Tag Archives: digital identity

AI Infiltration

Leave a reply

Do you want an AI to be able to read and reply to your email? Wouldn’t that be great? Yes, but I’m not doing it!

My personal email is a gateway to everything I do on the web, and that includes my digital banking. It also includes access to EVERY web tool that I use. I can’t count the number of times that I’ve used ‘Forgot my password’ on a website, or an app, and retrieved that information in my email. So, my email gives me, and anyone or anything that has my password a lot of control over the online tools that I regularly use.

As an aside, this is why two-factor authentication is so important, it protects you from someone having full control of everything you do online, simply by having access to your email. Yet, to me, this protection isn’t enough to allow me to give an AI agent access to my email. To me, this is allowing too much access to my whole digital life.

It’s not the reading of my email I’m concerned about. And frankly, I’d love to have an AI respond to basic email communication on my behalf, or to add items to my calendar for me. That would be great. But to do that I’m essentially saying to an AI company, “I’m an open book, go ahead and read me in order to train your AI model.’ And I’m also allowing an Agent full access to my digital life.

What happens when a ‘helpful’ agent decides that in order to help me it needs access to my online banking to make a purchase? Or worse yet, what happens when an AI is injected with a virus designed to collect my passwords and to update this passwords, then delete the ‘Forgot password’ emails so I don’t even know they were changed.

We’ve already seen countless examples of people being able to trick an AI into giving access to programming information that should have been kept private. Or people convincing an AI to respond to inappropriate questions it was trained not to respond to. Knowing this is not terribly hard to do, what makes you believe an AI agent with full access to your email, your life online, can’t be convinced or exploited to share your information and access in a way that will completely compromise you and your personal information?

I’m not convinced the risk is worth the reward. As I use AI more, I’m using it as a tool to help me understand and connect to the world in better, more efficient ways. But I’m not ready to let AI into my email and into my digital life. I’m wondering when the horror stories of full identity theft are going to start to happen? And I’m guessing these stories are going to start with, “I gave an AI agent access to my email.”

Own your own domain

Background: In March of 2008 I purchased DavidTruss.com, DavidTruss.org, and DavidTruss.net. I didn’t start my blog on Google’s Blogger, or on Edublogs, or one of the ‘user-friendly’ blogging websites, I used Elgg, which I was invited onto by a friend, and it was clunky. To make changes to the look of my blog I had to play with the HTML. I often tried and failed, and I learned a lot that I would not have learned on an easier site. However, they sold out to Eduspaces, which in the transition killed a lot of my backlinks. Then it looked like Eduspaces was going to change again after I had spent hours cleaning things up, and I got fed up and decided to own my own domain name. I reserved the .com, .org, and .net as the most popular addresses, and I keep all 3 with the .org and .net being pointed to the .com site, (so if you go to DavidTruss.org it auto re-directs to DavidTruss.com).

I keep the .org and .net domains only for vain reasons… Search for David Truss online and you’ll probably find me for most of the links, and I like it that way. Maybe one day I’ll stop paying for the other domains, but for now, I will keep all 3 addresses. For a fun explanation of why my first blog was called ‘Pair-a-Dimes’ you can find the story here, under Why ‘Pair-a-Dimes for Your Thoughts’? For this Daily-Ink you can learn more by reading Why Blog Daily or The act of writing, where I coined my byline: “Writing is my artistic expression. My keyboard is my brush. Words are my medium. My blog is my canvas. And committing to writing daily makes me feel like an artist.” 

The current backdrop: That’s a lot of reminiscing, so what value am I going to add here? The reality is that it is getting more and more difficult to parse truth from lies, and deep fakes from actual audio and video clips. Things go viral without fact-checking, and it would be easy for someone malicious to spread misinformation about you, me, or anyone else. We know that lies spread faster than the truth in social media and this is only getting worse. Soon, you won’t be able to trust anything that comes to you on social media and what will matter most is where you get your information from. The sources you trust will matter, although even these you may have to evaluate. For those sources you don’t already know and trust will be handled with caution and doubt… even when the message is something you want to believe.

Why own your own domain? While you might think that deep fakes are things only celebrities and politicians need to worry about, the reality is that ‘regular’ people are already getting scammed with technology that used to cost thousands of dollars but can now be done free with AI tools. While your own domain won’t help with an impersonation scam like the one I just linked to, your digital identity will be much easier to misappropriate. My voice and image are on the internet. There are quite a few photos and videos of me online, and so there is enough data for someone to create an AI enhanced video of me saying whatever the culprits decide will be funny, insulting, mean, our downright disgusting. A funny version of this was a prank a former student pulled where he and other students uwuify’d some images of me while I was on a social media sabbatical. This was harmless fun, and never intended to impersonate me, but the technology is now there for anyone to do this.

Your domain means you control the narrative. Your own domain means that if something is being shared that you didn’t create, you can point to reliable information. If you have your own website, that’s where you can share your perspective on things, and it isn’t controlled by anyone else. Someone can create a Facebook profile that looks just like mine, and use my images on it. Someone can create a @davidatruss or @datruss1 account on Twitter and make it look like I’m the one saying what they want me to say. A Youtube channel would be just as easy to set up as well. Whereas DavidTruss.com is my domain. I own it. I control the narrative. And… I have a big enough digital footprint that people can see it’s not some site that was just put up a week ago. Does this make me bulletproof to a scam? Absolutely not! But it gives me some leverage to share my own voice if I do get impersonated.

Your domain, your words, your narrative.

Scam prevention: As a final thought, to prevent scams where family members are impersonated, have a ‘safe word’ that you share in times of distress. Not your pet’s name or anything like that. Choose a word that even people you might know wouldn’t guess, like ‘apricot’ or ‘gazebo’ or a phrase like ‘This is extra sauce important’!

Our online persona

No one shares all of who they are online. We share snippets, frozen moments, and smiling images. Some share to learn, others to reflect, others to seek attention. What’s clear is that we are not our public or online persona.

Writing and sharing daily, I’m keenly aware that I share a lot more than others do. How is this perceived by others? I’ve had some surprising feedback, some of it good, some of it disappointingly bad. I’ve even had it questioned if this was somehow taking away from my work day. That would have made me laugh if it wasn’t, at the time, so upsetting. I wrote a scathing retort that will probably never leave my drafts. It was cathartic enough just to write it.

And that’s what I’m reflecting on now, what do we chose to share and what do we keep to ourselves?

What do I keep to myself? What do I blog about? What do I expose? What do I hide?

A few years ago I went through 6 months of chronic fatigue. My family and coworkers knew, they had to know because I wasn’t running at full capacity no matter how hard I tried… but I didn’t really share any of this online until I found out it was from an extreme Vitamin D deficiency, and I was on the road to recovery.

I can remember going to a conference once and meeting a blogger whom I read regularly and admired. I was so excited to meet this person who ended up just being an ordinary guy who really didn’t want to talk about anything I was interested in talking about. It was a huge let down. This is especially true because before meeting him, I’d connected with so many amazing people at conferences who felt like instant friends, and whom I loved meeting face to face. I had met so many people that I felt I knew, and who exceeded my expectations as wonderful human beings. This guy just let me down.

But did he? Did he let me down or did I expect too much? Had I built him up to be something he wasn’t? Did I imagine him to be more than he was? Did I imagine my online interactions meant more to him than I should have?

On the flip side, who have I let down, disappointed, and even unintentionally ignored? Who has met me and thought, ‘Oh, that’s not the guy I thought he would be… that’s not the online Dave that I know.’

Whether we want to admit it or not, we don’t put our whole selves online. We refine our online persona by intentionally editing things out. We may not see ourselves the same as the Instagram teen deleting images that don’t get enough likes, but in some way we are one and the same. We choose to put some things ‘out there’ and we choose to leave some things out.

I have a friend who shares the most incredible photos of themselves having a wonderful time on Facebook, who I know is unhappy and struggles with depression.

I have another friend who in the past over-shared a tremendous amount of information about themselves. I was concerned and mentioned this to them. The response: “I’ve had people thank me for being so honest, and sharing things they are afraid to.” They were over-sharing in my eyes, not in theirs. It was beyond my comfort zone, not theirs. It was an uncomfortable level of sharing for me, not for them.

I can see that we are not our online personas. They are different than us. Even though this persona can say a lot about us… they don’t always say what we think they say.

How intentionally different to you is your online persona?