Tuesday, December 1, 2015

Privacy, Breadcrumbs and Personally identifiable information (PII)



I am reading “Programming Windows Store Apps with HTML and CSS by Kraig Brockschmidt. It’s a good book and better still you can get the ebook/pdf version for free (http://blogs.msdn.com/b/microsoft_press/archive/2012/10/29/free-ebook-programming-windows-8-apps-with-html-css-and-javascript.aspx).

The author Kraig Brockschmidt has a section about adding code to a demo app (Here my AM!) to share a photo and a geo location.  I came onto the following text (“And if you still think I’ve given you coordinates to my house, the ones shown here will send you some miles down the road where you’ll make a fine acquaintance with the Tahoe National Forest.”). His newer version of the book he has his house coordinates blurred out so we can’t see them.

Let’s look at his remark and see how true it is from a privacy perspective. First is what do we actual know.

* His name Kraig Brockschmidt.
* A good guess is he works for Microsoft Software.
* We know he lives close to Tahoe National Forest.
* A quick look up in Google/Bing we see that the main address for Tahoe National Forest  is Lake Tahoe, CA 96140.
* We now know that another good guess is he lives in the state of California.

Now lets go back to our favorite search tool and see how difficult it is to learn what Kraig’s physical address is since he won’t give us his geo coordinates to his house. Maybe we want to borrow a cup of sugar and share some Microsoft love,

First we can just search for his name and state to see what we get.  Our first entry in our results list is a web site (http://www.kraigbrockschmidt.com) a quick look around and we know its Kraig’s web site. We can see references to California and his books.  On his about-page we see a reference to that he and his wife moved to Nevada City, CA in 2011. So now we know his state, and city.

Using his own web site, LinkedIn and O’Reilly we see that his current employer is Microsoft Software as a program manager.

So now we have his city, state and employer. We just need to get his physical house address. Not to worry a quick web search and we will be at his house in a few minutes to borrow that cup of sugar.

We can use http://www.zabasearch.com (zaba search can be totally free if you sign in using Facebook) or if we want we can use a paid service like http://www.intelius.com/. Now we have his physical house address and phone number.

I am not going to post his actual home address or his phone number in this blog post. I just look and I have enough sugar so I don’t need to borrow a cup.
Unfortunately what works to find Kraig’s home address also works to find my home address, I also check on a few friends living in Owasso, Depew Ok and I was quickly able to get their home addresses and phone numbers.

The issue here is a hard one to solve. We want to be connected to people. Easiest way is using the Internet.  We want and need the Internet to help with our own personal branding. We need and want to show our professional work. Some of us want to discuss our spiritual paths, political views, etc. with friends and others. That causes us grief since one web site may not give a view of who we are but we leave enough breadcrumbs for sites like ZABA Search and state and federal government web sites to collect data on us. Remember we don't want our physical address known to everyone on the Internet but we do want police, fire services to be able to quickly find us.

We find ourselves in an uncomfortable position of wanting to control what we can’t.

Not just our physical addresses are hard to keep private but other personal information is under attack as well. Researchers using Facebook found with remarkable accuracy( 93% to 95% ), based on what we mark as likes on Facebook that a wide variety of our personal attributes, from sexual orientation, race, age, political affiliation to intelligence can be predicted.

See (http://www.pnas.org/content/110/15/5802.full.pdf) and you can also go to (http://applymagicsauce.com/test.html) to become part of the study.

These new predictive algorithms are only going to improve in the future. Not just Facebook but also Google, Bing, Yahoo, Amazon and others are paying for predictive algorithm research so businesses can sell us more products and services.

So what is the solution? I don’t know. We want our information out there and businesses are finding more and more ways to get it and to use it. We ourselves give away information for perceived and real benefits like being able to search without paying for Bing or Google or getting good deal on products and services. By leaving breadcrumbs on the Internet and with public data we that we have already provided the ability for someone to build an accurate profile on us is real. 

My recommendation is to pay attention to what you are doing. One example is by default our likes on Facebook is public knowledge. You can in Facebook settings is make this information private. This makes you in charge of your own information. I am not going to kid you; this is not an easy task. You are on a slippery slope and no matter what you do some information on you is always going to be publicly available.

Additional information...
* http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
* https://www.cs.utexas.edu/~shmat/shmat_cacm10.pdf
* http://itlaw.wikia.com/wiki/Personally_identifiable_information