Sharing personal information online
Every detail you share online about your life and the extended group of people you interact with is stored somewhere. Understanding the way this information accumulates is critical.
People post resumes that include hobbies, past employers, past addresses, and professional associations. People post highly personal and identifiable information on blogs. On travel sites you may reveal your excitement about an upcoming trip. Perhaps you are exposing friends and family’s e-mail addresses by forwarding e-mails.
- Employers need to consider the level of information they share about employees. Consider carefully how much information is appropriate to include in an employee bio that is posted on your company Web site. How much should be visible to other employees on your intranet? When you attend a conference is the attendee list shown in online conference documents? If your company encourages employees to leave out of office messages on their e-mail be aware that these may reveal when an employee will be away from home and make him or her a target for burglary. And you will probably never make the connection between the online information exposure and an offline crime.
- Schools should be cautious about exposing student information on their Web sites if those sites are viewable by the general public. Posting photos and identifying students by last name can place the student in harms way. Posting schedules of after school activities along with information about what activities a student participates in can give an online criminal a physical location and time where he can find that student.
Before you share any information online consider how sensitive the information may be if it is abused, and who you want to share the information with. If the information is general in nature or restricted to a site that is not available to the general public, there should be little risk in sharing it. However, if the information identifies you, your possessions, or someone else in some way you may want to limit access to that information or not post it at all
Here are some categories of information you may want to consider as you determine what you are comfortable sharing or having others share about you publicly. This list does not presume to be a definitive inventory of identifying information. It is intended only to get you thinking about what you share and where you share it.
- Your name and the names of family members and friends (mother’s maiden name is often a password reminder or reset verification)
- Ages and genders of you, your parents, your children, or grandchildren.
- E-mail addresses, user IDs, nicknames, and domain names should not include information such as your name, age, birth year, birth date, social security number, city, state, hobbies, emotional state, zodiac sign, or other information someone might easily find out or guess.
- Address, including home, work, or any other place you will predictably be found such as at school, attending social clubs, visiting health clubs, and so on. If city and state information can be combined with a piece of secondary information such as a local sports team name, local newspaper article about you (including birth, wedding, graduation, or death announcements) you may be very findable.
- Locations of others close to you, including parents, children, and friends.
- Phone numbers. This includes home, mobile phone, work number, or friend’s numbers.
- Keep in mind that with caller ID, your number is exposed when YOU call someone as well. It is no longer enough to tell children not to give their phone number out. They also shouldn’t call or text message with people they don’t know.
Sending and receiving e-mail
E-mail is short for electronic mail. People use e-mail to exchange messages and send and receive attachments such as photos, music, or videos. Unfortunately, e-mail's usefulness is undermined by spam (unsolicited messages trying to sell you something and spam scams that try to trick you out of your money (also known as phishing ).
Ten safety tips for sending and receiving e-mail
- Choose a safe e-mail address that doesn't give away personal information.
- Pick one that doesn't help identify or locate you. For example, SusieDoe_14_small_town@google.com.au reveals enough for someone to find Susie-her name, age, and small town in Australia.
- Avoid using flirtatious names like "2sexy4U" which may cause unwanted attention and expose you to greater risk.
- Never share passwords, social security numbers, credit card information, and the like.
- Pay attention if you use an automatic e-mail signature. This is a handy feature because it typically provides your full name, address, and phone numbers. But if it's inserted automatically in all your e-mail responses, you might unwittingly reveal more information than you intended to people you don't know, especially if your e-mail is forwarded to others.
- If you don't know the sender, delete the message; if you do know the sender, double-check that an attachment or link is safe to open. If your friend doesn’t remember sending you the attachment, delete the message.
- If anyone sends you inappropriate material, report it to your ISP (Internet service provider) or the police, if appropriate. Encourage your kids to tell you about anything they receive that upsets them.
- For younger children, use a service that enables you to limit your child's contacts to people you both know and allows you to monitor who they're talking to.
- Have a discussion with teens about who they communicate with and what they talk about. Set boundaries that match your family's values and your child’s age, reassessing these boundaries periodically as your child matures. Caution them not to list their e-mail addresses publicly, or respond to e-mail from strangers.
Teach them that entering sweepstakes or filling out quizzes that require them to enter their e-mail address is one of the quickest ways to have an e-mail alias sold to spammers. They should always guard their e-mail account information.
Send e-mail to a group safely
Any time you send or forward e-mail to a group of people who don't know each other, you can protect everybody’s identity by placing all the e-mail addresses on the Bcc (or Blind Carbon Copy) line of the message address feature. That way no recipient can see the other recipients’ e-mail addresses and your friends' e-mail addresses are protected from spammers.
Every e-mail program has a Bcc: option on its e-mail form (the place where you address and enter the content of a message). Search in your e-mail program's Help if you can’t find this feature readily.
Tip: You may also want to include a message like this at the bottom of your e-mail messages as a reminder:
Note: To protect my privacy, please do not expose my e-mail address to others. If you're sending e-mail to a group of people that includes me, please put my e-mail address on the Bcc: line only.
The more pieces of information you provide in your online identity, the more clues you give predators of any kind – whether their intent is to cause financial, emotional, or physical harm. Your choice of an e-mail alias, such as JackS@Smith.com is one way you can expose your identity. The safest personal e-mail alias or nickname (versus your work e-mail over which you have little control) for users of any age does not provide identifiable information, such as:
- Names – first, middle, or last names
- Age – birth year, birth month, or day; or any astrological sign that can help provide this information such as ‘Leo, born in the year of the Monkey.’
- Location information – city, town, country, or region such as Northwest. Don’t give your school name or employer in your personal e-mail alias.
- Sexual or physical suggestion – Certain words such as ‘hot’ or ‘sexy’ let others know how you want to be perceived, while words like ‘snuggly’ or ‘lonely’ suggest an interest in intimacy that predators can take advantage of.
- Work descriptor – Teacher, engineer, dentist, or a description of your place of employment.
- Emotional vulnerability – words such as sad, grieving, lost, suicide, and lonely place you at risk; there is always a criminal waiting to be your ‘best friend’.
- Risk behaviors – names that speak of drug use (littletokr), criminal activity (carjacker), or violence.
- Ethnic identifiers - may increase the risk of hate crimes, or may help identify you (Asiandoll, N8tive (native), and mixed, for example).
- Hobbies or sports – An unusual sport such as polo or barrel riding, or sports that imply a specific socio-economic bracket, or are only done in a few locations (skeet shooting or bull fighting, for example) are more identifying than baseball or soccer. Predators can use such interests to make a personal connection with a victim.
NOTE: Employers or schools may have defined domains (email@example.com) and assigned protocols for your name – even using your full name. It is important in these cases that you do not tie additional pieces of personal information to that account.
Using multiple e-mail accounts
It is a good idea to have additional e-mail accounts if you sign up for newsletters, sign up for services that require an e-mail account, or communicate with groups where you may not know some of the members personally.
Using different e-mail accounts helps you compartmentalize your privacy and safety. If one account is breached, the others are still safe. On some sites you can use the e-mail account provided by the site (reputable services that involve communicating with other members, such as dating sites, should provide this feature). Using a separate account, if you connect with the wrong type of person, you can abandon the account without having to change your main e-mail account
Spam is e-mail sent in bulk to recipients who have not requested it from senders they usually do not know. Spam can be transmitted over any Internet-connect device (such as a computer, cell phone, or PDA). Spam is a cheap way to market products or services, but it is illegal in many countries.
Nearly 70% of all e-mail traffic in the world is spam. In 2007 one study showed that there were 90 billion spam messages sent a day. While there are serious efforts by Internet service providers to block junk e-mail, determined spammers are making equally serious efforts to find ways to keep filling your inbox. They constantly evolve new methods of fooling the anti-spam filters.
Understand the anti-spamming capabilities of your e-mail provider and set up the service to flag spam or put it in a separate ‘junk mail’ folder. Review this folder periodically to make sure legitimate e-mail hasn’t been placed there, and then delete the spam e-mails without opening them. Stay up to date on spam tactics and, when in doubt about the origin or intent of an e-mail, delete it. If you really want to eliminate all spam, consider using an e-mail service that requires senders to authenticate themselves, something automatically generated spam can’t handle. There are several companies that offer this for a relatively low cost.
Always have strong anti-spam, anti-virus and anti-phishing tools installed and set to update automatically. Don’t open links or attachments from someone you don’t know (or even from someone you do know, if you weren’t expecting the attachment. Many viruses take over users address books and spam all of their friends with malicious attachments knowing you will be more likely to open an attachment from a friend).
Forwarding chain e-mails
An online chain letter may be amusing, or it may be dangerous. Many urge you to take some action online that makes you the target of a scam or forward the message to your friends. By forwarding a chain mail you may be helping spammers collect new e-mail addresses to target and sell to. Anyone whose e-mail address includes their full name or other identifying information, or who uses an e-mail service such as Hotmail or Yahoo! that expose full names as well as e-mail addresses, may also be exposing themselves to other types of crime.
If you choose to forward an e-mail to a group, do so safely. It is better to copy the content and put it in a new e-mail and delete the names of everyone previously on the chain. Place your e-mail address on the ‘To:’ line and place everyone else’s e-mail on the Bcc: line.
Sending and receiving instant messages (IM)
Instant messaging (IM) used to be referred to as real-time e-mail. It used to only be synchronous, meaning that two (or more) parties communicate in real time, without any delay. IM programs now let you create a message that is held until the recipient(s) next comes online.
Today you can use IM to text, talk as if you were on the phone, send photos, videos, and other files, see participants via webcams, and get and send e-mail. Some IM services also allow you to search the Web, find others using Global Positioning System (GPS) technology, listen to music, watch videos, play games, bid on auctions, and more.
IM can be sent from a computer to a mobile phone or from a mobile phone to another mobile phone. If you have included your mobile phone number as part of your IM profile, then anyone who can see your profile will be able to view it. This is valuable information for a predator, so it is important to consider whether you want your number exposed, especially if there are many people on your contact list you do not personally know. Teens often have a broader set of IM 'friends' they have never met, so it is important to discuss the safety of displaying their phone numbers with them.
Nine safety tips for instant messaging
- Choose a safe screen name that doesn't give away personal information.
- Understand that IM is not a secure communication channel so you should not share sensitive personal information when you use instant messaging.
- Never share passwords, social security number, credit card information, and the like.
- Be careful about the information you show in your status bar. Avoid showing emotional vulnerabilities to people you don't know well, or saying you're on vacation, etc. as these can be useful pieces of information to people who want to exploit or steal. Most services allow you to keep your online status private, so you simply appear to be offline.
Protect children using instant messaging
Here are some tips to help keep younger children and teens safer when they use instant messaging:
- For younger children, use a service that allows you to limit your child's contacts so they can only send IM to people you both know and monitor who they're talking to.
- Have a discussion with teens about who they communicate with and what they talk about. Set boundaries that match your family's values and their age, reassessing these boundaries periodically as they mature.
- Caution them not to list their IM names publicly, or respond to IM from someone they don't know personally. In your instant messaging program look for options to set your profile as private, and manage who is allowed to send you instant messages.
- ‘Friends of friends’, or social networking, is all about connecting people with common interests. Limiting access to your information is harder using this approach and tracking or stalking you is far easier. Approving someone to be a friend may give that person far-reaching access to information, one of the real concerns about adding strangers to your buddy list or social networking list.