I publish a family tree website online for my family which includes names, date of birth/location, and occupation if known of relatives extending to 3rd/4th cousins. After a year online I’ve had rave reviews by 99% of my family, but some extended members wished to have birthdates removed or to be removed completely since they work in sensitive areas (police, etc). I have other family members that are very pro-publishing the information and say to just remove those who specifically ask.
At first I thought possibly publishing birthdays was dangerous, but then I went to Anybirthday.com and entered my last name I found my father’s, grandfather’s, uncle’s, and cousin’s birthdays published right there online, so it’s not like this information is impossible to obtain.
So what’s the straight dope - is publishing someone’s name/birthday online dangerous or not?
It is considered very bad etiquette in the genealogy community to publish data about living persons on the Internet. In all of the family trees I have posted to the Internet, living persons are listed as:
John Maynard Doe (1913-1988)
m. Jane Tyler Roe (1915-2000)
a. Living Doe
b. Harold Doe (1938-1991)
c. Living Doe
d. Living Doe
All of the major brands of genealogy software can do this masking for you when you export a file to the Web.
Why? For one example, many financial institutions ask for your mother’s maiden name when verifying your identity. Posting family trees that include the names of living persons facilitates identify theft in that manner.
Also, AnyBirthday.com does not include people under 18 years of age. Sounds like your family tree on the Web does.
You should never publish anyone else’s personal information without their permission. This includes full names, parent’s names, birth info. You really must have an “opt in” rather than “opt out” system. I would be royally ticked off if I found out you had published my personal information. I cannot spend 24 hours a day searching the web for whoever has posted my info.
Some general cautions:
If you don’t know if that 3rd cousin born 90 years ago is living or not, list them as “Living Doe” as well.
It is also not a good idea to publish personal info about people recently deceased. Identity theives love to take over the ID of someone who just died, which will nonetheless cause headaches for the deceased’s family. Different people have different rules about when to consider someone’s info not safe to publish. My rule is “born in the last 120 years.”
If your question is simply “Is this dangerous?” I think the answer is theoretically*, but there are much better (& certainly many other), ways to get this information than searching through genealogical databases. If a badguy is willing to pay for an on-line search and has your name and city he can pull your financial history, your property owning status and criminal record inside a week. He can do that by opening your database or the white pages or the local paper (Heroic Danville Police office John Jones, 50, today caught…)
*Besides the reasons listed, one scenario is if the Identity thief looked like a “headshot” it is possible that might help make false ID’s. The thief certainly doesn’t need that assist though.
Having said all that: I agree with the previous posters general sense: bad etiquette, most professional genealogists won’t do that, I’d be pissed if you put me up without my permission.
With permission though, it is way overblown to say your db is “putting your family in danger”. More like*“Possibly making it marginally easier for evildoers bent on hurting you*”.
Note that there is a big difference between just prowling for “anybody” whose id can be taken over, vs. targeting a specific person. Online genealogy makes the former trivial. The more my info appears online, the more likely I will get hit.
Well I am just the Webmaster, the site is fueled by one of my uncles who is very into genealogy - he has taken classes, visited graveyards all over the country, and browsed thousands of microfilms. He is always making new contacts off the site and doesn’t want any data removed. Therein lies the problem - I would probably just publish names (minus middle name maybe) and year of birth, not date, but he is very adamant about leaving the site the way it is. He says it should be more of an “opt out” and that 99% of the family has given rave review of our site - so just to remove the 2 or 3 that have had a problem (out of a couple hundred) and leave the site the way it is.
Again, I’m just an archivist, a webmaster. I enjoy manipulating a lot of data and organizing it in a fashion my relatives an use. But the genealogist behind it all tells me the site is perfect.
See my predicament?!?!
Thank you for the input, I will take in what all of you said and think about what should be done. I welcome anymore input as well.
Does the info have to be public? What if you have a public version which omits the “sensitive info” of the living, and give password protected access to a complete version, with names, photos, birthdates, etc.
On the public version you can have an email link for yourself so you can screen the person (or have your uncle screen the person) before giving them login info for the password protected part of the site.
This way, people can still find your site via search engines. They can find the public part of the site. I suspect anyone searching for your family would mostly have the names of deceased relatives anyway, and use those for a search. This has been my experience anyway.
You can either have your web host set up NTFS (or the linux equivalent) permissions, or use a variety of different methods for programming password-protected pages. I use basic ASP to do my password protection, but you can also use PHP I’m sure, and perhaps javascript, Perl, etc.
I’d help you with setting it up but I’m sure I’d get flamed for my ASP-ness
I’ve thought about this and you’re exactly right - people would still find the names of ancestors on the site. But although I’m the “Webmaster”, I don’t know much beyond basic HTML. I’ve tried using an ASP program to generate thumbnail pages from directories but had no luck, and I think some other Dopers said my host (onedollarhost.net) wasn’t configured properly for this?
But yes, I’d love to do a public and private tree if I could figure such a thing out! Do you know of anywhere I could learn to do this easily? And what method would be best?
If your host doesn’t support ASP then it’s a Unix-based host (not running ChiliSoft ASP)
do google searches for “javascript password protect” “perl password protect” and “php password protect” to find free and cheap scripts to use. They will come with info on how to set them up.
Perhaps someone here will give you an idea as to which is easiest and most safe.
I checked out onedollarhost.net. They offer plans for both Windows and Linux servers, so its possible your site would support ASP. If you want to tell me the URL of your site, I can tell you if it supports ASP.