These memes, from a security and privacy perspective, are nothing but trouble. Here’s an example I just saw a friend respond to:
The reason I say trouble is because if you play along, they reveal a tremendous amount of personal information about you. That information is often used to secure your information for healthcare, banking, investments, etc. Let’s play along with this one just to see what an adversary might obtain by seeing a social media post.
John Doe posts, “I am an Oracle of Profound Wisdom!” If we know John looks to be 30-40 years old, we can conclude:
- John was born in 1976 or 1986 (from profound)
- John was born in January (combo of oracle and wisdom)
- John was born on January 16-19 (also a combo of oracle and wisdom)
We get the last 2 because Capricorn stretches from December 22 – January 19. Oracle is 16-20. That rules out December. And since John is a Capricorn, that rules out January 20.
In other words, someone looking to use this information has narrowed down John’s birthday to one of 8 dates. And if the challenge is birth month and year, the adversary only needs 2 guesses. Most systems allow 3 or more. Just by posting his response to this meme, John has given someone enough information to compromise him. What looked like a little fun is actually a bigger security issue.
Therefore, don’t play along. These memes reveal information you’d never reveal willingly to most folks. Yet because at first glance it seems harmless, we play along. Meanwhile, someone willing to work through the choices gains the information. The only way to protect yourself is not to play.
