NEW YORK (CNNMoney June 13,2014) — While you were having a latte and hunting for a Tinder date on your local coffee shop’s open Wi-Fi, you were giving away your personal information.
Want to know how much? Stalker will tell you.
Stalker is a tool created by security firm Immunity Inc. to demonstrate the hazards of connecting to insecure public Wi-Fi networks.
When you connect to a public network in a place like a coffee house, hackers that are logged onto the same Wi-Fi network can intercept your Web traffic from unencrypted websites. Sites that begin with “http://”; are unencrypted and less safe. Sites that begin with“https://” are encrypted and generally considered more secure.
If hackers can see what you’re doing online, your personal details are then up for grabs. We’re talking about items like everyone you’ve checked out on Match.com, or the music you’re listening to on Pandora (P) (neither site is encrypted).
What Stalker really demonstrates is how easy it is to compile a creepy profile of a person, composed entirely of information they’ve unknowingly shared.
“So, for example, you may say, ‘my ZIP code is 33139,’ if you’re near Miami Beach, or another app may say you’re 38 years old,” said Alex McGeorge, security researcher at Immunity Inc. “In isolation, these don’t really make too big of a difference, right? …But when taken together, it can make a pretty scary profile for a lot of people.”
In addition to viewing your traffic, Stalker collects your cookies — small bits of data stored in your browser or apps that are used for targeting advertising.
Putting Stalker to the test: To test stalker, CNNMoney created a fake character, Sally Jones (she was actually a stick figure). Sally has the digital footprint of an average urban 20-something: accounts on Facebook (FB, Tech30), Instagram, Twitter (TWTR, Tech30), Pinterest, Tinder, Match.com, and Pandora. She shops on the Amazon (AMZN, Tech30)app and she has a Gmail account. McGeorge also created an account for her on OkCupid, just to maximize the odds that a stick figure might find love online.
We set Stalker loose on Sally.
In 10 minutes, the hacking tool created what looked like a social network profile for Sally, but it was full of information most people would not opt to share with total strangers.
The photo section was populated with images of people that Sally had reviewed on the dating apps. Her full name, age and ZIP code were readily available. All the websites she had visited were listed and her Instagram user name appeared.
McGeorge says that this was actually far less information than Stalker had previously been able to gather, because many sites started taking encryption much more seriously after theHeartbleed hack.
Still, the best way to protect yourself is to never do anything you wouldn’t want to share in public while connected to insecure Wi-Fi.