Pretty Simple: web, digital, social

I’m not saying that we should all be using false identities all the time, but my practice of occasionally giving a fake name, date of birth and address seems to have paid off.

The BBC today reports that Spotify has been hacked and users’ details stolen. When I signed up for the service a few weeks ago I was a little annoyed that they were insisting that I give them not only a name and e-mail address (probably fair enough) but also an address and date of birth. Why!? There is a premium account option, for which you must pay, so I understand why they need certain details for that. But if I’m just registering for the free account, they really don’t need these details.

So I did what I often do in these situations; I gave a false name (or just initials if the site accepts them), a false date of birth (I usually make a note of this for each account so that I can recall it if I ever need to) and a false postcode (taken from a famous landmark or nearby public building, and again noted down). True, this is probably in breach of most sites’ acceptable use terms, but then again letting hackers steal my details is against my ‘acceptable website behaviour’ terms.

Actually, the attack on Spotify occurred in late 2008, before I’d signed up, so I wouldn’t have been affected on this occasion. Nevertheless, I hate giving out personal details at the best of times, and especially when I can see no reason for it.

Lessons for the day

  • Website owners – always ask for the barest minimum of user details, where required, or at least make those details optional where possible. Then store them securely.
  • Website users – protect your personal details. The security of those details is only as good as the weakest site which holds them.
This entry was posted in Blog and tagged . Bookmark the permalink.

2 Responses to The benefits of a false identity

  1. Ben Millard says:

    It’s worth mentioning that the Data Protection Act in the UK says something about only collecting adequate data. Asking for excessive information is somewhat dubious under that. Along with being poor usability and a bad user experience.

    Simpler sign-up is better sign-up.

    • James says:

      Ben, you’re right. The eight principles of the Data Protection Act are that personal information is:

      • Fairly and lawfully processed
      • Processed for limited purposes
      • Adequate, relevant and not excessive
      • Accurate and up to date
      • Not kept for longer than is necessary
      • Processed in line with your rights
      • Secure
      • Not transferred to other countries without adequate protection

Leave a Reply

Your email address will not be published.

Browse by Category