So, quick question: have you done anything to protect your identity after the Equifax data breach? If you haven’t heard, or would prefer not to re-read the details, here’s a funny take by Stephen Colbert on the whole thing:

Colbert - Equifax

The breach, and the circus parade of technical, legal and ethical snafus by Equifax that followed, are a reminder that we live in an unsafe digital world.

Whether you’re an individual, corporation, or government, your state of cybersecurity in 2017 is pretty bad:

  • German bank accounts were hacked via 2-factor SMS authentication, using a vulnerability in cellular networks
  • Election results have been influenced or directly tampered with in multiple countries
  • Adobe unwittingly revealed its private PGP key online
  • Deloitte was hacked and was unaware of it for over 6 months
  • The SEC was hacked, and the information was potentially used to make insider trades
  • A white-hat hacker (i.e. a good guy) found hundreds of companies that are vulnerable via their helpdesk systems
  • The US government tried to force Twitter to identify people who criticized it
  • People on both sides of the political spectrum have been doxxed, “outed” or fired because some strangers didn’t like them on the internet. Note: while I have no sympathy for some of the people being doxxed, it’s important to remember that doxxing is a double-edged weapon most frequently, most maliciously used against innocents.

In most of these cases, the hackers used well-known vulnerabilities, and the hacks went unnoticed for several months.

Some are suggesting completely overhauling the current systems, for instance:

  • Using Blockchain for identity, e.g. MIT’s Core Identity project
  • Getting rid of private data brokers like Equifax, replacing them with a centralized governmental system

But waiting for Blockchain to solve this issue is a bit like smoking 3 packs a day hoping “medical science will find a cure by the time I’m in trouble.” Your identity is at risk today. It has been for a while.

Which means it’s up to you to ensure the safety of your digital identity, not the government or the corporations that own your data. And that can be a scary thought.

So I decided to find out how vulnerable my information is. You can too.

For a start, please try this exercise from the book The Smart Girl’s Guide to Privacy (screenshot taken from Amazon’s “look inside” pages, Chapter 1):

Online Privacy Test

I was shocked (shocked, I say!) to see how much of my information is online and easily available. For the low, low price of $0.95, websites like Spokeo, USPhoneBook and PeopleFinders will sell to anyone:

  • my phone number(s)
  • my age and birthdate
  • my spouse’s identity
  • my addresses (current and past)
  • which cell phone carrier I use



And that’s just what is available for free on “your” profile. Their purchase page claims that they have even more information about you - information that opens you up to identity theft pretty easily:


So, let’s take some simple preventative actions:

  • Freeze your credit. Yes, it sucks, you’re paying into a broken system - but just do it for your own sake.
  • Add 2-factor authentication to all your online accounts - financial, social media, etc.
  • Review your public profiles on Facebook, LinkedIn, Twitter, Instagram, etc. and remove any public information you don’t want strangers to have.
  • Use a VPN client like PIA or on your laptops and mobile devices. This is especially important if you’re frequently using unsecured Wi-Fi at airports, coffee shops or hotels. This will protect your data from sniffers.
  • Use messaging apps that have end-to-end encryption like Signal and WhatsApp
  • Use browsers built for security like Epic, Brave or Tor
  • Important: Opt out from as many online data brokers as you can. This one will be an ongoing effort - here’s a great guide on getting started. Note: yes, they have an opt-out form, but do you really trust a website that sells your personal info without permission to honor your opt-out request? This one gives me the chills.

More importantly, let’s start educating ourselves on security and online attack vectors:


Please share additional tips you have, and share this information with anyone who may find this useful. And remember, stay safe online!

Additional links: