Let's only leak accurate data?

In response to various organizations losing my data to hackers, so-called “Data Leaks” (Equifax, Teachers Retirement System, Lastpass, etc) I have decided to start giving out fake identification data. I call this “chaffing”. [1]

I am very tired of getting emails saying, “Sorry but we lost your information to those darned hackers. They are ever so much smarter than us. And you should now guard against identity theft. Good luck! So sorry.”

And then I am expected to freeze my credit at 3 different credit reporting agencies and watch for weirdness on my bank statements or bills for things that I never purchased. And I imagine some hackers somewhere rubbing their hands together gleefully saying (evilly and probably in a Nazi accent), “It von’t be long now, and we will haft all the data vee need for this one! Bwah Ha Ha Ha!”

So, I do those safety things. I change my passwords all over the place, I check my credit report, and I have 2-factor security on evvverrrrything now. But, I can’t change my mother’s maiden name, my fingerprint, my signature, my birthdate, my first girlfriend’s name, or many other things that might be in some Darknet database by now.

So I had this thought, “They gather my data, then lose it. Over and Over. And eventually, everything about me that a hacker wants to know will be practically public knowledge or in some big Darknet database of idiots”

Then I had the following revelation: What if I gave them the WRONG DATA? Then when they spill it, and the hackers try to correlate various data leaks to have a great profile of John Bryson…. it will be a total mess.

For example, my fake Internet birthdate, from now on will be Jan 1, 1950. I chose that for various reasons, but it could also have been April 1 1955 which would give an approximate, but not quite correct age, and a random but memorable month and day (April Fools Day).

My thought was that, in non-official places, (you have to give the government the correct data) I could use this fake birthdate, and then when they inevitably leak the data, it will not be as useful for stealing my identity! I imagine the hackers look of surprise when they try to start a credit card in my name, and can’t get my birthday correct. (evil laughter)

Or imagine they try to correlate all of the John Brysons in various data leaks and they all have different birthdates? Messy. Is this 50-year-old John the same person as that 55-year-old John?

Then I thought, why not carry this idea out even further? Some places ask for “Password Hints” so you can recover your account if you forget your password, but what stops a hacker from pretending to be you, having lost the password and attempting to guess your hints from your Facebook and other social media posts?
The answer is “Nothing. If I was a hacker, I would certainly attempt that”

So, why not take this idea further, and have some fake hints as well. I could have some fake First Dog, fake “Town I was Born In”, fake “Favorite Food”, etc when they ask for hints. Of course, I would have to write these down, but it should work fine. So my password hints are now something like a password - I can change them, and they do NOT match what people may discover about me by stalking my social media posts. So they can’t get into my accounts by guessing my hints.

So, I started doing this, and it appeared to be working. Now I get spam calls trying to sell me medicare supplements like they do for all retirees over 65. Guess what - I’m not 65, but some of my data does have years that make me appear over 65. So, they are taking the bait.

I tried to change my Facebook birthdate, and it let me do this a few times and then rejected my change. Now they want proof of my date of birth or they won’t allow me to change it again - they only want to leak accurate data, I suppose.

In any case, I am calling this idea, Data Chaffing, in honor of the winnowing and chaffing encryption idea [1] although really this is just chaffing.

PS. As an added benefit, all of those “legitimate” data collectors, that only want to legitimately sell your information for profit, will also be a bit confused. And that doesn’t bother me at all.

References:

[1] https://en.wikipedia.org/wiki/Chaffing_and_winnowing

Drivers license by text to image AI at https://creator.nightcafe.studio

Other images by AI text to image at https://www.craiyon.com/