Last week, I stumbled across an article from Wired entitled "Vanish: Finding Evan Ratcliff." This article described in detail the attempt of one of the Wired authors to completely shed his old identity and create a new one for 30 days. It was part of a contest the magazine was putting on. The person who found Evan within 30 days would be rewarded $3000. Now anyone can leave their old life and start a new one in a cabin in the woods and not get caught, but the challenge here was to create a new identity while staying a part of society. This meant having a Facebook and Twitter account, going out in public, and buying things with both cash and credit card. Once Wired released the story and the contest started, hundreds of people across the country teamed up to find Evan. Using both technological and in-person sources, two people eventually tracked him down on day 27. The article itself is an amazing read, but it got me thinking: how protected is our privacy?
In the last day, I've been able to put that question to the test.
While I was home from school for Thanksgiving Break, a friend of mine was hanging out with me and pulled up My Life Is Average. This website is a great way to waste time and get a good chuckle or two. However, a common theme tended to emerge as I read more and more posts. It was about Mystery Google.
Mystery Google is a search engine similar to Google. However, when you search for a topic, let's say "carrots", it doesn't return with information about carrots. Instead, Ã¢â‚¬Å“you get what the person before you searched for.Ã¢â‚¬Â This means that whoever uses Mystery Google right after me, would receive information regarding carrots. This may seem like it would have no use, but that's far from the case. Using Mystery Google, someone can post information for other people to find, usually in the form of "missions."
Missions are a set of instructions left in the Mystery Google search bar by posters for later posters to find. For example, I could go on there and search for "Send me a text message at ###-###-#### about something you desire in life." My hope would be to have someone text me about something they desire in life. Usually missions are used to get people to call a number and sing a song or something equally as funny.
Tonight however, I used this missions function for something completely different. Thinking back to my question about how safe our privacy is, I left the mission "Text me your name at ###-###-#### and be surprised about how much I can find out about you in 10 minutes." Within a few minutes, I received a text message that included a name that seemed like it could be fairly common.
Taking that name and phone number, a friend and I spent 10 minutes using only Google and found out this person's: sex, age, height, shoe size, a picture, birthplace, current town of residence, the last school they attended, their class rank upon graduating, the fact their parents were divorced, the city their father currently lived in, that they had siblings and the person's favorite sport, soda and band. I relayed all of the information back to the person, and found out I had been correct in every item I had found.
Not every test of my idea worked though. Another text I received contained a very common name and the number was from a large city that included seven people with the same name. With more time, my friend and I may have been able to narrow down which of those seven people texted us, but with 10 minutes, we couldn't sort through the data fast enough.
I tested the idea several more times using information given to me by friends of mine. On one test, within the same 10 minutes, I was able to find out: age, a picture, occupation, home address, home and cell phone numbers, an email address, the high school they graduated from, the names of their children and a name of one of their siblings. On another test, using more time, I was able to find out: age, a picture, occupation, home address, home and cell phone numbers, an email address, the name of their spouse, the names of their children, awards they had won, money they received from federal grants, sports they liked to play and where they liked to play them and several examples of where and how they had volunteered their time.
The last two tests occurred using people in their 50s. They were much less connected to social networking sites compared to the typical college student. As a result, none of the information gathered in the above examples came from Facebook. Had I had access to a Facebook account, the information that could be gathered, even in a short amount of time like 10 minutes, would be astronomical.
I should note that none of the information I gathered was intended to be used for anything mischievous. It was merely me testing out a thought I had. However, should someone have ill means, the amount of information that could be gathered based off something as simple as a name and phone number (which can be as easy to find as looking at a business card or the phone book) could lead to terrible results.
These tests have certainly opened my eyes to the amount of information that anyone in the world can find out about me. The websites we visits and the forums we post to aren't going unnoticed. Databases and archives are tracing our every step, whether it's to create more extensive metrics or to find a time we may to vulnerable to technological or real world attacks. It certainly something we should all be aware of as we surf the web.