Every time there’s a major corporate or government hack and email address/password combinations pour onto the black market, you have to wonder whether your credentials are among them. But most of us don’t take any action to check. If only we had a digital dad watching our backs and trying to help us stay safe.
“Julian,” the blogger behind ATechDad, is experimenting with a way to do just that. Over three days, he collected (formerly personal) user data that had leaked in large-scale breaches and was posted to sites like PasteBin that host plain text uploaded anonymously. To do it, he made Canary, a tool that scrapes sites like PasteBin, meaning it automatically culls select data from Web pages and then sends a pre-written email alerting people that their credentials are exposed on the Internet.
As Julian notes in a blog post, similar scraping services already exist, but they have two problems. “1. Most users have no idea these services exist. 2. Many users are wary of sending the information they care most about to another online service.” So Julian figured that the credentials could speak for themselves: If they’re on PasteBin, the owner should probably get notified.
On May 19 he used Canary to send 97,931 emails warning people that their cybersecurity was at risk. Motherboard rightly points out that lots of people would probably ignore such an email because it might look like a phishing scam. But Julian reports that some people actually responded. He got nine thank yous.
The project might feel a little paternalistic and even invasive, but Julian really seems to be doing a dadlike good deed. Since he sent the first round of warnings, he’s collected a total of 300,000 login credentials and is contemplating another email blast.
“I received no donations. This was not unexpected—but since the campaign didn’t cost me much, it’s also absolutely fine,” he wrote. “Overall I consider this experiment a success. I hope that many people were helped and did not reply instead of ignoring or losing the email to spam filters.” <3 dad
