The big difference between 'open' and 'at risk'

I've got bad news for you. You might be what Woody Allen calls the opposite of paranoid. That is, you might be under the dangerous delusion that everyone likes you.

Don't get me wrong. I like you, or I wouldn't be saying this. I don't mind the drunken tweets, the Facebook postings of fetal sonograms. Heck, even your dog's MySpace page is kinda cute, and occasionally funny. But living your life out way out in the open is going to have some negative consequences.

You don't have to be a political candidate who once celebrated Halloween by drinking a bit much; you don't have to be an angry homophobic school board official; you don't have to be a child psychiatrist who posed for naughty pictures. While those  folks got seriously busted over just the past year, in part for entrusting too much of their lives to the social network, their mishaps teach us lessons about what might bite back in our own less scrutinized lives.

Even if you regularly reassure yourself that you don't give a fig about privacy, there's a difference between open and at risk. I don't want you to lose your job, break up your marriage, get denied healthcare or get kicked out of school because you didn't know the difference.

"There is a value in not having to explain and justify oneself," wrote Daniel Solove, law professor at George Washington and author of many books on privacy, including the upcoming "Nothing to Hide: The False Tradeoff between Privacy and Security."

Take, for example, women who post that they're pregnant, even before they've seen a doctor, only to have to report a few days later that they've miscarried. If they had waited, a troubling explanation could have been avoided.

But "there are a lot more components beyond embarrassing secrets," Solove told me. "Privacy is about limiting the flow of information to certain individuals, not about keeping it totally secret," he said.

The most trite example is still the most pertinent: You post a picture of yourself, totally hammered at some raging party. (Agreed: You are doing nothing "wrong.") You then apply for a job. The prospective employer likes your resume, but upon Googling you, comes across said photo. You never hear from that employer, you don't get the job.

And oversharing is a two-way street. Suppose you friend your financial adviser, then see her drunken pictures, or worse, see some comment she posts about mortgage problems. While it may have nothing to do with you, and she may indeed be the best person to manage your money, your opinion of her is tainted forever.

Meanwhile, there really are forces beyond your control working against whatever semblance of privacy you trust that you do have. You know how your cell phone isn't listed in a phone book? Telemarketers can still weasel it out.

Jeff Stalnaker, president of Privacy Star, a company that makes call-blocking software for smart phones, says that whenever you call an 800, 888 or 900 number, an "automatic number identification" system could grab your phone number and other relevant information. The company collecting it could sell it later.

And Stalnaker stresses that it's not just mail-order and online retailers who trade your data. You should beware of any organization asking for your phone number, from giveaways to charities to the pizza delivery guy.

Services you may use regularly, like TiVo and Netflix, collect supposedly anonymous data about your preferences. That may be no big deal as long as they keep your name out of it, but it's increasingly easy to reverse the "anonymization" of data, provided the snooper has at least some personal data of yours.

In 2007, researchers took "anonymous" user data released by Netflix, and successfully identified two users by cross-checking that with known IMDB preferences. You may not think this is a big deal, but in one case, it revealed information that the user may have wanted to keep private. "One of the people had strong — ostensibly private — opinions about some liberal and gay-themed films and also had ratings for some religious films," according to SecurityFocus, which reported on the reverse anonymization.

Take that same principle and apply it to GPS-enabled "check-in" services, U.S. Census data, real estate records and other easily viewable information, and you start to see how a little bit of public sharing on your part can go a very long way.

I'm not trying to freak you out — the fact that you read this far means that you understand this is only trying to help. But you need to sit down and fix a few things before you can go back to your life of oversharing. These are the most rudimentary:

Wait before posting: If you're excited about something, be it an early sonogram, an unconfirmed medical exam, a not-quite-closed job offer or perhaps a non-mutual relationship status update, take a deep breath and wait it out. The only thing worse than your friends finding out something later than immediately is you having to recant it in front of everyone because it was too good to be true.

Block "Friends of friends": Your friends are good people, but they don't always have the best choice in friends. If you have 500 friends, and each of them has 500 friends, then the friends of friends population is technically equal to that of a medium-sized American city. In a population that large, there's always a bad element. Friend the ones you actually know and like, but turn off the "friends of friends" setting.

Be careful with photos: There should be a codicil of Murphy's Law that says "The only photos you'll never lose are the ones you try hardest to delete." For a spell, "deleted" photos on Facebook were still visible if you had their unique address. On some sites, a unique address is all a stranger needs to see your photos. If you don't want employer, coach, parent or baby mama seeing something, do not upload it. And thanks to smart phones, texting photos is as good as broadcasting them on Nightly News, especially if they're embarrassing.

Keep your phone secure: If you have an Android phone, you should get a security app. (Lookout is a good one, and it's free.) This is not a dig against Android or Google — though they have had security issues of late. It's really about the fundamental nature of the OS, which can be infiltrated in more ways than an iPhone can. That said, don't jailbreak your iPhone or you'll be equally at risk.

Use HTTPS and other security when on public Wi-Fi: Facebook now has an address at The "s" stands for "secure." In this mode, the text you transfer to the service is encrypted between your browser and Facebook's servers. When buying stuff, retail sites tend to include SSL security automatically, but if you're handling any passwords or credit card numbers or other personal information, look for the key or padlock icon in the browser, or skip the status update.

Block "third party" browser cookies: You may not want to take pains to keep advertisers from tracking you, but at least there's a simple way to stymie some. Go into your browser prefs and turn off "third party" cookies. (For more on this, check out this piece in Lifehacker, the world's leading authority on the kind of cookie that doesn't make you fat.)

Skip some "check ins": The running not-so-funny joke about GPS-powered check-in networks like Foursquare and Facebook Places is that they're basically an invitation for burglars. "Oh, Jim's at the movies for the next 2-3 hours? Sweet, let's go steal his TV." And if you think you're in the clear because you don't let "everyone" see your stuff, you might want to re-read the part about "friends of friends." Again: They're not your friends!

Keep reading - the special report on privacy continues: