When was the last time you Google’d yourself? If you check, you will usually find a few things that relate to you, maybe some things for people with the same (or similar) names, and a bunch of websites that promise to reveal all the info about you if you pay them to. Now for the question: When’s the last time you tried to figure out who you are using a small scrap of info? For most people, probably never, because it would never occur to them. This is where the principals of Operations Security comes into play. The term comes from the US military during the Vietnam War, but the ideas go back way further. If you’ve ever heard “loose lips sink ships,” that’s an example of OPSEC at play.
If you’ve ever heard of the internet teaming up to try and find a missing person, or figure out who committed a crime, or identify an object, you’ve seen them pulling thousands of different tiny (probably inconsequential on their own) pieces of evidence to figure out who/what/where something is. A picture is worth a thousand words, and they can be used for good or ill.
You wouldn’t post a photo of your credit card on social media, but people will happily post photos of boarding passes, passports, and drivers licenses. Even if they cover some elements, most of these can give away crucial info, which can be used to narrow down who someone is. The type of electrical outlets will tell which region of the world you’re in. Car license plates (even if not yours) can show off what state you’re likely in. Seeing too much of a street, especially one with business names, can identify an area. If it’s one that appears often, one could assume it’s near to your home or work. From there, they can shrink their net.
If you want an example of how this works, you can watch this video about a fun card game released in 2005 that had a card with a man known only as “Satoshi” and the words “Find Me.” After roughly 15 years, it became popular again during the pandemic, and people were able to find him within about 8 months, based on a common first name and a single photo. Now, while most people will not have a crazy obsessed stalker, as more and more internet era people grow older, there is a longer and longer history of info to draw from with which to find vulnerable people to scam. It’s pretty easy to foresee a future in which people will pretend to be old acquaintances who lost touch ages ago, and after “reconnecting” run into money troubles, or just scammers who are able to harvest security question info from people’s online histories; this is your friendly reminder that the security questions that websites ask are ALSO passwords and should not be easily guessable, make them weird and write them down on paper somewhere safe.
Ultimately, you probably have nothing to worry about, but it’s still worth it to think of what info you’re putting out into the world without even realizing it.