Privacy advocates have often complained about data brokers and how information is too readily available without our consent or even the right to opt-out. Now it’s becoming increasingly clear that our headache may be a hacktivist’s wet dream.
One of the popular tactics of hacktivists is to “d0x” public or private figures whose conduct they object to. In some cases, these may be police officers or legislators. In other cases, they may be individuals who have been accused of egregious personal behavior. A “dox” file often includes name, current and past addresses, income information, Social Security number, employment and educational history, and information on the target’s relatives. In many cases, at least some of the info may be inaccurate, but even inaccurate information may put people at risk of being harassed. While some might argue that it’s perfectly okay to expose pedophiles or child abusers or the corrupt, a lot of innocent parties are having their personal details dumped on the Internet. Certainly a lot of minor children are having their information exposed in these dox.
So what do hacktivists use to create these “dox?”
A January 23rd paste offers hackers a list of useful resources for their purposes:
- http://spock.com (has a search for “private” profile info but is a pay service…haven’t checked that feature out)
- http://www.whostalkin.com/ (this is one of my favorites! Lots of socnets included!) http://www.samepoint.com/
Not all of the sites listed above are commercial for-profit entities, but some are, and I’d encourage them to look at how their product is possibly being misused.
I realize that data brokers will not be happy with this blog post. But is providing or selling information to those who would use it to facilitate privacy invasion or harassment on the same spectrum as selling surveillance technology to those who would misuse it? I think on a smaller scale, it is.
So… what, if anything, will your company do to try to prevent this type of use of your service?