← Back to context

Comment by inopinatus

14 hours ago

I’ve been recommending the use of consistent lies about name and date of birth to online systems since Eternal September began. Very few sites and systems justify accurate PII, and even for those I often still maintain dual accounts/profiles as necessary.

That never works on Facebook though, because as soon as a ”friend” reports that ”I’m not me” then the account will be permanently banned. That also triggers for photos that’s not genuinely me, like a pet or drawing as portrait.

  • There is an easy solution: don't log into facebook. Anyone you want to talk to on there has a phone.

    • Marketplace has taken over literally all of the other reselling websites and apps.

      Try finding a decent car on Craigslist today.

  • Never? Facebook is pretty overrun with what are basically fake profiles. Hell, I've been curating an alter ego on Facebook for over a decade. Built up a profile with several dozen "friends" that are all kind of interconnected and regional, but of course none of them have ever met "me" IRL, and the profile picture is a funny-ish celeb pic. Facebook has millions of legit users that are "friend collector" types, and won't think twice about engaging with an account that gently strokes their online ego with likes, "Happy Birthdays", etc.

I like using a date of birth of 1 January. It's plausible but also hopefully suspicious how many people seem to be born that day if others do the same.

  • But if an attacker gets your fake birthday and uses that to successfully reset credentials on another site that uses the same fake birthday?

    At some point it becomes your birthday of record as far as the internet is concerned. Doesn’t matter what the actual record says.

    • The purpose of the fake birthday is not to protect random website credentials. It's to prevent someone with that data from walking into my bank and impersonating me. I started giving a fake birthday after being shocked by how little info some organizations needed to authenticate me.

      1 reply →

    • If an attacker can do that, they could also do that with my real birthday had I used that. My birthday isn't a secret against anyone who wants to look hard enough. Therefore this method doesn't provide any kind of security against attackers gated only on knowing my registered birthday. I never claimed that it did.

  • I use the 1st of my birth month. Slightly less suspicious? It's at least a little easier to remember. Generate fake profiles and identities usually is easier when you have bits that are rooted in your actual reality. Like, you have the same zodiac sign either way in this case, so you don't have to remember two of everything. Or if you're talking about a birthday trip, or related birthday thing from the past, details about the weather would be consistent, etc.

  • I heard from a number of Syrian refugees that this is actually very common in countries like theirs, where births may not be recorded, records are lost or destroyed. Some people don't even know their exact date of birth and they would typically enter January 1st on forms like this too.

Completely agree. I use randomness for all of these now – plausible randomness if it’s possible I’ll have to give it over a phone.