Bet you can't guess what I'm wearing, or where I'm wearing it

Look in my eye and say that

Got Tips? 71 Reg comments

Something for the Weekend, Sir? Thrilling news: my Libra account is ready! I can barely restrain my excitement.

Nor can I adequately express my bemusement, given that I never signed up to buy into Facebook's craptos in the first place. Indeed, no one can – possibly ever.

Yet I received my confirmation this very morning. That is, it arrived a few days ago but my silly email program diverted it into the Junk folder by mistake, duh! Here it is, I'll read it to you.

Claim your LIBRA account toady.

I'm not sure about being likened to a toad but perhaps it's blockchain slang, like a kind of Gen-Z teknospeek. Well I'm hip. Lay it on the line daddio.

Cryptocurrency are big future over the next years. Click bellow and claim your LIBRA with 2.000 AUS.

Only two Australian dollars? Wow! Oh hang on, I can see what's happened. They think I'm on the other side of the world from where I actually reside. And that makes perfect sense because I have deliberately left a trail of confusion in my wake to disrupt (aha!) those who wish to track me down illicitly.

And that must mean… oh my golly gosh… the email wasn't telling the truth and there isn't a Libra account ready for me to claim after all. What a disappointment!

When I moved home – oh, did you know I moved? I may have mentioned it in passing (like every week for the past three months) – I wondered how much of the last decade of misused, mis-sold and outright stolen personal data could be left behind, forever shipwrecked at my old address.

Yes I know that a physical address has little to do with unsolicited electronic communications but it does represent one component of what many organisations consider to be acceptable forms of customers' multi-factor authentication. Providing the first line of your address and the postcode continues to be enough, combined with your full name and account number, to validate your identity when calling customer services by telephone. Cue a round of forehead-slapping applause…

This is the kind of information that big organisations such as Adobe consider to be harmless – not being credit card numbers, PINs or passwords, you see – and so this data regularly gets freely shared with the world because Adobe and its ilk frankly and earnestly couldn't give a flying fuck about your security.

You know, unimportant stuff such as your email addresses, account creation date, the time since your last login, a list of Adobe products you use, your Creative Cloud subscription status, your Adobe ID, your country and your payment status. Just boring metadata, right? Incredibly Comparitech, which uncovered this recent breach, said this exposed data "wasn't particularly sensitive".

Yes it is, Comparitech. If anything, letting loose this kind of data to the wind is worse than revealing unencrypted passwords. At least I can change a password. What am I supposed to do about the rest? Change my name by deed poll? Move to a different country every time Adobe fucks up?

Well I'm keeping my name (along with, ah, the others I use) but the moving country thing actually seems to have thrown a whole bunch of spammers off the scent. Unfortunately, we've attracted a whole bunch of new ones too, local spammers if you like, but that's another story.

Some readers may be familiar with the recent real-life story concerning J-pop star Ena Matsuoka who survived a horrific assault at the hands of an obsessed fan. He told cops he'd tracked her down by studying her Instagram selfies. Zooming into one of the photos, he recognised the name of a Tokyo metro station reflected in her eye. Analysis of subsequent photos continued to narrow her whereabouts to a specific place until the suspect, who admitted to the attack, located her home address, established she was nearby from the date-stamps on her most recent posts and then simply laid in wait.

Deep analysis of social media photos is hardly a new thing: I'm told job interviewers do this as a matter of course when considering an applicant. And if you're fraudulently claiming invalidity benefits, you'd best not post photos of yourself climbing Kilimanjaro.

Some years ago, as regularly reported by legendary proto-Reg newsletter NTK:Need To Know, there was a fad on eBay for sellers to photograph their items for sale while naked. You'd never know this, of course, unless you looked really closely at reflective surfaces in the photos or searched for indiscreetly placed wall mirrors in the background. It became a funny game – albeit in distasteful hunt-the-nekkid-fat-guy kind of funny – in that all-too-brief era before social media was discovered by ultra-right-wing snowflakes whose fragile masculinity is threatened by 15-year-old schoolgirls.

So it got me thinking it ought to be possible to upload harmless but misleading photos to social media and let the hackers and spammers get on with it. For example, you could take a snap of your back garden and set the location as central Mumbai; photograph a house party in Barnsley and mark it up as Manhattan; show yourself basking by a hotel pool and edit Instagram's GPS metadata to indicate you've uploaded it from northern Greenland.

Apply the process across written as well as graphic content, and you can leave a hopelessly inconsistent mess that might, with a bit of luck, flag you up to ill-wishers and phishers as "bad data" ripe for passive filleting from their databases.

That's the theory, anyway: drop misleading hints and leave a trail of real photos with fake locations to throw the wankers off the scent. But does it work?

I'll let you know. My next worry is that I will make such a thorough job of it that official government snoopers on both sides of the Atlantic might also notice these flags and start poking to find out what's going on. I suppose I could invite them to read this column, but this column might also be part of a bigger false-flag cover-up, couldn't it?

Hang on, I've just realised… I haven't uploaded anything while claiming to be in Australia. So my Libra invitation to pay in Down-Under Dosh must have a more mundane explanation.

Yup, you guessed it: one of my Oz mates has had his contacts list hacked again.

Never mind, I can always move house…

Youtube Video

Alistair Dabbs
Alistair Dabbs is a freelance technology tart, juggling tech journalism, training and digital publishing. He regrets that the weekly column you are reading has overtaken practically everything else in his searchable online history, such that he has been forced to invent alternative professional personalities simply in order to be treated seriously in other roles. No one wants to hire a tit. @alidabbs

Sponsored: Ransomware has gone nuclear


Biting the hand that feeds IT © 1998–2020