Monday, 10 October 2011

Testing privacy claims

How do you know you can trust a website's privacy claims? You need ways of detecting abuse and one-way layers of revelation, undetectable to the service. That is, lies about your location, job, contact details and so on, thrown out like chaff to confuse and disorient data miners. That way you can test out the service's claims before you reveal any potentially compromising information. If any of those lies are used and abused in ways you did not specify, that site is not trustworthy. How would you detect such abuse?

With some details, like email, it's cheap and quick to set up a fake address and monitor it. Phone numbers are harder, but still potentially possible. Postal addresses can probably only be faked properly with PO boxes or a trusted remailing service that receives your mail at another address and forward it on. If all you're worried about is personal details, you can just lie and see if those lies show up in communication from other, unrelated companies. That means your lies need to be unique for each service. At this one you're an astronaut, that one a pastry chef and at another you're a doorman. If you use a lot of them, it would be tricky to keep track of them all, of course, and, as we all know, lies can come back to haunt you.

Mokalus of Borg

PS - To see if humans even view the data, you could list your profession as "CEO of [company]".
PPS - Where "[company]" is the website you're using.

No comments: