MyPrivacyAudit is a free service brought to you by Risk Based Security.
Whether purposefully or accidentally, many of us share a staggering amount of private information on the Internet. We've created this service to help you better understand the type of information you may be unintentionally sharing. For those that choose to share such information, we hope this service will help you better understand the risks associated with over-sharing.
Initially, the focus of MyPrivacyAudit is understanding the privacy concerns associated with using Twitter. This tool can identify personal information that is connected to a tweet as well as information contained in the tweet itself. With this information, account holders will be better able to manage the overall security of their Twitter account.
Once a Twitter ID is entered, tweets are analyzed and a security assessment is performed. If your tweets are not protected, there are two main privacy areas that we verify:
- if geolocation is turned on/off for tweets
- if location details are exposed when using check-in services
- if location details are exposed when photos are posted
2) Sensitive Information
- credit or debit card pictures
- travel information
- vacation and home location information, etc.
If you choose to create an account with us, you will see the specific tweets and details that were captured that were identified as “at risk”. Additional features will be available with future releases including the ability to audit your privacy on other social media sites.
Q. Why do you require a login to MyPA?
A. The primary reason we require a login at this point is to ensure the specific/raw data (which could have sensitive information) is only provided to the owner of the account. Even though this information has already been posted publicly we felt the need to protect it. If you create an account, in the Dashboard it also tracks any changes in your assessment activity.
From a standpoint of security of the login, we are using the recommendations from Twitter for authentication and store no usernames or passwords. The authentication process is external to MyPrivacyAudit. We just use oAuth http://en.wikipedia.org/wiki/OAuth to authorize (already authenticated) a user to see details of their report.