Ashley Madison is a website that facilitates extra-marital affairs. When hackers stole their customer database and threatened to post it online, the heady mix of sex, scandal and cyber spawned a thousand column inches.
Yesterday the hackers made good on their threat and released the data. “Cheat check” sites appeared online within a few hours. Panicking punters, suspicious spouses and junior journalists spent the day tapping in every email address they can remember: their own, their partners’, their families’ and those of public figures.
To everyone else: submitting personal data about other people to third-party websites without their permission makes you a bad person. I don’t care if it’s data about your partners, your colleagues, your family, your idols or your representatives. You should feel bad and you should stop doing it. Friends don’t share data about friends.
Consider what the site owner could do with your submissions. They could notify the people you’re looking up that they’re being looked up. They might publish a list of the email addresses being checked for the most. They could sell the new addresses you submit to spammers or fraudsters, who might pay top dollar for a hand-crafted list of people marketed as having jealous, suspicious or dissatisfied partners – themes that might start haunting your contacts’ inboxes even if that wasn’t the reason you were checking. They might also target some addresses you give them for doxxing or hacking – especially if they were previously unpublished and appear to be owned by high-profile people, or the domains look interesting.
Sites indexing the Ashley Madison data are unlikely to be running metadata and traffic analyses on groups of emails submitted in quick succession from the same IP, nor are they likely to be inspecting the degree of overlap between these groups, or cross-referencing them with other data-sources to de-anonymise you. Yet. They might sell such metadata to data brokers, though, who will launder it and sell it on to social networks. The networks could then identify you via your connections, if enough of the addresses you submitted in a group are associated with your friends’ profiles, then maybe you’d start seeing more adverts for spyware (to keep tabs on your spouse), divorce lawyers or dating sites in your feeds.
It’s obviously stupid to submit people’s real email-addresses to a brand new website, registered in Albania a few hours earlier, and run by people with questionable ethics. People can be even more thoughtless with other people’s data in circumstances that seem more benign though.
When you sign up for Facebook, Twitter or LinkedIn, you’re nagged to upload your entire contacts list, either by giving them the password to your email account(!), or by letting their app grep your phone’s address book. The benefit you’re offered is automation: you will be connected effortlessly to people you know already. What you’re also doing is giving the company the personal data of everyone with whom you’ve ever corresponded.
When you upload a photo, the network highlights the faces of the people in it, and you’re asked to tag them with their identities – if the network hasn’t done that for you automatically. If you don’t comply, the faces are scanned anyway, and the data filed away for future use. When you attend an event or arrive at a location you’re encouraged to tell the network who you’re with. When you read a news article you’re asked if you want to email it to a friend – by giving the publisher their email address, of course, and not via your own client.
Stop and think again, but this time instead of considering what these companies could do with the data you’re giving them, reflect on how you’re treating the subjects of that data. You’re acting without their knowledge, let alone their consent, thereby denying them control and therefore denying them privacy. You’re failing to respect them as people and you’re being selfish: thinking only about your convenience not the impact on others.
If you want to share information about someone else there’s a simple rule you can follow to avoid grief: ask them first. Even if that means having an awkward conversation with your spouse.
Or maybe sometimes you’re just better off not knowing.