Quizzes used for data collection
All over the Internet, there are quizzes that promise to reveal specific details about an individual by having them answer a handful of questions. A wide variety of online quizzes and surveys exist, some claim to be able to determine what kind of animal a person would be by determining what they were like in high school. By answering these questionnaires a person is unknowingly handing over the keys to their personal accounts. Surveys and quizzes are not always designed with good intentions and are designed as a method of data collection for account recovery questions.
Account recovery is a very common practice in today’s world. A password is set and almost immediately forgotten unless saved or written in a safe place. When these credentials have been forgotten, account recovery questions come into play. These questions are personalized to the user by asking things like “What is your mother’s maiden name?” or “What street did you live on in middle school?”.
Quizzes on social media are openly more invasive in terms of collecting information than traditional ones. On social media, the user is normally prompted to allow the application to have access to parts of their social media profile to either start the quiz or to share the results with their friend group. Not only does a third-party have access to the data that was inputted, it now has access to the information visible on the account linked, such as birthdate, home town, and full name. An example of this would be finding a quiz that has been shared all over social media and everyone has taken it. The gist of the quiz is once a person reveals what they were like in middle school they can find out what kind of wizard they would be. Most questions have many insufficient answers, however, depending on what information is available on the user’s profile. For explanation purposes, there may be a question that asks “How did you get to school every day?” and if the hometown is present on the profile, through deduction and a map the school attended could be determined.
Most would like to believe that they don’t give out personal information out that freely. To their credit, people do try however not thinking defensively about sensitive information leads to their downfall. The questions asked may not be outright asking for recovery data, however, the wording can elude to the same answers. A survey popped up recently on social media for an auto repair shop that was asking people “What was the first car you learned how to drive a stick on?”. At first, this doesn’t seem like a recovery question, but there is a question that exists that asks “What was the make and model of your first car?”. More often than not, both of these questions produce the same answer since the majority of people who first learned how to drive a stick shift vehicle, that was their first car.
There are a couple different methods or suggestions to help prevent the unnecessary leak of private information. One of these ideas to protect against this type of data exfiltration would be to not enter any personally identifiable information on these applications if it can be avoided. For example instead of entering your full name, perhaps come up with a fake one and not link anything to a social media platform.