Every week, computer security expert Jon Eldridge is your Azeroth Security Advisor. He will delve into the darkest reaches of computer security rumor and bring the facts back home even if they're wriggling at the end of a pike. His goal is to provide useful information to gamers who don't think about security much and flame fodder for those self appointed experts who need to rationalize the cost of their expensive certifications. Like any good security force he's a mercenary at heart and is happy to take subject requests from the user community that he serves. So feel free to leave a comment below or just sit back and enjoy the show.
So you've made it to the top. You're in a 1337 raid guild that can sleepwalk through heroic instances. The PvP teams that are lucky enough to have you grace them with your presence are first in your battle group. Your favorite hobbies include disenchanting purples and watching the n00bs pass out when they inspect your gear. You've been around since beta and everywhere you go people know your name. Yep is sure is great to be you(r toon). /emote pat self on back.
Then it happens. You login to find that somebody in your guild is the object of much ROFLMAO and that somebody is you. Your stomach drops out and your heart goes into overdrive as you read that chat. Now everybody in your guild knows your real name, home address, social security number, political affiliation, and drivers license number. But wait it gets better! Your arch rival just posted links to your online dating profiles, anarchist news group posts you made back in high school, and your criminal history. You've been RL PWN3D in the worst possible way.
Why would somebody do something like that? You may or may not be aware of John Gabriel or his Greater Internet Fuckwad Theory but it is a good place to start. There is even a little extra reading over at Wikipedia if you are interested. John did the world a service by illustrating an elegant explanation of why so many people on the Internet just plain suck. It all boils down to the age old "because I can" axiom. If absolute power corrupts absolutely then absolute anonymity combined with the research power of the Internet is the next best thing these days.
The scenario above is fictional but based entirely on fact. Obtaining a great deal of personal information by starting with a gamer tag or character name is not uncommon at all. There are people who have turned this activity into a sort of performance art. How do I know these things? Where's my credibility on this subject? Let me put it this way, if you spent the last 20 years working with technology and digital evidence and didn't have a phone book full of interesting yet terrifying individuals you must have been asleep the whole time. The fact is that a motivated and creative individual could expose information you'd prefer to keep private or at least apart from your game life and seriously harsh your day. Heck anybody with access to Lexus Nexus (like every law student in America) can find more out about you than you might want.
Even if you think you've got nothing to hide you don't want your SSN# posted to the WoW forums and even then you'd be getting off light. Once the wrong person has motivation to make your life difficult and enough personal information about you the sky is the limit for creative grief. Aside from ID theft, stalking, and financial mayhem some alternatives like "Swatting" have potentially deadly side effects. At least one person has made roughly 250 such calls including demanding phone sex and reporting the victim for child abuse when she refused. I'm not interested in scaring the heck out of anybody here but I do want you to understand that like the force, the Internet has a dark side.
A major misconception people have is that it's easy to compartmentalize your different online lives from your real life. Say you have different screen names and people you interact with for each of your MMORPG, online dating, church group, professional associations, political activism, and poetry howling activities. Over a long enough period of time the likelihood of connecting one to the other via a common instant messaging, email, or screen name increases. The trouble is that the Internet has a very long memory. Sites like Google or archive.org can hang on to evidence of your online activity long after your social, political, sexual or religious views have changed radically. People change but the Internet does not forget easily. Given the fact that many people feel compelled to behave other than they would normally while online can lead to some uncomfortable moments or incredible hilarity depending on which side of the joke you are on.
So what can you do? Here is a list of some steps you can take to bolster your privacy while enjoying the fruits of living many different online lives. This is not meant to be a complete list for bullet proofing your privacy. That would be a different topic entirely.
- Use different character or screen names for each game or activity.
- Use different forum names for each game or activity
- Never include your instant messaging ID in your guild or forum info.
- Keep your email address to yourself, don't post it to a public forum.
- Never use an email with part of your real name.
- Make a different email address for each game or activity if you need to get email from people you don't know.
- When possible avoid instant messaging with strangers, people tend not to change IM names often so it's an easy way to connect them to other clues about you.
- Avoid public linking between your game life and your social networking profiles like Face Book or Tribe.
- Remember it is very easy to record Skype or Team Speak voice over IP sessions.
Curious about your own online identity? An easy but by no means complete method is to type a few of your screen names, character names, or gamer tags into Google and read through the results. See if any of the results can lead to another piece of your online identity like an email address, instant messaging info or even allow you to make a connection between multiple games or other online activities. As with any searching the more specific or creative you are the better your results will be. For instance, a quick Google whack on one of my character names resulted in thousands of hits. I'm sure at least one of those hits was relevant but I didn't have the patience to dig through them all.
Most people won't find anything they are worried about. A real attack against your online identities takes skill, patience and sometimes a little social engineering. But what can you do if you find something that really bothers you? Not much, but you are not totally without options. You can contact the webmaster for each site you want to take information down from and send them a request to delete the page and ask Google to take the page out of their index and cache. Remember it is all about getting the webmaster to cooperate so be polite and persistent. Erasing the past on the Internet is quite difficult but this is a good way to start. While we're on the subject of being polite, I want to plug having good online manners in general as the ultimate best practice.
If any readers are willing to add their own wisdom or good advice below I'd love to see it.