So I thought I'd like to tell a little story about someone I met named "Cassandra." I met her at an airport and she gave me her business card. She worked for a relatively new organization. Her last name was unique. So I thought I'd look her up, see what I could see about her. I was just curious — as I always am. I wasn't going to do anything. You must understand: I'm not in the business of ruining other people's lives. I'm in the business to help people secure their information to ruin the real con man's life.
Cassandra was the only hit when I entered her first and last names. It was her, no doubt about it. The picture showed her with a man, meaning that was probably in a relationship, engaged, or even possibly married. It's hard to describe, but you know that look — that a brother and sister have when posing for a photo as opposed to a significant other. Her profile was secure; all of her important information was hidden from view. She was listed in a college network with the words "UNLV Alum '05," meaning two things. If that was the year she graduated and she only took four years, she was born in 1983. Sometimes people list the year as the first year they entered college. If that's the case, she was most likely born in 1987. But 1987 seemed incredibly young for job she already held at that organization.
Her friend list was visible, so I searched for her last name. I found 4-5 hits. The first was her father, named "Matt". Some of his information was visible: such as that he was married to a woman named "Joanne". Matt and Joanne were married in 1979, giving further validation to a birth year of 1983 for Cassandra.
On Matt's profile, only one child, Cassandra, is listed. A recent wall post on May 14 on Matt's wall mentions a son (also named Matt) that says "wish that we will see each other again my dear son." This could either mean two things: he's quite far away, or he passed away. I checked the Social Security Death Index and found an entry for "Matt" III, who was born on May 14, 1984 and died in 2007. The last benefit was in Nevada, which correlates with Cassandra attending UNLV (University of Nevada, Las Vegas). Interestingly enough, the SSN was issued in the state of Montana. From this I can reasonably guess that Cassandra must have been born in early 1983 (like maybe January) or late 1982 (September to December) for the second child's date of May 1984 to work.
The other two hits were her uncle and her grandfather. The grandfather's profile was named "Matt" Sr. He had graduated high school in 1943 from a place in Ontario, Canada. That meant he was born around 1925 and would be around 84-85 years right now. He would be around 58 years old when Matt III was born in 1984.
On the uncle's profile, he was listed as having graduated high school in 1975, meaning he was born in 1957. On the uncle's wall, Matt (Jr.) had written, "Hey little brother, just thinking of you." That meant that Matt had to have been born earlier than 1957. The average gap between siblings is two and a half years, so I think it's probably like 1954-1955. That would make him 24-25 years old when he married his wife, and about 29 years old when he had Cassandra.
Joanne had her website listed; her current job is a sales rep for Avon, and she listed her hometown and current city. Since Matt had not, I couldn't correlate whether or not they were together right now or working apart.
This is the awestruck power and fear of Facebook. I was able to paint an eloquent picture of this stranger that I just barely knew. I know this:
- That she has a deceased brother and his date of birth and death and social security number
- Her parents' names and when they were married
- Approximate date when her father, uncle, and grandfather were born
- An incomplete picture of family movements (grandfather in Ontario, the brother's Social Security card being issued in Montana, the current city of the mother)
Second, while Cassandra's profile was secure, her parents' and other relatives' profiles were not. So I was still able to paint a cogent picture of her life. This is the point of my Parents: Facebook's weakest link post: you might be secure, but if your parents' aren't, your privacy has been compromised.
So what could Cassandra have done to prevent information leakage like this? Simple:
- Hide the friend list. This prevents complete strangers like me from being able to riffle through information
- Get parents and other relatives to hide all information. Facebook makes it easy now: set the tab to "Friends Only"
- Hide the wall. The wall seems to be the number-one worst thing that's visible, and that's not a good thing.