Should it be impolite to ask for a person's real name?: privacy in the age of Big Data

in #security8 years ago (edited)

Most of us wouldn't think twice about giving our name to someone if asked.

In fact, it might be seen as a little shifty, or as if we had something to hide if we were to give out a nom de plume instead. Yet, in a Big Data enabled world, this might be the wisest thing we can do and it should become common practice.

Imagine, if you will, a future where it is considered impolite for a store, a restaurant, a business to ask you for any of your personal details and to expect that you will give them. In fact, it is tacitly assumed and socially accepted that the name, phone number or address that they receive is an alias that has been created just for this business transaction.

Here are some examples:

  • A restaurant asks for a name for the reservation. All that is required is a name so you give them a randomly generated one.
  • You buy something online. Instead of giving them your real address you given them an address forwarding service that then forwards the item on to your real address.
  • You are asked for your phone number, so you give them a new number, specifically generated for that person, that forwards to your real phone.

What's the big deal if people have my real information?

Before the leaps and bounds information technology went through in the last few decades, there was a real cost to copying, transmitting and sharing data. As such, it took real effort by institutions to collect and share personal information. Now it's much easier. There are firms whose sole purpose is to collect and sell information on people to other firms. And with today's information technology querying that information or matching it up to other information out there is really not too difficult. Consider this: if two records of a person have the same first name, surname, date of birth and say, a mobile phone number, it's probably the same person. Now that these records have been linked a more complete picture of your interests and buying habits emerges. If this doesn't bother you that's fine, but if it does, what do you do about it?

The solution is multiple revocable identities

The basic idea is that you should be able to generate new identifiers at will, for use in a single transaction. Now what do I mean by identifier? A by no means exhaustive list is: names, physical addresses, phone numbers, email addresses, usernames, credit card numbers.

Better yet, some of these identities should be easily revocable. Imagine being able to give out a different number to each person you wanted to be to contact you, but with the ability to revoke any of them at will i.e. block them. I've heard many a story of people who have had to change their phone number to avoid harassment. Unfortunately, in the process, they have had to go through the pain of notifying everyone they do want to be in contact with that their phone number has changed. The ability to generate phone numbers at will and discontinue their use would solve this problem.

There are already services out there that allow you to create "disposable" email addresses. A list of them is provided here.

Apple Pay already does something similar for credit cards! From their site:

Apple Pay assigns a unique number for each purchase, so your payments stay private and secure.

These so called proxy cards have another advantage. They can have preset limits on them so that any wishing to commit credit card fraud will find that they are unable to withdraw any more funds.

Freight forwarding services already exist, but I'm unaware of any that allow the generation of one time addresses. Perhaps this is something that should be looked into?

Won't there be legitimate cases where people need your real identity?

Yes, of course. I'm not suggesting that people should be able to get fake passports, drivers licenses, work at a company under an assumed name, or anything extreme like that. The kind of privacy I am talking about is for much more mundane, everyday activities such as buying things online, registering for loyalty cards, filling out a warranty form, etc.

If only we could have trusted businesses to do the right thing

If privacy laws were respected and enforced, it would not be necessary for us to protect our privacy in the manner I have suggested above. Once your real information is "in the wild" so to speak, it cannot be uncopied; it replicates like bacteria in the petrie dish of the digital world. Privacy laws are very hard to enforce. Once data is in a digital format it is very easy to hide its provenance. This fact alone means it is easy to trade such information on the dark web and other markets of varying shades of grey.

Towards making it socially taboo to ask too much about a person

Thus, it must come to be accepted that each individual has a right to protect their identity through the generation of single transaction identities some of which are revocable. But more importantly it must become a social taboo to ask for a person's valuable private information expecting to receive it. In a more privacy aware world it would be akin to refraining from discussing religion or politics, texting at the dinner table, or asking probing details about a person's financial situation.

Your thoughts?

I would delighted if the Steem community would share their thoughts on the topic in the comments section below. I'm sure my musings have only scratched the surface of a rich and interesting topic!

Sort:  

Simple really, i act like everyone on the internet is a ten year old boy in Korea. I thus always act to maintain my privacy and security...
What is interesting is I met my current significant other over the internet, we had a marvelous adventure proving our real identities to each other while maintaining our personal security.
I simply tell people this my name is Greg, age over 50, Florida. Those three things i think tell 99% of everyone and anyone all they could reasonably want to know about me; age gender handle and location, obviously i also understand English. Why would any online person need more info than that???
Probably for no good reason in my opinion...

C u on the BC :) (blockchain)
/hugz ;)

Unfortunately, I haven't been practising what I preach. I was digitally promiscuous for many years. It was only after the Snowden revelations that I started to take privacy seriously.

I generally find your article to be "right on," Thank you. :) However, you say:

I'm not suggesting that people should be able to get fake passports, drivers licenses, work at a company under an assumed name, or anything extreme like that.

Afraid I cant go with you here... At least to the extent that I see passports and drivers licenses as oppressive tools of the state in the vast majority of cases.

And as far as "work at a company" goes, I also see no need for "full disclosure." In most cases, work is contracted based on personal knowledge and reputation anyway, and even absent that, short-term contracts that are paid upon completion really require no intrusive information.

In other words, great post, but don't unnecessarily limit yourself!

Of course, to all readers of this post: If you have not as yet read Vernor Vinge's True Names, run, don't walk, to Amazon and buy a copy...