How A Maverick Took on the online privacy violators and Won

Chris-Soghoian-Christopher Soghoian has been earning a reputation as the Ralph Nader of online privacy. He champions the rights of citizens while kicking the violators in the shins.

Mr Soghoian first came to his national prominence in 2006 when the FBI showed up at his house at 2 am to seize the computers on which he had created a site that allowed anyone to take advantage of an outrageous Transportation Security Administration digital dereliction and generate fake boarding passes on Northwest Airlines, with a default name of Osama Bin Laden. The Feds were not amused but closed the criminal investigation without filing charges – and three years later actually hired Soghoian to work in the Federal Trade Commission’s Bureau of Consumer Protection. His freewheeling maverick ways were not the best match for the staid government agency and he was released a year later, but by then his name was synonymous with divulging and publicizing security breaches at the highest levels.


Named & Shamed

Christopher Soghoian has “named and shamed” a remarkable array of leading online and telecom corporations:




  • Dropbox had a back door that allowed them full access to all uploaded files
  • Sprint Nextel had a secret website for law enforcement agents to GPS-track 8 million subscribers every year
  • Yahoo had a price list they charged the US government for turning over private information on their users
  • AT&T’s voicemail was open to phone-hacking due to their policy of not requiring a password to access it
  • Google’s Gmail had SSL encryption turned off by default
All of these major security lapses and privacy violations were active until Soghoian got through with them. Armed with little more than his blog and his innate sense of outrage, he led a one-man pitched battle with the forces of privacy evil for years until he was given a paid fellowship by the George Soros Open Society Foundation to publicly grade online and telecom privacy practices.
Simple Steps to Maintain Online Security
Maintaining personal privacy and security is not a lost cause. There are various simple steps anyone can take to strengthen the safety of their online data:
  • Don’t post anything anywhere (including “private” profiles) that reveals personal details
  • Do not share as joint accounts and profiles – your account is yours alone
  • Mix up your passwords and use at least half non-alphanumeric characters
  • Do not tell anyone your password
  • Never reply to spam emails
  • Turn on cookie notices in your browser
  • Check for https, (the "s" means secured ) lock icons and correct URLs before entering any sensitive data
  • Don’t reply or click on bank or payment facilitator emails that do not address you by name

We should greatly appreciate a lot more, the sacrifices that other people make for us to bring the security and privacy violations they discover into the public spotlight. With technology moving at an incredible pace toward the increased use and reliance of the internet, the need to make the internet giants, advertisers and other companies that hold, gain or manipulate the private information they obtain from us fully accountable for their actions.Chris-Soghoian

Join the fight to keep your privacy safe. Post or report any privacy violations that you find, wherever and however you can. Reporting the privacy violations to the proper authorities and bringing the issues into the public eye as much as possible is the best way to fight back against the odds and Protect Your Rights.

Bureau of Consumer Protection : Bureau of Consumer Protection

Privacy Commissioner of Canada : File a complaint HERE

Other posts you might want to read : Will The US Have A Privacy Commissioner Soon ?

Follow Christopher Soghoian on Twitter : Christopher Sohoian@csoghian

For many companies, collecting sensitive consumer and employee information is an essential part of doing business. It’s your legal responsibility to take steps to properly secure or dispose of it.  Financial data, personal information from kids, and material derived from credit reports may raise additional compliance considerations.