How WAC Confessions can Backfire

technology college

There are a string of new “confessions” copycats since the original shut down. These pages claim that there is an anonymous way of submitting confessions, normally through a Google Doc or Survey Monkey page. There is a slight problem with this, none of the parties involved in this process are actually anonymous.

Creators of the page can be identified in several ways. If the page was created by a logged in user or the admin(s) edit the pages with their own account(s) that information is stored in the page's user table. If the person creating the page didn't directly link the page and the account, the server's logs store enough information to link the two. The MAC address [1], User Agent [2], and/or cookies can be used to identify you. With a simple SQL query the page and your Facebook account can be related.

Confessors can be identified with a bit more work. Both Google and Survey Monkey collect MAC addresses and User Agents whenever a browser pings one of their sites and store the same information with each entry. The Google Docs page, several other security holes exist. Anyone who is logged into a gmail, YouTube, or other Google account at the time of posting will have that account tied to the post. This includes Google plus accounts that have access to your real name.

With either a subpoena, best case scenario, and an email from someone from the school with an official sounding title, worst case scenario, this information will be handed over to the requester. Both the NAC and the wireless login page collects the MAC address and other information of the person who logs in. The addresses from Google or Survey Monkey would just need to be searched in the sign in table.

None of the companies involved have any reason to keep your information away from a requester. In all actuality Google and Facebook have more of in incentive to hand over information to the school. You are a single person and represent a minimal amount of potential money to loose compared to an institution such as WAC.

Are there ways around most of these issues? Yes. Am I going to tell you them? No, go read WP:BEANS.[3]

TL;DR: Just don't do it.

[1] http://en.wikipedia.org/wiki/MAC_address

[2] https://panopticlick.eff.org/

[3] http://en.wikipedia.org/wiki/Wikipedia:BEANS