Wikipedia's founder, Jimmy Wales (who prefers to go by Jimbo), is quite the guy. He lives in St. Petersburg, Florida, grew up in Alabama, and he has 196 MySpace friends.* Once, he asked to be put back in a friend's "Top 8" using a Wikipedia joke.* He listens to They Might Be Giants. Being a father is the most
important thing for him right now, though he'd also like to travel the world, and while at it, meet Linus Torvalds. So far he's visited London, India and Paris. When he was in India, he drank
Kingfisher Beer.* He reads Wired's Threat Level, uses Firefox, and when surfing, probably has the Firebug plugin installed (which has recently had security
vulnerabilities - so, watch out Jimbo). He Diggs stories about Wikipedia when submitted by others, but has only submitted two stories of his own. And he occasionally comments on other submitted
stories to provide corrections on Wikia or Wikipedia. All the above info was obtained quite easily using nothing more sophisticated than some clever Google searching, and reflects just
some of the information that could be gleaned from any active Web 2.0 user. Even the non-famous ones. Because of Jimmy Wales' notoriety, I intentionally threw out any information that might appear in
news articles, his blog, or, well, Wikipedia. Jimbo even made gossip-rag headlines last month when he created a Wikipedia entry on breaking up with his girlfriend where he posted revealing details
about their sex life. So privacy is relative here (hers certainly was).
The hardest part of profiling a person is getting the initial foothold. In Jimmy's case, I lucked out with his nickname: "Jimbo" returned in a Google of "Jimmy
Wales." Once I searched for Jimbo Wales in MySpace's search, I found his MySpace profile - with information specific enough, and normal enough, that it seemed genuine. I then searched: "Jimbo Wales"
site:myspace.com - this query would search for all occurrences of his user name on the site myspace.com, and that lead me to the Google cache page where he made the Wikipedia joke and request to
return to a friend's Top 8.
The next key to the search was seeing the username he chose for MySpace. This can be seen from the end of the MySpace URL. Jimbowales. Easy enough. Searching for
"jimbowales" on Google netted a number of other sites from Last.fm to Flickr, which were treasure troves of profiling information. Flickr particularly. Photos can contain loads of personal
information.
Ultimately what's the
negative impact for Jimbo of having all this information out there? Well, likely not much. Jimmy's a pretty Web-savvy guy, and doesn't put out publicly any scandalous information (unless it's been in
Page Six first, it seems). And this is true for most users. Google isn't likely to pull up much scurrilous information in general (though, on occasion one might be surprised at how many users use the
same username for less than wholesome sites and forums). But a few simple searches can give a lot of information, and in aggregate it can be a lot more than people were really aware they were putting
out there.
And admittedly, for the maliciously intentioned, information like this could manifest in a number of possible attacks, from a credit card phishing scam set up to look like an
online album release from They Might Be Giants similar to Radiohead's recent In Rainbows direct download option, to a malicious Web page created around a Firebug flaw and sent to his MySpace
with a subject keeping in line with his Digg or StumbleUpon interests. Admittedly, these examples of spearphishing (targeted phishing) aren't likely to net Jimbo, but less net-savvy users with equal
net activity levels might make easier targets.
While cookies, IP logs, and URL referrers could theoretically allow a full mapping of any user's Internet activity, that would be a lot of
information to sift through. It might be weeks or months of research to discover what might be little more than what was discovered in an hour of searching with traditional means.
The
biggest privacy concern for most of us in today's world is the information we publicly disclose ourselves.