Me and My Web Shadow: How to Manage Your Reputation Online

It's becoming almost impossible to hide from the network...

It turns out that Facebook’s mapping of the world’s social connections goes beyond even its 500 million+ members.

In an interesting little experiment, the BBC’s Technology correspondent Rory Cellan-Jones demonstrates that it knows a fair bit about you even if you haven’t signed up yet.

He sets up a profile for a friend who has not used Facebook at all before and it suggests friends based on existing members who have emailed her before.

You can read more about the experiment on Rory’s blog.

This actually solves, or confirms the solution to something that puzzled me for a while. I’d done some PR work a long time ago for a private individual some years ago and Facebook kept suggesting that I should be their friend, and yet there were no connections at all in our networks.

After a while I realised that my webmail account which I log into Facebook with was most likely where the service was able to make the connection. Still it felt eery.

Rory also points out that this shows how it is possible to to set up a profile for somone without your actual permission – another example of online identity theft risk.

The moral of the story? As I say in the second rule of Me and My Web Shadow: Be the best and first source of information about yourself. That means even if you don’t want to be an active Facebook user, you should establish your online profile so that people can find you.

Facebook is increasingly being used as a kind of form of identification online now for other web services too, so securing your Facebook profile should really be part of guarding your online identity.

And after all, if Facebook knows who you are and who you know anyway, what’s the point in staying off of the network?

Is there enough information about you on the web for someone to steal your identity? Very possibly.

Is there enough information available by phoning around or going through your bins. Definitely.

A blog post on the social networks, security, privacy and identity theft by New Statesman journalist Jason Stamper is well worth a read. Jason carried out his own experiment, using publicly available Foursquare and social network information to build up a profile of a stranger.

By way of illustration, I searched Foursquare for people who had “checked in” their home address — telling the world exactly where they live and also displaying it on a handy map. I soon found an attractive 20-something year-old advertising agency executive, who had posted the address of her London flat. She had also “checked in” at her workplace, so I also knew where she worked and for whom.

He goes on to discuss issues around ID theft…

It’s no laughing matter: identity theft is on the rise. It costs the British economy an estimated £1.7bn a year, with the number of Brits falling victim to identity theft jumping 23 per cent in the first quarter of this year alone, according to fraud prevention service CIFAS.

He quotes James Jones of UK credit information company, Experian:

“There is a huge disconnect between the privacy we crave and the information we give away on social networks. It’s hardly surprising that identity fraudsters have been cashing in.”

That disconnect is a result of the difficult balancing act most people are attempting when they use the social web. We are benefitting from having a public identity and being able to connect with others, but in doing so we have to make ourselves, and our personal data, a little more public.

Before we get too nervous, it is worth remembering that identity theft pre-dates the mainstream use of social networks like Facebook. Identity thieves, private investigators and for that matter journalists have always found ways to elicit personal information by hacking voicemail accounts, or pretending to be other people and calling up banks and utility firms to get the information they need or just .

Some of the approaches and advice from Me and My Web Shadow is relevant for people worried about this:

• Draw a line between public and private: We all need to be clear about what information we are and aren’t happy to share. Some are happy to share almost everything about themselves, others just the bare minimum of professional information. It helps if we have thought through and almost have our personal policy in place.
• Remember that you are always on the record: Posting your personal information on social networks even when you think or feel you are in a private space isn’t a good idea. Some people I know even avoid posting their phone numbers in the private direct messages on Twitter in case this becomes public.
• Audit / review your personal online presence: Especially if you have a large number of connections online on services like Facebook, it is easy to lose track of who has access to what information. It pays, I think, it have a regular review every six months of who can see what, how contacts are grouped when you share information etc.
• Use a credit scoring alerts service: The main concern for most people regarding identity theft is that people will commit fraud using their name.  to check when someone might be using your identity to apply for credit – Experian’s own CreditExpert is very good in the UK and equivalent services are available in most countries.

Bottom line – we need to be careful online just as we are offline with our personal information. It is worth thinking about how much information we share online carefully, just as we need to think about how we get rid of paper bank statements or who might hear or see our PIN number.

Don’t panic. But don’t be too laid back about your personal information online either.

There are some interesting parallels between the rules at the start of Me and My Web Shadow – advice like “get a thicker skin” and “you’re always on the record” – and the three headline changes Emily Nussbaum calls out in her recent New York magazine feature on how young people are adapting to lives lived in the the age of the open web, Say Everything.

Change 1: They think of themselves as having an audience.

Change 2: They have archived their adolescence.

Change 3: Their skin is thicker than yours.

The rest of the article is well worth a read for anyone interested in this topic. It opens with a couple of horror stories, of young women whose ex-partners post sexual images and video of them online and how they have dealt with it.

This is at the extreme end of online bullying and “bad things” but a very real prospect for many young people today. Interestingly, the victims in both these accounts take very different approaches: the first removes themselves as mucha as possible from the web. The other goes on the offensive and mounts a campaign revealing the actions and identity of the former partner.

Young people are necessarily growing tougher when it comes to concerns about self-image, the article suggests, at least many of them are.

we are in the sticky center of a vast psychological experiment, one that’s only just begun to show results. More young people are putting more personal information out in public than any older person ever would—and yet they seem mysteriously healthy and normal, save for an entirely different definition of privacy.

And after all, there is another way to look at this shift. Younger people, one could point out, are the only ones for whom it seems to have sunk in that the idea of a truly private life is already an illusion. Every street in New York has a surveillance camera. Each time you swipe your debit card at Duane Reade or use your MetroCard, that transaction is tracked. Your employer owns your e-mails. The NSA owns your phone calls. Your life is being lived in public whether you choose to acknowledge it or not.

One young man who opened up to the world about his financial difficulties was Casey Serin. His site, Iamfacingforeclosure.com, was a response to the fact that he was being judged by finance companies in part on his web shadow already.

“Once you put something online, you really cannot take it back,” he points out. “You’ve got to be careful what you say—but once you say it, you’ve got to stand by it. And the only way to repair it is to continue to talk, to explain myself, to see it through. If I shut down, I’m at the mercy of what other people say.”

Casey’s response is an instinctive version of the approach I would recommend for many people (and companies) who are being attacked online: “out-open”: be more open than you have to be, make sure that the most useful, comprehensive and engaging account of you comes from yourself. Openness can be disarming, because no one can accuse you of hiding anything, there are fewer blank spaces for malicious gossip and insinuation to thrive in.