It's easy to find a surprising amount out about people without even any 'hacker' skills.
A friend occasionally gets email for someone with his name that lives in a different country (lastname.firstname@gmail.com vs lastname-firstname@gmail.com). He told us this, plus the country and county the guy lived in, and asked a few geek friends of his what we could find out. He had withheld some info so he could verify our results.
Within a few minutes we had his address, his immigration status and photographs of his family. Which is quite scary.
(--edit-- this was using simple online tools like google and bing, plus government websites in the country concerned.)
It's easy to find a surprising amount out about people without even any 'hacker' skills.
It's the entire business model of Seisint (now owned by LexisNexis), ChoicePoint, and probably others.
We received some Seisint training. The idea was to use their service to uniquely identify patients, for electronic medical records. (The money people didn't pull the trigger, because they couldn't get the transaction cost low enough.)
My boss entered my name into the search field and says "Before I hit [Enter], is there anything you don't want me to know about? We don't have to do this."
Thank god I'm clean. It showed everything about me. Any public record any where was aggregated and collated. And showed it all in a nifty navigation hyper graph, linking me to every roommate, relative, job, residence, court document, etc.
> My boss entered my name into the search field and says "Before I hit [Enter], is there anything you don't want me to know about? We don't have to do this."
That's a bit weird, isn't it? Why did your boss enter your name, and not their own name? Or ask for a volunteer?
Granted, you were asked "should I go ahead or not", but you shouldn't have been forced into this situation in the first place. You could easily have had something in your history completely irrelevant to your work, but saying "don't" would reflect poorly on you regardless.
Just doing a reverse image search on google (with a photo of somebody) can result in finding all sorts of details. Once you have their facebook you have their name, with a name you can find their linkedin, from there its a wash. You can call past and present employers, locations, family, friends.
If somebody doesn't lock down their facebook page its even worse you can literally see all their photos.
Try googleing yourself and close friends, see how much you can learn without doing anything at all invasive or spending money. You'll quickly learn the importance of minimizing your online appearance after this.
> If somebody doesn't lock down their facebook page its even worse you can literally see all their photos.
You can lock up your photos, but if your friends have public pictures with you, they can be found easily using the new graph search: "Photos of <name here>".
just FYI: gmail addresses ignore the '.', so lastnamefirstname@gmail.com is the same as lastname.firstname@gmail.com and l.a.s.t.n.a.m.e.f.i.r.s.t.n.a.m.e@gmail.com
I think I will challenge the hackers to finish and polish all my half assed open source projects. I won't get a nice clickbait title, but maybe the world will have moved slightly forwards.
Yet look at all the trouble they went through. The vast majority of people who want to steal from you look for easy targets that involve far less work, like hacking Target. Sure it sounds scary but with even a little security effort you can make it not worth their while to attack you as an individual.
Exactly. It took several individuals two months to get into his files. I don't understand why number one on their list of attack vectors is physically breaking into his house. You're pen testing an individual and number one is B&E?
This is what I consistently tell people who won't back down from having so much of their personal stuff readily available on the internet. At the very least, make it somewhat difficult for people to connect the dots on your identity.
Wide variety of skin issues will leave you with unstable, malformed, or even without fingerprints as well. Then you have a note in your passport that says that it doesn't contain that particular biodata.
Are there any services that will take my name, photos, and some personal info, and then shoot chaff across popular web services? Seems like enough bogus info would make it a lot harder to put together accurate information on someone.
A funny little detail I just noticed about this article as I was reading it is that cannot be bookmarked from my normal view of the article in Chrome, even though all of the other dozen tabs I have open just now can be bookmarked. When I viewed the source code on the page, I was able to bookmark that, and I will definitely be coming back to this article in the future. (I have already shared it among my Facebook friends.)
The comments here are interesting, as the last time this issue came up on Hacker News, I was reading more anecdotes about public data searches on individuals that mostly turn up junk data (which has been my experience). Way back in the 1980s, I attended a presentation at a law firm where I then worked and was told that with simply a former telephone number, all kinds of interesting information could be found about a person. So I gave the company representative one of my previous phone numbers from childhood, and he found next to nothing about me, and some of what was found was erroneous. I was not impressed.
By the 1990s, I had a lot of online presence, and when AltaVista was still the dominant search engine a friend of mine in another city (we had met in Taiwan) began using my name as a search term in training his colleagues in how to do online searching, as a search on my name reliably turned up a lot of hits. Google finds plenty of information about me, of course, and has become better and better at sorting the most useful information about me to the top of the search results over the years. I am aware that cyberstalkers, like point-of-view pushers who have tried to drive me away from Wikipedia editing, can go from my Wikipedia screen name (unique to Wikipedia) to find out other information about me, including telephone numbers. But I'm still on Wikipedia after they have been banned, so all's well that ends well. The harassing phone call trick to suppress my free expression of fact and opinion on online forums was tried as long ago as 1993, so I'm used to it.
Most of the emails that come to me off-forum about my Hacker News comments address me by name, so it's not a hard research problem to link my Hacker News screen name to my real name. (A harder problem is distinguishing me from the subsequent people who began using my screen name here after I first used it on another forum, beginning in 2004.) Yeah, foolproof privacy is difficult to achieve. I usually don't go snooping, and for the most part I have no idea who I am talking to here on HN. I figure that the old days of living in a village with a small group of people who were mostly all extended family relatives probably didn't offer much privacy either, so I'm not particularly worried about the modern world, but I wonder how much more Privacy by Design
However, in case said "things" are not from the current year, it is a habit on HN to include the date in the title — at least the year, like so:
I challenged hackers to investigate me and what they found out is chilling (2013)
Also, HN Search has just been drastically improved, so, when your "things" are not fresh from the morning, please use it to look for older submissions.
sorry, it was just meant as indicator that it was not new. I read it back then so if I had known it was not a new story I would not have clicked. That's all. :)
A friend occasionally gets email for someone with his name that lives in a different country (lastname.firstname@gmail.com vs lastname-firstname@gmail.com). He told us this, plus the country and county the guy lived in, and asked a few geek friends of his what we could find out. He had withheld some info so he could verify our results.
Within a few minutes we had his address, his immigration status and photographs of his family. Which is quite scary.
(--edit-- this was using simple online tools like google and bing, plus government websites in the country concerned.)