Welcome to our fully functional beta site. We welcome all comments
informed!
The Informatica blog - Authored by Claudiu Popa

Here’s a Revolutionary Idea to Combat Identity Theft: Lie!


Protect your identity online.I’m always impressed at the low-tech nature of today’s most brazen hacking attacks and abuses of identity. It’s inevitable that someone will lie to get at your information, then leverage that information to get access to something valuable. In other words, people will lie to get access to your data. So here’s a thought: why not employ the same strategy to combat the problem?

If history is any indication, lying is certainly not a novel approach to getting things done, but it does go against most people’s idea of what it takes to preserve the social order. Certainly, there’s plenty to worry about: how can you do it and preserve some kind of personal integrity? How far do you go? Is it a slippery slope? And how much trouble can you get into? Even the thought of stretching the truth in an online form with a checkbox at the bottom makes us a little uncomfortable. And this, about the potential of voiding some implied warranty, or otherwise breaching the trust of a faceless organization whose spyware-laden shareware we’re about to unleash upon our unsuspecting computer.

Your parents were right: it is indeed bad to lie and cheat and steal. But what about the criminals, and the hackers and the script kiddies? And the government funded cyberattacks? And the spies, agents and undercover officers trolling the internet? Wait just a cotton pickin’ minute! If they can do it, surely you too!

Let’s be clear, we’re not talking about lying to the government about the identity on your passport. We’re not talking about falsifying your driver’s license. I am however suggesting that the cloud-based systems that have come to play a central part in our lives, from managing our communications to scheduling our time, may not be so good at handling our personal information even though they take every opportunity to ask for it.

And Ford knows they pressure you into surrendering a lot of information! But not before making sure you understand the fact that they really want you to provide accurate data. Let me be clear: YOU are the custodian of your own personal information. For anyone to ask for the privilege of collecting and storing it, the burden of proof is on them to demonstrate:
 
  1. authority (who are they to expect the truth? If all they want is the ability to recognize that you’re the same person who set up the account, and that you’re reachable by email, then your identity, quite frankly, doesn’t matter)
  2. need – absolute need – not just an expression of their fetish for collecting diverse bits of interesting data they could at some point use to impress their advertisers.
  3. the verifiable ability to protect it (“your data is secure with us” is not a good way to gain my trust, for instance)
  4. an explicit promise to securely and verifiably dispose of it – all of it – when you no longer wish them to have it
All that to say that when you’re online, you can absolutely determine what bits of your personal information – if any - a site is entitled to receive from you. And once it does, it is responsible for every shred of sensitive information you have now placed in their custody.
 
So what information should you be surrendering? Well, none at all if you feel the site really can do without. If you want to use a pseudonym, a disposable email address or a false street address, there really isn’t anything that can be done to prevent you from doing it. And by using email forwarders you can still be seen as providing accurate contact information even though the email account may not be your primary one.

Instinctive discomfort aside, the benefits of keeping control of your data are undeniable:

1.    the more personal information you don’t share, the more you control. And that’s what identity theft is about: control over your information. If it’s not out there, it is a lot less likely to be stolen.
2.    by using fake information on different sites - if and when you eventually get an unsolicited password reset notice or any statement hinting that something’s fishy - it will be obvious which of your online identities was compromised as long as you keep track of what you’ve submitted to each site (which you can easily do within your favorite password database).
3.    anywhere you go online, you're likely to be tracked and the data is eventually mined, correlated and compiled to produce an accurate record of your Web activity and personal preferences.  Naturally, the argument is that all this is done with your privacy in mind, but can you really trust sites that surreptitiously track your every move? By having multiple identities you're not only theoretically fragmenting the data collected but avoiding the ignominy of having all that tracking data under your real name in some secret database. That said, the use of cookies may still thwart your efforts to a large extent.

So there you have it. Fake information can enable real protection. Naturally you’ll have to use your best judgment to determine which sites are okay to fool and which ones genuinely do need your information. Naturally if Google needs your cell phone to verify your identity, let it have it. It won’t abuse it but it will give you a good way of identifying yourself in case of malicious activity. So go ahead: tell your family that it’s okay to not answer every question truthfully, including the security question in your profile. For once, you’ll pat yourself on the back for what may seem like a great deception. When the guilt dissipates, you’ll remember you’re taking identity theft seriously and doing what sites aren’t willing to do: have a plan to protect your most valuable asset.

Bleeding hearts unite, the OpenSSL Heartbleed bug threatens to impact user privacy and business security online. There's a new security vulnerability in town. It's not even that new, we just didn't know about it until now. But it's a whopper and it threatens to i...
Independent risk assessments are the most basic best practice in business.Security is about risk. And risk is about numbers. Given the high probability of suffering data security and privacy breaches, is it any wonder compan...
Netflix just the latest brand used in wave of phone text support fraudEver wonder what the use of stealing millions of email addresses is? All those often downplayed, 'low sensitivity' data breaches have massive potent...
Layered SecurityI'm often surprised at the public's disappointment with the realization that security processes are not directly analogous to the medical notion of im...
Target breach will have serious consequencesThis past Christmas season hasn't been kind to the Target chain of retail stores nor to its brand. A brazen attack took place in December that affecte...
Informatica's Festive robots wiish you a safe and secure new year!Precisely nothing. But I'm very glad you asked. First, the robots. They're cute. they're animated. And you can replay the clip as many times as ...

Welcome to Informatica

Be Secure.

Be Trusted.

Follow us on