I’m not saying that we should all be using false identities all the time, but my practice of occasionally giving a fake name, date of birth and address seems to have paid off.
The BBC today reports that Spotify has been hacked and users’ details stolen. When I signed up for the service a few weeks ago I was a little annoyed that they were insisting that I give them not only a name and e-mail address (probably fair enough) but also an address and date of birth. Why!? There is a premium account option, for which you must pay, so I understand why they need certain details for that. But if I’m just registering for the free account, they really don’t need these details.
So I did what I often do in these situations; I gave a false name (or just initials if the site accepts them), a false date of birth (I usually make a note of this for each account so that I can recall it if I ever need to) and a false postcode (taken from a famous landmark or nearby public building, and again noted down). True, this is probably in breach of most sites’ acceptable use terms, but then again letting hackers steal my details is against my ‘acceptable website behaviour’ terms.
Actually, the attack on Spotify occurred in late 2008, before I’d signed up, so I wouldn’t have been affected on this occasion. Nevertheless, I hate giving out personal details at the best of times, and especially when I can see no reason for it.
Lessons for the day
- Website owners – always ask for the barest minimum of user details, where required, or at least make those details optional where possible. Then store them securely.
- Website users – protect your personal details. The security of those details is only as good as the weakest site which holds them.