Ep. 217: “The Wrong Dan Sturman”

“What the Hack?” is DeleteMe’s true cybercrime podcast hosted by Beau Friedlander

Beau: Imagine being hated for something you never did by people who swear they saw you do it. 

Naomi Klein Channel 4 Clip: Well, I was in a public restroom. I was in a stall and I overheard two women, well, just trashing me, talking about an article I had written and how wrong it was and how ridiculous it was. And I just, and, and I… First, I just had all my high school flashbacks, and then I realized they were talking about someone else.

Beau: That’s author Naomi Klein in an interview with Channel 4 News in the UK about what happened when she got confused with another author named Naomi, who, in her words, same age, same career, same dark hair, but also very different. 

Naomi Klein Channel 4 Clip: So I came out and I looked at one of them reflected in the mirror, and I said, I think you’re talking about Naomi Wolf, who is another Naomi writer, and I’ve been confused with her and conflated with her for much of my life.

Interviewer Channel 4 Clip: So there’s the coincidence of the name, but there are lots of other coincidences as well.

Naomi Klein Channel 4 Clip: Yeah.

Beau: This wasn’t just limited to public restrooms. Thousands of people started yelling at Naomi Klein online. Well, “yelling.” Furious at her for things that she never said because they’d mixed her up with the other Naomi. She’d log on and find wave after wave of strangers really, really angry about statements that she never made, or ideas that she really didn’t espouse at all. 

Naomi Klein Channel 4 Clip: You can also create your own doppelganger. I mean, what interested me about the figure of the doppelganger is that I think the more we interact with the world online, the more we’re represented to the world through a doppelganger. Our digital avatar.

Interviewer Channel 4 Clip: [inaudible] reinforces what you think you are.

Beau: Naomi Klein wrote a book about this called Doppelganger. It’s in paperback now. Came out, the paperback came out last year, and it’s about two women with the same name and how that shared coincidence spiraled into all kinds of shenanigans, you know, in a world where confusion about a name can be serious, really serious. I’m beau Friedlander and this is What the Hack, the show that asks, in a world where your data is everywhere, how do you stay safe online? Naomi Klein’s story is unusual, but not unique. She wrote about being confused for someone else online, another Naomi, another famous Naomi: Naomi Wolf, and how that mistake snowballed into something that could have been pretty dangerous. So today on the show, we’re gonna look at what happens when your identity gets tangled up with somebody else’s identity, and also just sort of what it means to be visible and what it means to have your name when other people may have your name. And we’re starting here with a man named Dan Sterman. 

Dan Sturman: I’m so happy to be here. 

Beau: Dan Sturman is a Los Angeles based director, writer, and producer of, and listen now, Emmy Peabody and Academy Award-winning documentary films. Dan, welcome to the pod.

Dan Sturman: Thank you so much.

Beau: Dan’s story starts in 2007.

Dan Sturman: Okay, so I have a friend, a good friend in Los Angeles named Tucker Carney who is just the sweetest, most thoughtful guy in the universe and he, back in 2007 because you know, he’s the kind of guy who was on the waitlist to get the trial for COVID medication when it had happened. You know, he’s always like sort of noodling around and looking for the angle, and he had heard back in 2007 about Gmail and signed himself up for Gmail and because he’s such a sweet guy he signed my entire family up for Gmail, including my five and 6-year-old daughters, so that each of them had their name@gmail.com. He’s like, this is gonna be a big thing. Did it I think to a bunch of people in the neighborhood. I actually a week ago today was at his memorial service. It was heartbreaking, but there were literally 300 people there, all of whom you know, he touched in different ways, because he’s that kind of guy.

Beau: So in 2007, Tucker Carney, your early adopter friend. Your early adopter in all things. Your to the ground guy.

Dan Sturman: He was the first guy I ever saw wearing Crocs. Think about that. 

Beau: That does paint a picture. And he was probably the first person to have the little things that go in the crock holes too. But anyway, Tucker gets you an email address on Gmail. He’s an early adopter. He’s gotten it for all your family, and no doubt plenty of people who attended his memorial also had Gmail accounts courtesy Tucker Carney. Seems like a wonderful person, and it’s a wonderful situation to have because yes, your email address is very easy. Now, did you use it right away? Were you an early adopter or did you just kind of have it and not use it?

Dan Sturman: So I moved to London in 1995 and right around then I got an AOL email address. And you know, when you used email at that time, you actually paid by the second that you were online. And so you would sign on really quickly and do whatever you needed to do and then sign off really quickly.

Beau: I remember that.

Dan Sturman: Sitting in my apartment in London, I would, you know, sign on, send an email, sign off and then place a transatlantic call to the person I sent the email to saying, “Did you get my email?” You know, ’cause I had no idea how it worked. So anyway, but yeah, so I was on AOL up until probably like 2012, 2013 and, you know, switched to Gmail and do not regret that choice.

Beau: Well now to give AOL break here, a lot of us “olds” as I’ve heard us referred to, used AOL. And there’s something kind of OG about having an AOL account still. I still, when I see them, I’m like, okay, so there’s some street cred I think for having one of these old school email addresses. But here’s the thing: if you wanna get your exact name@gmail.com in 2012, it’s a lot harder to do than it was in 2007, 2008. There weren’t that many people using Gmail. It was possible that I got my name. You know, don’t, don’t abuse that, but yes.

Dan Sturman: Yeah, there’s a huge prestige, you know, that I experienced every day when I send the email.

Beau: Because you got the handle you wanted @gmail.com. Through the years, Dan’s prominence as a filmmaker grew. His documentaries won awards. Even an Academy award. Critics wrote about his work. His name was out there big time, but in 2021, he started getting a different kind of attention, not for his work, and not the kind that you celebrate, but the kind that makes you check your inbox way too much, probably obsessively, wondering exactly what people think maybe you did. 

Dan Sturman: Suddenly I started getting a lot of attention. You know, “Hey, following up on our conversation where, you know, I promised I would send you that email,” you know, “wanna set up a time to discuss investment opportunities?” I had a jet charter service soliciting me. You know, “now might be the time to get a share in our jet charter.” I got an email from the Tiffany’s jewelry store. They were informing me that the beautiful sapphire necklace, I had picked out was ready to be picked up. 

Beau: So we’re used to the hook and real strategy of phishing attacks on this show, the fake calls, scam calls, the obvious cons, the not so obvious cons, the lateral moves. But the thing is, these weren’t fake. These were legit. These were real messages, real people reaching out to Dan, and that made it even stranger because the question wasn’t, is this a scam? It was, why are they coming to me at all? 

Dan Sturman: I kept my wife abreast of all these different like, sort of random, you know, pitches I kept getting and she saw that and she’s just like, this is like an episode of I Love Lucy, where like I would see this email on your desktop and I would either think you’re having an affair, you know, or waiting for that necklace to be presented to me and when it didn’t show up, you know, my suspicions would be flamed and you know, fan the flame, whatever. 

Beau: They would flare into a huge conflagration in the whole, yeah. Did you just let them know, Hey, you got the wrong…

Dan Sturman: It felt like it would not be the perfect crime, that they would figure out a way to track me down eventually. And it would not be a good choice.

Beau: Well, now I do a show about scams and cyber crimes, so, you know, I would have a ready answer. And, and there are people who listen to the show I’m convinced who just use it as, you know, a way to get ideas for committing crimes. But you know, ’cause it could get lost Dan. It is insured. Yeah. It could have just gone walk about. Oh, well. So no ruby? No ruby. Was it a bracelet or a necklace? What was it? Bracelet, right?

Dan Sturman: I think it was…

Beau: It was a necklace.

Dan Sturman: Blue. I think that’s the sapphire, right?

Beau: Oh, it was a Sapphire.

Dan Sturman: Yeah. Yeah. Yeah.

Beau: Okay, well, that’s pretty weird. Tempting as it was to just ignore it all, Dan kept fielding the messages as best he could until he couldn’t anymore.

Dan Sturman: I got a phone call and it was from my sister and I answered the phone, and rather than it being my sister, there was like a momentary pause and then a male voice came on. And it was threatening, and I actually wrote down the quote. Among the things this person said is, “You need to make things right. We’re now gonna take it out on people’s families.” That was the direct quote. And then I also started getting really threatening text messages, including one in which it said, “in case you have not been made aware already, you need to reach out very soon. If Jesus can give his life as a ransom, then there is no excuse.” You know? Kind of creepy. Kind of weird.

Beau: Very creepy. And these are two separate instances? Or the same?

Dan Sturman: Oh, yeah. Yeah. And by the way, so then I, you know, I called my sister and I was like, have, have you had any, like, what’s going on with this? And she said she had gotten calls that she thought were from me with the exact same message, you know. So now that I’m hip, you know, with what the technology is, I guess it’s called spoofing, where you can basically somehow make it so that it appears the phone calls coming from someone when it really isn’t coming from them.

Beau: By now, Dan had figured out this wasn’t just random noise, it wasn’t about Tiffany’s, it wasn’t about jet charters, and it wasn’t about him. It wasn’t about him at all. It was bigger than that, and somehow he’d gotten caught in the middle of something really weird. He was being targeted by a ransom attack. He was being targeted by hackers, real hackers. After the break, who the attack was targeting and why the hackers got it so wrong. When the threats started piling up, Dan Sturman found himself unwittingly in the middle, getting messages that grew darker, more urgent, more menacing, but the people on the other end of the line weren’t after him. They were after another Dan Sturman. So what exactly happened here? How does a filmmaker end up in the crosshairs of a ransomware attack meant for someone else? To find out, we called in an expert and one of my colleagues, Ruben Moretz. He’s the head of security at DeleteMe. Ruben, I have a question for you. I think you can answer it. 

Reuben Moretz: Okay. 

Beau: So I told Reuben Dan’s story, how a filmmaker kept getting random emails, or not so random emails, with investment pitches, even threats, really serious threats. And so he had a take.

Reuben Moretz: My best friend shares the same name of another person in another state. They’re both doctors that have the same name. So they’re both Dr. This Person. And if you look them up, like my best friend gets emails and he’s kind of, I wouldn’t say he’s famous, but he is on TV and he does interviews and et cetera. He is, he’s got kind of a high exposure job for what he does, but the other individual does too. He’s just not on TV as much, but for what he does as a doctor is pretty well known as well. So there’s a lot of crossover when you Google them. And my best friend gets a lot of messages and emails, targeted marketing. Teams and sales people that contact him directly and find his phone number to market to him what they think that they’re marketing to this other doctor.

Beau: Dan, I need to ask you, did you ever notice another Dan Sturman out there?

Dan Sturman: I mean, basically anytime I’ve ever released a film at a festival, you know, or a theatrical release where I expect I’ll be getting reviews because I’m insecure and as I mentioned earlier, I feel, you know, sort of affirmed by my prestige email address, you know, I would set a Google alert for the name of the film and I absolutely also have a Google alert just for my name, so whenever people are writing about a project I’m involved in, I can see what they’re saying. When alerts came in, 99.98% of the time, they were about me and there was a 0.02% of the time where I would get an alert about one other Dan Sturman, who I wasn’t paying a lot of attention to, but I did note that he was involved in the internet in some way. I wasn’t super close attention, but the moment when the equation flipped was when he started working for a company called Roblox.

News Clip: Maybe not too surprising to some; I mean, certainly if you’re a parent or you have a kid in your life, you have heard of Roblox. Enormous growth for that platform. You know, you saw the daily active users jump 85% to 33 million. If you are a video game investor, you’re thinking all that growth, all that in 2020. What just happens…

Dan Sturman: For your listeners who are under 30 years old, they probably have heard of it and everybody over 30 has never heard of it, but it is a gaming platform of some kind that had its IPO in 2021, and is now worth like close to a hundred billion dollars.

Beau: Does that make him the real Dan Sturman? 

Dan Sturman: He’s certainly the wealthier Dan Sturman at this point. 

Beau: Here’s where the stories line up. Just like Reuben’s friend, two doctors with the same name, constantly getting each other’s email, Dan wasn’t being targeted for who he was. He was being targeted for who someone thought he was. Back in 2007, thanks to his friend Tucker, he got a premium Gmail address, no dots, no numbers, no middle initials. And when an attacker went looking for Dan Sturman, the filmmaker’s email looked like the other Dan’s, the kind of address you’d expect from a CTO at one of the biggest tech companies in the world who happened to work with Google earlier in his career, and that tiny detail, an email handle from the early days of Gmail, was enough to make our Dan the wrong target. 

Reuben Moretz: My friend, over a spanning many, many, many years since even he’s been an ER physician, has, you know, he has public exposure even in his early part of his career. So even before necessarily privacy services were around, there was still management related to…you know, if any person in a public space, even to the general public, there’s, you know, things to… they Google things and find things and write things that you know may not be true. And then you have to sort of manage those, right? So in this particular instance, there was kind of stumbled upon by happenstance that these two individuals have the exact same name. They have the exact same middle initial. No joke. And they’re both doctors. They’re just completely different doctors in different areas and in different states.

Beau: Wow. Yeah.

Reuben Moretz: Now nothing has happened for, for them, but I have a fair amount of context knowledge to be able to create a persona where I might know enough about one individual to gain access to another one just by saying, you know, just by sort of, oh yeah, the relationship with this other person or the person, ’cause they know each other, you know, loosely just based off of being their names, and they’ve crossed paths a couple times, but it’s enough to create trust just by knowing their name or what they do. 

Beau: For Dan, it turned out to be a bad hacker. No bad intentions, not like a bad… like a threat actor. No, just bad. Like he stunk, he was just bad at his job. They got the email wrong. But in the hands of someone more skilled, more nefarious, the same hack could have worked, I suppose. You know, if they could go lateral from there, they could have built an official looking email using Dan Sturman maybe to fool someone else. But here’s where the scammers got it wrong. They did something that happens with data brokers all the time: they had a false positive, but this was a scammer facing false positive, meaning to say that the scammers didn’t know that they had the wrong person, and they should have because they’re scammers, they’re hackers. They should know these things and they didn’t. So don’t hack me bros, but you screwed up. Okay. So the real threat isn’t just confusion, it’s social engineering.

Reuben Moretz: I feel, because especially if someone is famous or has an established name presence and social media or in media in general, and that’s actually a common social engineering technique, but you don’t hear about it a lot ’cause it’s not as, as popular. It’s called mimicry. Mimic, right? Mimic behavior. So mimic behavior utilizes a social engineering attack to impersonate and establish credibility based on another person and that’s to establish trust. When you have a name that’s associative legally and you have your own online presence and information tied to that name, then these techniques become, if you know what you’re doing, become a vector of attack because you can create trust with other people that that person is associated with. Like you don’t have to potentially obfuscate what your name is to influence someone else’s behavior, to influence the news for someone else. Like in this particular case, I mean, I’m assuming that they did bad things or nefarious things, so that creates some confusion and especially if you’re familiar with the name and that person is well known or famous, then you can by association, you know, think about that person in relation to this bad thing happening, right? So a fabricated scenario, or you could, for instance, for spearfishing, so you could pick the mimicked individual, could be a organization or a person, and craft personal emails that seems like it’s coming from a trusted source as part of a spear phishing attack in order to get someone to, you know, click on a link or a fake news profile. And they immediately or passively just absorb the link or the information because the name is familiar. Right? But it’s not necessarily mimicry at that point. Right? Because you know a lot about them already. It’s still that instance of established trust among, Hey, if I’m impersonating this one person with the same name and I know enough about that person, then that creates a method of attack to the, like a similar, right? So Dan Sturman, Roblox. You know, even if that’s not you, someone trying to impersonate you, going to the Dan Sturman or trying to just to attack them or provoke them on social media is a means of attack. Right? And if I really, depending on what kind of harm I want to do, it’s certainly a vector that I would approach.

Beau: So what do you do when strangers are threatening you and your family and another family you’ve never even met over something you have nothing to do with? Do you try to warn them?

Dan Sturman: I have no idea what the other Dan St. Stern’s email address is, and I’ll tell you why.

Beau: Why?

Dan Sturman: Because he apparently has an incredibly low profile on the internet, and that low profile eventually came to bite me. 

Beau: I’ve got the sneaking suspicion the reason that this other Dan Sturman is such a ghost online is because he is got somebody or a company scrubbing his info for him. I’m just gonna leave it there. That might be something. 

Dan Sturman: Yeah. I mean, let’s put it this way. The other Dan Sterman, I think somehow had made it so he has a very low profile on the internet now. You can’t find his email address, his phone number, his address. You know, the kinds of ways that… I mean, I used to work at 2020 as an investigative reporter. You know, I dug up some extraordinary bits and pieces of information including by the way in the Stamp Thief, which is showing in theaters soon, and there’s incredible reveals in that film, but…

Beau: Did you make a film called The Stamp Thief that’s about to come out, Dan?

Dan Sturman: Yeah. So I know what it is involved in sort of going through wormholes to try to like, dig up information on people and the enterprising ways that one can get that information. And you know, I don’t think… The other Dan Sturman has made it so that you can’t find him.

Beau: That’s great. That makes you the Dan Sturman that’s getting scammed. 

Dan Sturman: I think it very much made me the object of this guy’s ire. You know, because he presumed that I was the Dan Sturman of Roblox and started, you know, threatening me.

Beau: So this guy called… he called your sister, he called you, he left. He said some very strange things.

Dan Sturman: Ican’t remember how many texts we got, but it was, the language in the text made it clear that he was, he had it in for the entire sort of executive staff of Roblox and they were gonna, you know, suffer Jesus’s wrath or whatever the hell this guy was thinking of. As somebody who has not been regularly threatened, I think any kind of antagonism that you get in your direction, somebody giving you the finger on the freeway is enough to like…

Beau: It can seem quite insane. So, obviously if someone’s texting you already, that is a bit insane, but…

Dan Sturman: And it’s intrusive. It’s like, all right, this person’s like somehow entering my life in a way that I don’t know how on earth this person had my phone number. 

Beau: And you don’t have any agency to stop it. So you have this person coming at you. And I guess my point was obviously it seems insane just that they’re reaching out to you in the first place, but the nature of what he was saying sounds like it was a little threatening too.

Dan Sturman: Oh, absolutely. Yeah.

Beau: Okay. And did you at any point feel frightened for the Dan Sturman he thought he was talking to? 

Dan Sturman: I was frightened for myself. I was frightened for the other Dan Sturman. And I was actually frightened for all the other executives at Roblox because it seemed like he had it out for everyone.

Beau: So what do you do when the threats won’t stop and you know they’re not for you, they’re not meant for you? That’s coming up after the break. In today’s digital world, your identity isn’t fully under your control, right? Visibility has its costs and to gain obscurity after becoming visible also has its costs. And when you’re misidentified, the fallout doesn’t just hit you, it hits everyone around you, family, friends, even coworkers. But the internet doesn’t just blur who you are with. It doesn’t just blur who you might be with. It also suggests who you might be with and who you are and all that. And because of that weird cocktail of good and bad information, it can be kind of dangerous. Now imagine you’re suddenly the stand-in target for someone else’s enemies, ’cause that’s what we’re talking about here. You’re getting the threats, you’re feeling the fear because you are being targeted, but it’s not even about you. Okay? So what do you do? It’s about the other guy with your name. How do you warn him? 

Dan Sturman: So, you know, if you ever try to reach out to Facebook or Google or whoever, I mean, most of these, you know, large companies, there’s not a phone number you can call and…you know, a little trick. Most of these companies will have a press office and the press office does want to be contacted, and so they will put out press releases and at the top of the press release will be their phone number. So I dug up a press release on PR Newswire from Roblox, which included a phone number and an email address, and so I emailed and called, and I got a response to my email within an hour, and basically the email I sent was, you know, “Hey, you know, I share a name with your chief technology officer, and I’m getting some pretty scary messages that I’m guessing are meant for him, and he probably ought to know about it.” And so within an hour I got a call back from their head of security who was really kind and sharp and clearly very good at his job. And, you know, he told me a whole bunch of really worrisome information. And basically what he explained is that, you know, they have sort of eight executives who have been targeted, have been getting harassed, have been getting threatening calls and texts and that sort of thing. He surmised that the reason one of the eight, the other Dan Sturman wasn’t getting any of this stuff is because he has such a low profile online. He then explained that three of the eight executives had been swatted over the weekend. 

Beau: That adds a lot of credence to your own feeling, your misgivings, and fear, because it’s exactly what I would be afraid of if I were being contacted by someone who clearly was a little unhinged. And so some of the employees at Roblox were swatted. The Dan Sturman of Roblox was not swatted, which actually adds more credence to the idea that maybe you were going to be swatted.

Dan Sturman: He said A. they were working with the FBI and trying to figure out where this was coming from. They were taking it very seriously. I think specifically, he said something about how the swatting incidents made it sound like it was somebody working at a suicide hotline who was calling the police and saying, you know, I’ve been on the phone with somebody who I think is, you know, in imminent danger and I’m hoping you guys can rush over there because, you know, I think he’s gonna do something rash or, you know, and then would give the address of whoever they were hoping to swat. But basically the security guy essentially told me, “There’s not much you can do on your end. I would advise two things,” and the first thing he advised was that I should call up the non-emergency line of the Los Angeles Police Department and the Sheriff’s office and you know, sort of explain to them my circumstance and explain that if they were to get a swatting call or a call about a disturbance in my address…

Beau: [Inaudible] yeah.

Dan Sturman: You know, please crosscheck before sending out people, responders, you know. Make sure that you crosscheck with me. It just felt like I was like dropping this into like, you know, an abyss of emptiness that there’s no way that they were gonna be able to like, figure, you know, if something were to happen to me, they wouldn’t be cross-checking. ‘Cause that’s not how these departments I assume you know, respond, but I did not get swatted, but I did have strange and ultimately kind of dissatisfying conversations with, you know, both LAPD and the sheriff’s office, where they were like, we’ll do our best, but you know, we can’t really promise anything.

Beau: In the end, Dan was lucky. His hacker wasn’t very talented. Sorry, hacker. They had bad intentions sure, but poor skills. And so everybody was lucky. They just grabbed the wrong email address. But Dan’s story highlights two super important things. First, what happens when your data is public? Okay. A lot. Dan’s gmail was out there, easy to find. The other, Dan, the Roblox guy, his email was hidden and that made the filmmaker the easier target. Second, what happens in the hands of a more skilled attacker? Well, building false trust online doesn’t take much if you’re, if the person hacking you is good at it. An official looking email, a spoofed phone call, a mimic name, that’s social engineering, as you know, if you listen to this show.

Beau: So the question is how do you protect yourself from that? Here’s Reuben Moretz again. 

Reuben Moretz: A healthy dose of paranoia goes a long way. Right? And I say this a lot to our own team and to my family. It’s the same thing I keep repeating to them. It’s a healthy dose of paranoia goes a long way. It means that you don’t have to go to extremes and assume that every single call is fake, right? Even if it’s from a provider for healthcare, if it’s from, like, you’re never gonna get a call from a bank, although, unless you have a personal banker, and then you might, and then it gets a little, you know, it’s, it gets a little suspect there. 

Beau: And that paranoia isn’t about assuming that every call or email is fake. Right? It’s just about noticing patterns and the tricks that hackers lean on the most. You know, being aware of them is a start. The biggest one is urgency. 

Reuben Moretz: Anything that presents itself as urgent in the digital form is not necessarily that urgent from like, from your typical standpoint. Now, if you get alerts, right? One of the things I worry about is people kind of getting smart enough to realize the vectors of attack that actually do have a sense of urgency for like incident response or alerting. 

Beau: Like what? 

Reuben Moretz: Like someone would obscure a incident alarm from PagerDuty relating to an event that would require an immediate escalation, like the use of a root account or a token credentials on an account that’s accessing something from a behavioral analysis that that doesn’t normally have access to or shouldn’t have access to. Right? So it would be a security alert where it would link to an alert or an alarm where you would move, sort of, you would click through these things or click through alerts, right? And those actually create a digital sense of urgency, at least on a security team. So there are methods of attack there that are important to us, you know, a security person that does have typically does have, you know, privileged access to things that could create problems, right? You have access to administrative credentials from someone on the security team that has administrative rights on what can be enabled or disabled from a logging perspective.

Beau: Yeah. 

Reuben Moretz: And we have a tremendous amount of power for what you can do, right? 

Beau: Speaking of administrative credentials, yeah, so I have this theory that Roblox Dan must have used a service like DeleteMe. I tried reaching out to him for an interview and I did not hear anything back. Can you look to see if he’s one of ours? Is he one of us? Is he a customer?

Reuben Moretz: Sure.

Beau: Can you just please look up this Dan Sturman from Roblox and gimme his phone number? 

Reuben Moretz: Like, okay. Okay. It’s, uh, 5 5 5…

Beau: Reuben. Stop messing around. Gimme the real phone number.

Reuben Moretz: 5-5-5- Nothing-burger.

Beau: No, and that is the answer. The answer is 5-5-5-5-5-5-5-5…

Beau: Okay, so, so where are we now? 

Dan Sturman: Well, it’s funny. In preparation for this discussion, I actually did look up the other Dan Sturman. Apparently he has now left Roblox and is consulting with companies and, you know, spending his, you know, his vast fortune and having a nice life, I suspect. 

Beau: Well, good for Dan Sturman.

Dan Sturman: There is one very exciting point to be made, which is that I never spoke to the other Dan Sturman, but the security guy, the head of security at Roblox told me that he’d spoken to the other Dan Sturman and the other Dan Sturman said he was aware of my work and he admired it. 

Beau: Yes. What a perfect way to end. Dan Sturman, thank you so much for joining What the Hack.

Dan Sturman: It has been my pleasure.

Beau: Naomi Klein’s book is Doppelganger. Dan Sturman’s new film, the Stamp Thief. The other Dan Sturman, the one at Roblox? I’m sure he’s having a great day. I could not find him for the life of me. I wasn’t able to get in touch with this other Dan Sturman. I tried. No, no dice and I knew someone who knew somebody who could get me his contact information. [Inaudible] And here I am at DeleteMe with my colleague Ruben Moretz, where, you know, if you need some help, reach out. Okay? And if you have a good story, please don’t hesitate to reach out to me at wth, at joindeleteme.com. I would love to hear from you. Now it’s time for the tinfoil swan, your paranoid takeaway to keep you safe on and offline. So what’s the lesson here? Visibility has its costs. If your information is out there, you can be targeted, right? You can be confused for someone else. You can be the recipient of an attack based on a scammer-facing false positive. So obscurity also has its costs. Okay? It’s true, because if you want to disappear completely, you lose the ability to control your own story. There’s that, and also to disappear completely requires a ton of work, and you might need help. And there are places and including DeleteMe that can help you do that. The balance comes from paying attention, right? Balance as in like yin and yang balance, like good and evil. Pay attention. Ordinary people can take simple steps. Who’s ordinary? Me. You. Monitor your alerts, right? Update your, any update you get from software that you’re using or an app. Update it. Scrub your data when you can and watch closely for phone calls that don’t make any sense. ‘Cause they could be spoofed. The bigger picture, that’s harder. What does it mean for society if none of us can fully control who we are online? If at any moment your name, your email, or your face could be mistaken for someone else’s, well that’s a bigger question for another day. But until that is solved, you are your own guardian here and you have to be careful. So that’s the world we live in right now and the only real defense is to stay aware. I know “be careful” doesn’t sound like good advice, but go slow. Pause and remember that the most powerful tool that you have sometimes is just knowing when to hang up or say no or not pick up at all. Okay? Stay safe out there and we’ll talk to you next week. What the Hack? is brought to you by DeleteMe. DeleteMe makes it quick and easy and safe to remove your personal data online, and was recently named the number one pick by New York Times Wirecutter for personal information removal. You can learn more if you go to joindelete me.com/wth. By the way, if you do use that URL, joindeleteme.com/wth, you’re going to get a 20% discount on DeleteMe’s product, so check it out and again, stay safe out there.

Learn More:

• Learn whether the business you’re dealing with is a scam
• Learn how to keep your information safe so you can become less visible online
• Read up on caller ID spoofing and what makes it dangerous