Sunday, 30 October 2005

Messaging Privacy

In this age when privacy, identity theft and all sorts of other things involving your personal information is concerned, I am sometimes surprised by how careless people can be. I have just connected on the computer of an internet cafe to find an MSN Messenger session open on the machine. As I am a nice guy, I just signed off and closed Messenger. I could have talked to whatever contacts of the person were connected at the time, trying to pretend I was this person. Fair enough, not knowing anything about the owner of the account, I might have been discovered easily but then maybe not. There is always the chance that some of the contacts are fairly new or have always been internet only contacts and don't know the owner enough to realise the real person behind the machine is not the one they think.

This is typical of any public computer like the ones you have in an internet cafe, a library or even at work. They are all machines to which you do not have exclusive access. Someone else can use them, whether it is another user of the internet cafe, or your work system administrator. If that person wants to play a nasty trick, it is very easy if you have left a messenger or email session open, or if you have the messenger software configured to connect automatically without asking for the password. MSN Messenger is quite bad in this respect because once you've set it up to connect automatically, it is not easy to change that setting or manage your password.

Another thing I see quite often in internet cafes is people who have connected to hotmail with the default setting of remembering the email address. Even though having just the email address doesn't enable someone else to connect to your hotmail account, that email address could end up in a spammer's address book or could be used to send email that pretend to originate from this address.

The only solution to this is to always disconnect from any session and never save passwords on shared computers or let any software connect automatically. I know, it is a pain to have to type your password every time and MSN Messenger's automatic connect or IE's password saving feature make your life so much easier but passwords are here to protect your identity because noone else knows them, in theory. You wouldn't leave you credit card PIN number on a piece of paper next to the card would you, even though it is a pain to type this PIN number every time you want to draw cash out? Or would you?

No comments: