Happy “Birthday” to Me

For the record, April Fools’ Day isn’t actually my birthday. But in terms of arbitrary age verification for social networking, it’s the date I often use. My reasons for doing this are rooted partly from annoyance and partly due to the fact that your birth date can easily be used for identity theft.

This all began when I first joined a social network a few years ago. When joining, I was required to enter a birth date. They tell you up front that you do not have to display this information on your profile, but they need to confirm that you’re old enough to use the site. Sounds secure enough, right?

Shortly thereafter, I noticed advertisements on the site that referenced my birth year. While your actual birth information isn’t provided to the advertisers, the advertisements can be targeted at your demographic. If you are interested in testing just how this works, move your birth year forward or back 10 years and see how the types of advertisements change. The same thing applies to other information you provide—“singles” get singles ads; bacon fans get bacon-targeted ads. Advertisers can customize their ads to target people using a variety of options, even targeting your friend’s ads as your birthday approaches.

Choosing not to publish your birthday on your profile may limit all of this to some extent, but another annoyance crops up: birthday applications. Socially speaking, there’s nothing wrong with your friends wanting to know your birthday. The problem is installing these applications doesn’t just make your birthday available to your friends, but also the folks behind these applications (who probably won’t send you a present). You can block these applications in order to reduce the notifications, but expect to invest some time.  A recent count on one site showed almost 500 unique birthday-related applications.

So far, we’ve discussed the annoyance factor, but this really is just the tip of the iceberg. The fact is that many people post much more than their birthday—home addresses, phone numbers, places of employment, high schools attended, colleges attended, kid’s names, pet’s names, and even their brand of kitchen sink.

So what could be done with this information? Simply put, your birthday plus a few other items are often enough to steal your identity. A person could try taking out credit cards in your name, for example. Or consider this: have you ever called the electric company from work, but forgot to bring your account number from home? What sorts of questions do they generally ask you to verify that you are who you say you are?

You might be thinking, “Yeah, but this private information is only seen by the people I let into my group.” True, but let’s see a show of hands for those of you who have added people to your contacts that you haven’t seen in 10 years? How about people you only met once at a social event? Do you have friends whom you’ve never communicated with on the site? Have you ever added a complete stranger just because they added you? I have to admit that I do all of the above—save the last one, which is really the cardinal sin of social networking security—but by limiting the personal information up there, the danger is reduced significantly.

For me, the easiest solution was to enter a fake birth date. What better day to enter than April 1st and then, being in the security industry, point out the dangers? I have to admit I was delighted to watch as the birthday wishes came in. What I didn’t anticipate was that, by mid-April, I noticed a couple of the folks who wished me a happy birthday had “un-friended” me. Perhaps I’d gone too far, where pointing out a security concern outweighed normal social politeness.

Now you don’t have to publish fake information, like using the day of left-handed Whoppers or Spaghetti trees. In the end, it’s easiest not to display a birthday, or other personal information. You may not get as many birthday wishes, but it will reduce the chance of identity theft—something no one wishes for.

----------------------
A happy birthday to Patrick Fitzgerald (April fools!), who assisted in researching this topic.