Thursday, July 1, 2010

Spokeo - Helpful or Hurtful?

Some people may not have yet heard about spokeo.com, a service that allows people to find others by email, name, phone number, or friends. This alone seems innocent enough, but what happens when they decide to aggregate (or collect) too much personal information about people. What if they had information like how much you make, what your house is worth, your likes/dislikes, contact information, personal pictures of you, phone numbers, address, ethnicity, relationship status, occupation, and credit scores. The fact is they claim to have all this and more.

Spokeo has created a program that searches the web to collect information on you as a person. They store all this data on their servers (which by doing happens to violate most social networking site's terms and conditions).  This information is then sold at a price to others who want to find out your details.

Target Marketing: By having all your information marketing companies can potentially search you out by your salary or other qualifications with regards to what they are trying to sell and then call you, email you, or send you snail mail in attempts to gain your business. This data is worth quite a bit of money to them and the sad part is, you don't get anything but spam for your personal information.

Targeting Youth: Web sites that provide a service are required to inform their users that they must be 18 or older. This has to do with laws in the United States that protect underage kids online. Spokeo however has banners on the web site show underage teenagers (most likely high school kids) using their service to dig up data on friends. While those under the age of 18 (but older than 13) are allowed to use the web site, it is illegal for the company to collect and store information for individuals  under the age of 18. Despite the attempts of Spokeo to filter their collections, they are not able to verify the age of users in their system offering others a way to search and target underage kids. (These girls are most likely looking at people their own age...)

Unencrypted passwords/Password storing: Spokeo offers to connect to your email to download your contact list into their database (they will make money on these emails but you will make nothing) and possibly show you information about your contacts. They don't use any HTTP encryption when you provide this information. This makes it easier for hackers to see your password running over the web and obtain access to your email account to use for whatever illegal activities they desire. This can be especially dangerous when you have this email account linked to bank accounts, auction sites, and other personally sensitive information on the web. Secure HTTP is not difficult to implement, but it does cost about $15-$30 a year, a price they are not willing to pay to keep your passwords safe.

Potential Dangers: With a service providing so much information it definitely opens the doorway for more spear phishing (when people intersect your personal information and use it against you to get money or other things they want). In this case if I was to use Spokeo to get information about your house and I looked up your bank with your unencrypted email account and password, I could then call you pretending to be a bank and tell you that your previous mortgage payment did not go through and that you needed to provide a credit card and make the payment now to avoid various fines. Now of course doing this would be a little more work than the average internet user can do, but definitely could be done by a hacker.

Removing Yourself from Spokeo: If you search yourself and find that you are listed in the system you can ask to have your personal information removed from public view (I doubt this would prevent them from selling your data, but will prevent from others using their system to find you.) To remove yourself do the following:
  1. Go to spokeo.com in your browser and then search yourself by name.
  2. Select your state and city until you find yourself. If you are not listed, you have evaded them for now but you may show up in their system later. Unfortunately you can remove yourself from the system until you are in it.
  3. If you do find your self, load your profile. You may not see all your data since they only show 'previews' of information (these are the same for everyone - but only paid subscribers can see all the data available on you). 
  4. Copy the URL address of your profile. 
  5. Click on the privacy link in the bottom right of the web site. When this page pops up paste the URL into the URL field provided, then provide a junk email address that you have email access to and type the alpha-numeric code. 

You can do this 1 or 2 times with that one email address. This is nice to remove a spouse, family and friends. If you have several junk email accounts you can remove even more of those you care about.

Spreading the word: Send this post to friends and family to spread the word of warning and help others to remove themselves from the Spokeo service.

No comments:

Post a Comment