Here in the States, today is “National Data Privacy Day.” Declared as such on this day a year ago by the U.S. Congress, this unofficial holiday is meant to remind teens and young adults about the importance of protecting their personal information online, particularly in the context of social networking.
What’s that? You didn’t know about NDPD? Yeah, neither did I: A bloke I know from the U.K. clued me in over instant message with a link to this Wikipedia page. Oddly enough, his note interrupted my reading of a story about how at least 30 congressional Web sites were defaced in apparent response to President Obama’s State of the Union address last night. Social networking, indeed. [Update, 1:29 p.m. The AP is now reporting 49 House sites were hacked].
Incidentally, I got interested in the mass defacement story while searching for a distraction from going through all the mail on my desk. Among the bills and other notices we received recently was a notice from the National Archives and Records Administration. It seems someone had stolen or misplaced a hard drive from the Archives a while back that contained the Social Security information on my wife (the breach affected roughly 250,000 other people as well). Why did the NARA have my wife’s Social? She made the mistake of touring the White House during the Clinton administration.
I, for one, applaud Congress for its example in encouraging all of us to take a moment to reflect — at least once a year — on just how little privacy most of us have in today’s online world, and how little control most of us have over the security of personal information that countless organizations hold about us.
Little children are sometimes taught that — just as no two snowflakes are exactly alike – each of us is unique and special. There’s ample evidence to suggest this is also basically true for our online selves as well.
According to the Electronic Frontier Foundation, a myriad of unique characteristics of our computer’s Web browser, installed software and plugins, and other data usually can be used to build a unique fingerprint for each Web surfer. The EFF explains:
What fingerprints does your browser leave behind as you surf the web?
Traditionally, people assume they can prevent a website from identifying them by disabling cookies on their web browser. Unfortunately, this is not the whole story.
When you visit a website, you are allowing that site to access a lot of information about your computer’s configuration. Combined, this information can create a kind of fingerprint — a signature that could be used to identify you and your computer. But how effective would this kind of online tracking be?
To test its theory, the EFF has put up a website — Panopticlick — which will anonymously log the configuration and version information from your operating system, your browser, and your plug-ins, and compare it to our database of five million other configurations. Then, it will give you a uniqueness score — letting you see how easily identifiable you might be as you surf the web.
The results I got back from running the Panopticlick scan were somewhat unnerving:
Your browser fingerprint appears to be unique among the 109,895 tested so far.
Currently, we estimate that your browser has a fingerprint that conveys at least 16.75 bits of identifying information.
Awareness, as today’s pseudo-holiday reminds us, is half the battle. Want to learn more about how you can guard your personal information online? EFF’s Top 12 Ways to Protect Your Privacy Online is a good start. For the slightly more black helicopter crowd, the EFF’s Surveillance Self-Defense is a good primer.