One of the most frightening things about Web 2.0 is the type and volume of information that people are willing to publish to the general public and are willing to house in one location. While looking at some web 2.0 types of sites, you can begin to aggregate a lot of information about a lot of folks. Sometimes, used in an aggregate of the whole population this can actually be useful. For example:
- 80% of users on social bookmarking sites who link to site x also link to site y.
- Same sort of metrics for podcast subscriptions or RSS/Atom subscriptions.
A few more examples:
- People will put anything on social meeting sites. However, this is often being used as background check material during job interviews. And that's the side that might somehow be able to make some sort of an ethical justification for what they do (think of the small towns where they check teachers' trash for alcoholic beverage containers).
- I'm no client side scripting genius, but for a popular portal site, I wrote a module in under 30 minutes which would enumerate all the other modules on the site, along with your email address, and send them to the hacker site.
- Micro-blogging sites make your whereabouts available to the general public. If an attacker knows you well enough to know you keep it updated, they can plan when to visit your home.
- Old-fashioned social engineering tactics such as dumpster diving are still quite effective. Coupled with internet social engineering, these attacks can be even more damaging.
- There are lots of examples of social meeting websites where an attacker makes a false profile of a victim with lots of incriminating (generally false) information.
- Couple all this with your spending habits on auction sites, photos of what you do on photo sharing sites, to-do lists, personal blogs, chat room transcripts, RSS/Atom subscriptions, etc., and you can really begin to profile a well-connected person.
How much information are you willing to put out there?