Samsung Event: Everything Announced Disney Plus Price Hike NFL Preseason Schedule Deals on Galaxy Z Fold 4 Best 65-Inch TV Origin PC Evo17-S Review Best Buy Anniversary Sale Monkeypox Myths
Want CNET to notify you of price drops and the latest stories?
No, thank you

Enhance privacy by being deliberately inaccurate

Devise a fake you that is close enough to the real you for friends to recognize, but that doesn't disclose personal information to strangers.


When I go to the local sandwich shop, I don't care whether the person taking my order knows my birthday or my mother's maiden name.

So why does Google or some other Web site I register with need to know so much about me? Especially considering the company is likely to barter and sell the information to third parties, who aggregate, analyze, repackage, and resell it.

There's nothing new about purposely providing false information when registering for a Web service -- from a simple throwaway e-mail address all the way to a phony name. Totally false identities are associated with shady characters who want to hide.

The association of fake names and crime got a boost from the recent arrests in the Silk Road drug busts, as Dara Kerr reports. Not surprisingly, the people behind the operation used pseudonyms.

When services get too nosy, fabricate
There are plenty of legitimate reasons to prevent Web sites from collecting your personal information, and you can do so without "hiding." An Internet pseudonym that's a variation of your real name lets you hide in plain sight: you're still identifiable to people who know you, but you're more difficult for strangers to spot.

Note that some big-name sites are bringing an end to anonymous comments. Among them are the Huffington Post and the Sacramento Bee.

Many people rankle at the thought of people using fake names on the Internet. Last October a security official with the British government took heat after he recommended at a conference that people not provide their correct names and other personal information to Facebook, Twitter, and other social networks.

Facebook states unequivocally that you are required to use "the name on your credit card," as the Facebook Help Center states. After a recent crackdown by the company, The Verge's Adrianne Jeffries reported on the widespread use of pseudonyms on Facebook.

Facebook allowable-names policy
Facebook's rules require that you use your real name, although the service does let you add an "alternate name." Screenshot by Dennis O'Reilly/CNET

Facebook isn't alone in requiring real names. Most terms of service stipulate that you must provide accurate information. Even if your pseudonym is recognizable to your acquaintances, and even if you use your own picture, deliberately entering false information violates the agreement.

Then again, there's a privacy risk whenever you share personal information. Each time you disclose your name, address, and other private data, you increase the chances of the information being stolen or misused. Maybe the prospect of being booted off a "free" Web service is more palatable than presenting an even bigger target for data thieves.

Supply Web sites with just the information they require to authenticate you and transact your business. If you're asked to supply the answer to a security question such as your high school or the city you were born in, get creative.

Of course, if you're buying something, you'll have to provide accurate billing and shipping information. But your birthday, mother's maiden name, and other private data that could be used to identify you -- or to steal your identity -- should be given up strictly on a need-to-know basis.

Write down your fake information, if necessary. For instance, my online birthday is January 1, 1905. When I see ads for old-age products, I can blame it on the fake birthday -- at least for a little while.

For several years I've used a Facebook profile that uses a variation of my real name. The pseudonym is similar enough to the genuine moniker to allow acquaintances to ID me but different enough to fool a stranger. I use my real picture and make no other attempt to mask my identity.

Technically, Facebook could give me the boot -- and based on the company's terms of service, it would be within its rights to do so. For me, the meager attempt to minimize the authorized or unauthorized dissemination of my private data is worth the risk of having the account shut down.

Full disclosure: When I review or otherwise test a service such as Facebook, I create a test account that doesn't disclose my personal information. Perhaps I could request a press privilege to use a name other than my own.

Shaking the Web trackers is nearly impossible
Web sites aren't the only ones hungry for information about their customers, but they are adept at collecting it. The "private browsing" settings of popular browsers don't prevent the Web sites you visit from collecting information about you. They merely keep your browsing history from being recorded on your own machine.

Likewise, a browser's "do not track" option depends on sites voluntarily honoring your request. The site Respect MyDNT explains the pros and cons of the technology.

The "do not track" effort took a hit recently when the Digital Advertising Alliance dropped out of the World Wide Web Consortium's Tracking Protection Workgroup, as Stephen Shankland reported last month. A spokesperson for the group, which is comprised of online advertisers, stated that no "workable... solution" was possible. The W3C workgroup intends to proceed to the final stages of its standardization effort without further participation by the advertisers, according to a W3C official.

The simplest way to minimize tracking is to set your browser to block third-party cookies and to delete cookies and your browsing history each time you close the program. In last May's post "How to improve security in Firefox, Chrome, and IE" I describe how to do so in those three browsers.

Even more insidious than tracking via first- and third-party cookies is computer "fingerprinting," which identifies you based on the characteristics of your computer. The Electronic Frontier Foundation's free Panopticlick service indicates how identifiable your browser settings are. I explained how Panopticlick works in January 2012's "How to prevent Google from tracking you."

To prevent computer "fingerprinting" technology from identifying you, block JavaScript by default and allow scripts to run only on the sites you trust. Last May's browser-security post also explains how to block JavaScript until you allow it in the three top browsers. For example, the NoScript add-on for Firefox (free for non-commercial use) lets you decide which scripts to allow and which to block.

Our ability to be anonymous is rapidly fading
As the Privacy Rights Clearinghouse Online Privacy Fact Sheet states, it is virtually impossible to be anonymous on the Internet. You can use a virtual private network or proxy server to mask your IP address, but for many people such services are more trouble than they're worth.

PRC's Social Networking Privacy Fact Sheet points out that it's difficult to keep an online identity separate from your "offline" identity. The page links to a paper by Arvind Narayanan and Vitaly Shmatikov that describes a technique for de-anonymizing the private data Facebook and other services claim isn't personally identifiable when they resell it to third parties.

The difficulties of truly anonymizing personal information is discussed in the PRC's Privacy Today: Data Anonymization page.

The importance of anonymous speech to a thriving democracy is examined in the Electronic Frontier Foundation's Anonymity page, which provides links to information on legal cases and legislation related to online anonymity.