With all the recent hubbub about Facebook and privacy concerns, one might wonder if this is just another one of those molehill-problems that the media is mountain-sizing. You know, like mad cow disease, Y2K, and light beer. I tend not to worry too much about such things, because I don’t put incredibly detailed information about myself online. Some suggest that even putting information about your birthday on Facebook is a security risk. I’m honestly not sure about that, but I do know that Social Security came about in 1935. It stands to reason that somebody may have had time to figure out the algorithm for generating a Social Security Number in 75 years time. After all, the encryption they had back then was roughly equivalent to the copy protection measures found in SSI’s Pool of Radiance (which, I might add, science has found a way to defeat).
For the life of me, I never have fully understood the human compulsion to fill out forms containing their personal data on a computer. If I walked up to a random person on the street with a form asking for their personal data, they’d probably think I was up to something unsavory (like signing them up for a credit card), and tell me to shove off. You put the same person on Facebook, and it wouldn’t surprise me if at least a good portion of their extended profile information is filled in. What benefit does this give anyone but Facebook and their demographic-engine? You know, aside from thoughtfully tailored ads for the user’s pleasure.
I found myself asking the same question some fifteen years ago. I was 19 years old, it was 1995, and I was running a modestly successful local BBS. Most of the other BBS users in town were older than me, and almost all of the sysops were. For some reason, if you were in the greater Peoria area, male, 40 years old, and into ham radio, chances were decent that you either ran a BBS or called one. Being younger, I tended to attract a younger crowd, and thusly we became the bane of the local FidoNet hub with our youthful exuberance (and willingness to start a flame war over the slightest of offenses). Even so, my BBS still racked up a couple hundred user accounts. Most were one-time callers checking the place out, but I probably had a good 30-40 regular users and lively message boards.
You know what I also had? The name, address, and phone number of every last person that called.
Why? Well, that’s what happens when you don’t read the documentation to your BBS software very well and make all the user account info mandatory. I remember telling people who asked me why they needed to put in their address that “this is so I can verify you’re a real person”. I didn’t need it, of course. There were callback systems that could, at the very least, know there’s an active phone line on the number they put in. Most of the boards in town didn’t require complete information, and you could put in whatever you wanted and it would still let you through. (For instance, my co-sysop – whose address was “KEVORKIAN”.) Fortunately for them, my dear mother did not raise an asshole. I probably could have gotten into some trouble using all that data. I knew people who got in trouble for similar things. However, there was one instance in which having all this data did cause me a lot of trouble.
The BBS software I used to run was called Renegade. It had all sorts of nifty features, one of which was called MCI codes. I forget what it stood for, but we used to joke that more expensive BBS software would have used AT&T codes. Yup, we were nerds. Basically, you could write a message containing these codes, and it could display all sorts of information back to the user about themselves. It was supposed to be used so sysops could make nice status screens telling people what address they have on file, and how many megabytes they’ve downloaded this month, their security level – that kind of fun stuff. Well, as it happened, this 13 year old kid on the board who went by the handle CAPTIAN JAMES T. KIRK had been reading the Renegade documentation. We hated this kid. He would always come on the board and piss a bunch of people off, and then we would flame him mercilessly and he would retreat for a couple days and then the cycle would repeat itself. One day, the good Captian discovered something else I hadn’t turned off – letting users use MCI codes in their messages. And so it was that he put in a little something like this:
HEY @a I KNOW YOUR ADDRESS IS @b AND YOUR PHONE NUMBER IS @c AND I'M COMING TO YOUR HOUSE TO KILL YOUR FAMILY AND YOUR DOG.
This would yield output specific to whoever was reading it, so at the time I saw something like:
HEY MATT DUKES I KNOW YOUR ADDRESS IS 235 FAKENHAMMER LANE AND YOUR PHONE NUMBER IS 309-555-4857 AND I'M COMING TO YOUR HOUSE TO KILL YOUR FAMILY AND YOUR DOG.
I remember thinking “hey, that’s a pretty neat trick”. Then I noticed my inbox had fifty messages in it.
Apparently this idiot had managed to convince pretty much everyone who called in that day that I had for some reason given their name out to a psychopath. I had people threatening to come to my house and kick my ass. I had people crying and wondering how I even knew they had a dog and why I would divulge any information about said dog to a third party, much less an angry nutjob. Even people I called regularly for help on how to set up my board got fooled and were angrily sending me messages. It was the largest instance of mass hysteria I’ve ever personally witnessed, and the happiest we ever saw Captian Kirk.
It took a day or two, but finally I managed to convince my rabid userbase that it was just a trick. The incident is still legend among those who were there.
We call it the Golden Mindf@$k.