Some 64 million members of an online dating site have reason to be a little more cautious today after news broke that Adult Friend Finder had suffered a data breach.
The scope of the breach isn’t yet known, but the company is already alerting users to the fact that names, addresses, email addresses, sexual orientations, marital statuses, and other sensitive information may have been accessed.
One of those ways is obviously when data is breached from a system and all the email addresses are on easy display: address. It's not always that explicit either, for example Ashley Madison returned slightly different responses which could still be observed. For example, when doing a password reset: If you authenticate to another site using your Gmail account (social logins are increasingly common), then you may be prompted to share data attributes such as your name with that site.
When you create a set of personally identifiable attributes such as those in the Gmail signup screen above, there are all sorts of ways that info can be leaked.
The measures you take to hide your identity from, say, a significant other or general member of the community may not be sufficient to hide from government oversight.
Of course the latter will usually also protect you from the former, but it also often comes with an additional burden to implement.
I'd also like to encourage those who do give online anonymity a lot of thought to leave their suggestions in the comments section, keeping in mind the target audience being your normal, everyday people.The easiest personal identifier that will match you to a site is your email address.It's a well-known identity attribute, it's unique to you and there are multiple ways of discovering if it exists on a given website. Also consider how you fill out the following form when you create the account: These attributes won't show up on other sites where the address is used, but they can start to surface in other places.Not just the mechanisms above, there's always legal requests by law enforcement.Whilst that's unlikely to be the threat that most folks just wanting to remain genuinely anonymous on the classes of personal site we continually see being breached, it's also an unnecessary risk.Gmail (or equivalent - there are many other free online mail providers) gives you a full blown email address and obviously requests a lot of info in the process.A great alternative where an email address is simply a requirement to entry and you care little about anything that's actually sent to it is to use a Mailinator address.I'm going to focus on what's readily accessible to the bulk of the population.If you don't want your participation in certain sites going public, then this will be useful.It doesn't matter if you don't agree with the lifestyle choice of those on the site and certainly I myself am not one to look around the house at everyday items and think "I wonder if that could...".That's entirely beside the point though which is that a bunch of consenting adults now have their identities in the hands of an untold number of people who are willingly sharing the data around web. I've had this post in mind for some time as I've seen more and more deeply personal data spread across the web.