“On the internet, nobody knows you’re a dog”. This famous saying was coined in 1993 by cartoonist Peter Steiner, and published by The New Yorker. Over the years, this has come to refer to the fact that, thanks to the anonymity of the internet, both people and things are not necessarily who or what they claim to be.
Fast forward 24 years and the issue of digital identity is more relevant than ever. Today, security experts seem to agree on one thing – that it’s becoming inevitable that your digital business is going to get hacked at some point. When that happens, you also lose your reputation.
My teenage kids are already adept at clicking away Snapchat requests from people they don’t know – “oh it’s just another chatbot”, one remarked at the weekend after checking a phone notification. Their digital defenses are constantly tested by machines offering social engineering, looking for weaknesses than can later be exploited.
Part of this is our own fault. In our drive to broadcast the minutiae of our lives, many people are reckless with the information they share.
Oversharing on social networks makes it simple to gather more information about a person than they would otherwise feel comfortable disclosing. Selfies are geotagged by a smartphone, or the location is added by Instagram, or both. Follow a busy Instagrammer for a month and you’ll have a pattern of their movements. It’s really easy to be a digital stalker.
Then there was the recent story of the Russian photographer who matched a bunch of people to their social media profiles just by using basic facial recognition software – which measures a series of points on a face to create a digital map, for example, the distance between your eyes, from the corners of your mouth to your nose, etc.
And what about those Facebook quizzes that look very much like social engineering – for example, “tag your favorite color”, “what’s the make of your first car?”, “what does your middle name mean?” or “what’s your rock band name? Take the name of your first pet and your mother’s maiden name and post it here!” Then of course there’s the birthday notifications. Now, what were those security questions from your bank?
You can change your password, but you can’t change your date of birth or even how you look, without resorting to plastic surgery.
If you’ve ever wondered just how much information you’re providing as you browse Facebook, a new extension for Google Chrome has the answer. Data Selfie shows you exactly what you’re sending back to Facebook as you trawl through your friends’ posts, clicking like, adding comments and following links. With the average user spending 50 minutes per day on Facebook, you’re providing one heck of a lot of data. That information is then used to customize your future news feed – not only “top stories” but also “most recent” – deciding what’s relegated to the column on the right. This is part of the reason why, over time, you’ll only see stories from people in your “bubble” with similar views: Facebook wants you to have an enjoyable experience, and to stick around.
For an over-sharer on social media, it’s probably too late already – and for everyone else, Data Selfie is an opportunity to step back and think examine what you’re sharing – and giving away – on social media. Perhaps you are prepared to forego a Facebook page full of happy birthday wishes on one day a year in favor of starting to take back your privacy? Do you really want to geotag your carefully-curated Instagram pictures? Do you really need to check in whenever you visit a restaurant, bar or airport?
Keeping your digital identity intact
We think that the challenges of verifying and protecting an individual’s true identity are going to become harder and harder. Odds are that you’re not (yet) really bothered by this – until a friend emails you to say they’re traveling, have been robbed, lost their phone, wallet and passport, and need you to wire them $200 asap to tide them over. You already know from Facebook that they’re in that city – therefore, you may well consider helping out. It’s only $200, after all. But it’s also probable that you’ve fallen victim to a social engineering scam. You didn’t even call to verify the info, since your friend already told you they lost their phone …
One small step we’re taking at Destrier is the introduction of digital signatures for email. If we’re sending some confidential information to a client, then someone’s reputation is at stake. It’s a really simple process– and, in the grand scheme of things, very cheap – to send a mail that is digitally signed.
We’ve also added a layer of SSL security to our website. Even though we don’t accept online payments, the message we’re sending our visitors is that we take security seriously – so you can be assured that the website belongs to us – and isn’t running spyware or offering up any kind of malware to infect unwitting visitors. Google has also recognized the need for identity management and has given priority to prioritizing https websites in search results since 2015.
As a digital company, we can run our business on a smartphone (it’s fiddly, but if needs must, we can do it). But it’s a double-edged sword as this also means we rely on access to cloud-based services to run our business (and yes, we have offline backups). Therefore, we take digital security seriously – and if you want to protect your reputation, you’ll be doing the same.