← Archive // RSS

Personal data is everywhere in public

by Nathan Pilkenton

February 2024

Hiding in plane sight

I accidentally 'doxxed' a stranger on a plane today.

While we waited to push back from the gate, someone in the row in front of me got out his phone. Without really trying or craning my neck, I found myself with a clear view of his screen.

At first, I was watching unintentionally—any kind of screen tends to draw my attention. But after a while, morbid curiosity took over.

In about 5 minutes, here's what I learned about a complete stranger:

And that's just what I saw in front of me. I'm sure searching the web would have revealed more information like where he grew up, went to school, and so on.

Security by society

Listing it all out like that, this breach of privacy feels scary. A bad actor could use that information to craft some pretty convincing social engineering attacks, and I learned it all in a few minutes, basically on accident.

Then, while we were in the air, I reflected on a couple of things:

First, my own habits—how often do I have personal data on my phone in a public place? My website lists plenty of information about me, and other places on the Internet probably reveal even more. In fact, right now, as I type this on the plane, I realize my first and last name are visible on the screen to those around me.

But second, and perhaps more notably, our society wasn't designed for personal information to be private.

After all, home addresses and phone numbers used to be available to anyone with the Yellow Pages. My luggage tag lists my name and home address.

It's a bit like how most locks are easy to break if someone really wants to get in. The real defense against burglary (and identity theft) is our social contract.

For better or worse, we've always depended more on our society than our security to prevent abuse of personal information. Maybe other people have internalized that idea, but I guess I had to see it for myself on the plane this morning for it to sink in. 


← Archive // RSS