Quote:
Originally Posted by JSWolf
But seriously, what harm does Amazon and Kobo having this data actually do to you? To me, it does nothing except maybe tailored advertising.
|
Probably true, for retailers like Amazon. But there are other players in the game. Seems like every week we are reading about some major companies database being hacked. Data about you - seemingly harmless data - can be collected and consolidated. What would they find out about me, the innocuous stuff? They'd find that I like Star Trek. I was heavy into it at one time. That seems like "I don't care" data, doesn't it? Except for some smart hacker thinking, "I wonder if this guy has a password related to Star Trek?" And you know what, I *did* (at one time). I think about this now, and back then I was really stupid to do that. It was not something that a human would guess easily, however if even a low end PC had been tasked with combining words from Star Trek episode names, common sayings by Star Trek characters, and other related Star Trek trivia - that PC would have been able to guess my password in a matter of seconds probably, just by brute force. This is an example of innocuous data being used in not-so-innocuous ways. It's a simple extension of the password guessing programs that used to try spouse names, addresses, kids names, pets names, telephone numbers, etc. Never use any of that type of stuff in your passwords, even if it makes them easier for you to remember. All that data about you has already been harvested, consolidated and shared between hacking software programs. If the info relates to you in any way, no matter how small and inconsequential, it does not belong anywhere near your password.
I remember the days when people would write their social security number on checks. That was common back then, and people did it all the time without thinking about it. Who nowadays would consider that a safe thing to do?
These days, some hacker might get info on me from Amazon after an online breach of their database. They would easily be able to determine that my favorite author is James Rollins. Were I still as naive as I once was, I might have chosen a password like "51gmaF0rc3", a minor re-spelling of "Sigma Force", the secret agency that Rollins likes to write about. "Sigma Force" would be a bad password in anybody's book, but it would be horrendously bad for someone known to like the author James Rollins - information that Amazon has collected about me.
BTW, this is not paranoid stuff that I'm just making up myself. I learned all about this before I retired and was working in computer networking and security. From classes, presentations, and technical papers on information security.
For all of you out there, how many have passwords that relate at least in part to "your favorite this or that"? And how easy would it be to determine what your particular "this or that" is from "innocuous" online tracking of you? This doesn't describe everybody, but for every person smugly saying "That's not me!" there will be a matching person saying, "Crap, this guy is right!"
No need to drag this thread off any further into good vs bad passwords - I just used password guessing as an example of how apparently harmless information gathered about you could be used to harm you.