I've Been Mugged Blog

Symantec recently launched its Norton Online Risk Calculator, an online tool that computes the black-market value of a consumer's sensitive personal data. I tried this calculator to see what it was all about.

First, the calculator asks basic information about your online habits and general demographic data (e.g., gender, age range, whether you have an e-mail account, etc.). Smartly, the calculator asks you for an age range and not your specific birth date. Otherwise, I wouldn't have completed the calculator.

Second, the calculator ask questions about whether you do banking and shopping online. The tool includes related questions about whether you bank online and pay bills online. It also asks if you shop online with a debit card, and whether you have installed and use anti-virus and spyware software on your computer. The calculator asks a very relevant question about whether you disclose on social media sites your birth date. The calculator also asks you to estimate to the total value of your online accounts and what you think thieves would pay for your sensitive personal data (e.g., name, address, birthdate, and bank account information).

Prior I've Been Mugged posts have explored the value of stolen consumer data, the risks of disclosing your birth date on social media sites, how to create strong online passwords, how to avoid getting your e-mail account hacked, and how to recognize phishing e-mail spam and sites. Unfortunately, many consumers believe their computers are protected by anti-virus software when in fact they aren't. And, it is extremely difficult to tell when your computer is infected by spyware and botnet software.

According to the Symantec calculator, my sensitive personal data is worth about $30.29.

Is this risk calculator any good? Part of me feels that it is a slick method to advertise their Norton anti-virus software. After you complete the calculator, the site does present a couple of their software products. Like any other viral application, the site presents a "Send to a Friend" link at the end, hoping you will disclose your friends' e-mail addresses and tell your friends about the risk calculator. I did not refer any friends.

Symantec could have done a better job with this calculator. Why?

1. The calculator should have been produced as a secure site (https://), which it isn't.
2. The calculator is a Flash application and the site does not disclose how it uses the Flash cookie on the consumer's computer.
3. The calculator does not state what it will do with your answers, how long it will store them, and what other companies it will share the information with. The site has a general link to Symantec's Privacy Policy.
4. The calculator does not ask if your sensitive personal data has actually been exposed already during a data breach, nor did it ask if the consumer monitors their credit reports with a credit monitoring service, nor did it ask if the consumer already protects their credit report data with a Security Freeze.
5. The calculator did not ask any questions about whether you use RFID or contactless credit/debit cards.

My recommendation: skip this site. It's just not worth it. I expected something far more rigorous from a security software company.