The Cops Are Hot on Your Twitter Trail

According to the LA Times, Twitter keeps logs of your “location, IP addresses, search terms, pages visited and also data from when you visit third-party websites with Twitter buttons on them” (emphasis mine). That’s a lot of detail. And Twitter makes it available to the police over 75% of the time the cops ask for it, without a subpoena.

Keep Reading »

Who Wants to Get Fired?

Here’s a quick lesson in social networking privacy:

  • Public means anyone can read what you are posting. Like your spouse, the police, your boss, etc. They don’t even have to be a member of the social network in question.
  • Private means that only certain people can read what you are posting. You get to decide who these people are.

WeKnowWhatYou’ is a collection of people who don’t seem to understand the difference. Under headings like Who’s taking drugs? and Who wants to get fired? it lists posts to popular social networks that should probably not have been made public.

Why the Hell Are People Posting Pictures of Debit Cards on Twitter?

Twitter account @NeedADebitCard collects pictures of debit and credit cards that people post to Twitter. Seriously? I’m guessing these people aren’t on top of their Facebook privacy settings, either, which makes them sitting ducks for identity thieves.

People, don’t be stupid. If you have to take pictures of your debit and credit cards, put them in the same place you keep your sex tapes.

[via BoingBoing]

Chicago Debt Collector Accretive Health Sued for Violating Patient Privacy Laws Wants to Sell Your Shopping Habits

According to Felix Salmon,, the popular personal finance website, may be benefiting from playing outside the regulatory rules that govern banks. At a Banking 2.0 panel at SXSW, Mint’s Aaron Patzer explained why:

For instance, he said, he can see pretty much in real time how much money his huge database of customers is, in aggregate, spending at Blockbuster vs Netflix vs Redbox, or any other set of retailers — and that kind of information would surely be extremely valuable to hedge funds. It was clearly something he’s talked a lot about, and he never said that he wasn’t already selling that data to the highest bidder.

If I am to do my banking online, I need to be confident that my financial information is being kept secure. This is not like Google, where I can stomach giving up a bit of anonymized usage data in exchange for great software. No, when it comes to my financial information, I do not want my data sold to the highest bidder.

After reading Salmon’s column, I deleted my Mint account.

Personal finance online | Felix Salmon (thanks, Aaron!)

Avoid Identity Thieves on Facebook

Take a moment to look over your Facebook profile, and consider all the information your friends have access to. Your name, address, and date of birth? How many of the answers to your “security” questions for your financial websites are contained within your profile or updates?

Only friend people you know. Nearly half of Facebook users will apparently accept any friend request! Or learn to use Facebook’s privacy settings to keep people you don’t know from discovering personal information about you.

Accepting Friend Requests from People You Don’t Know Is a Recipe for ID Theft | Facebook

U.S. passport information a piece of cake to steal

A hacker with $250 of easy-to-obtain equipment drove around San Francisco grabbing users’ personal information from passports and drivers’ licenses equipped with soon-to-be-mandatory radio-frequency identification (RFID) cihps.

The government has been pushing for tagging most identification with RFID chips, claiming it would be impossible or unlikely for hackers to do just what Chris Paget did with $250 of equipment he bought off eBay.

Passport RFIDs cloned wholesale by $250 eBay auction spree | The Register (via BoingBoing)

Internet privacy gets Congress’ attention

“[T]here are two types of people: those who have had their data stolen and those that will.”

The above quote is from Terrence DeFranco, chief executive of Edentify, speaking about the recent appropriation by malicious hackers of information from 45.7 million credit and debit cards from TJ Maxx and Marshalls. The only way to prevent identity theft is to stop using modern means of commerce. Pay with cash, get rid of your mobile phone, and never give out any personal information. Even then, you have a fighting chance, at best.

Or, realistically, you keep a close eye on your credit report, bank accounts, and credit cards, and react quickly when something does happen. My credit card was cloned two years ago, at a gas station, I think. I noticed the charges within a few days, and MBNA cancelled the card and reversed the charges within about 30 minutes. All in all, it was a pretty good experience, considering.

Also, note that a cloned credit card is one thing. This happens when, as is likely for many people after the TJX breach, a thief obtains enough information about your credit card to use it to make other purchases. This can be done online or, in some cases, a duplicate physical card can be made. This is pretty easy to fix. Cancel your card, close your account, and open a new one. Your bank should reverse all charges. Done.

Full-on identity theft is an altogether different thing. This is where an identity thief obtains enough personal information about you to duplicate your identity produce fake identifying documents that the thief can use to open new bank accounts, make online purchases, and even purchase real estate in your name in some cases. It can take years to reverse the damage caused by identity theft.

To prevent this, be very careful of who gets access to your personal information. One of the most important things you can do is buy a shredder and use it to shred any documents with bank numbers, social security numbers, or other sensitive information. “Hotel Key Cards: Identity Theft Risk or Not?”

Hotel key cards are a bit of an enigma, it seems. Though and Computerworld both put considerable effort into debunking the idea that hotel key cards hold more than just innocuous information about hotel guests, the idea persists. And, potentially, with good reason.

At least one California detective found a veritable treature trove of personal information on a card from a major hotel, including name, length of stay, and credit card number. In other words, more than enough to make it easy for someone to steal your identity.So it isn’t clear whether or not hotel cards do or do not hold risky personal information, but it does seem worthwhile to take some basic precautions. For starters, keep careful track of your key card during your stay, and take it with you when you leave the hotel, then shred it.