It's totally reasonable to be more cautious these days, but don't let that drive you to have opsec panic attacks that aren't founded in common sense. For example... it makes no sense to be worried someone might figure out you're queer or a leftist if you're too open about your politics while posting... on fediverse, the queer leftist social media platform. They already know, chief.
it makes me sad when I see people twist themselves in “but opsec!” anxiety knots over things like “I can’t post that I had a nice birthday party this weekend, then strangers on the internet will know that I was born in approximately mid-June!”
my sibling, there’s only 365.25 birthdays and we all have one, yours is in hundreds of databases that have leaked dozens of times, and whether strangers on the internet know you had a nice birthday party with your friends or not has absolutely no bearing on any risk of any kind, you’re just performing trauma your mom gave you in 1996 when she heard there were kidnappers on the internet
unless you really ARE the one leading the resistance or whatever, in which case @‘ing me to tell me how wrong I am and how much opsec you need is not very good opsec
@0xabad1dea@infosec.exchange
I would like to offer a counter proposition...
- instead of only having one birthday...
Maybe people should consider posting about their birthday at least once a month... and lying to as many of the companies that sell your PII as possible... so that each database has a unique DOB in it.
In the immortal words of that one cartoon character:
"I am 30.. and/ or 40 years old!"
P.S.... I am not leading the resistance... but I definitely shit post about it quite frequently. ;-)
@0xabad1dea@infosec.exchange
Wait. People actually remember your birthday?
@0xabad1dea@infosec.exchange personally, if I was leading the resistance, I would make myself look like the biggest opsec bumblefuck possible.
@0xabad1dea@infosec.exchange
Some of us live in countries where each person has a unique identifier consisting of birth date + a few check digits. There are services that allow you to look up the name of s person if you know their unique id, so if you know their birth date and name, it only takes a few tries to get the remaining digits.
And some online stores still accept orders with "just send me a bill" with the unique id as the only proof that you are that person.
(It's not a good/secure/well thought out system).
@0xabad1dea@infosec.exchange
I resolve this childhood trauma by celebrating my birthday every Thursday.
(send cake)
@leeloo@chaosfem.tw correct, it's not, due to see point "it's already in hundreds of databases that have leaked dozens of times"
People who want to commit fraud this way can just... make up an ID and whoever gets unlucky gets unlucky, they don't need to comb social media to find a random stranger's birthday. I actually did this myself to get into the Korean-only beta of an MMO many years ago!, I made up a Korean social security number that would decode to someone old enough that it was very unlikely they'd actually be trying to play the game (because I wouldn't want to accidentally lock some random person out)
@leeloo@chaosfem.tw correct, it's not, due to see point "it's already in hundreds of databases that have leaked dozens of times"
People who want to commit fraud this way can just... make up an ID and whoever gets unlucky gets unlucky, they don't need to comb social media to find a random stranger's birthday. I actually did this myself to get into the Korean-only beta of an MMO many years ago!, I made up a Korean social security number that would decode to someone old enough that it was very unlikely they'd actually be trying to play the game (because I wouldn't want to accidentally lock some random person out)
abadidea
