I'm somewhere in-between. I consider myself technically savvy enough to configure my profile privacy settings and watch Google alerts to see when my name surfaces on 3rd party sites. Recently I've watched friends post some fairly benign information, but in 2-3 clicks - I realized they'd given away more than they'd realized.
Here are just a few things you might not have thought about when it comes to why you want to be a little more private and a little more guarded about what you share on-line.
How many of your web site security settings use 'secret questions'? Credit card companies, on-line e-mail services like Gmail/Yahoo/Hotmail, cell-phone companies, your company's self-service password reset tool, your 401k, your brokerage account - all of these typically employ 'personal information' type questions as part of an identity scheme.
- Mother's Maiden name - Want to find out someone's mother's maiden name ? - Look at Facebook, find their aunts/uncles/cousins. - It's easy, that is the last name that's repeated 2nd to the person's last name. (Even easier are those that friend their mother that put's their maiden name in parentheses :-)
- Street you grew up on - When you look at the percentage of friends on Facebook that are from High School, you're already within the zip-code. Now you just think about who rode what bus and a little Googling of their last name to see if their parents are still in the same house and you're there. - Many of my friends that didn't go to my high school list the high school they went to,, so just surf around that high school on Google Maps and for smaller towns - you'll find you are closer than you'd suspect.
- First Pet - Just browse those scanned in childhood photos. - Obviously not as common, but you'll be amazed if you surf some of those albums what you'll find.
- First Car - How about those famous "Notes" threads/chain-letters that go around from time to time ? - Heck, I think if you search my profile back far enough I even have a photo of it for you.
- Favorite Sports Team - Again, thank you Facebook for creating "Fan of" and "Groups" - it won't take long at all to identify their allegiance - that is assuming that they didn't go to a Big-10 NCAA school and have a front-license plate to give this one to you as a freebie.
So - What DO you do about this ? - I've discussed this with a few highly respected security folks that I know and I'm starting to consider using an alternate persona for my on-line security. Someone that I know lots about. Just as an example - What if I were to answer Mother's Maiden with "Bouvier", Street I grew up on with "Evergreen Terrace", and First Pet with "Snowball" ?
That's all for now. I gotta go update my Facebook status with the 3 digits off the back of my credit card.
-DS