Thread: What's with the Paranoia?
View Single Post
Old 12-06-2020, 11:03 AM   #166
JSWolf
Resident Curmudgeon
JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.JSWolf ought to be getting tired of karma fortunes by now.
 
JSWolf's Avatar
 
Posts: 79,902
Karma: 146918083
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
Quote:
Originally Posted by haertig View Post
Probably true, for retailers like Amazon. But there are other players in the game. Seems like every week we are reading about some major companies database being hacked. Data about you - seemingly harmless data - can be collected and consolidated. What would they find out about me, the innocuous stuff? They'd find that I like Star Trek. I was heavy into it at one time. That seems like "I don't care" data, doesn't it? Except for some smart hacker thinking, "I wonder if this guy has a password related to Star Trek?" And you know what, I *did* (at one time). I think about this now, and back then I was really stupid to do that. It was not something that a human would guess easily, however if even a low end PC had been tasked with combining words from Star Trek episode names, common sayings by Star Trek characters, and other related Star Trek trivia - that PC would have been able to guess my password in a matter of seconds probably, just by brute force. This is an example of innocuous data being used in not-so-innocuous ways. It's a simple extension of the password guessing programs that used to try spouse names, addresses, kids names, pets names, telephone numbers, etc. Never use any of that type of stuff in your passwords, even if it makes them easier for you to remember. All that data about you has already been harvested, consolidated and shared between hacking software programs. If the info relates to you in any way, no matter how small and inconsequential, it does not belong anywhere near your password.

I remember the days when people would write their social security number on checks. That was common back then, and people did it all the time without thinking about it. Who nowadays would consider that a safe thing to do?

These days, some hacker might get info on me from Amazon after an online breach of their database. They would easily be able to determine that my favorite author is James Rollins. Were I still as naive as I once was, I might have chosen a password like "51gmaF0rc3", a minor re-spelling of "Sigma Force", the secret agency that Rollins likes to write about. "Sigma Force" would be a bad password in anybody's book, but it would be horrendously bad for someone known to like the author James Rollins - information that Amazon has collected about me.

BTW, this is not paranoid stuff that I'm just making up myself. I learned all about this before I retired and was working in computer networking and security. From classes, presentations, and technical papers on information security.

For all of you out there, how many have passwords that relate at least in part to "your favorite this or that"? And how easy would it be to determine what your particular "this or that" is from "innocuous" online tracking of you? This doesn't describe everybody, but for every person smugly saying "That's not me!" there will be a matching person saying, "Crap, this guy is right!"

No need to drag this thread off any further into good vs bad passwords - I just used password guessing as an example of how apparently harmless information gathered about you could be used to harm you.
So do you have an account at Amazon? Do you have an account at other shops that sell eBooks? If you do have an Amazon account, then having your Kindle registered is not going to make one single bit of difference between having an Amazon account and an unregistered Kindle. If you don't want Amazon or Kobo or anyone else to know what you are reading, then keep WiFi off and don't read with a phone, tablet, or computer. Just read with a Kindle with WiFi off or any other Reader with WiFi off.

There's not a lot you can do to keep private. As soon as you buy an eBook, you've given some information to some store. As I buy from Kobo and Amazon, they have my information anyway even if I wasn't registered with them.

I know stores have had data breaches, but it's not possible to shop at every store without giving some information. Do you pay cash for every purchase at stores you visit? Do you never use your bank card or credit card (if you have one)? Do you never give your name, email address, And address (sometimes) to any website or store? Do you never buy anything online?

It's not convenient to keep 100% private and depending on what you you want to buy, not possible.
JSWolf is offline   Reply With Quote