What Clues Are You Leaving Online? Be Aware this Easter Weekend

Last year, I wrote about Easter and it made me feel like a detective, running around the house hunting for eggs. Those ubiquitous, little chocolate footballs defined Easter in the 80s and 90s. I noticed the other day, while walking the aisles at a store, that those disgusting chocolate eggs seem to be less popular today, instead there are all sorts of items available to be hidden, including empty plastic eggs that you can fill with your own items. This takes the Easter egg hunt to an entirely new level. While the egg hunt of my childhood was about randomly finding the places my parents picked to hide eggs, today it could be a magical scavenger hunt. Each egg could contain a clue leading you to the next egg, which would, in turn, lead you to the next one, until you finally hit the final location and get your Easter goodies. This makes Easter an amateur detective’s dream come true.

Seeing those eggs and having that thought made me think about some of what has transpired since that last article was published. I’ve had conversations at conferences and in classrooms. I’ve gotten feedback from fellow gamers. There have been a lot of expletives and comments about being afraid to go online. My intention was never to cause fear, just to raise awareness. I think that it’s important, especially for young people, to realize just how much information leaks out unintentionally. If you’re a YouTuber or Twitch Streamer, are you aware of the information visible to your camera? Family pictures, items that mention your school or employer, or a bulletin board with random items tacked up. What are you posting on your Instagram? Pictures of your trips, your hotel room, maybe even your flight information?

I am, or rather was, guilty of all of the above. I used to regularly share photos of hotel rooms I was staying in on Facebook and in a moment we’ll discuss why that’s a bad idea. I do, however, stream video games once a year when I raise money for SickKids Hospital via Extra Life. Just by streaming with a link to the donation page above, I’m giving away my name and picture. From there, thanks to a relatively unique last name, it is pretty easy to identify me. I’m often asked, why I don’t include video. That’s because the wall behind me contains a Jason mask from Friday the 13th: The Final Chapter signed by Ted White and a one-of-a-kind 6x3 banner signed by the cast of Degrassi. Even if the banner didn’t say Toronto Comicon, it wouldn’t take much Googling to figure out that Ted White appeared at Fan Expo in 2015 and the cast of Degrassi at Toronto Comicon in 2017. Now, luckily, I’m a nobody, but imagine if you were a streamer with tens of thousands of regular viewers or a YouTuber who has millions of views on each video. You might have just let a crazy stalker know exactly where and when to find you.

I mentioned hotel rooms. I’m willing to bet that a good number of people who read this article have probably taken pictures of their hotel rooms and shared them on social media. Many hotels, especially higher end ones, tend to have distinguishing characteristics, this makes them easy to identify from a photograph. Often, celebrities will attempt to keep the hotel they are staying at quiet to avoid fans harassing them. Sometimes, they don’t realize how much they review from a quick post on Instagram showing off their hotel room.

Last year, my wife and I attended a comedy show that we were excited to see. One of the members of the group had a preshow meet and greet option, which we had purchased. There was a check-in table for the meet and greet and you were then brought to another section of the theatre for photos and handshakes. While waiting for the check-in table, my wife and I started talking to the people in front of us in line, a woman and her father. When they checked in, I overheard their last name, which was somewhat unique. The father mentioned that his daughter had been trying to find out what hotel the performers were staying at. It was a comment in passing, but it was something that stood out. As we made our way to the meet and greet, we were entertained in line by one of the performer’s assistants who works on their show. She mentioned that she was going to have her own special this coming year and I made a note to look her up on social media, so that I could watch the special when it became available. The show was amazing and my wife and I came home. While we were watching TV, I started looking for this woman’s social media, so I could see when her comedy special would air. I couldn’t find her anywhere based on the name she had given and the spelling I assumed.

This is where basic cyber sleuthing takes over. I realized that she would likely be followed and a follower of the performers she works with, so I took to their accounts on Twitter and Instagram, reviewing their followers. It took about 10 minutes, but I finally found an account with the name she had mentioned, just a spelling completely different from what I had assumed. Looking at her Instagram, she had posted a picture inside her hotel room. I commented to my wife that the throw pillows looked unique and we put the image up on the TV. After a few minutes of searching, we realized exactly what hotel they were from. At this point, my wife commented that it’s too bad it didn’t happen earlier because the woman we were standing in line with was looking for their hotel. A quick search of Facebook for her name (overheard when her father checked in) revealed too many results, however when paired with a quick search of Twitter for the show we had just been at, I was able to find the correct account. I sent her a quick message, letting her know which hotel the performers were staying at.

This was some basic cyber sleuthing done by my wife and I while watching TV. We were able to take the names of two people and identify both of them and information about them. Let’s look at the exact pieces of information that were inadvertently shared that allowed this to happen.

1. First name introductions with people you’re talking to in line. 
2. A check-in table, where your last name is mentioned. 
3. Introducing yourself by first name to a group of people. 
4. Following the famous people you work with (and them following you). 
5. Posting an image of your hotel room. 
6. Tweeting out that you were attending a specific show.

Alone, none of these items (3 per person) seem like that big of a deal, but when put together it shows you just how dangerous the online world can be. Remember that all of this took my wife and I less than 25 minutes on our phones while lounging on the couch. We weren’t at a keyboard searching frantically or recording our research, we were just casually browsing. A more sinister individual could have shown up at the hotel (or the easily identifiable bar where the assistant posted pictures of the performers drinking after the show). I remember in the late 90s, when my parents freaked out that I was meeting some people I’d bet on the Internet for coffee. That required that we arrange a meeting spot, share our descriptions, and plan a time. Today, 15 minutes on Twitter or Instagram will easily tell someone what you look like, where you are, and your favorite coffee order. You might have read this and thought, “Wow, that’s so creepy”, but if this makes you think twice about posting that hotel room selfie, it is worth being creepy. When you survive your next trip without a stranger knocking on your door with your favorite Starbucks beverage in their hand, it might just be that you avoided that scare because you read this article. So this Easter, when you’re on your next trip, be aware of the information you are sharing when you start to post pictures of any trips or family egg hunts. You may be revealing a lot more than you think you are.

Posted by Tyler Reguly on Apr 19, 2019