“Here I was on a ship in the Persian Gulf, with very little connection to the outside world, and someone was running wild with my money back stateside.” That reader continues his long story below—but first, here are a few short anecdotes from readers. Stephanie writes:
Have I ever been hacked? Sure, lots of times. I had my identity stolen several times when I lived in California, even before the internet was a thing. One of those thieves opened credit accounts and went bankrupt, which made for a real mess when I tried to get my first credit card. About once a year, I have to close a credit account because of fraud. Usually, I am notified by the issuing card company of suspicious activity.
My father lost his life savings in several accounts when thieves stole his debit card and checks. One of my email accounts has been hacked. My Facebook page has been hacked. So yeah, I’ve had experience with this.
So has this reader:
Who hasn’t been hacked? I’ve had my checking account compromised in a major way six times in eight years and many smaller breaches, but I’ll just tell you about nos. 2 and 3.
Someone bought $6,000 of furniture in Italy (we are in NJ) so that brought us down to $0.00 on the first of the month. Naturally we were at the bank within minutes and everything was fixed to our absolute satisfaction. This was on a Sunday.
Then on Tuesday our account was drained again, with our new debit card numbers. Within two days, how could this happen? Somewhat hysterical, I was allowed to reach the Fraud Investigation Department of our national bank. He told me they had 250 employees who investigated fraud. This was almost a decade ago. Wow, he had no idea yet how the first event happened but was quite sure the second one came from a hidden camera at an ATM machine which at that time was a fairly new method, at least to me.
Here’s the scoop now: I check my account online almost every day. I don’t know if that sets me up for vandalism or not, but I have caught untoward things before they roll out of control—recently a small charge for something on my card but using my husband’s name. This is apparently a practice to see if the account is valid before they do the big hit.
I am resigned that this is going to keep happening despite all efforts by the banks. It is a new world and realize that and watch your bank account daily.
Just a few weeks ago, I got a text alert from my bank asking if I charged 29 cents on my credit card in Georgia. I’m in D.C., and I can’t imagine ever buying something for 29 cents, let alone with a credit card, so the bank promptly cancelled my card and sent me a new one—but the mailing address was muddled and it didn’t arrive for a while, causing a bit of a headache while I was traveling to Minnesota over Thanksgiving. But this reader had it much worse:
I am a midshipman at the United States Naval Academy, and I along with many of my shipmates were a part of the OPM breach. However, my story is about a different, more common hack: getting your credit or debit card information stolen. This happened at around the same time as the OPM breach, so it may or may not be related.
As part of the training at the Naval Academy, midshipmen after their first year are sent a ship in the fleet to shadow an enlisted sailor for a month. I was lucky to be sent to USS Rushmore while she was on deployment in the Persian Gulf. It was a great experience where I was able to see the terrific people that we have in our Navy.
I kept in touch with my family through Facebook messages over the ship’s extremely slow satellite internet connection. One day, about two weeks in, I got a message from my family that my bank, Navy Federal Credit Union, had contacted them about fraudulent charges.
Here I was in the middle of the Persian Gulf, with very little connection to the outside world, and someone was running wild with my money back stateside. I contacted the officer in charge of us midshipmen on the ship, and she was able to allow me to use the ship’s satellite phone to call Navy Federal and sort this out. We went through the recent charges and I identified which were fraudulent. Interestingly enough for the worker on the other end of the call, the fraudulent charges were from convenience stores in Pennsylvania, not from the Amsterdam airport or Bahrain.
Navy Federal has a very good policy for this sort of thing, and I was not liable for the charges at all. As midshipmen, we do not get paid very much. However, my card had to be canceled, so now I had no access to money on the other side of the world. I had no money for liberty in Dubai and no money during my travel back stateside. In our mandatory cybersecurity classes at the Academy, we would call this result an attack on the cybersecurity pillar of Availability.
I was lucky to have good midshipmen friends who helped me out during this crisis, and I eventually payed them back. However, theft of credit card information is extremely common. These days, it is not really a question of if, but when. A young enlisted sailor who is in a more precarious situation than I am could be put in a pretty bad place. That sailor might not regularly contact someone back home, and may return from deployment nine months later to see this problem become way out of hand.
Our servicemembers are particularly vulnerable to this kind of thing, especially when they are on deployment, but it is extremely difficult to prevent this sort of hack. The best defense is probably early alert procedures and a generous policy for resolving fraudulent charges on service member’s accounts after the fact.
Thank you for soliciting these responses, I’ll be interested to see other stories.
If you have your own story, especially one that don’t involve money theft—private emails? private texts? your online dating or porn history? sensitive work info? —please send us a note: email@example.com (we would post it anonymously). Update from another reader:
Several years ago I had my identity stolen and apparently sold to a variety of thieves, who attempted to open about a dozen credit-card accounts with my info. I filed numerous federal and local reports, retained services of an Identity Theft consultant for a year (paid for by my insurance company), spent dozens of hours on the phone, and created voluminous files and records of the entire situation to share with law enforcement, credit bureaus (all three), bank credit card fraud prevention managers, etc..
Our local sheriff’s department detective was very sympathetic but basically told me they accepted reports but didn’t investigate these (frequent) crimes because they didn’t have resources, even though we provided the addresses of phony drop boxes in our state where the thieves were obviously picking up the mailed credit cards had they been successful open obtaining any.
The three credit bureaus are totally unhelpful in helping to resolve these crimes. They apparently see them as a chance to sell you more fraud-detection software and will only place a mandated long-term (seven-year) block on your credit records (rather than the year or less they grudgingly offer) if you can provide copies of local reports to law enforcement plus the Federal Trade Commission ID Theft report. In other words, they are more interested in converting your problem into a revenue source for themselves. Federal legislation around the credit bureaus is as full of loopholes as Swiss cheese, due no doubt to their extensive lobbying efforts to our elected representatives who are supposed to be protecting citizens’ interest.
Then, to add even more grief to the experience, one friendly bank-fraud-prevention manager was kind enough to tell me that, based on his lengthy experience with these activities, once we got the fraudulent requests stopped, we could look forward to having it all start up again in about six months—which is apparently the maximum amount of time most people are able to get the credit bureaus to flag their accounts. And sure enough, after just about six months to the day, we had more fraudulent credit-card requests start hitting again—fewer this time, probably because the crooks figured out pretty quickly we had placed the seven-year-block flags in place, rather than the usual short-term blocks most victims end up with at the bureaus.
This is a big, serious problem that is not getting the attention from our elected officials it deserves. These slime balls can reach out from anywhere in the world to ruin your life, mostly with impunity, and it’s obviously getting much worse, since we’re seeing hackers now being accused of breaking into government systems and influencing our elections. This is totally a federal issue because of the state (and national) border lines crossed in the activity. Our national security and military tech specialists probably already have the capability to catch these criminals, they just need the motivation and direction from our political leaders paying attention to the number of honest taxpayers who are being preyed upon.
Suffering a data breach is like discovering that someone rummaged through your bag when you weren’t looking. It’s a jarring invasion of privacy, whether the information stolen is as impersonal as a Social Security number or as intimate as years of emails, texts, and pics. For years, The Atlantic has been covering cyberattacks that target individuals, companies, and even the U.S. government—and the ways those intrusions affect personal, financial, and national security. We’ve compiled some of our best coverage in a new landing page, “The Atlantic Revisited: Navigating the End of Privacy,” and below are brief descriptions of those 18 pieces from our archives.
Everything Is Hackable ...
The U.S. presidential election captured the interest of leaders the world over—even inspiring some to try and influence the outcome. The U.S. Intelligence Community accused Russia of trying to manipulate the outcome of the election, but experts are divided on whether the digital interference is just a 21st-century version of politics as usual, or if it represents an unprecedented level of meddling in U.S. domestic affairs. (“What the DNC Hack Could Mean for Democracy,” Uri Friedman, August 2016)
For millions of people in the U.S., the internet went down for hours one Friday in October. The culprit: A botnet made up of poorly secured DVRs and webcams. Someone had commandeered hundreds of thousands of the internet-connected devices, turning them into pawns in a coordinated attack against a critical piece of the internet’s infrastructure. (“How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit,” Robinson Meyer, October 2016)
When the Office of Personnel Management was hacked last year, more than 22 million people had their sensitive personal information—including Social Security numbers, addresses, and, in some cases, even fingerprints—stolen. When the victims got letters in the mail saying their information was taken, they had to reckon with the new risk of identity theft, and take action to protect themselves. (“Your Data Is Compromised. (Yes, Yours.) What Now?,” Kaveh Waddell, July 2015)
An online tool offered by the Internal Revenue Service allows taxpayers to easily check their tax history, but for a while, it didn’t do a good job of verifying users’ identities. Hackers used personal information gleaned from other data breaches to trick the tool into divulging people’s tax documents, which helped them file around $50 million in fraudulent tax returns. The breach was initially estimated to affect about 115,000 people, but after further investigations, the government realized that the victims numbered nearly 725,000. (“The IRS Hack Was Twice as Bad as We Thought,” Kaveh Waddell, February 2016)
Executives and employees at Sony Pictures woke up one day in 2014 to find their dirty laundry posted online—and indexed for easy searching—after a group calling itself the “Guardians of Peace” stole a trove of emails, salary information, and other sensitive data from the entertainment company. The FBI pointed fingers at North Korea, but security experts questioned whether it was possible to know exactly who was behind the cyberattack. (“We Still Don’t Know Who Hacked Sony,” Bruce Schneier, January 2015)
When Ashley Madison, a website that helps adults find extramarital affairs, was hacked, it was more than just mortifying for the millions of outed users. It was an introduction to “organizational doxing,” the practice of stealing enormous amounts of data from a company or government agency and publishing it online, heedless of the collateral damage it will cause. (“The Meanest Email You Ever Wrote, Searchable on the Internet,” Bruce Schneier, September 2015)
A hospital in Los Angeles switched to paper records and started turning patients away after its computer systems were infected with a virus that locked up vital data—and demanded a $3.6 million ransom to return it. (“A Hospital Paralyzed by Hackers,” Kaveh Waddell, February 2016)
Nude photos of female celebrities ricocheted across the internet after they were stolen from the celebs’ iCloud accounts and released online. But despite years of attempts to pass legislation that would slap special penalties on people distributing explicit images of people without their consent—a practice also known as “revenge porn”—only a few states actually have such laws on the books. (“Why Congress Won’t Help Jennifer Lawrence,” Lucia Graves, September 2014)
When Deb Fallows found her Gmail account acting funny one day, it wasn’t just a temporary bug: A hacker had gotten into her account and sent fake distress calls to all her closest email contacts, asking for money. In the following days, Deb and her husband, Jim, went on a hunt to regain control of the account, recover years of lost emails, and figure out just what had happened. (“Hacked!,” James Fallows, November 2011)
How long would it take a fake smart toaster, sitting alone in the massive sea of internet-connected devices, to get hacked? Andrew McGill dressed up a rented server to act like a web-connected toaster to see if any hackers would bite—and watched as the next 12 hours brought more than 300 attempts to take over the fake toaster. (“The Inevitability of Being Hacked,” Andrew McGill, October 2016)
Use a wireless keyboard at work or at home? Security researchers have found that many low-end models don’t use industry-standard security practices, instead transmitting between keyboard and computer with weak encryption—or no encryption at all. With the right tools, a hacker can spy on every email, password, and credit-card number being typed on a vulnerable keyboard nearby. (“Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away,” Kaveh Waddell, July 2016)
Have you ever been hacked? Were you, for example, one of the 22 million people caught up in the OPM breach? Have you had your email account compromised like Deb’s? Have your photos or other sensitive files been stolen? We would like to hear from you. Please send us a note about the experience to firstname.lastname@example.org and we will aim to post it here in Notes (anonymously, if you prefer).
… So, How Do We Defend Ourselves From the Hacker Onslaught? Here are several pieces that approach that question:
A team of 600 Homeland Security Department employees (and 400 contractors) works with private companies to secure infrastructure and public utilities around the country, from major-league ballparks to water plants to banks. They prepare for attacks that might be delivered by a suicide bomber driving a truck—or quietly over the internet. (“Meet the People Who Protect America’s Critical Infrastructure, Steven Brill, August 2016)
China’s cyber army is one of the top two or three online threats to the U.S., experts say. But the best way to contain the danger may be to work with, rather than isolate, China’s leaders. (“Cyber Warriors,” James Fallows, March 2010)
The two groups most dedicated to keeping the internet safe are sequestered on opposite coasts: the government’s suited and military-uniformed policy wonks in Washington, and hoodie-clad hackers up and down the West Coast. Getting them to work together is crucial, but it isn’t always easy. (“Suits and Hoodies: The Two Cybersecurity Cultures,” Justin Lynch, February 2015)
One afternoon in late October, teams of college-age hackers assembled in a room in Washington, D.C., and assailed a model water-treatment plant with cyberattacks, quickly bringing it to a screeching halt. Recruiters from Uber, Northrop Grumman, and the federal government flitted from table to table, eager to snap up young talent to help secure their own systems against attacks. (“Inside a Hacking Competition to Take Down a Water-Treatment Plant,” Kaveh Waddell, October 2016)
Skilled “white-hat” hackers—security researchers who use their computer skills to protect organizations from online threats—are always in short supply. But to keep them from being lured into illegal hacking, companies may have to be willing to pay out bigger salaries and “bounties.” (“When Ethical Hacking Can’t Compete,” Donna Lu, December 2015)
Apple’s standoff with the FBI over a locked smartphone that belonged to one of the San Bernardino shooters showed off the quality of the iPhone’s security safeguards. Most phones on the market wouldn’t have stood up to the federal government’s attempts to hack them. (“Encryption Is a Luxury,” Kaveh Waddell, March 2016)
Trump does little to hide his disdain for journalists—or his desire to sue them when he disagrees with what they write. It’s more important than ever for reporters and activists to protect their data and communication from prying eyes, but these tips—which touch on encrypted messaging, managing passwords, and browsing the internet anonymously—are just as relevant for our average reader. (“How Can Journalists Protect Themselves During a Trump Administration?,” Kaveh Waddell, November 2016)
In that last piece, I sketched out some ways you can protect yourself and your data from the prying eyes of hackers:
Signal, a smartphone app, is the medium of choice for privacy-conscious communicators, and is probably the easiest way to call or text securely. Encrypting email using PGP is also an option, but it’s far more cumbersome.
It’s also important to make up complex passwords—and never to reuse a username and password combination for more than one site. Password managers like 1Password, LastPass, and Dashlane can create a different randomized password for every website, and remember them all so that you don’t have to.
Turning on two-factor authentication on every service that supports it—Google, Slack, Dropbox, Amazon, etc.—makes it much harder for hackers to get into your accounts, by requiring you to approve every login with a mobile device. And for those who need to browse the internet securely, a properly configured Tor browser allows users to poke around the web anonymously.
Do you have any additional tips for how to keep your data safe? Please send us a note: email@example.com.
I’m no computer expert, but I’ve read that a risk of using an unencrypted router for your home WiFi exposes you to someone parking outside your house (or in the next apartment) and poaching your WiFi to access and download material for their own purposes, such as child-porn, which could be traceable to passing through your system.
Indeed, there’s this cautionary tale: “Innocent Man Accused Of Child Pornography After Neighbor Pirates His WiFi.” There’s this quick guide from PC Mag to help protect you from the same fate. Another reader adds, “There was this case in England in 2003”:
Last October, local police knocked on his door, searched his home and seized his computer. They found no sign of pornography in his home but discovered 172 images of child pornography on the computer’s hard drive. They arrested Mr. Green.
This month, Mr. Green was acquitted in Exeter Crown Court after arguing that the material had been gathered without his knowledge by a rogue program created by hackers—a so-called Trojan horse—that had infected his PC, probably during innocent Internet surfing. Mr. Green, 45, is one of the first people to use this defense successfully.
As for the question of “receiving” illegal images, I am reminded of the 1967 action of the Yippies, mailing joints to 3,000 randomly chosen strangers, with a letter pointing out that receiving drugs was a federal crime, and they might as well smoke it.
Earlier this week on The Atlantic, security expert Bruce Schneier took stock of our collective anxieties in the wake of the Ashley Madison hack. Is our online activity ever really private? A reader takes that worry a step further:
In a non-material realm where all data can be fabricated and easily transferred, what’s to prevent hackers from framing people?
The example I keep returning to is Internet child porn. In the case of criminal offenses like that, the presumption of innocence tends to get hindered from the outset by the severity of the charge. The mere accusation is enough to put someone under a cloud of suspicion, or to impeach their credibility. And it seems to me that anyone who can hack a computer network can also compromise someone's home computer to plant files on it.
I have to say, I don’t know enough about either computers, the “cloud,” or the workings of child porn investigations to know whether it’s actually possible to frame someone for information found on their computer that’s put there without them suspecting it. I know even less about how much of a challenge that might present, or how to protect oneself against that vulnerability.
I only know that planting child porn, or terrorism-related information, or participation in some Darknet market illegal business, or adding someone’s personal info to a website like Ashley Madison without their knowledge, seems like an obvious gambit for a dirty trick.
In my observation, people who dismiss this possibility as mere paranoia are people who have never found themselves in the middle of a political controversy, or a nasty divorce, or cutthroat competition in business, or other sorts of professional or personal rivalries. Some people are up for soliciting murder, after all. It stands to reason that a somewhat larger number of people would be willing to ruin someone or eliminate them by planting evidence on their computer—or by hiring someone to do that—in a New York minute. After all, someone was willing to do this.
I’d be interested in learning anything more about that risk that I could find out from other readers.
The fact that many child porn cases are for “receiving” illegal material indicates that arranging for certain kinds of stuff to be emailed to a person might be enough to make trouble for that person. And since we all get tons of spam email offering us adulterous relationships, chemical aphrodisiacs, or genital enlargement, it seems like about 100 percent of people online could be smeared easily if someone was so inclined.
I have no idea how high the bar is set for legal action, but the stories you see in the news often sound like they contain much more outrage than innocence. However, legal action isn’t needed if your goal is to hound, humiliate, and harass some poor person over crap they “received” over the internet.
Despite the easing of taboos and the rise of hookup apps, Americans are in the midst of a sex recession.
These should be boom times for sex.
The share of Americans who say sex between unmarried adults is “not wrong at all” is at an all-time high. New cases of HIV are at an all-time low. Most women can—at last—get birth control for free, and the morning-after pill without a prescription.
If hookups are your thing, Grindr and Tinder offer the prospect of casual sex within the hour. The phrase If something exists, there is porn of it used to be a clever internet meme; now it’s a truism. BDSM plays at the local multiplex—but why bother going? Sex is portrayed, often graphically and sometimes gorgeously, on prime-time cable. Sexting is, statistically speaking, normal.
The Dominican Republic deported an estimated 70,000 to 80,000 people of Haitian descent over three years. Those left behind live in a state of institutionalized terror.
This is a story about what happens when you limit birthright citizenship and stir up hate against a certain class of immigrants. It takes place in the Dominican Republic. Like most countries in the Americas, for a century and a half the Caribbean nation’s constitution guaranteed birthright citizenship for anyone born on its soil, with a couple of exceptions: the children of diplomats and short-term travelers. And like most other peoples in the Americas, Dominicans have had a more complicated relationship with immigration than the framers of that constitution might have anticipated.
The Dominican Republic has long been dependent on a steady stream of cheap immigrant labor that cuts its sugar cane, builds its buildings, and staffs the beach resorts that draw in billions of foreign dollars a year. Almost all of that labor comes from the only country close enough, and poor enough, to have people who want to immigrate in large numbers to the Dominican Republic: its Hispaniolan twin, Haiti. Some working-class Dominicans without clear Haitian roots resent poorer neighbors willing to accept lower wages and tough conditions. Many wealthy Dominicans who profit wildly off the cheap labor supply are eager to have strict immigration laws in place, too—not because they want less immigration, but because they want a freer hand. Immigrants in the country illegally have no protection from workplace regulations and can be rounded up, deported, and replaced whenever convenient—including right before payday. (Sound familiar?)
Despite vast increases in the time and money spent on research, progress is barely keeping pace with the past. What went wrong?
The writer Stewart Brand once wrote that “science is the only news.” While news headlines are dominated by politics, the economy, and gossip, it’s science and technology that underpin much of the advance of human welfare and the long-term progress of our civilization. This is reflected in an extraordinary growth in public investment in science. Today, there are more scientists, more funding for science, and more scientific papers published than ever before:
On the surface, this is encouraging. But for all this increase in effort, are we getting a proportional increase in our scientific understanding? Or are we investing vastly more merely to sustain (or even see a decline in) the rate of scientific progress?
The backlash against the incoming congresswoman’s “very nice” outfit is both tedious and predictable.
Earlier this week, Alexandria Ocasio-Cortez posted a tweet: At congressional events, she shared (the representative-elect of New York’s 14th Congressional District is currently in Washington for a series of orientations on the workings of the House), she keeps being mistaken for an intern. Or sometimes for the spouse of the person who must be the true new member of Congress. Ocasio-Cortez, a young woman who is also a woman of color who is also a democratic socialist—a politician who won her election, earlier this month, with 78 percent of her district’s vote—keeps getting told that she doesn’t quite belong in Congress. Her tweet sharing that experience was punctuated by a face-palm emoji. It went viral.
Yet nearly half of all married couples are likely to divorce, and many couples report feeling unhappy in their relationships. Instructors of Northwestern University’s Marriage 101 class want to change that. The goal of their course is to help students have more fulfilling love relationships during their lives. In Marriage 101 popular books such as Mating in Captivity and For Better: The Science of a Good Marriage are interspersed with meaty academic studies. Students attend one lecture a week and then meet in smaller breakout groups to discuss the weekly topics, which range from infidelity to addiction, childrearing to sexuality in long-term relationships.
While the revelation of an apparent indictment against Julian Assange sets an ominous precedent for news organizations, it also serves as a reminder of his group’s stark transformation.
Before the WikiLeaks founder Julian Assange was an international fugitive, he was running a little-noticed experiment in radical transparency. In the early 2000s, his then-obscure site WikiLeaks was mainly concerned with posting small batches of previously private documents ranging from Swiss bank documents to Sarah Palin’s emails.
Then, in 2010, WikiLeaks posted a graphic video depicting the killing of perhaps a dozen Iraqis, including two Reuters journalists, at the hands of the U.S. military. The video brought the organization acclaim from civil libertarians and transparency advocates, and infamy within the U.S. military and elsewhere. Soon after its release, WikiLeaks posted its largest-ever cache of leaked material: a set of diplomatic cables and Army documents, many of which concerned the conduct of the wars in Iraq and Afghanistan. If WikiLeaks began as a mere internet curiosity when it was founded in 2006, within four years, national-security officials in the United States were publicly depicting it as a threat.
The billionaire is drilling for futuristic transit under Los Angeles. He didn’t have to ask the neighbors first.
Vicky Warren feels like she’s been attacked from all sides lately. Across the street from her rental apartment in the working-class Los Angeles County city of Hawthorne, noisy planes take off and land at all hours, diverted to the local municipal airport from wealthier Santa Monica, where neighbor complaints have restricted air traffic. On the other side of her apartment, cars on the 105 Freeway sound the frustration of L.A. traffic. She’s even getting assailed within her walls: Termites have invaded so completely that she can’t keep any food uncovered. Flea bites cover her legs; rats are aggressively attacking the boxes she has stored in her garage.
So Warren was disappointed, but not surprised, to learn that invaders are coming from underground, too. She lives on 120th Street, where 40 feet underground Elon Musk’s Boring Company is building a 14-foot-wide, mile-long tunnel to pilot a futuristic transit system untested anywhere in the world. When it’s finished in December, the tunnel will start at the nearby headquarters of SpaceX, Musk’s aerospace company, and end a few blocks past Warren’s apartment. “We’re just sandwiched in between so much already,” Warren told me, shaking her head.
Language apps like Duolingo are addictive—but not particularly effective.
Late one chilly evening last September, I excused myself from a small group huddled around a campfire to peck at and mumble into my phone.
No way was a camping trip going to make me miss my Italian lesson.
For most of the preceding year, I had religiously attended to my 15-minute-or-so daily encounters with the language-learning app Duolingo. I used it on trains, while walking across town, during previews at the movie theater. I was planning a trip to Rome in the late spring, and I’ve always been of the mind that to properly visit a country, you’ve got to give the language a shot.
But I had another reason for sticking with it: Duolingo is addictive. It pulled me right in, helping me set daily goals and then launching into simple phrases. Sometimes it demanded that I speak an Italian phrase or sentence (which I always did correctly, to hear Duolingo tell it). But more often it asked me to translate Italian phrases and sentences into English, or vice versa, providing multiple-choice responses. No tedious grammar or vocabulary drills—that stuff, apparently, would seep into my consciousness via exposure to increasingly varied, complex, and interesting sentences.
In their tween and teenage years, girls become dramatically less self-assured—a feeling that often lasts through adulthood.
The change can be baffling to manyparents: Their young girls are masters of the universe, full of gutsy fire. But as puberty sets in, their confidence nose-dives, and those same daughters can transform into unrecognizably timid, cautious, risk-averse versions of their former self.
Over the course of writing our latest book, we spoke with hundreds of tween and teen girls who detailed a striking number of things they don’t feel confident about: “making new friends,” “the way I dress,” “speaking in a group.” In our research, we worked with Ypulse, a polling firm that focuses on tweens and teens, to survey more than 1,300 girls from the ages of 8 to 18 and their parents. (The sample was broadly representative of the country’s teen population in terms of race and geographic distribution.) The data is more dramatic than we’d imagined: The girls surveyed were asked to rate their confidence on a scale of 0 to 10, and from the ages of 8 to 14, the average of girls’ responses fell from approximately 8.5 to 6—a drop-off of 30 percent.