Despite technology development and regulations such as GDPR including other forks (PIPEDA, PIPL among others), social engineering is still used in combination with advanced technologies to discover and prevent crimes. However, in wrong hands, it might be powerful tool compromising your personal security. Especially today, when many hackers have access to SS7 (and now backward compatible Diameter which structurally contain same logical blocks of MSC and HLR/VLR) network, wide open ability to execute Map commands to disclose your phone Cell ID location and similar data.

Let's assume hypothetical scenario person decide to "disappear from the radar"

Assuming that:

• Person decide to become invisible and prevent anyone from locating.

• Person thrown away mobile phone along with the sim card and buy a new one or start using 'Burner' phone.

• Person thrown away your laptop and buy a new one, making sure no username that connects to you is ever used.

• Person even change city and state..look, appearance, even a gender. Absolute no connection.

• Person gets found within a day.

You are asking how?

One thing is much harder for you to change. It's Social habits.

• Social habit is to have a breakfast at restaurant at about 9am and your new phone goes with person.

• Social habit to enjoy taking a long walk at the park after your breakfast. New phone is walking with person.

• Person like rock music, and have a habit of visiting gigs each Friday? New phone too! ... you name it.

Now query all the phones that used to connect to a base stations in the restaurant, park, rock venue...you name it at the specific time patterns. 

Number of matches: 1. gotya! (more social informations - less the dataset would be)

It's difficult to change social habits if not impossible.

Now let's take a quick look on Facebook New Feature "Random questions to get you know better".

To give some examples of "random" question, among many.

Why is that in place, is it for marketing purposes? Most likely it's used for marketing as well. But assuming you posses some valuable informations, or there's another point of interest, don't get surprised to "accidentally" meet the blonde of your dream, that happens to drink strong coffee, that you happen to see again at your favorite rock concert that is likely to extract from you whatever is needed with ease.

Combine that with Reverse Social Engineering. It's kind a fun living in cyber-punk age, right?

2.2 Billion active monthly users, and assuming you posses that data and need any single of them, this gives you an ability to mess somebodies life real hard in every possible way, while everything looks spontaneous. Even forming such groups.

Whoever is able to acquire and control that social data is able to achieve almost any goal, while utilising people that are totally unaware, by causing spontaneous, yet controlled reactions that are almost impossible to reconnect with the final goal.

Of-course, don't shut at the blonde of your dream if it happens that she knows to change the tire. It might be a coincidence :) However, push regulation bodies to include Social Habits as protected categories within Privacy Impact Assessments and apply same measures of protection as they would be for other sensitive categories. 

Currently, frameworks derive PIA categories from each other in order to establish "Adequate Jurisdiction" / SIC in order to provide ease of cross border data transfers.

Some of top levels: Personal Contacts, Employment informations, Government issued records etc. However we don't have most vulnerable one. Social Thumbprint which is, apart from DNA the only one close to impossible of changing and as such making physical person most vulnerable to profiling.

If we want Privacy Protection to really prevent triangulation establishing a connection with physical person, Social Thumbprint needs to become included within the top level category.

Please share your opinions.