Why you should think twice before posting ANY personal information online


I only have one friend. If you’ve read my grumpy-sounding article on why I usually say no to people asking for IT kit, this may not be surprise you. Except, perhaps, to discover that I have one friend at all. But that’s not what I mean: using my logic, you only have one friend too.

The single friend concept came to me when I was writing something for this site and I suddenly realised that I was over-sharing. I was about to write about a French test, and was typing out a French textbook’s name when I realised it was only used in a small area of the country. Mentioning it would allow someone to know where I grew up.

I wouldn’t think twice about this in normal conversation. Chatting away, we all share certain personal information and hold back other things, depending on the situation. For example, it’s more likely that you will discuss an embarrassing personal problem with a medical professional; less likely to discuss that with a neighbour over the garden fence.

Silo your personal information

So I think we can all agree that we instinctively silo data in the real world. We learn this from an early age in school. And we think we’re doing the same in the digital world, sharing information in silos, when we’re not.

People often don’t realise that the physicality of the real world creates barriers to joining up data about us. Few people will be friends with someone who also works in their bank and who could view their bank account statements. 

In the digital world, you may think that you aren’t sharing lots of personal data because the sites and communities are different. But it doesn’t take much effort for someone to join them up. 

A good place to start is the online CV service called LinkedIn. Take a look at the information you share there. It’s amazing to me that people put schools on there, in a public forum, and then probably use that as the answer to a common security question — ‘What was your first school?’ — to recover a password. 

Next consider Facebook. Any personal details, any links to your family, any photos you share allows someone to build up a picture of you. That sepia-tinted first-day-at-school photo reveals not only the name of your school, but in effect geolocates you to a catchment area. One that can be looked up online for that year. 

Time is not your friend

Wayback Machine

Unfortunately, or fortunately depending on your viewpoint, almost nothing is lost on the internet. There are sites like the Wayback Machine that, much like Google, visits huge numbers of websites and caches a copy. And has been doing so for since 1996. So in a couple of clicks, not only can I view the present site, I can also view it months or years ago.

So, you may think that you removed some information, but you haven’t. Not unless you track down and remove the old copies as well. Until that happens, anyone that wants to can still view this data. 

If I had children, I would spend a lot of time making sure that no information about them would appear on the internet just for this reason. I see lots of parents in effect documenting their children’s life on the internet before those children have a choice in the matter. And this can’t be removed if the children don’t want it when they grow up.

Danger of loss

With ever more data being held electronically, the risk of loss of that data also goes up. And the quantity of loss goes up as well. Take the recent example in Japan, when a lost USB stick held all the personal details of the residents of Amagasakia. In physical format, this would equate to a large number of trucks stuffed with paper. Here, a small, unencrypted USB stick allowed a contractor to lose it when he went out for a drink.

Does this matter? You may be surprised, just as Jeremy Clarkson was back in 2008. When the UK government lost all the details of child benefit recipients, he said it didn’t matter and then proceeded to publish his bank sort code and account data, along with methods to obtain his home address details. He stated that with this data, you could only put money into the account. He was therefore surprised to see that £500 was removed from his account using a Direct Debit to a charity, Diabetes UK, and there was no way to reverse this.

Accidental data leakage

There is data I can’t stop leaking. Any references to things such as pop music will immediately allow inferences. “Who is this Taylor Swift and why isn’t music isn’t as good as it was when I was young?” will tell you something. Even the air-brushed tiny picture at the top of this article allows you to infer my age bracket and other physical characteristics.

So, we all leak information. And if someone wants to, we leave a lot of breadcrumbs all over the internet to allow a picture of us to be built. It’s fairly easy to do so if you are so inspired.  For example, the editor of this piece and I have only met once, but after hanging around in the same internet communities for a number of years I can confidently say that I live within 15 miles of his house (not an exact figure as I also don’t want to be geo located!). I can do that even though he has never given me his address, but his unguarded comments allow me to locate him.

When I post online, I try to be as aware as I can be about these breadcrumbs so they can’t be joined up. Am I overly suspicious? Lots of people tell me yes, but I also see whole communities that have grown up who play a game of: “Where did I take this photo?”

A photo is shared, with no other details. Others have to say where the photo was taken. Not only are most quickly located, but they are very detailed, almost to the metre. All by using Google Earth. With the war in Ukraine, these skills are actually been used to locate soldiers within hours of the pictures going up on the internet.

Back to my friend

Perhaps you now see why I only have one friend. This friend is an amalgamation of many real friends, plus family, work colleagues and numerous other people that I like or don’t like.

I want to inform but, at the same time, I don’t want to over share my details or details of others. So, when I do so, I’m talking about my internet friend. And they’re a great friend too — extremely useful on occasions.

More importantly, I hope my friend may encourage you to review what you put on the internet in the future.

Read next: Confessions of an IT manager: how to sell to me

michael dear
Michael Dear

Michael has worked for more than 20 years running IT departments, mainly for small to medium insurance firms. His primary interest is focused on security and compliance.