Sign in Subscribe
By SparkForge in General

Digital Signature Inventory

Purpose: To protect yourself in the digital world, it is important first to know what you have.

In the below area, work through annotating the WHO, WHAT, WHERE, and WHEN about you.

Who are you?

What do you know (Certification, degrees), Do (work, sports, activities), hobbies, interests, family…

Where do you live/ have lived?

                  What locations do you spend most of your time or visit frequently? Work, Vacation, Family, Restaurants.

What do you have with you most of the time?

            Cars, phones, watches, id cards, bags.

Who/What/Where do you attribute yourself to?

                  What can you take away from the above data points about your profile? Anything that you would like to enhance or suppress? What are the people, places, or things that share these attributes? This is your attribution.

Summary: This step sets the baseline for the rest of the sections. Knowing what you have is the best way to go from public to private in the areas it matters to you.

Identity: Documents, Accounts, Photos, Biometrics

What is currently in your wallet/purse?

Driver’s License, ID Card, Passport, Credit Card… Do any of them have tap-to-pay, NFC, RFID, or other technology emitting a signal? What other items do you have on you or in your bag say something about you?

Do you have a management system for your online accounts? (Lastpass, Keepass, Bitwarden, pen and paper)

  • Do you have unique passwords for each account? Are the complex (15 Char with 2 upper, 2 lower, 2 Special, 2 Number) or multi-word sentences?
  • Do you have 2/multi-factor enabled for this management system?
  • Do you have an offline backup of the data?
  • What questions do you use for account recovery? Do they say something about you?

Do you use some form of biometrics to access phones, cars, houses, work, or other locations? What and where?

Catalogs of where you allow unchangeable data to go will tell you who and what can make decisive conclusions on your identity from a distance, up close, or after the fact.

Where do photos of you exist online?

            Social Media, Government Databases, Employment… Who knows what you look like and how old are the photos?

What are the usernames/logins you most often associate with and use?

  • Your most used username can say a lot about you as a person. What are they?

Summary: Identity is all about who you are and where you have data in the world that can validate you as a person. For security, that’s good because you don’t want people to become you through your lack of data. For privacy, it’s good to have now a lot of data that validates your identity.

Financial: Accounts, Bills, Payments, Credit

Who do you bank with, and how do you bank with them?

  • Banks will say a lot about you at times. A credit union or a member-only bank provides your attribution.
  • Do you have joint accounts?

What utilities, loans, and debt do you have?

  • Credit history is only a credit check available. Do you have debt or loans that provide to your attribution? Do you own a home or other available property? What does it say about you and your affiliation/attribution? Who else might have those same attributes?
  • Do you have co-signers or joint account holders?

How do you pay for things/buy things?

  • Do you go out shopping for most things? Do you order from amazon? What is the percent of the split?
  • What types of debit/credit cards do you use?
  • Do you have multiple people with the same card number/account usage?
  • Do you use payment services such as Venmo / Paypal / Zelle…?

Summary: Our financial records are available in many ways. The world of big data made this information highly profitable and data brokers sell it. The data is used to identify fraud and irregular activities that lead to criminal and nefarious organizations. Banks share this data to know if a person is a risk and should be treated as such when lending money. Understanding what and where your financial data go will allow you to minimize your risk surface.

Social: Messaging Apps, Accounts, Sharing & Collaboration sites

What apps do you use to connect with others, access the internet, get current events, and find information?

  • List out:
    • Social Media Sites
    • messaging applications
    • Web Browsers**
    • search engines
    • Learning Management Systems (School sites)

** for web browsers, annotate if you store passwords, what sites automatically log in, and what are the most critical things you access, IE banking, travel, search, and internet exploring.

Summary: After listing all the social media sites and mapping them to browsers, what other sites have access to the cookies/history left by all the other sites? The cross-sharing between browsers will allow a lot of your content to end up on these social media sites. Separation of sites into the most critical, important, and random internet crawling helps to protect the most important aspects of your digital life.

Portable Electronic Devices: Phones, Computers, Cars

Take inventory of your physical assets and the digital identifiers on these devices.

  • Device Make, Model, SN
  • IMEI, ICCID, MAC Addresses (Bluetooth, WIFI, NFC…)
  • Review Wi-Fi and annotate what is in your history for all devices.

With the inventory of your social media, messaging, online accounts, and other websites, what do you access from what device? Mapping the accounts to the device will make it easier to manage what has access to what types of data and can see what else about you.

For example, having Facebook on your phone gives it access to lots of other data. This understanding of what is on the device and how it is used as a part of your life will begin to paint a picture of you as a digital avatar.

Another example is plugging your phone into your car. There is a large amount of data shared between the two. What does your car store about you, what do the apps on your phone know when your phone is connected to your car?

Summary: The inventory of your portable device feeds into the last step of person, place, and thing. These three items are the final piece to establishing attribution.  We need to track what we have and who had it to draw and track a picture that nefarious elements can see.

Location: Addresses, Device Location, Wi-Fi, Travel

This is the last and easiest step if all the above was done. Where have you been with all these devices, and what do they say about you?

Think through the places you have been with your devices. With all the data bleeding off you from above, what does it say about you as you connect the dots? If a phone has been to X countries and has co-travelers of X type, your attribution is set. A review of the data collection pyramid will provide a better idea of potential attribution based on threat or criminal entity access to the data sets.

Attribution and location play a big role in assessing your risk in the digital world. Person, place, and thing will tell much about a threat or criminal entity. We need to track where we have been and identify anything that might look like an indicator to support predictable behavior.

Summary: With all the other areas complete, this area finishes the digital signature inventory. You have a pretty good idea of what you are in the digital world. It is in a very rough format, but it will allow insight into your attribution. Where do your attributes overlap when compared to another person, place, or thing? Above are all the attributes about you as a person in cyberspace. Now is the time to control your attributes and what they say about you to the rest of the world.

 

Subscribe to SparkForge

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe