Ask Slashdot: Can Creating New Online Accounts Reduce Privacy Risks?

rjnagle writes "I'm concerned about the implications of storing personal data on Gmail, Facebook, and other social media sites. I'm less worried about individual data than the accumulating mass of data which potentially be used against me (for targeted marketing, credit reporting and who knows what else?) One solution I'm considering is just to abandon individual accounts and start clean and new gmail/facebook accounts. So while Google/Doubleclick might possess lots of data about me from 2001-2012, from this point on, they only have a clean slate. Would this kind of solution address my privacy concerns? (assuming I remove cookies, change IP address before doing so etc). Or are an individual's profile by now so unique that simply creating a new gmail or Facebook account would fail to prevent these data collection agencies from figuring out who I am? Insights and tips are appreciated."

That's cute, kid.

[Overzeetop]

If the data mining companies already fill in your profile and preferences by scouring multiple resources and linking multiple accounts to get the best picture they can, why would you think that starting a new account would be anything other than a temporary break in their data which they would fill in as soon as they correlate the new account with your old ones?

Re:That's cute, kid.

[gl4ss]

the data is shit anyways. that's why facebook is a big deal, since they're the only one's who have enough somewhat reliable data to actually sell adverts targeted at 20-35 year old people living in country X.

if you want some crap data for them, visit sites you wouldn't normally. that doesn't stop them from selling targeted ads though, they'll just be poorly targeted.. not that they care too much.

oh and changing your gmail address wont help one bit, clearing your cookies does a lot more(if you're worried about doubleclick etc..). or heck, just use the apk hosts file method. doubleclick doesn't have your email but they have your browsing history.

Re:That's cute, kid.

[dgatwood]

And yet, their data is mostly worthless. By the time I post about something on Facebook, 99% of the time, it is no longer actionable. For example, I'm seeing ads for hot water heaters because mine sprung a leak. That's not the sort of thing you put off fixing, so by the time I saw the first water heater ad on Facebook, the new water heater was already ordered and installed.

And they keep doing that over and over. I'll order something, and the next day they'll show me ads for similar products. Helpful hint: I just bought a cornet. I'm not likely to be interested in buying a second one. At least "You just bought [X], so you might like [accessories for X]" ads would be useful, but the "You just bought [X] so you might be interested in [slight variant of X]" ads are pretty much useless. Thus far, I've seen exactly one such ad that was even marginally plausible—an ad for camera lenses from some vintage products website after I bought a vintage lens on eBay. However, even that is not the sort of thing you buy every day. Show me that ad again in a year or two.

What makes the ads even more useless is that they're for the same type of product from companies that I already do business with. They aren't introducing me to new businesses. They aren't introducing me to new products that I'm not already aware of, having just studied that business's offerings in that area. So what exactly is the purpose of showing me this ad?

But the best part is that they keep showing me ads for products made by my employer's biggest competitor. They know who my employer is.

Yeah, I'm pretty sure their data mining strategy involves a drunken monkey flinging crap against the wall.

Re:That's cute, kid.

[UnknowingFool]

So my company wanted me to either create a FB account or link to my existing FB account for some social media activity. I created a new FB account with just my name and the barest of details. Within a week, FB was suggesting friends from old account.

Re:That's cute, kid.

I designed and developed such a system. The relationships are typically scored by some weight, or at least some form of network distance. If you break the connections enough, it will ultimately distance the overall relationship beyond the level that they are willing to target. We go after low hanging fruit first, and throw out nearly all of the data we even manage to get, through great difficulty, just because it is commercially useless beyond a few months.

Remember, we targeting groups, not individuals. Groups mean scale. Individuals mean work and difficulty. The low hanging fruit is what bumps up the margin. The commercial use of meta data is very different from government use of meta data. Commercial use is about groups, and an industry where people view PII as a potential liability. Government use is about PII itself, buddy favors, and corruption.

For example, the governments already know who associates with terrorists, and have been able to figure that out for decades with people on the ground, hovering around terrorists. The information they are gathering now is all about individual data. It can serve no other purpose. That is what is scary! I am not paranoid about my information being in these commercial systems, because I have seen how difficult it is to even do anything with it other than to sell some product a little bit better. Even blackmailing would be extremely difficult with commercial data. Even if I decided to try to target a single person, I would have a hell of a time doing it. The systems are not designed for that. However, the government access with no accountability, and no legitimate purpose, with data organized to target individuals, and systems developed for correlating massive amounts of historical information... commercially useless old data... old data that has no reason to be there except to harass and intimidate. That is scary.

My advice is to keep accounts fresh, delete cookies regularly, and change your IP. And, importantly, do the changes all at once so that there is no overlap that can be used to glue the new with the old. That alone will make you meaningless to any commercial system I am aware of. Government systems? I am not an expert there.

Re:That's cute, kid.

[mlts]

Even with clearing cookies, there is still plenty of identifiable stuff in a browser, such as order of plugins, order of the font list, etc. The EFF has their Panopticlick which pretty much shows that almost every browser is unique.

If one wants to keep two accounts completely separate, I'd go to the length of having the second account in a completely different VM.

Re:That's cute, kid.

[guevera]

Did you create the new profile under the same name?

Re:That's cute, kid.

[ArcadeMan]

They're happy with 51%.

My teachers were not.

Re:That's cute, kid.

[dgatwood]

And by that, of course, you mean "Reporting pirated software saves IT jobs" ads from the BSA.

Re:That's cute, kid.

[zenjah]

Or use an email address that any of these suggested friends might have in their address books?

Re:That's cute, kid.

[pla]

that's why facebook is a big deal, since they're the only one's who have enough somewhat reliable data to actually sell adverts targeted at 20-35 year old people living in country X

My pet iguana's profile would like to disagree with you. Sure, "they" know they have a 20-35YO (in people years) male that studies insects, likes warm weather, and dislikes Tennessee Williams... But I'd like to see them sell something to him.

Note that it's against the rules

[ZorinLynx]

Notice that a lot of these services, particularly Facebook and Google+, specifically say it's against the rules to have more than one account.

It shows precisely their intent: To gather as much information about you and your habits as possible. They can't do it as effectively if people have multiple accounts.

This, along with not allowing pseudonyms is one of the worst things that has happened to the Internet in the past decade or so. It used to be you could have as many different accounts on different sites as you wanted. Now everything is being condensed into a small handful of services, all of which have gestapo-like policies requiring your real information and name. It's just sad.

Re:Note that it's against the rules

[c0d3g33k]

What part of "abandon the old accounts" and start new ones did you miss? The day when you are prohibited from closing/disabling/abandoning an online account will be a sadder day than the one you're lamenting about.

Re:Note that it's against the rules

[schneidafunk]

I tried signing up for a new youtube account today and was REQUIRED to give them my phone number in order for them to send me a text message to 'verify my account'. I was unable to upload a video without doing so. I ended up signing up to vimeo instead.

Re:Note that it's against the rules

[fuzzyfuzzyfungus]

What they really don't want(though people screwing up on cookies and IPs and such reduces the risk a bit) is effective segregation of different parts of your life at the same time.

If somebody merely tries to 'start clean' every year/2years/5years/whatever, either he also gives up all his friends/family/contacts, or he might as well not bother, his new account will slot neatly back into his old networks and habits, and it just won't do much.

If somebody has a strictly segregated set of accounts for different purposes, it makes each individual account less valuable(because the 'being a social dickhead' account now has no attached consumer preferences or professional income data) and it isn't necessarily the case that the accounts tie back together, barring mistakes on the user's part.

Of course, with many of them enforcing 'real name' policies, and using facial recognition such that anybody posting a picture of you can rat you out, it isn't clear that you can win.

Re:Note that it's against the rules

[CanHasDIY]

What part of "abandon the old accounts" and start new ones did you miss?

The part where it's Google/Facebook/Whomever that decides whether an account is your and open, not the user.

Case in point: Facebook won't let users close accounts, only "disable" them. They still retain all your shit.

Re:Note that it's against the rules

[CanHasDIY]

That's assuming they actually delete the content, as opposed to taking complete ownership of it and blocking your access.

Re:Note that it's against the rules

[timeOday]

Nobody even questions, why should you need an account to share a video in the first place? Slashdot is practically the only place left on the web where you can do anything (such as posting a comment) without an account. I really do think buying anything with cash may become highly suspect within the next 20 years.

Re:Note that it's against the rules

So stop lapping up the free shit that they're grunting out in your face.

Demand paid services that will guarantee you some privacy, and pay for it. Stop expecting Google to run Gmail for free.

Time was, you'd make a product, and charge a reasonable fee for it, and have a happy customer.

Now, you make a product, give it away, and make money by doing things that harm your customers - like selling their personal data for a quick buck.

Thanks Google.

Re:Note that it's against the rules

I tried signing up for a new youtube account today and was REQUIRED to give them my phone number in order for them to send me a text message to 'verify my account'. I was unable to upload a video without doing so. I ended up signing up to vimeo instead.

You only have to provide a phone number if you check the box to skip the captcha.

Re:Note that it's against the rules

[pla]

The part where it's Google/Facebook/Whomever that decides whether an account is your and open, not the user.

And the part where this entire discussion relates to people who take positive action to protect their privacy?

How do you propose Google/Facebook/Whomever recognize that "zork98' has the same owner as "bin55go"? Will they go by my fake DOB? As much of my fake mailing address as they require to make an account? My throwaway email address I used to sign up? My randomized user agent? Hell, if you read a few of my posts closely, ignoring the actual content, you'll notice I even affect a fake writing style for accounts to which I actually post often (such as Slashdot).

Okay, technically they have my IP address - Which (in the case of accounts I access from work) could include "only" a few hundred people. And ones I access from the free WiFi at Starbucks in the morning... Well that narrows it down to one of millions.

And therein we have the ultimate irony of policies designed to make you easier to track - Most of them only apply to those dumb enough to make themselves easy to track in the first place.

Depends

[schneidafunk]

Who are you hiding from? If it's simple google searches, sure it'll help. Just doing a quick search on my schneidafunk nick turns up a surprising amount of info. However, the NSA has a wide variety of tools to track down me down, including writing analysis.

I have enough accounts....

[ackthpt]

I need people to just let me get things done as Guest.

Advice

[Shagg]

I'm concerned about the implications of storing personal data on Gmail, Facebook, and other social media sites.

Good.

Insights and tips are appreciated.

Don't.

There are many trace points

Did you replace your NIC adapter or manually change the MAC address.
- sites can identify you by your network interface
Did you burn all your web history in your browser?
- sites leave cookies and other stuff
Did you change your browser or hack it's ID string?
- the browser ID and OS combination are pretty good identifiers at infrequently visited sites or with cross correlation.
Did you ever attach your old ID to address or credit card information?
- they will attach the new online account to the history if they can make a match
Do you have any commercial games that you have attached to the online account info?
- again they can update account info to a new account
Did you throw out all your old contacts and don't talk to your old friend network, parents, work or other contacts?
- your contact list is a pretty good identifier of you. This is what the NSA surveilance meta-data collection is all about.
Did you change your browsing practices? Use new news sites, forums, game and porn sites?
- again your browsing habbits are the meta data the NSA tracks
Did you change your phrase usage, captialization and misspelling style?
- again good identifiers of individuals

Reverse honeypots

[Solandri]

I've always maintained that passing laws to protect our privacy is a losing battle. If you make a law to make someone stop doing something they want to do, all that usually ends up happening is they figure out a way to do the exact same thing while skirting around the law.

Instead, we should pollute their data. Create programs which can run when you're not using your computer, which look like multiple browsers and access websites in a random but quasi-human-like fashion. They'll amass tracking cookies, but the cookies will be tracking bots rather than real people. Decrease their signal to noise ratio so much that it's no longer cost-effective to collect people's private data, at least from monitoring people's browsing habits.

Pay for it

[holophrastic]

If you don't want someone to amass your private data, why are you giving it to them for free in the first place, and why is your solution to keep doing so?

You're talking about e-mail. Buy your own e-mail server from any shared-server host out there. Pay for it. It'll cost you something like $20/month. POP, IMAP, and WebMail isn't difficult.

Quite frankly, if you've got a static IP (or buy one for a few bucks a month), you can just run your own from home.

If you want it to be yours, buy it. Welcome to ownership. And the moment you pay for it directly, there are countless laws to protect you and your information.

If you want free, then you're going to pay for it with your information instead of with your dollars. It's that simple. It's always been that simple.

Worry about everything else (too)

[vinn]

The things you need to worry about with regards to privacy is everything else in your life. Did you apply for the grocery card that gives you those special discounts? If so, your information got sold. Did you buy a season pass last year at a major ski resort? If so, your information got sold. Did you get one of those cards at the casino so you could rack up some gaming points? If so, your information got sold. All of this, and a whole lot more, are available to marketers or really anyone who wants to pay for it.

As a general rule, if you are filling out a form - regardless of whether its on the interwebs or printed on a dead tree - any information you provide is going to get sold. Actually, in many cases it's even worse, the information is just given away.

So, if your reasoning for changing your online accounts is to beat the marketers, credit agencies, etc then you've got many other things to worry about that have probably already got you householded and deduped from everyone's databases. Now, if your goal in life is to, say, build an encrypted email platform and promote it for worldwide privacy use, then yes - I think you should be careful how big your online presence is. If you're worried about receiving a piece of direct mail from a private golf course because it's known you reside within 50 miles from their clubhouse, have a net income of $X, and drive an Audi, well, in that case you're probably already screwed because they already know all that.

Here are some rules

[gurps_npc]

1) If you are abandoning the old accounts, do it when you buy a new computer. 2) Never give out more information than necessary 3) If they demand a phone number, send it to either a friend's phone or if truly paranoid a burner phone purchased with cash. 4) Before abandoning the old accounts, fix their information by replacing it with new, incorrect information. 5) Then delete them. 6) Never use Facebook for anything. They are too expensive privacy wise for the cheap stuff they offer. You can get what they offer (or similar stuff) at other web sites, for less of a privacy invasion. 7) On your new PC, set security HIGH and accept a bit of inconvenience,

Re:No.

[Em+Adespoton]

As long as you continue to use it, they will accumulate data and as long as you don't change all your friends at the same time, they can easily identify you based on your social circle (of course they could also use other behaviour for identification). So: No, it won't work.

That said, you could probably do it the other way around...
Start 10 new identities, and feed them from different random sources. Also start one real identity. At the same time, turn your old identity into a fake one, filled with fake info (don't close it, it never really "closes" anyway).

Now, anyone filtering by IP, cookie, etc. won't know which information is legit at first glance. You'll hide better in the noise than by providing information analysts a fresh clean start with no noise and very strong correlations that starting up new accounts creates.

Every once in a while, you could spin off some new accounts; every once in a while, you can make one of them real.

Of course, this will really confuse real acquaintances, and you'd better be doing this with your credit cards as well, or you haven't really done much.

What, son?

[SuperBanana]

Did you replace your NIC adapter or manually change the MAC address.
- sites can identify you by your network interface

What? Anything beyond the first-hop router has no idea what your MAC address is.

You're concerned...?

[albacrankie]

I used to get ads featuring young ladies in skimpy underwear. Move on a few years, and now I get ads for 'mature' dating sites. These ads are extremely depressing. So much so that I suspect it's a euthanasian plot intended to make me top myself. It may succeed. And now you're suggesting I could fix things by changing my e-mail address. That may be even more depressing. Fuck it!!!!

Not going to work

[gr8_phk]

It has been observed that some very basic data can uniquely identify people in the US. IIRC this can be as simple as: Your zipcode, gender, and birthdate. Never mind your browser, IP, list of contacts, common words you use. Just those 3 things are enough to uniquely identify most people.

A creepy anecdote

[ebunga]

For the longest time I had a fake facebook account, as did an acquaintance. Despite the fact that neither of those accounts were connected to our real lives, and the fake accounts did not follow each other, Facebook was able to suggest I may know my acquaintances brother...

Facebook is a stalker so dedicated to looking in your windows while masturbating in the bushes behind your house that it not only planted the bushes, but also built the house.

Kinda, but don't think your "hidden"

[Trax3001BBS]

Every account I have in under a different handle, each piece of mobile equipment is under a different
persona http://www.fakenamegenerator.com/ I don't do social sites only because I don't care for them.

I've nothing to hide, it's just what I do. I was security conscious long before Gore gave the public access to the Internet.

Forte Agent mail reader lets you have multiple personalities, POP3ing Email from your other accounts.
-I don't care for online e-mail.

Google will catch up with you if you have multiple Gmail accounts; asking if you would like to combine
them and use your real full name Mr. Micky Mouse . I see this as an IP match and where the weak link is.

It's what I do, but not a fanatic about it, I know there are key phrases, and statements I'm prone to use
no matter the account.

Just use a HOSTS file it blocks most of your tracking and spam online, it's your E-mail address that screws you (spam wise),
I use https://spamgourmet.com/ for disposable Email addresses, many filter that address and don't allow it.
-A HOSTS file block tracking ie if you don't touch their site they don't know about you or your surfing habits.

Root (jailbreak) your mobile equipment so you can use a HOSTS file cause your phone/tablet has conversations with the trackers.
Google Play Store put a halt to programs that stopped that conversation, so you have to find your blockers elsewhere.

And always read ToS's and Privacy Policies, while they may not be telling you the truth they do list sites you need to block
if you use their service (tracking). Also one's with a hardcore we collect everything policy I've no use for (Angy Birds (rovio.com)).

No they know your browser machine and ISP info

[WOOFYGOOFY]

Here's what won't vary if you do that-

Your ISP. Your ISP may have everywhere you've ever surfed keyed by your name, your ID (whatever you showed them) and your router. Your ISP knows everything. Think they collect and share that data ? Think they can make money by doing that? It's not even illegal to cyber stalk someone if you're they're ISP, phone company or any other company you give info to as we're finding out . Since it's not illegal to do it and they can make money doing it, (it's safe to assume) they do it.

Your browser. Your browser hands over everything about your machine , your plugins, your OS on every request. You'd be surprised how personally identifiable that info is. Here, have a depressing look:

https://panopticlick.eff.org/index.php?action=log&js=yes

https://panopticlick.eff.org/browser-uniqueness.pdf

I was unique amongst the 3-4 million people they tested so far. . Great.

There are companies that sift through your fingerprinty clickstream (all of the above plus the URLs you go to) solely the purpose of identifying you uniquely. Then they sell that information.

You can fight back to a degree. First you need an ISP that doesn't know you're you. You can use someone else's ISP account, say, your roommate's. If they don't know you live there (don't be too sure) then they don't know it's you. That would work.

BTW that is part of the reason MUNI (free, municipal) WIFI is blocked by the telcos every time a city tries to get it going. It provides low cost, shared internet that anonymizes your activities to the extent that the ISP->Your ID connection is broken. MUNI WIFI sends shivers down telco's executives spines because it digs straight into their profit sweet spot- selling you out to the highest bidder.

To fight the browser ID thing, you need to dump your browser and aim for a a configuration that is as generic as possible. Possibly you'd have to switch out your OS, depending on how uniquely identifying it turns out to be (moire than you suppose) You can also use Tor or another anonymous proxy.

Then you'd have to dump all your accounts online and never go back. No continuation of support from vendors. No using your credit card- that would match your name to your new online browser ISP identity. No getting your Amazon wishlists or pandora lists or anything. WRT to your previous online life, you're in the witness protection program.

Then there's your friends who will accidentally out you via FB or Gmail or other social media. You can't let them email you, chat with you or anything. You can never permit your identity to be connected by anyone at all with your new email, browser, or ISP.

It's not that it's impossible, it's that it's unlikely you'd be assiduous enough to maintain it supposing you were willing to give it a go at all.

HTH.