Every time I sign up for a new website or service, I think to myself: How many places have my information by now? I figure that it wouldn’t take very long to come up with a pretty good profile of me given the data I’ve given out over the years to various entities: my name, address(es), birthday, email(s), phone number(s), gender, etc.
In hindsight, I wish I was a filthy liar.
By that, I mean that there’s no reason you have to give any service genuine details about your life — not unless, say, you’re expecting them to ship you something and you want to actually receive it. For example, I don’t think Netflix really cares about your birthday as long as you’re over 18 so you can watch whatever you want.
Should you give your new favourite web forum your phone number? Probably not, unless that’s what they’re using for two-step authentication. (Even then, why not a Google Voice number instead?) Does Baskin-Robbins really need your address? If you’re hoping for a coupon, sure, but I think they’ll manage just fine otherwise. Does everyone need to know your gender? Up to you, but you’ll probably be able to access most services just fine without giving up that info.
Always fake your DOB but keep it consistent/write it down for valuable stuff because sometimes you will be asked in password reset. Lost a gaming account because of that one time. https://t.co/rB6S4UNsjO
— Swift⬡nSecurity (@SwiftOnSecurity) July 20, 2020
The point is that giving websites fake information makes it that much trickier for someone to sleuth out your real details, which they could then use as part of an identity-theft attack. That, or they could attempt to reset your password if the mechanism asks for a few identifying pieces of information — say, an email address and a birthday — before prompting you to input a new password.
Of course, the most difficult part of this method is remembering what dummy information you’ve used in case you’re challenged about that data. If possible, you could just swap around your birth month and birth date, for example, but keep the year. You could use a relative’s birthday instead. Or you could use an old address, or even a relative’s address, instead of your current one — as well as a Google Voice number, an email address that forwards to your real one, or any gender you want.
As long as you aren’t Benjamin Buttoning yourself, you should be fine to use any site or service with your bogus info:
Also, don't use a fake DoB that makes you too young. Somebody I know lost access to their account because the company changed the T&C to require parental agreement under a certain age.
— Vess (@VessOnSecurity) July 20, 2020
If you’re concerned about forgetting the details of your fake life, you can list out all your details in a document. Store that offline, on your phone, or in some encrypted cloud service (iCloud, Google Drive) or password manager. Don’t forget the fake you, and don’t ignore it, either. Why give up information about yourself when it’s not absolutely necessary?