How to fight back against privacy pirates

You can't delete digital data, but you can mask your Internet identity

Have you Googled yourself lately? Is the information about you accurate or full of inconsistencies, both of which can be devastating?

Accurate information that you'd rather be kept private can be used by stalkers to find where you are and by cyber criminals to steal your identity and empty out your bank account. While incorrect data that casts you in a bad light can cost you a promotion, a job, or even your business.

[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]

Identity theft reporting system needs improvement

So, how can you reclaim your digital privacy and fight back against companies that collect your personal data and sell it for their own profit. What if you want to completely erase your online presence? Is that even possible?

Unfortunately, the short answer is no. But here's what you can do to mask your identity and make it difficult for the privacy pirates.

Security by obscurity

"There is no 'delete' button on the Internet," says Avivah Litan, fraud detection and identity theft analyst/vice president at Gartner Research. "The stuff never gets deleted. The best users can generally do is pay some company to put the 'bad' stuff towards the bottom of a longer list, so it's obscure. Sometimes they can try to get to the source and get them to delete the information, but that is a very painstaking and often fruitless exercise."

Robert Siciliano, online security analyst at McAfee, adds, "In order to completely erase all online identity, one would need lots of time, focus and persistence. This means no more online profiles, no social media profiles, no blogs, no websites, and removing your name and contact information from all lists and from the phone book (which also ends up online). Even if you shop online and check the box requesting not to be contacted, there is a good chance you'll still end up on a list. Despite your efforts to erase your online identity, it requires ongoing maintenance to remain offline. The problem is, once it's digital, it's repeatable. Sometimes no matter how hard you try, those that control the data may not comply."

According to Alan Webber, principal analyst and partner at Altimeter Group, LLC, "There are some products out there such as Web 2.0 Suicide Machine that supposedly do this [provide online identity protection]. Whether or not they are truly successful is hard to say. They go in and delete the accounts along with requesting that all backups of the information also be deleted. However, if some of this information escapes into marketing databases, it may be very difficult to delete or remove it."

"This is true," adds Siciliano. "There is no service that I am aware of that can guarantee 100% removal of all online identity data.'' Vendors such as McAfee and others offer identity protection software, which includes credit monitoring across all three credit bureaus, unlimited credit reports, lost wallet protection, plus Internet and public records monitoring."

Track the trackers

Companies such as Intelius, Spokeo, MyLife, PeekYou, BeenVerified, PeopleFinder, and Radaris (to name a few) collect your personal information, sell it, then make it difficult, if not impossible, to get it removed.

It's true that most of these companies have an "Opt Out" option but, unfortunately, you have to "register" and agree to their terms; thereby confirming (and updating) your personal information before you can Opt Out. Some even require a scan of your driver's license before you can request removal.

Siciliano says, "If you want to spend the time requesting information removal, you should keep in mind that it's only a matter of time before your information is out there, everywhere, all over again."

Think about it. Every time you access the Internet, your activities are being tracked. One free product that you can download to see who's tracking you and then block them from mining data off your computer is Abine's DoNotTrackPlus. This won't remove any of your personal information, but it will help prevent continued surveillance and distribution.

However, if removal is your goal, Abine has another product/service called DeleteMe, which monitors and continually removes your personal data, but only from specific data aggregation sites, not from the Internet in general or from sites where the information originated, like phone books and databases of public records.

Hide your IP address

There are also a number of IP scrambler programs, such as Virtual World Computing's Cocoon, which reveals you as a generic "Cocoon user" to anyone who's looking. "Cocoon acts as a smart proxy," says Brian Fox, co-founder and CTO. "When a user is logged into Cocoon, only Cocoon's IP address can be seen, not the users', and cookies can be easily blocked entirely, or just stored in your Cocoon account. Without Cocoon, cookies are stored in your browser and freely given and shared with websites and ad networks without your knowledge."

According to Fox, Cocoon protects your privacy both externally and internally. For example, it protects you from identity theft on public WiFi, by providing you a secure, encrypted way to connect to the Web over unencrypted WiFi. Without this, your connection can be intercepted along with the data you enter into websites, including passwords and credit card numbers, which can be exposed.

Read the 'terms of service'

Siciliano says, "Most of the data that identity brokers publish are extracted from public records or by for-profit companies that obtained it from the person themselves. This person most likely agreed to the Terms of Service that allowed their data to be sold to a third party. The same goes for photos. If you actually took the time to read the Terms of Service before clicking 'I Agree,' you probably wouldn't agree with them."

For example, Terms of Service (or Agreement) where users blindly click "yes" can result in massive privacy invasion, which can involve everyone on your computer's or cell phone's contact list. For example, Facebook's smartphone apps provide a "sync" feature where you can synchronize your contact list from your phone to Facebook.

If you choose "Sync Contacts," you just exposed all your friends and family to Facebook's analytics and Facebook is one of the primary sources of information for companies that collect and then broker your information. There have also been complaints from people who claim that they never selected "Sync Contacts," but Facebook did it anyway.

Hide in plain sight

Altimeter's Webber adds, "Other services attempt to hide your identity by propagating a number of false, but similar, online identities with similar digital characteristics; thereby, hiding the individual in the noise. This is effective from a blunt-force level, but will likely be overcome by analytics."

This may be true, but combined with some of the aforementioned program options (or other similar products/services), some people have found that creating a labyrinth of identities to mask your real identity is quite effective.

This maze gives these intruders a web of complications that's so confusing; the privacy pirates are unable to distinguish fantasy from reality. For example: You need to create several alias identities, but not randomly. Use your full name, then create four or five aliases at different locations. Be sure to include one of those locations in your own city and state. Then try this:

1. First on the list: create several Facebook accounts with your name and the five addresses you've chosen for your five alias identities. Choose a college or high school to find friends, then send out Friend Requests to a few dozen of the people Facebook recommends. Most people accept anyone who sends a Friend Request, so don't worry, you'll have plenty of friends to round out your social status. Fill in everything, share everything with everyone, and make the information about your job and education similar to the truth, but everything else is a fabrication, including the photo. You will soon see these aliases popping up all over the Internet.

2. Revisit every site you can remember where you filled out a form requesting your personal data. After you login, edit the form and fill it with the data from one of your aliases. Be sure to keep track of your five aliases including login, passwords, etc. For other info, just screen capture the Facebook pages. Contrary to popular belief, editing records will overwrite the older files and, eventually, the older records will disappear.

3. The most difficult identity to create involves credit cards, which we all use to make online purchases. Get together with some of your friends and exchange addresses. Get one credit card for online purchases and use a friend's address, and he will use yours, as a way of further confusing the information aggregators.

4. Sign up for a bunch of online services using your aliases such as MySpace, Flickr, a few game sites, some shopping sites, travel sites, and e-cards. Those e-cards are notorious for spreading your data around.

5. Give each of your aliases e-mail addresses at all the free sites such as Yahoo, Google, Hotmail, MSN, Bing, and anyone else who offers free e-mails. As a tip, change one small thing in each entry so you can track exactly who is brokering your data; for example, if you use an apartment address, change the apt letter from A to B to C; or use Apt B for Bing, Apt G for Google, Apt H for Hotmail, etc.

6. And last, do not contribute your information to any "Who Is" service or, instead, use an alias, and remember to remove your name from all your websites. Use generic names such as webmaster, president, CEO, sales, customer support, etc. or just invent some creative employees such as Captain Hook or If you feel these names are unprofessional, then create professional ones like Robert T Burke or Samuel J Potter.

Do not delete

Asking these sites to remove your information is a lot of work and probably a waste of time because you are asking them to give up revenue. But be smart. Purchase the necessary software, create aliases, and stop spreading your own information.

And remember the most important thing: never delete anything, always edit and resave the edited data over the old data. All of your information is digital and controlled by programming code that's always looking for "new" files. These systems are programmed to save all the deleted files, but edited files; that is, files with the same filename are backed up onto servers on top of (that is, they overwrite) the old files with the same filename. Old versions of the edited files are kept for a few months (more or less, based on the individual pirate company's policies) but, eventually, the older edited files will disappear.

Sartain is the author of "Data Networks 101" and a freelance journalist. She can be reached at

Read more about wide area network in Network World's Wide Area Network section.

This story, "How to fight back against privacy pirates" was originally published by Network World.

Copyright © 2012 IDG Communications, Inc.