OK, This is a Little Spooky

I guess I knew this intellectually already, but reading this article really brought it home. We all know that info we post on Facebook and other social media sites is more or less public, no matter what security settings you use. The stuff just leaks out. Your birthday, gender, and zip code is enough to uniquely identify most of us in this country. Once someone has that, they can start to gather more information about you and share it with their friends.

But there’s another piece of information that most of us have shared all over the Internet, which when combined with the above, gives unscrupulous (or are they?) enterprises the ability to gather vast amounts of information about what you do even when you’re not using a computer.

What nugget of information is that? Your face. If you’ve used modern photo software, you may already have noticed that it’s getting pretty good at recognizing not just where faces are in your pictures, but whose faces they are.

Let’s say I own a big store, something like Target. I already have security cameras scattered liberally around the place. Imagine that now I can buy a list of faces in the zip codes close to my store. Suddenly I’m able to keep a record of which departments in my store each customer visits. The next time they come back, I can put a tease on a video screen as they walk in, tailored to their purchasing habits, or I can alert security if the person is a suspected shoplifter.

Of course, your friendly neighborhood government can use technology like that, too, and they already have your picture on file.

What to do about it? Realistically, nothing. The train has left the station, and there’s no calling it back. We could try to pass laws about this stuff, but they’d be pretty much impossible to enforce. You could try to scour the Internet and remove every picture in which you’re identified, but good luck with that.

The only counter-strategy I can think of off the top of my head is misinformation — tagging a whole bunch of different faces with your id, to create uncertainty over who the “real” you is. That only goes so far, however; once your face and credit card are linked at a retailer you’re done. It’s probably time to coach our children to not make the same mistake we did, instead to take a page out of Harlean’s book. She is a fiction. The Internet is no place for real people.

The front panel of the article linked to above is about breaking the security on iPhones. It’s worth noting that while the article is correct, the same advice applies to anything protected with a password. The obvious thing missed in the article is that most people don’t put any password on their phone, rendering the rest of the warning moot. I use an Android, and my screen lock thingie has even fewer permutations than a 4-digit number. I’m not out to stop the pros; I put the lock on the phone when I read that California has ruled that searching a phone doesn’t require a warrant, even though searching a briefcase does. My lock is to stop prying during routine traffic stops. I don’t have anything to hide, but it’s important that everyone protects privacy, not just people with something to hide.

A closing note about passwords:

7 thoughts on “OK, This is a Little Spooky

  1. It all comes down to your expectation of privacy. I remember watching a TV show, years ago, about facial recognition being used in the London city-wide video surveillance system. The show was hosted by John Cleese and was pretty interesting, by the by… Anyway, the secret was to wear big honkin’ sunglasses, that concealed the relationship of your eye size and spacing to the length of your nose.

    Concerning your password cartoon-thingy, have we really trained users to choose passwords that are easy to break, or have we trained password-subroutine programmers to force us to choose passwords that are easy to break? When was the last time you were allowed to select a password as long as “correcthorsebatterystaple”? Back when I worked at a big company in the networking biz, the name of which rhymes with “Crisco,” we were limited to eight characters. And were required to include one capital letter, one symbol, and one numeral.

    • I meant to mention London in my article, but then it turned into a big digression (when has that ever stopped me before?) and I took it out. Looks like it’s time to get me some old-man wraparound shades.

      I’m pretty sure I can use long passwords anywhere I choose these days. The password suggester on Macs has several settings, one of which is “memorable”, and a slider that allows a length up to 31 characters. I just tried at max length and got:


      the ‘memorable’ pattern is word-numbers-punctuation-word. If the hacker knows you selected ‘memorable’, the longest password might be less secure because the brute-force attacker only has to try long words.

  2. so I read your stuff later today
    cause my phone was block by
    Apple whole week!!! soooo protective SOB! I don’t mean that!
    anyway I went to you / tubing and I was asked for passtralala and I put it in: nada soo I tryed
    tryed nada! soo I was able to change it! but I could not do nothing! so I caled today from a home! I said to the support guy:
    are you in Kentucky? oh yeh!!!
    so we talk and suddenly : fini cut off! tryed again!!! this time I just ask for Genius bar appoint. and
    got it!! in store R. fix it in 10 min. and I choose czech expression!
    not dirty ! I show you you Chinese wontonguys!!!!!
    100 e- mails I got and miss!

Leave a Reply

Your email address will not be published. Required fields are marked *