Those “Free” Horoscopes

A word to the wise about all those free horoscopes you see on the web. Some may be legit, but some are more likely to be just collecting personal information for sale. And even those that are legit, most likely have security problems with the identifying information. A date of birth is a key item of identifying information, and hackers’ eyes light up when they find it.So, don’t give out your date of birth to anyone except those who have a legitimate reason to know: the IRS and other governmental bodies, your medical providers, your insurance companies, your employer, and your banks and credit card and other financial institutions. That is about all I can think of. Oh, and the liquor stores want to see a driver’s license so they can stay on the right side of the laws about selling alcohol to minors.But all those surveys and registration forms all over the place? NO. Go ahead and fudge on your birthdate, take a couple years off, or add a few to qualify for a freebie.Now let me tell you what incident set off this little warning.

I was on another web forum and the I happened to mention that one should be wary of handing out your date of birth. And another member, who is much more internet-savvy than I am about how much data is out there, told me that 95% of people in the U.S. can be identified with just a zip code and a birthdate. The New York Times conducted an audit of an old voting list for Cambridge, MA, and their conclusion was:

“Of these, birth date alone can uniquely identify the name and address of 12% of the voters. We can identify 29% by just birth date and gender, 69% with only a birth date and a 5-digit ZIP code, and 97% (53,033 voters) when the full postal code and birth date are used.” They could also access details of medical records depending on just how much identifying information there was. Google also has the report of a study conducted by MIT, titled “Guaranteeing Anonymity when Sharing Medical Data, the Datafly System.” You can find here at http://www.google.com/search?q=cache:_nq-BHFHoscJ:www.amia.org/pubs/symposia/D004462.PDF+birthdate+zip+code+identify+people&hl=en&ct=clnk&cd=7&gl=us&client=firefox-a
The summary goes like this: “We present a computer program named Datafly that maintains anonymity in medical data by automatically generalizing, substituting, removing information as appropriate without losing many of the details found within the data. Decisions are made at the field and record level at the time of database access, so the approach can be used on the fly in role-based security within an institution, and in batch mode for exporting data from an institution. Often organizations release and receive medical data with all explicit identifiers, such as name, address and phone number, removed in the incorrect belief that patient confidentiality is maintained because the resulting data look anonymous; however, we show the remaining data can often be used to re-identify individuals by linking or matching the data to other databases or by looking at unique characteristics found in the fields and records of the database itself. When these less apparent aspects are taken into account, each released record can be made to ambiguously map to many possible people, providing a level of anonymity determined by the user.” By Milky Way Maid, please respect copyright wishes, use with attribution.