Sunday, July 5, 2009

Your E-mail Address – What You May Not Know

Most companies, employees, and general users now recognize the dangers of visiting certain sites, the risks of downloading and installing third party tools or programs without some form of
verification process, and have become increasingly concerned about online privacy.

However, security risks to companies and the compromise of your online identity and privacy is quite often less a technical issue and instead one of process, practice, and awareness. One common process and practice which users almost never consider a privacy threat is using e-mail to sign-up / register with sites. If you have an account with a popular social network, like MySpace or Facebook, it's good practice to use a personal or single-use e-mail which you would not use for professional, business, or any activity that may require the exchange of private data. If you use one e-mail for all activities, including work, then you may be exposing more of yourself than you think.

What isn't commonly known about the business end of web applications and social networks, where a universe of personal data is parked, is that they will broker connections to each other or to desktop tools, quietly announce them, and unless you're in the technology news loop, as users, you will rarely hear about these deals. These "connections" between applications means that you're data is all of the sudden transferable. For example, there is now an Outlook add-on application, Xobni that can view your Facebook profile, including any photos you may have in your profile, if the e-mail you're using for professional communications (i.e. your work e-mail) is the same one you have used to sign-up for your Facebook account - yes, that means we may be able to see all the photos you've posted, including that "lamp-shade-on-the-head in your speedo" photo which you would never dream of sharing with your colleagues.

Using the same e-mail address for both work and online social networking is a privacy nightmare, and depending on your company’s business, it may also be a PR nightmare. If you haven't already, sign-up for a free web e-mail account and use it for all your personal online activities. Better yet, sign-up for an OpenID account and never worry about forgetting your login again: OpenID is an open source standard for creating a single sign-on account that can be used to access multiple online services and applications; big companies like AOL, Microsoft, Facebook, etc. are now accepting and providing OpenIDs. For more information on OpenID or how to create an account, visit the OPenID Foundation.