Malign Attention

One of the biggest hazards to people's livelihood in the current regime of informational propagation is that of being brought to the attention of "the mob" - given the weak-to-nonexistent security on people's PII, a dedicated adversary or set of adversaries can easily find everything that is needed to disrupt someone's life significantly. Unfortunately, due to the legacy nature of real-life information repositories required to live in today's society, the only real defense is to stay beneath notice.

If you know someone's name - cf. Vinge's True Names - and enough information to determine who they are with some guarantee of uniqueness, you can determine significantly more information about them fairly easily.

Incidentally, this is highly exacerbated by policies like Facebook's "real names" policy, especially for those holding views that any subgroup finds objectionable for any reason.

Several companies exist specifically to harvest and make this information available for a fee, but if you know where to look you won't necessarily need those services. Voter registration information, for example, is public record in many states, which includes mailing address.

Given that many people are not specifically aware of this as a potential hazard, these addresses may well be either the genuine physical address of the person in question, or may be used for other things - few people have the wherewithal to invest in separate addresses for different purposes, after all.

With a name and address, other information can be derived, whether from "customer-friendly" practices or using information you find to gain access to other resources.

If this seems familiar, it should - this is more or less the same thing as leveraging one weak asset on a network to traverse to more protected assets.

Sadly, there's very little that can be done to avoid this kind of attack due to the extreme legacy nature of where these records are held, and the statutory demands that continue to make this information available as a public record. Even changing one's address is not going to do much to prevent this kind of attack; the entire industry of skip tracing exists specifically to counter people who attempt to change addresses to skip out on financial obligations.

What this ultimately amounts to is a set of attacks that are not feasably blockable by normal people - if you come to the attention of a sufficiently savvy adversary or to the attention of "the mob", then there is really no preemptive defense. The best you can hope for is to weather the adversary's attention span and mitigate the consequences that arise - talking to local police to advise them of the possibility you may be SWATted; locking down bank accounts and credit cards; advising friends and family that, because you've been targeted, they also may be at risk of the same kind of real-life harassment.

Unfortunately, normal people don't have access to the kinds of services that are capable of more completely mitigating these sorts of attacks - using purpose-built corporations to obscure ownership of assets and having various mail and other registration type activities go through lawyers' offices and other address-obscuring methods are really only useful for those sufficiently rich to be able to afford this kind of legal shenanigans.

Note, though, that even these kinds of services are only capable of mitigating, rather than preventing, these sorts of attacks, as evidenced by various recent high-profile compromises.

The only way to avoid purposeful, directed compromise is to stay out of the spotlight, and not to be noticed by any of the thousands of people who might decide to make your life difficult.

Needless to say, this is -far- from a useful situation, and one which will become more and more intolerable as time goes on - especially as more records are made available through transparency efforts, and as governments continue to insist on 19th-century management methods - and as long as government agencies continue to be allowed to act as collection agencies for private companies.

There's no "getting better" here - this situation will only get worse in the future, and those who don't have the means to set up obscuring corporations will have to get used to staying quiet or risking the malign attention of the mob.