Guard Gateway Data To Ensure Your Online Privacy

The notion that revealing your exact location via social networking sites is a bad idea got a lot of publicity via the site Please Rob Me earlier this year. But even if you're not constantly broadcasting your precise whereabouts, it's easy to reveal information you'd rather keep private without realising it.

We've argued in the past that sites like Foursquare and Twitter definitely serve useful purposes, and that usefulness is often enhanced by specific details. For instance, announcing that you've just arrived in Adelaide will serve to remind friends and relatives that you're in town, and might also get you some helpful suggestions on things to see during your stay.

The basic security risk is equally obvious: if your address is public knowledge, you're also revealing that you're not at home. That may not matter much to you: the rest of your family might still be home, or your security systems might be pretty impressive. But it's not difficult to see how revealing where you are might represent an immediate physical security risk.

What's not always so obvious is how other details can also reveal information that you might rather keep private. Security researchers refer to this concept as "gateway data": information that seems benign but that can actually reveal more than you expect.

Here's a simple example. If you posted that you were visiting Bentonville, Arkansas, lots of people would think "boy, that sounds dull". But it wouldn't be hard to guess that your trip was work-related, and probably due to the fact that the headquarters of retail giant Walmart were located there. If those negotiations were supposed to be secret, merely revealing the location might inadvertently reveal information.

Not all deductions are as clear-cut. Earlier this year I visited Mountain View in California on a work assignment. Many people would automatically assume I was visiting Google, which has its HQ in Mountain View and is by far the biggest employer in the area. As it happens, though, I was visiting an entirely different non-Google company. (As a journalist, me visiting companies is hardly news, but it would be a different story if I was a sales manager.)

Another huge potential risk area (and one more obvious on sites like Facebook, LinkedIn and personal blogs) is inadvertently revealing information that you use elsewhere for security purposes. For example, a common password reset question is "What was your mother's maiden name?" If you're a family tree fanatic, you might well have disclosed that information. Even if you haven't, it might be on your mother's Facebook profile. (One good way to avoid that issue is to use common questions as a cue to actually answer a different question.)

Sometimes, information can be deduced not from a single post, but from a series of activities. For instance, if you start writing a large number of recommendations on work social network LinkedIn immediately after signing up, that's likely to be because you're in the initial phase of enthusiasm for the service. However, if you do so nine months into your use of the service, that might well be because you're planning to apply for a new job, and hoping you'll get recommendations in turn. If your co-workers are also on LinkedIn and notice your activity, that would be a reasonable conclusion to draw, but one you might prefer not to have broadcast around the office.

How can you avoid gateway data becoming a problem? Ultimately, the answer comes down to thinking before you post. Sharing online is a useful idea, and it's here to stay. But taking a few seconds after you write something and before it comes public to reflect on the conclusions people might draw is always a worthwhile step.

Finally, a quick reminder: if you don't want Twitter revealing your location, click on the Accounts Settings tab in the top right and make sure that 'Add a location to your Tweets' is not selected.

Note: I'm indebted to security expert Hugh Thompson, who I interviewed last year, for introducing me to these concepts.

Lifehacker 101 is a weekly feature covering fundamental techniques that Lifehacker constantly refers to, explaining them step-by-step. Hey, we were all newbies once, right?


Be the first to comment on this story!

Trending Stories Right Now