A British government official has urged the public to use fake personal details when registering with websites — except of course when dealing with the government.
Andy Smith is a cybersecurity manager at the Cabinet Office. That’s a government department that doesn’t deal with a particular subject (such as energy or transport) but rather looks after the administration and coordination of government as a whole. One of its roles involves the seemingly never-ending attempts to get government technology use under control.
Speaking at a conference attended by politicians, officials and representatives of the tech industry, Smith said it was sensible to give fake info to sites. The BBC reports that he said “When you put information on the internet do not use your real name, your real date of birth… When you are putting information on social networking sites don’t put real combinations of information, because it can be used against you.”
He said this guideline didn’t apply to government websites when filling in officials forms. He later clarified that people had to make a case-by-case assessment of the balance between security and the need to access services. Because of this, he said that with large and trustworthy businesses it could be OK to give real details.
One politician from the leading opposition party described the advice as “totally outrageous” because it encouraged people to hide their identity, making cyber bullying easier.
Another speaker at the conference said he always used a fake date of birth where possible, though somewhat undermined the security benefits by revealing that date as 1 January 1900.
It’s certainly an interesting suggestion, although I have to say that most times I’ve used false details on sites it’s been a case of wanting to get through the registration process as quickly as possible rather than through any security concerns. I’m most likely to use a false date of birth or name in cases where I can’t see any reason the site would need my details in order to provide the service I’m after. I will also admit to using a random date when a site is simply carrying out a farcical “check” that I’m over a particular age.
Still, there is a danger that if people follow Smith’s advice too eagerly, they could wind up in situations where they have to give their date of birth later on as a security check, for example after being locked out of an account, and can’t remember what date they used. No doubt that would lead to some bright sparks offering a service along the lines of LastPass, perhaps “FakeDate.”