TikToker and Chicago-based server Kristen Sotakoun can probably identify your birthdate in 30 minutes or less. Contrary to what some of her admirers believe, she is not an expert in cybersecurity; instead, she has made "consensual doxxing" her passion.
"My primary priority is to amuse people. Sotakoun, who goes by the handle @notkahnjunior, told me, "My second thing is to reveal you flaws in your social media, which was the absolutely unintentional thing that I became on TikTok.
It's not quite doxxing, which is the term used to describe the malicious disclosure of private information to the public. Instead, open-source intelligence, or OSINT, is the term used in the cybersecurity industry. Individuals unintentionally leave a breadcrumb trail of personal information on social networking sites, revealing information about their age, families, embarrassing childhood experiences, and more. When hackers are acting maliciously, they acquire data based on what you or your loved ones have posted online in order to access your accounts, perpetrate fraud, or even manipulate a user into falling for a ruse.
Sotakoun mostly merely determines the birthdate of a volunteer who remains anonymous. She claimed she only enjoys solving logic puzzles and has no malice towards anyone or any desire in a career in security. Before TikTok, it was learning the day job of a friend's "knight" while riding home after a friend's birthday supper at Medieval Times. Sotakoun just so happened to become famous for her abilities in the end.
Sotakoun "consensually doxxed" me in order to demonstrate her method to me. She immediately discovered my Twitter, but because I kept it relatively private, it wasn't really useful. She was able to determine where I attended college, though, thanks to information in author profiles from my previous employment.
She found my Facebook account after using my name and the university I attended, another profile with little information. But, it did direct her to my sister, who had left a remark on my cover picture nine years before. Because we have the same last name and are listed as sisters on her Facebook, she was able to identify me as her sister. This is significant since I don't really share a last name with the majority of my other siblings, which would have been another challenge.
But, because my sister and I have very common names, Sotakoun also discovered my stepmother on my sister's site. Sotakoun was directed to me and my sister's Instagram profiles rather than just one by Googling Instagram under my stepmom's considerably more distinctive name.
My Instagram account is nevertheless private. Sotakoun discovered the day I was born thanks to my sister's Instagram account, which she made "secret" so she could enter a Wawa contest and win a t-shirt. The account had old birthday postings from years ago. It required a lot of scrolling, and Sotakoun depended on the knowledge that my sister had previously said that my birthday was on April 25, International Penguin Day, to account for the possibility that a birthday post would arrive a day early or late.
She then used information from my high school newspaper and the year I entered college, which was 2016 according to my public LinkedIn profile, to determine the year. I graduated from high school in 2016, Sotakoun learned, after I took advantage of a scholarship exclusively open to seniors. She then proceeded to count backwards by 18 years, telling me that my birthday is April 25, 1998. She was accurate.
Finding people who care less about their internet presence than you do, or context cues, is always Sotakoun's aim.
According to Matt Edmondson, an OSINT teacher at cybersecurity education provider SANS Institute, many individuals may contest the notion that posting personal information online is dangerous. Some can ask what the harm is in seemingly unimportant information like having their pet's name readily available on social media, despite the obvious ramifications of having your social security number broadcast online. An attacker could be able to access your email or Twitter account if it also happens to be the response to a security question.
My digital footprint has always been carefully crafted to conceal my details. I don't disclose a lot of personal data and my accounts are private. Yet, Sotakoun's OSINT techniques discovered a wealth of information.
Facebook and Instagram are Sotakoun's largest assistance for discovering information, but she claimed she has also used Twitter, and even Venmo to confirm ties. She especially steers clear of information sources like record databases that may readily divulge personal details.
It implies that Sotakoun isn't looking for a lot of the information that is still available about each of us. According to Steven Harris, an OSINT specialist who teaches at SANS, information like your date of birth, residential address, and more are probably already public in some way. This is especially true if you live in the US.
It's quite difficult to take data back once it's been released, according to Harris. The majority of people don't have the knowledge or desire to go and find out, which is what protects individuals, rather than the fact that the information is safely kept away.
You may take quick actions to prevent attackers from exploiting this information against you. Using multi-factor authentication and complex passwords makes it more difficult for unwanted individuals to access
When we consider how frequently our friends and family post for us, though, things become a little more tricky. In reality, Sotakoun claimed she has seen that, despite a person's best efforts to remain anonymous online, the lack of control over their social circle might enable her to ascertain a person's date of birth.
She said that you have little to no influence over how your close friends or even a small portion of your larger social circle conduct themselves online.
Follow Us