I am now tending to avoid retailers that obviously use deceptive means to target me. Screw 'em.
As an example of hilarity; I looked into getting a used shipping container a few months ago to use for storage. Turns out even old beatup ones are pretty expensive. For weeks after that, I would see sidebar ads for shipping containers 'everywhere'. Even today I coudl get one if I go to the 'wrong' site. I was never seriously in the market for containers, but it's a competitive market, and they are persistent.
Another example; I made the rare mistake of going to a buy.com (or was it nextag.com?) link for an item. Aw, crap. Now I get those ads all the time. But I recognize them schlepping me ads for 'djebme strap' and ignore them.
A final example; How often have I actually clicked a link to nextag.com to look for something specific, as a last resort, and find that they actually don't have ANY sources, but 'check back real soon'! Argh. And you can be sure I'll be peppered with ads for that item for a while. Grrr.
It's a lot like old fashioned junk mail, except I don't even need to carry it to the dumpster. It could be worse.
And it probably is. My only fear is that I will eventually get categorized, and red-lined so that I never see ads for what I actually want, but I see ads that are shoveling me something I don't want, but 'they' are trying to steer me to. This is entirely illegal in financing, but not quite yet in retailing. We'll see if it should be or not.
deleting the extra space after periods so i can stay relevant, yeah.