Views expressed online can land you in trouble at work. Take the case of CNN Producer Chez Pazienza. While recovering from surgery to remove a brain tumour the size of a pinball in 2006, Pazienza decided to start a blog to record his thoughts, brush up on his writing skills and generally pass the time during his recovery.
Focusing on pop culture, politics and the media, Pazienza's blog at www.deusexmalcontent.com quickly became a hit with a growing readership. He never divulged anything to link him to his employer, but someone back at CNN discovered his blog, knew who he was and became increasingly unhappy. Pazienza continued writing his blog after returning to work, until one day his boss called.
Pazienza was told that certain opinions had surfaced online with his name attached. This much he was happy to admit, as he writes at The Huffington Post.
A day later, Pazienza was fired. Human Resources pointed him to a line in the company handbook that said any writing for a "non-CNN outlet" had to be run through their Standards and Practices Department. This vague statement, it turned out, applied to blogging as much as other forms of publishing.
While checking that employees aren't embarrassing their employers is one thing, many companies are using Google to see what job candidates get up to in their spare time. If they find something they don't like, it can directly lead to the rejection of the candidate. This practice has spawned a new buzzword in recruitment circles: the 'NetRep' or network reputation.
Job hiring decisions
According to the results of a survey released by business networking site Viadeo, it's becoming vitally important for employees to maintain a good NetRep.
The survey of over 600 employers and 2,000 job seekers revealed that one in five companies have deliberately searched for personal information about job candidates on the web. Of those, 59 per cent said the findings influenced their recruitment decision. The survey also discovered that a positive online reputation will actually enhance someone's chances of landing a job.
Of those respondents seeking jobs, just under half of those aged between 18 and 24 had posted personal information on social websites. 54 per cent of the same age group also admitted that someone else had posted pictures of them online with or without their permission.
"These results should act as a wake-up call to anyone who has ever posted personal information online," says Peter Cunningham, Viadeo's UK Country Manager. "When people who are not the original intended audience – such as potential employers – find this information, it can have a major impact on their decision making process."
The survey said that 13 per cent of companies had found positive information about candidates online that had affected hiring decisions, such as discovering that candidates had more to offer than they thought. Some, however, gave reasons for not hiring people ranging from a MySpace page boasting of excessive alcohol use to finding the candidate on the local police wanted list. "People must manage their NetReps closely," advises Cunningham. "Online information must be tailored to work to their advantage."
"If you're chasing a job you really want, it's important to be aware of how you've portrayed yourself online," confirms HR consultant Gary Simpson. "It's perfectly legal to run a background check on you without your permission if all the data is in the public domain."
Information placed online isn't just affecting people's employment opportunities. For the budding fraudster orburglar, what seems like a trivial titbit of information could be very interesting indeed.
Recently, an increasing number of families are getting online with their own web domains, with each family member having their own page to post achievements and coming plans. This all sounds perfectly innocent until you consider that the announcement of a family holiday also tells the world that your property will be unoccupied during a certain period.
In addition to this, unwisely cropped photographs posted to the family website can also show what you have that's worth stealing, the layout of the house and soon. Even if your family homepage doesn't carry your address, it can still be shockingly simple to find out exactly where you live.
Simply pay a visit to an online 'who is' service such as the one provided by www.who.is. This and similar sites give full details, including a billing address, of registered domains. Enter yours, and if you haven't taken the simple precaution of using a PO Box number as the billing address, your impending holiday might be instantly linked to a property at an address that will be left unoccupied on known days. Luckily, some domain registration companies use their own address in these fields, but it's always worth checking. Some family home pages and domain registration records even carry a home phone number, which could be ideal for mounting a tentative telephone phishing scam, or at least making sure that there's no one home.
Posting your family tree on your domain is a great way to discover missing relatives. It's also an increasingly good way of letting a growing band of genealogical researchers know you exist. For a percentage of the proceeds, such researchers will put you in touch with solicitors holding wills to which you're a beneficiary.
While this may land you an unexpected windfall, for the fraudster, your online family tree could be a gold mine. Dates and places of birth and mother's maiden names are the basis for traditional questions asked by a range of call centres instead of easily forgotten passwords. Matching these up with a street address provided by a whois service might end in a major case of identity theft. And family home pages are by no means the only places to check when assessing how much information people can gather about you.
Social site profiling
Social networking sites are agreat way to meet new people, catch up with old friends and stay in touch. Increasingly, however, they're also becoming a resource for profiling people. Sites such as MySpace, Facebook, Friendster and Friends Reunited,are all prime hunting grounds for those looking for background to the lives of others.
By displaying personal details and the hometown of each page owner, it's fairly easy to positively identify someone on a social networking site. Because of this, it's a good idea to either keep your profile private or be deliberately vague about yourself.
Your page is also useful in helping people build a comprehensive network of your acquaintances. A potential employer might make unfair assumptions about your character based on those you connect to. You might have a good NetRep, but what about your friends? Sometimes it pays to do a little pruning.
There are quite a few other places online where you may want to consider editing your presence, too.Take Amazon and its wish list facility. Designed as a way to alert friends and family to potential gifts they might like to buy you, could yours be telling strangers too much?
From the main Amazon page click on the wish list link. Enter a search pattern, a name or email address. After pressing return, you can further narrow your search by entering a location. When setting up such lists, the idea is that you can add in unique details about yourself so that people can be sure it's you they're buying for. Unfortunately, in doing so, you could also be giving identity thieves a head start.
Adding details such as your date of birth, a pet's name, your favourite football team and so on will identify you to your friends, but you've probably also given out your location. When added to information from other sources, such as the electoral roll, this could also be enough for someone to take your identity by stating your address and providing answers to supposedly secret security questions. A more secure way of identifying yourself is to state an achievement or a nickname in your wish list – something only useful to those who already know you.
Online profiling with data freely placed into the public domain doesn't require a warrant to collect, and intelligence services collect it enthusiastically. The respected Christian Science Monitor newspaper reported in February 2006 that the US government was already developing systems to mine the data trails we leave in cyberspace. It's also thought that the amount of data collected by the US National Security Agency grows by as much as four million gigabytes per month. However, how difficult is it to mine data in this way?
In January 2006, developer Tom Oward posted an article to www.applefritter.com called 'Data Mining 101: Finding Subversives with Amazon Wishlists'. It described how he produced a tool capable of turning a set of search terms into a list of Amazon customers with a desire to read certain books. In some cases, he could even find addresses and phone numbers.
Oward began by searching for all users with 'Edgar' in their names before downloading their wish lists. Next, he added functionality to search these lists for book titles, ISBNs and authors. He then further expanded the script to allow him to place multiple search terms in a file. After having some fun finding people who wanted to read titles such as Brave New World and 1984, Oward augmented his script to access location information given freely by the creators of the original wish lists to identify themselves to gift-buying friends.
Finally, he interfaced the script to Yahoo's People Finder. In cases where People Finder returned just one hit, he realised he was obtaining the real street addresses and even telephone numbers for wish list owners. Finally, thanks to Google, it was then possible to display a map or satellite image of the area in which the owner of a selected list lived. This sort of detail information would be everything needed to 'keep an eye' on an individual.As mentioned earlier, for peace of mind, it pays to identify yourself in a way that only your friends will understand and recognise.
Employers, criminals and intelligence agencies are not the only people who might either misinterpret or use what you put online against you. Although inmost cases it's perfectly safe to have a so-called 'flame war' (a prolonged and heated argument) with someone online, sometimes people may translate words on a screen into real world actions with disastrous consequences.
After a frank exchange of views, insults and finally threats online, Gibbons from Bermondsey tracked his 'opponent' Jones to Clacton using personal details that Jones had placed online. As the judge reportedly said during Gibbons' subsequent trial for unlawful wounding, "It is accepted by the prosecution that Mr Jones taunted you and dared you to go to his house where you would be greeted with weapons."
Gibbons and another man did just that. In December 2005, they travelled the 70 miles to Jones' home, armed with a pick axe handle and a machete. Jones armed himself with a knife before opening the door, and during the ensuing fight, Jones was beaten with the pick axe and cut on the neck.
Gibbons pleaded guilty in exchange for the prosecution dropping charges of attempted murder and issuing threats to kill. He was sentenced to two and a half years in prison.
According to a recent magazine article on the BBC's website, UK police forces now routinely trawl the net, actively looking for evidence of wrongdoing. Beginning some years ago with the hunt for child pornography, they now search for far more. Sometimes, it's a member of the public who alerts them first.
Take the case of 18-year-old motorist Danny Hyde of Stowmarket. He posted a video to YouTube last summer showing him driving his car along the A14 near Ipswich at 130mph. A member of the public recognised Hyde and sent the video anonymously to Suffolk police, who arrested him and charged him with dangerous driving. In February this year, he received a four-month suspended sentence and 210 hours of community service, as well as being banned from driving for 18 months.
The case of Gibbons and Jones demonstrates why it pays to think before posting inflammatory views in a live chat room. However, this can also apply to the less interactive world of web forums, not only because of potential consequences but also because, unless the forum owner has taken precautions, it's likely that Google will be able to see your posts – and therefore index them. This makes forums another very useful source of information for anyone trying to profile you, your online behaviour or your views.
Millions of forum conversations are started and added to each day, and heated arguments often break out. Many forum users have read enough bitter and prolonged flame wars over the years to know not to rise to the bait, so they don't bother getting involved. To an outsider such as a prospective employer, those who do become involved inflame wars might seem pathologically obsessive and malicious.
Though your user name might not immediately give your identity away, the things you write about and the personal details in your profile could. Many posters also use an identifying image of themselves when they post, and take the same distinctive user name for a number of different forums. This makes positive identification and subsequent cross-referencing simpler, especially if you also post details about your everyday life.
If you're an active and outspoken member of a forum that discusses local matters, it could be even easier for other locals – and indeed potential or current employers – to track you down from a combination of the geographical details you post, your stated age, user name and so on. A link to your personal homepage in your profile will also confirm your identity.
If you're worried about what you might have posted to a forum, it pays to 'ego surf' by typing your own name or forum user name into Google. If you find anything that shows you in a bad light – perhaps an angry post written in the spur of the moment, or a somewhat controversial post stating an opinion that you no longer share – then go back and edit it.
You could also contact a moderator at the forum in question, asking him to delete the offending threads,explaining that you regret your posts. Forum administrators and moderators, especially those associated with forums that rely on advertising revenue to pay the running costs, are usually pleased to help out with such requests.
The information people find about you online is who they believe you to be. To a potential employer, it may make you an unsuitable candidate; to the police it may make you a criminal; to a criminal it may make you a soft touch; and to the security services, it may imply that you're a threat to national security.
It's becoming a sad fact that the freedom to express yourself online is really the freedom for others to form an opinion about you based on limited information. For that reason, it's very wise to think before you post.
First published in PC Plus, issue 273