Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

How I Unmasked a Craigslist poster

The roommate section on CraigsList (CL) definitely has some unique requests. There was one that I found interesting but slightly odd. It was for a man looking for two females who would…. Well, let’s just say it wasn’t your normal living situation.

Since the request was bizarre, I was curious who would post something like this. I decided against a long step-by-step post with great images demonstrating each point: frankly, I was unsure about this person’s reaction to being unmasked.

How was he unmasked? CL is virtually anonymous, but people make mistakes that can lead to revealing their identity:

1. Not Anonymizing one’s email address on the CL post while that email address is indexed elsewhere on the net

2. Linking to a domain which you own and not privatizing the registrar information (WHOIS)

3. Being recognized by your picture

I used the first two of these techniques mentioned above.

The man’s CL post linked to a domain that he owned but he forgot to privative the registration information. The registrar information contained is full name, his work address, his email address and his personal cell phone number. So, I essentially did it in one step!

Knowing who he is wasn’t enough: I wanted a picture!

I used the email address found in the registrar to find information about him elsewhere, including his MySpace page. I compared the email address found through the website link on his CL post (not the registrar information) and compared it to his MySpace name to further validate that this was indeed the poster. His MySpace profile was full of good stuff, including that much coveted picture I was curious to see…

A cynical reader may ask, “Ken, how are you sure it was him from the registrar information?” Excellent question! There were enough similar data elements amongst all of the information spread on a number of different websites that make it highly unlikely that it was not him.

The more information that one publishes out there, the easier it is to connect the unique or high probability identifiers (such as email addresses, phone numbers, user ids, etc.) and uncover things that were meant to be concealed (such as identities). This may not always be a bad thing, but it is certainly not what was intended by the poster.

One Comment

  1. agent0x0 Oct 23, 2007 at 12:23 pm | Permalink

    Good post. Reminds me of the little “social experiment” that a blogger conducted last year. A lesson in human stupidity perhaps? :)

    http://www.waxy.org/archive/2006/09/08/sex_bait.shtml

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*