Information leakage

The nightmarish situation I described in my previous post – a work presentation featuring porn of yours truly – is (hopefully) unlikely to happen in real life. I keep a religious separation between my work laptop and my personal one that I use for posts like this. I also maintain very separate email identities, including one for work, one for my personal life and one for this blog. However, despite all that, it can sometimes be difficult to stop all information leakage. Technology companies have a vested interested in gathering information about you and connecting it together. The greater the number of datapoints they can correlate the more valuable that information is. Information = power = $1bn IPO.

I think the biggest risk at present is smart phones. They’re a nexus where many different streams of identities can meet. People may differentiate between work and home computers, but they don’t always do the same thing for the computer in their pocket. Which means software on it can potentially access your location, all your email accounts, all your phone records, all your text messages and all your social media. It’s typically possible to configure it not to do that, but technology companies have a vested interest in the information, so configuration defaults tend to be permissive in the data they expose.

My scariest information leak was due to my phone. I’d been using it to snap session photographs. It had also been set-up to access my personal email account and, unbeknownst to me, that meant it would also automatically upload photographs to a private storage space in the cloud. Nobody could see them, so in theory no big deal, right up to the moment I added that email account to a new work laptop. I didn’t think there was any danger because it wasn’t an account I used for anything blog, porn or BDSM related. It was just for chatting to friends and shopping online. But now there was a path for information to leak along. The final step in that path was a screensaver on the laptop that would rotate through photographs from your online photo albums. You can probably imagine what happened next. Luckily I was just chatting to a couple of people in my office when naked me appeared on the screen. I had chance to quickly shut the lid before anyone spotted anything. If I’d been projecting onto a big screen in a meeting it could have been a career limiting moment.

I’ll leave you with a couple capturing their own personal moment via their phone. Hopefully the leakage of this photograph onto the net was intentional.

Selfie

Author: paltego

See the 'about' page if you really want to know about me.

8 thoughts on “Information leakage”

  1. I have an Android phone use Chrome on it and my PC. My scene email is on Yahoo and my vanilla is Gmail. I too maintain rigorous distinction between my vanilla accounts and my regular ones.

    I still occasionally get programmatic prompts that cross that boundary. So even if you aren’t an iPhone person, the alternative isn’t any better.

    1. Yes, it’s definitely a challenge to stop that occasional leakage, no matter how careful you are. No tech company likes to turn down data.

      My smartphone actually isn’t an iPhone, but I think it’s all pretty much the same when it comes to any smart phone. They try and hoover in as much data as possible, and that doesn’t respect the kind of boundaries you’ve established between browsers and accounts.

      -paltego

  2. Gentlemen, your narrow escapes make my skin crawl.
    I firmly believe in keeping things as simple as possible and as separate as possible.
    One “Debian” laptop for work and two company email addresses under the family name I was born with. The other a Windows machine and a Gmail and a Yahoo mail address under the family name of my late husband. One antique but virtually indestructible Motorola flip phone and I still use analogue cameras. No risk of accidental cross contamination or leakage there.
    Only my family and my few friends know I was once married; even our human resource snoops are unaware of that; I never told ‘m and they never found out till now … *knock on wood* …
    As for smart phones, Facebook, Twitter and the likes and for on-line shopping: Be smart and stay smart and avoid ‘m like VeeDee … or “suffer” the unintended consequences sooner or later.

    1. I really could not survive without my smartphone. Well obviously I could, but I really wouldn’t want to. It’s up there with internet access as something that’s gone from interesting toy to essential element of life over the last 10 years.

      I think if I was a teacher or a politician or lived in a less liberal part of the country I’d definitely be even more hardcore about the split. Entirely different identities, operating systems, accounts and software would be a great way to do that. I suspect in my current situation I wouldn’t lose my job or friends over leakage, but I’m not eager to test the theory!

      -paltego

  3. While I’m not as bullet proof as Marga, What I do is use 2 completely different browsers for my vanilla and my “edge of vanilla” life. Vanilla gets Firefox or Chrome, but EoV uses Seamonkey (the old Mozilla Suite). The advantages is that clicking an email link in SM browser will open the SM email client, so there’s no cross-over. Also, installing the extension that collapses SM to the system tray keeps people from wondering what’s on that tab at the bottom.

    I do something similar on my phone. Normal browsing uses Chrome or Firefox, while my EoV gets Opera. I have 2 different mail clients for my phone, and while it’s possible to accidentally bring up the wrong one, I have to work at it.

    I also use the browsers to access Facebook, so I don’t accidentally open the wrong profile. And as it happens, vanilla Tom is mainly on FB, while EoV Tom is mainly on Twitter (again, 2 different clients).

    Yes, it’s more work. But after some years it’s become second nature.

    1. Well as I mentioned in the post, I use different two different laptops (as well as browsers) for my alternate lives, yet I still got caught out! 🙂 I think the challenge for me is that I actually have 3 identities – work me, private me and paltgeo. In this case it was the private me that leaked between the work me and paltego. I need to think about that a bit.

      The phone is a little more tricky, as it definitely tries to smoosh things together more. I’ve all three identities on that as well.

      I think if it was a case of leak and get my life destroyed I might invest more in total separation. Instead it’s leak and get horribly embarrassed, so the risk/reward/convenience trade-off is trickier.

      -paltego

  4. I forgot to mention – and recommend – the professional version of CCleaner I use to keep my Windows laptop free of bloat ware and clean out the browsers after use, just in case … Written words and pictures are kept on a separate hard drive. I never trusted the cloud.

    1. Thanks for the tip. I used to regularly wipe and rebuild my windows machines, but I’ve gotten lazy about that over time. Maybe that’s a simpler solution.

      I work on building the cloud for a living so perhaps I shouldn’t trust it given what I know, but it’s kind of unavoidable. We’re heading towards the day where the distinction between local and cloud becomes pretty much irrelevant.

      -paltego

Leave a Reply

Your email address will not be published. Required fields are marked *