Thursday, April 16, 2009

How to protect yourself from spam when registering on a website

Access to information on the web is not as open, free and anonymous as one may think. How many times a day do you need to sign in to get to what you need or want? Making a plane or train ticket reservation, leaving a comment on a newspaper article or blog post, viewing your nephew's first birthday pictures on some picture sharing site, reading some article on pink eye on a medical site... all of these may require you to identify yourself. When signing up for a service on a website, you will most probably be asked for a username, a valid email address, and a password to access the service you are signing up for or to modify the information you have provided. As a follow up to last week's post, here are a couple of tips to help you keep your spam folder as thin as possible and protect yourself from private information dissemination.
  • Username:
Unless you want to make yourself known as yourself, like maybe on LinkedIn or Facebook or on professional websites, there probably is no need to give out your real name in a firstname_lastname type combo. It is customary on forums and on "geek" websites, for example, to use a nickname. It doesn't need to be the one your grandpa gave you when you were little. Since your username will end up being the name you go by on that website, you may want to keep it bearable to go by and avoid stuff like "mofo99". Of course, there is no need to systematically hide yourself and be over-protective of your identity. It's simply a matter of deciding where and when it is appropriate for an online service, its administrators and fellow users (or for anyone else for that matter) to know your real name.
  • Email address:
Create a separate email address that you can enter as your contact address on registration forms. Why give someone you don't know the address you give to your friends, or the one you give to your professional contacts? If needed, create filters to automatically forward legitimate correspondence to your main email address. In any case, keep your main email address as private and spam-free as possible by not using it to register to any online service. This is obviously one tip I ignored when I registered on the site that got hacked. There are lots of options out there to create the address you will be using to sign up for stuff online. You should be able to find what you're looking for in this list of the Top 17 Free Email Services, compiled by about.com. What about your password? Let's deal with that later! Do you have other strategies when you register on a website and need to provide a username and email address? Do you think I am being paranoid?
Posted by at
Tags: , , , , , , ,

3 comments:

  1. UnknownApril 17, 2009 at 12:49 AM

    Maybe a couple of other ideas. If you use Gmail, you can use the "plus" feature, it's all described there : http://labnol.blogspot.com/2007/08/gmail-plus-smart-trick-to-find-block.html
    When you register on a website, for example amazon, you can give the address yourusername+amazon@gmail.com, then you will be able to track more easily the spam comes from (if that's any help.
    Another one is to use some temporary email to just register on some website you know you will not use in the long term. I've been using http://10minutemail.com/ but even if you will be able to use this registration later, you'd better not loose your password...
    Cheers,
    Matthieu

    ReplyDelete
  2. FredApril 17, 2009 at 9:53 PM

    Thanks for the tips, Matthieu! Labeling the email address you give out with the name of the source of the service you're signing up for is indeed a very good way to spot who is "sharing" the info they are collecting. A friend of mine who had his own domain name registered on the New York Times website with something like nyt@his-domain.com. Soon enough, he started receiving unsolicited mail that was totally unrelated to the NYT sent to that address. In this case, 10 minute mail sounds like a very good idea!

    ReplyDelete
  3. AnonymousMay 30, 2009 at 1:58 AM

    I do that with subdomains of my main domain. For example, I would subscribe to the New York Times site with

    nyt@sam.rfc1149.net

    This gets automatically into my mailbox, being rewritten internally as if it had contained a "+" sign. The reason I do not use a visible "+" part is that I think spammers may easily learn how to remove that. If I were a spammer, I'll do it systematically.

    Of course, while all the addresses at @sam.rfc1149.net are valid, I can disable them individually and send them to the trash as soon as one of those addresses get spammed.

    ReplyDelete

Subscribe to: Post Comments (Atom)