Privacy reminder - think about what you're willing to disclose

[AG31]

Lots of excellent advice here, especially about Word. But I'm wondering how revealing one's age, city and/or avatar/username inspiration could really be used to identify you IRL? Surely these would have to be combined with much more specific information? Well, I guess you could reveal some really revealing (sic) stuff with your avatar/username. But not accidentally?

 

[onehitwanda]

I like this. Do I have to footnote you if I use it sometime?

I love spreading memes like earworms. It's enough that you use it

 

[onehitwanda]

Lots of excellent advice here, especially about Word. But I'm wondering how revealing one's age, city and/or avatar/username inspiration could really be used to identify you IRL? Surely these would have to be combined with much more specific information? Well, I guess you could reveal some really revealing (sic) stuff with your avatar/username. But not accidentally?

Unless you're careful, stuff leaks. Age + city, a week later you post that you're down because there are redundancies at work, a couple of days later you mention that your usual commute route was rammed because you couldn't get into x station because some sad bastard jumped in front of the train...

A motivated stalker takes your age, your city, cross-references it against NASDAQ or Reuters news sources, identifies a likely company, signs into LinkedIn with a burner account and sees if they can locate likely candidates for you in the list of people listing company X as their place of work.

and that's me, an amateur stalkersleuth with a modicum of technical ability.

Everything else you leak (overtly or inadvertently) acts as another data point which narrows the number of people you can possibly be.

There's an algorithm in computer science called a binary search. If you have a list of a million numbers in random order it will take (on average) 500000 guesses to find a number you're looking for in the list. If you order that list, you can find the number you're looking for in an upper maximum of 20 guesses. Every bit of data you leak is like sorting that list of numbers a little bit.

 

[Zootonius]

It is concerning how a determined party could claw out more information. I once posted a nature photo from my Flickr account on on Twitter. Someone traced it back and posted some of my other photos. That why I don't post any of them here.

 

[MrPixel]

It is concerning how a determined party could claw out more information. I once posted a nature photo from my Flickr account on on Twitter. Someone traced it back and posted some of my other photos. That why I don't post any of them here.

Modern digital cameras (and especially smartphones) will rat on you with the EXIF data every time. It embeds GPS coordinates. Also why I don’t post my own pix on this site, and run them through a viewer/editor on other sites to strip most of it out.

 

[AG31]

Unless you're careful, stuff leaks. Age + city, a week later you post that you're down because there are redundancies at work, a couple of days later you mention that your usual commute route was rammed because you couldn't get into x station because some sad bastard jumped in front of the train...

A motivated stalker takes your age, your city, cross-references it against NASDAQ or Reuters news sources, identifies a likely company, signs into LinkedIn with a burner account and sees if they can locate likely candidates for you in the list of people listing company X as their place of work.

and that's me, an amateur stalkersleuth with a modicum of technical ability.

Everything else you leak (overtly or inadvertently) acts as another data point which narrows the number of people you can possibly be.

There's an algorithm in computer science called a binary search. If you have a list of a million numbers in random order it will take (on average) 500000 guesses to find a number you're looking for in the list. If you order that list, you can find the number you're looking for in an upper maximum of 20 guesses. Every bit of data you leak is like sorting that list of numbers a little bit.

Yeah, that other stuff you mentioned is the kind of stuff I'd definitely avoid. Never say anything about what's actually happening IRL.

 

[AG31]

This thread prompted me to revisit my meta-data in Word, and I discovered I didn't understand what was going on as well as I thought I did. Just sayin'...

 

[lilshymynx]

What's a PII?

Personally Identifiable Information - i.e. everything that's been talked about in the thread so far

 

[StillStunned]

Personally Identifiable Information - i.e. everything that's been talked about in the thread so far

Stalkers are like dogs, sniffing at other people's PII to find out who there are.

 

[onehitwanda]

Stalkers are like dogs, sniffing at other people's PII to find out who there are.

 

[StillStunned]

I'm beginning to see what you mean by "awful puns".

 

[AG31]

Just curious. Can you edit out the meta-data, like GPS from your photos?

 

[EmilyMiller]

Modern digital cameras (and especially smartphones) will rat on you with the EXIF data every time. It embeds GPS coordinates. Also why I don’t post my own pix on this site, and run them through a viewer/editor on other sites to strip most of it out.

Good call. Though on an iPhone you can strip out the EXIF relating to location. But better to upload to a site which strips the metadata out for you.

Emily

 

[EmilyMiller]

Just curious. Can you edit out the meta-data, like GPS from your photos?

Crossed posts. Yes. On an iPhone, swipe up and you can delete location data.

Emily

 

[Jackie.Hikaru]

I'm actually @onehitwanda's alt so it doesn't matter.

 

[lovecraft68]

In the last few days I've seen threads in this forum asking people for:

• Age
• Place of residence/birth (asked at country level but often answered at state level)
• Meaning of username (sometimes ties in with RL name or other identifying details)

I'm not chiding anybody for asking or answering these questions, but just a gentle reminder that this kind of info can add up faster than one realises. I've known more than one poster here who gave enough information to identify their RL name and home/work addresses without realising it.

For anybody who wants to keep their Literotica identity separate from RL, I'd recommend deciding just what info you are and aren't willing to share about yourself and then sticking to those limits. Don't put anything here that you're not willing to share with the most rabid commenters on the site.

Questions like "what's your age, to the nearest decade?" might not seem very revealing on their own. But if somebody new asks that question every year, and you answer it every time, eventually you're going to give away your age to the nearest year.

TLDR: make informed choices about your online privacy, appropriate to your own personal situation, and think ahead about how all the info you give out could identify you.

Damn good advice

There are some sleazy people on here-both posters and ghosters- and too many people so eager to be liked they'll respond to anything and to anyone.

Not a great combination.

You also have to look at where we are and how its run as in what's allowed.

No bigger-or more disturbing-example of that than the dead baby thread. And anyone that remembers it, should never forget how long it was allowed.

 

[lovecraft68]

That's why I stopped submitting files for publishing and use the text box to copy and paste my stories into it.

And why I've never done anything but copy paste.

 

[elizaloo]

I am 'probably' the most lax person here as far as hiding my identity, starting with my screen name...and.....
<------ yes, that is my real tattoo, but the boobs are different IRL if you're ever lucky enough to see them.

While I don't post any pictures here, I have no issues with anyone knowing my real name/general location/etc.

I don't work for The Man; everyone in my life who matters knows I post and publish here. My home is exceedingly rural and good freaking luck finding me...plus cameras, gates, two 140#+ LGDs who HATE and are willing to eat strangers, along with their 100# GSD sister, along with a very Southern "who the hell are you and what are you doing on this road" set of neighbors...and I wouldn't suggest messing with Bubba and Junior when they ask that question.

So I guess I'm not all that concerned - having said that, I have made many friends here who DO have those concerns and I completely understand and RESPECT why they guard their info, and I am an impenetrable vault of epic proportions with anyone's info. It's a 'you do you' world we have here and I know how lucky I am that I don't have to worry.

 

[Bramblethorn]

Also don't feel bad about throwing the odd bit of inconsequential misinformation into the mix either.

I couldn't possibly comment on this ;-)

 

[PersonalFavors]

I am 'probably' the most lax person here as far as hiding my identity, starting with my screen name...and.....
<------ yes, that is my real tattoo, but the boobs are different IRL if you're ever lucky enough to see them.

While I don't post any pictures here, I have no issues with anyone knowing my real name/general location/etc.

I don't work for The Man; everyone in my life who matters knows I post and publish here. My home is exceedingly rural and good freaking luck finding me...plus cameras, gates, two 140#+ LGDs who HATE and are willing to eat strangers, along with their 100# GSD sister, along with a very Southern "who the hell are you and what are you doing on this road" set of neighbors...and I wouldn't suggest messing with Bubba and Junior when they ask that question.

So I guess I'm not all that concerned - having said that, I have made many friends here who DO have those concerns and I completely understand and RESPECT why they guard their info, and I am an impenetrable vault of epic proportions with anyone's info. It's a 'you do you' world we have here and I know how lucky I am that I don't have to worry.

You are not immune. While you may not worry if someone finds you, they can still potentially follow PII to your personal finances. Very difficult to keep "everything" off line.
Call me paranoid. I do not use any financial apps on my phone. Nor do i use my cell # for ID or with any bank, CC co or online store like amazon.
Even my employer has my land line. If they want a cell number for me they need to supply the phone and pay the bill.
Further my ATM card is not used. I rarely use cash so if I do need it I go to the bank. All purchases are made via CC. A successful hack stole the banks money. It may tie up the card for a short time as they sort it out. But not the money I have in the bank.
Some things prove this is a real annoyance. But short lived and well worth the extra step.

In the state of Virginia and several others the state gov determined that it is the responsibility of the site to determine your age. Pornhub for example. Now if you go to their site it says PH is not available in Virginia because they cannot verify your age. Pornhub has no way to verify your age and Virginia provided no way to verify either. Their solution is to selectively block whatever they want because they know what it takes to verify and revealing that data is more dangerous than the shame they are employing to moderate free speech and circumvent the Constitution.

 

[M_K_Babalon]

My name isn't really Min Kamadeva Babalon or Jax Lazzo Rhapsody, nor do they have any connections to my real name, which is so uncommon, I've only found two other people with it. You could look at my Tiktoks or even Strava and not know exactly where I live. I'm not afraid to say I live in Louisville Ky, it's even under my avatar. It's the biggest city in the state and 16th largest over all, I ain't easy to find. Nothing online is really connected to my real life. There are some videos that where it could be figured out, if you already live here and know the area with experience with what I live in. Nobody's really that stupid and I'm not that famous enough to warrant the search, though.

 

[Bramblethorn]

Lots of excellent advice here, especially about Word. But I'm wondering how revealing one's age, city and/or avatar/username inspiration could really be used to identify you IRL? Surely these would have to be combined with much more specific information? Well, I guess you could reveal some really revealing (sic) stuff with your avatar/username. But not accidentally?

There's almost always something more specific to combine it with, if you know where to look.

A fictional example involving some non-fictional events:

Literotica user @HornyJohn420 mentions that his username is based on his real name. Somebody here who has a grudge against him notices that he's mentioned having a Twitter account and he's friendly with another Literotica user @sexygirl123654, who has a Twitter account @sexygirleroticawriter that she uses for promoting her stories.

The stalker checks out who follows that account and who she follows. Among hundreds of accounts, there are a couple of dozen with "John" in the username/handle. The stalker has noticed @HornyJohn420 often misspells "vicious" as "viscious" on Literotica, so next they use Twitter Advanced Search to check which of those "John" accounts has used this misspelling. That gets them two likely candidates.

@HornyJohn420 is active in one of the humour threads here. When the stalker compares that to those two Twitter accounts, they notice that one of those accounts often posts memes that have shown up in the humour thread here, usually within a day of their appearance here.

Next time the stalker sees a particularly funny meme elsewhere, they make a very small edit to it - something too small to be noticed unless one knows exactly what to look for - and drop it in the humour thread. A few hours later, Twitter-John reposts that meme with the same modification. Now the stalker knows that @HornyJohn420 from Literotica and @JohnTheFamilyMan on Twitter are the same person.

A couple of years back, Twitter got hacked and a dump of information was leaked that included the email addresses attached to Twitter accounts. So now the stalker has the email address John used to create that account. They can then search to see whether that address shows up anywhere on the public internet, and they can also look for it in other leaked personal information.

John happens to be in Australia, and along with almost ten million other Australians, he was a customer of a medical insurance company that also got hacked a couple of years back. The data released from that hack included his email address (which lets the stalker match from his Twitter account), date of birth (cross-check that against one of those "age to the nearest decade" threads), home address (cross-check against any location info posted here), phone number, and sensitive medical information that could include mental health, sexually transmitted infections, and other things not even John's family knows about.

A sufficiently determined stalker might have tracked John down even without the name - they could perhaps have gone through several hundred accounts following @sexygirleroticawriter and looked for that misspelling, then gone to email addresses etc. and checked details back against the Literotica account. But giving out his name makes it that much easier.

Second example is non-fiction. The only reason I'm discussing it now is that the poster is no longer with us and his RL identity has already been provided more directly by another poster, apparently with the consent of his widow.

A couple of years before he died, he shared this:

My local town had a 'cottage' hospital first opened in the 1830s. The land and the building were paid for by a local landowner who was developing his land for houses. It has moved and expanded and is now much larger. It still has a League of Hospital Friends who initially raised money for the full cost of the hospital before the NHS and now provides updated and additional equipment from its annual membership fees and some fundraising events.

In addition, we had two major buildings for rehabilitation, one for railwaymen who were injured at work or suffered long illnesses, and the other for another trade union.

During WW1 both became military hospitals for those injured on the Western Front. They did the same in WW2. but during the 70s and 80s, the need for rehabilitation after surgery declined. Both are now privately run old people's homes.

In my local City, the much larger hospital opened in the 1780s. It was rebuilt in Art Deco style in 1937 and is now about four times the size it was in 1937. Until the NHS it was funded by local donations including a charity ball and a Kent County Cricket match with all ticket sales going to the hospital.

Even though there's an error in the opening date, and even if "Kent Country Cricket" hadn't given it away, it's not hard to figure out what the city hospital is that he's referring to. From there it's easy to figure out the "local town", because people absolutely love documenting anything to do with railway history. Look up rehabilitation/convalescent homes for injured railwaymen (probably built in the 19th century), look at the ones in the relevant county, check against the other historical details, and that gives his local town.

The same poster had mentioned his role as an office-holder in a local organisation. When I looked, that organisation didn't seem to have details of their past office-holders online publicly. But it would not have been hard for somebody to ring them up and make up some story to get his name; it's not the sort of information an organisation would be trying to keep secret.

All in all, it takes about 33 bits of information to identify a person uniquely, if you know how to use that information and have access to the right sources. Very approximately:

• Gender is one bit.
• Country of residence is about 5 bits for USA, maybe 7 bits for UK or 8 for Australia.
  • Something like state or county would add several bits to that - the smaller the population, the more bits.
• A common name like "John" is about 6 bits (assuming you already knew gender); uncommon names can be many more. A first or last initial might be around 3 bits.
• "Employed" is 1 bit.
• If employed, occupation might be around 3 bits (for common occupations like retail worker) to 8 (medical doctor) or more.
• Year of birth is about 6 bits (some redundancy with employment here); to nearest decade would be about 3 bits.
• Birthday is about 8 bits (+2 if it's February 29). Birth week (e.g. mentioning that you did something on the weekend for a recent birthday) around 5 bits.

So if somebody's indicated that they live in the USA, responded to a "your age to the nearest decade" thread, put their gender in their profile, and mentioned a recent birthday, that's around 14 bits of information - about 40% of what's needed to pick them out of all the people in the world. Add in a name, even a common one, and they're more than halfway to a complete identification. It all adds up.

(Assuming that what they've given out is true!)

 

[TadOverdon]

Another connoisseur of well poisoning, I see.

Wilma Flintstone is my legal name, I swear.

 

[M_K_Babalon]

There's almost always something more specific to combine it with, if you know where to look.

A fictional example involving some non-fictional events:

Literotica user @HornyJohn420 mentions that his username is based on his real name. Somebody here who has a grudge against him notices that he's mentioned having a Twitter account and he's friendly with another Literotica user @sexygirl123654, who has a Twitter account @sexygirleroticawriter that she uses for promoting her stories.

The stalker checks out who follows that account and who she follows. Among hundreds of accounts, there are a couple of dozen with "John" in the username/handle. The stalker has noticed @HornyJohn420 often misspells "vicious" as "viscious" on Literotica, so next they use Twitter Advanced Search to check which of those "John" accounts has used this misspelling. That gets them two likely candidates.

@HornyJohn420 is active in one of the humour threads here. When the stalker compares that to those two Twitter accounts, they notice that one of those accounts often posts memes that have shown up in the humour thread here, usually within a day of their appearance here.

Next time the stalker sees a particularly funny meme elsewhere, they make a very small edit to it - something too small to be noticed unless one knows exactly what to look for - and drop it in the humour thread. A few hours later, Twitter-John reposts that meme with the same modification. Now the stalker knows that @HornyJohn420 from Literotica and @JohnTheFamilyMan on Twitter are the same person.

A couple of years back, Twitter got hacked and a dump of information was leaked that included the email addresses attached to Twitter accounts. So now the stalker has the email address John used to create that account. They can then search to see whether that address shows up anywhere on the public internet, and they can also look for it in other leaked personal information.

John happens to be in Australia, and along with almost ten million other Australians, he was a customer of a medical insurance company that also got hacked a couple of years back. The data released from that hack included his email address (which lets the stalker match from his Twitter account), date of birth (cross-check that against one of those "age to the nearest decade" threads), home address (cross-check against any location info posted here), phone number, and sensitive medical information that could include mental health, sexually transmitted infections, and other things not even John's family knows about.

A sufficiently determined stalker might have tracked John down even without the name - they could perhaps have gone through several hundred accounts following @sexygirleroticawriter and looked for that misspelling, then gone to email addresses etc. and checked details back against the Literotica account. But giving out his name makes it that much easier.

Second example is non-fiction. The only reason I'm discussing it now is that the poster is no longer with us and his RL identity has already been provided more directly by another poster, apparently with the consent of his widow.

A couple of years before he died, he shared this:



Even though there's an error in the opening date, and even if "Kent Country Cricket" hadn't given it away, it's not hard to figure out what the city hospital is that he's referring to. From there it's easy to figure out the "local town", because people absolutely love documenting anything to do with railway history. Look up rehabilitation/convalescent homes for injured railwaymen (probably built in the 19th century), look at the ones in the relevant county, check against the other historical details, and that gives his local town.

The same poster had mentioned his role as an office-holder in a local organisation. When I looked, that organisation didn't seem to have details of their past office-holders online publicly. But it would not have been hard for somebody to ring them up and make up some story to get his name; it's not the sort of information an organisation would be trying to keep secret.

All in all, it takes about 33 bits of information to identify a person uniquely, if you know how to use that information and have access to the right sources. Very approximately:

• Gender is one bit.
• Country of residence is about 5 bits for USA, maybe 7 bits for UK or 8 for Australia.
  • Something like state or county would add several bits to that - the smaller the population, the more bits.
• A common name like "John" is about 6 bits (assuming you already knew gender); uncommon names can be many more. A first or last initial might be around 3 bits.
• "Employed" is 1 bit.
• If employed, occupation might be around 3 bits (for common occupations like retail worker) to 8 (medical doctor) or more.
• Year of birth is about 6 bits (some redundancy with employment here); to nearest decade would be about 3 bits.
• Birthday is about 8 bits (+2 if it's February 29). Birth week (e.g. mentioning that you did something on the weekend for a recent birthday) around 5 bits.

So if somebody's indicated that they live in the USA, responded to a "your age to the nearest decade" thread, put their gender in their profile, and mentioned a recent birthday, that's around 14 bits of information - about 40% of what's needed to pick them out of all the people in the world. Add in a name, even a common one, and they're more than halfway to a complete identification. It all adds up.

(Assuming that what they've given out is true!)

Even I'm not that paranoid.

 

[Purple_Fronds]

There's almost always something more specific to combine it with, if you know where to look.

A fictional example involving some non-fictional events:

Literotica user @HornyJohn420 mentions that his username is based on his real name. Somebody here who has a grudge against him notices that he's mentioned having a Twitter account and he's friendly with another Literotica user @sexygirl123654, who has a Twitter account @sexygirleroticawriter that she uses for promoting her stories.

The stalker checks out who follows that account and who she follows. Among hundreds of accounts, there are a couple of dozen with "John" in the username/handle. The stalker has noticed @HornyJohn420 often misspells "vicious" as "viscious" on Literotica, so next they use Twitter Advanced Search to check which of those "John" accounts has used this misspelling. That gets them two likely candidates.

@HornyJohn420 is active in one of the humour threads here. When the stalker compares that to those two Twitter accounts, they notice that one of those accounts often posts memes that have shown up in the humour thread here, usually within a day of their appearance here.

Next time the stalker sees a particularly funny meme elsewhere, they make a very small edit to it - something too small to be noticed unless one knows exactly what to look for - and drop it in the humour thread. A few hours later, Twitter-John reposts that meme with the same modification. Now the stalker knows that @HornyJohn420 from Literotica and @JohnTheFamilyMan on Twitter are the same person.

A couple of years back, Twitter got hacked and a dump of information was leaked that included the email addresses attached to Twitter accounts. So now the stalker has the email address John used to create that account. They can then search to see whether that address shows up anywhere on the public internet, and they can also look for it in other leaked personal information.

John happens to be in Australia, and along with almost ten million other Australians, he was a customer of a medical insurance company that also got hacked a couple of years back. The data released from that hack included his email address (which lets the stalker match from his Twitter account), date of birth (cross-check that against one of those "age to the nearest decade" threads), home address (cross-check against any location info posted here), phone number, and sensitive medical information that could include mental health, sexually transmitted infections, and other things not even John's family knows about.

A sufficiently determined stalker might have tracked John down even without the name - they could perhaps have gone through several hundred accounts following @sexygirleroticawriter and looked for that misspelling, then gone to email addresses etc. and checked details back against the Literotica account. But giving out his name makes it that much easier.

Second example is non-fiction. The only reason I'm discussing it now is that the poster is no longer with us and his RL identity has already been provided more directly by another poster, apparently with the consent of his widow.

A couple of years before he died, he shared this:



Even though there's an error in the opening date, and even if "Kent Country Cricket" hadn't given it away, it's not hard to figure out what the city hospital is that he's referring to. From there it's easy to figure out the "local town", because people absolutely love documenting anything to do with railway history. Look up rehabilitation/convalescent homes for injured railwaymen (probably built in the 19th century), look at the ones in the relevant county, check against the other historical details, and that gives his local town.

The same poster had mentioned his role as an office-holder in a local organisation. When I looked, that organisation didn't seem to have details of their past office-holders online publicly. But it would not have been hard for somebody to ring them up and make up some story to get his name; it's not the sort of information an organisation would be trying to keep secret.

All in all, it takes about 33 bits of information to identify a person uniquely, if you know how to use that information and have access to the right sources. Very approximately:

• Gender is one bit.
• Country of residence is about 5 bits for USA, maybe 7 bits for UK or 8 for Australia.
  • Something like state or county would add several bits to that - the smaller the population, the more bits.
• A common name like "John" is about 6 bits (assuming you already knew gender); uncommon names can be many more. A first or last initial might be around 3 bits.
• "Employed" is 1 bit.
• If employed, occupation might be around 3 bits (for common occupations like retail worker) to 8 (medical doctor) or more.
• Year of birth is about 6 bits (some redundancy with employment here); to nearest decade would be about 3 bits.
• Birthday is about 8 bits (+2 if it's February 29). Birth week (e.g. mentioning that you did something on the weekend for a recent birthday) around 5 bits.

So if somebody's indicated that they live in the USA, responded to a "your age to the nearest decade" thread, put their gender in their profile, and mentioned a recent birthday, that's around 14 bits of information - about 40% of what's needed to pick them out of all the people in the world. Add in a name, even a common one, and they're more than halfway to a complete identification. It all adds up.

(Assuming that what they've given out is true!)

Great account.