We all have mindless tasks we like to engage in during downtime, to rid our minds of stress. It could be playing repetitive games like Candy Crush, twirling a fidget spinner, or endlessly scrolling through our social media feeds. Sometimes, we land on a silly yet seemingly entertaining quiz and decide "heck, why not?" Here's a tip: don't.
These quizzes seem totally innocuous, simply requiring that you answer a few multiple choice questions like "what do you prefer doing on a warm and sunny day?" or "what's your favourite vacation destination" or "choose the image below that most appeals to you." It's all innocent fun. Except it's not. Not only can agreeing to a small list of terms before entering the quiz site sometimes mean you're giving the site permission to access your personal data, but it can also leave you vulnerable to hackers.
Last year, the Sutton Police Department in Boston, MA warned residents that doing those fun tests could result in revealing personal information to scammers. "The posts that ask what was your favourite teacher's name, who was your first grade teacher, who was your childhood best friend, your first car, the place you were born, your favourite place, your first pet, where did you go on your first flight, etc...Those are the same questions asked when setting up accounts as security questions," the police department wrote on its Facebook page. "You are giving out the answers to your security questions without realizing it. Hackers are setting these up as a get to know each other better game. They then build a profile of you from several different data sources. They use this data to hack your accounts or open lines of credit in your name."
Earlier this month, a Ukranian quiz maker was sued by Facebook after the social site discovered that the men behind the site were using their fun quizzes to get private data from users and place ads within their news feeds. Users had to install browser plug-ins in order to take different quizzes or read horoscopes from the apps, which ran under names like Supertest and FQuiz. Quizzes were for things like "Who is your doppelganger from the past" and "Who are you of modern vampires?" Seems innocent enough, except the men were able to access profile information, including private information that was only viewable to the use.
Last year, the popular quiz app NameTests was discovered to have potentially exposed the data of up to 120 million Facebook users, allowing the company to gather information from your profile, completely with your consent, even if you didn't realize it, or thought nothing of it. The discovery of the loophole, made by an ethical hacker, isn't to say that the site itself was guilty in accessing and using peoples' information for bad intentions. But participating in the quizzes made it easy for other third-parties to steal your data. The data could be as simple as your name, gender, and date of birth, or even more detailed like your profile and cover photos, devices you use, your posts, and your friends list. Nametest has since reportedly fixed the bug, but how many of the site's 120 million users were already impacted?
Despite massive events like the Cambridge Analytica scandal, my news feed is still full of people posting which actor represents what they'll look like in 20 years, or which superhero is their spirit animal.
"Social media quizzes, especially popular on Facebook, may seem completely harmless," comments Daniel Markuson, the digital privacy expert at VPN service provider NordVPN. "However, there may be much more to these silly questions than meets the eye. Hackers and other shady internet personas can use them to access not only your sensitive data but the information of your family and friends as well."
Which means even if you want to shrug it off as a non-issue, and believe that you aren't attractive enough for hackers to target (news flash: if you have a name, a date of birth, and a credit card, you are), participating in such quizzes, and giving sites access to your information could put everyone on your friend's list at risk as well.
"Your personal information and data from your social circles can be used for all sorts of things," explains Markuson. "They range from a message from a clothing brand, to a presidential election campaign seeking to influence your vote." By taking a quiz, you are giving the companies or people behind them more data points from which to create detailed profiles of you and your friends, including not only pertinent personal information like name, date of birth, and location, but also your likes and dislikes.
So the next time you scroll by one of these quizzes on your feed, resist the temptation, as much as you'd love to know which is your dream vacation location, or which character from Modern Family you're most like. Not every online quiz may lead to the acquisition of your personal data for nefarious purposes, of course. Some are just plain fun (though you will be giving up some information in exchange for accessing them - they are run by businesses, after all.)
If you really want to partake, Markuson suggests digging deeper to find out who is behind the quiz app. See what information they are requesting access to before you click "accept," and read through the detailed terms of service first, particularly how the data is collected and used, even if they are seemingly only asking for access to basic data like your public profile. If they ask questions like your mother's maiden name or the name of your first pet, which you recognize as common security questions for places like your financial institution, steer clear. And if you have someone on your friends list who seems to take a new quiz every other day, consider disconnecting from them on Facebook. If they're really that important, you can connect in real life. And if you haven't already, remove any personal information from your profile, including your phone number, address, or even age.
But to be safe, find that old fidget spinner or a traditional stress ball instead, or look for another way to entertain yourself for your few minutes of downtime.
Markuson's advice: "if something has no price you need to pay, then perhaps your data is the real value."