You've Been 'Pwned'

By Annalee Newitz, AlterNet. Posted August 28, 2006.

Last night, for about the 30,000th time, I pondered whether I should be shredding the stubs of my phone and cable bills before throwing them away. I always keep my credit card statements for a year or two. That shit just seems too scary personal to toss.

But what about the other stuff? If someone were to root through my building's trash bin and find my (unshredded) cell phone bill, they'd know the numbers of everyone I'd called during the past month. Other bill stubs are less revelatory, but someone could still use them to cancel my gas and electricity or order me the most expensive cable package.

But I just can't muster up the amount of paranoia that would be required to properly eliminate all those pieces of paper with my personally identifiable information on them. And good shredders (not the lame one-sheet-at-a-time ones) are expensive. So every month I leave massive amounts of personal data in the bins outside my back door.

And that's not all. I also save chat sessions on my computer and SMS messages on my phone. Sure, I fear clutter in the real world, but I also have a highly developed sense of sentimental value. So I keep the little electronic blips my friends write, thinking that one day I'll be glad to read them again. Some of those blips are e-mails that I keep stored in the vast server fields of a major Web mail provider, which means that system administrators can look at them -- and worse, this Web mail provider can hand them over to the government without telling me.

Don't even get me started on the kinds of personal information I leak about myself in my writing. A dedicated asswipe could, just by combing over my old columns, figure out the general location of my house in San Francisco, my sexual orientation, the kind of relationship I'm in, what kind of computer I have, which ISP I use, where I've worked, where I shop, and who my friends are.

All my digital data is, of course, far more vulnerable than those hard copy phone records I dump every month. At least my trash bin is localized: to steal or tamper with my information, somebody would have to break into my building and jump inside the trash bin. But to steal my e-mail? Or read my columns obsessively for personal details? A naughty person could do that from anywhere. Prying members of an HR department could run a background check on me from the comfort of their Aeron chairs.

So what the hell is wrong with me? Why would I compromise my own privacy, knowing full well what the consequences could be? I've already confessed to a few reasons: laziness, inability to hoard tiny pieces of paper, sentimentality, chronic column writing. The less frivolous answer is that I've weighed the alternatives -- shredders, constant data wiping -- and chosen to take the risk. I don't want to be forced to hide everything about myself. If some potential employer doesn't like my blog, that's an employer I don't need. If the government wants to persecute me for what's contained in my stored messages, then I will fight back as best I can or leave the country.

It's not as if I don't protect myself. I never store any data in my Web mail account that I'm not prepared to share with sysadmins and the government. I overwrite data that I want to delete on my computer, which means it can't be retrieved using typical law enforcement forensics. I rarely enter anything but fake information into online forms. I download and send my e-mail via SSL, which prevents people from reading it while it's moving over the network. Am I safe from the National Security Agency or a very determined hacker? No. But neither am I leaving myself wide open to identity theft and surveillance.

When somebody breaks into your computer and looks at your private data, geeks say that your computer has been "owned." And if your computer is utterly taken over, all its information plundered egregiously, you've been "pwned" -- a bit of geek slang that comes from some dork who made a typo on IRC back in the day. I know that I'm pwned by the government, pwned by Google, pwned by my reliance on Windows OS. But they haven't pwned my brain, OK? I'm still going to write the truth about myself and the world; I'm still going to throw away bill stubs like a normal person.

Say it loud and clear: we will not be pwned! If that isn't a 21st-century protest cry, I don't know what is.

Annalee Newitz is a surly media nerd who was thrilled to discover that the Wikipedia entry for "pwn" includes a section on pronunciation.

Liked this story? Get top stories in your inbox each week from AlterNet! Sign up now »