If you’re a regular Naked Security reader, you’ll know we have a pet saying that goes like this:
If in doubt
Don’t give it out
That’s a great rule to apply for your personal data, all the way from your email address to your street number.
So when a store asks for a postcode after selling you something, just smile and say, “No.”
Same thing for your phone number, your street address, your date of birth, your employer’s name, and so on.
You may need or want to give out the data, of course – so that you can have a sofa delivered, for example, or to keep in contact someone you’ve just met in person.
That’s your choice, but think twice before you do it, and don’t let yourself get squeezed into letting personal data slip out against your will.
Assuming there is no legal neccessity to provide precise data, here are two useful tricks if you’re in the UK. The postcode ZZ99 3WZ won’t be accepted by all software out there, but it’s the official code used by the health service to denote “address not known”. And the phone number +44.1632.960789 is amongst thousands of landline numbers officially reserved by the regulator for use in situations such as TV programmes, where using someone’s real number would be inappropriate. (Try +44.7700.900.456 if you need a won’t-accidentally-ring-someone-else’s-phone mobile number.)
When it comes to people you’ve only ever met online, we always urge more caution than ever – even if the other person is far away.
Here’s a scary and tragic tale to remind us that even 20,000km (that’s half the length of the equator, and thus the furthest distance you can put between yourself and another person) might not be enough.
The BBC has just told the story of a 25-year-old New Zealand man, Troy George Skinner, who somehow found the home address of a teenage girl he met online in a videogame chat.
(Many video games include a free, in-game messaging service that lets participants in a multiplayer game chat and text each other while they’re playing.)
Four months ago, apparently, the girl tried to break off contact with Skinner – something that’s hard to do if you’ve let the other person know too much about how to keep in touch with you.
It seems that didn’t wash with Skinner, who allegedly ended up travelling from New Zealand to Virginia (plane to Sydney, Australia plane to Los Angeles, CA; plane to Washington, DC; bus to Richmond, VA) and showing up uninvited at the victims’s home.
Melissa J. Hipolit (@MelissaCBS6) June 25, 2018
On the way, Skinner apparently bought a hunting knife, a roll of duct tape and some pepper spray – a sinister combination, to be sure – and once at his destination, ended up smashing a window and trying to unlock a door to get in.
The victim’s mother had apparently already warned Skinner off, as well as telling him she was armed, so you can guess that this story ends badly for someone…
…and it was Skinner.
After he tried to break and enter anyway, despite facing a firearm, the victim’s mother shot him; he staggered off, collapsed, was taken to hospital and now faces serious criminal charges, assuming he survives his gunshot injuries.
What to do?
This is a highly unusual story, and we’re not for a moment suggesting that if you have inadvertently let slip your address on an online forum, or if you have voluntarily shared it in an in-game chat group, that you are likely to end up in such a tragic situation.
Nevertheless, it’s a stark reminder of the general wisdom of the aphorism that we started with:
If in doubt
Don’t give it out
Even if the person you give it to doesn’t themselves have any criminal intent, you need to be confident that they won’t share the information, by accident or design, with anyone else.
As any number of data breach stories from recent years will remind us, assuming that a third party X won’t leak your precious data to fourth party Y is a risky thing to do!