Archive

Archive for the ‘Privacy’ Category

Facebook Photo Hack Bypasses Privacy Settings

March 7, 2012 3 comments

Do you use Facebook?  Since over 700 million people do, the odds are pretty high that you fall in this category.  Are you concerned with your privacy and want control over who sees your content?  Have you taken all the steps necessary to keep your private information private and feel pretty good about yourself?  Well think again.  While you may be taking every precaution to keep your data private, some items (such as your photos) are totally open.  Still feel good about yourself?  Keep reading.

Let’s say that you are on vacation and decide to take a few pictures to memorialize the trip.

You want to share your pictures, but you only want to do so with some of your closest friends (you don’t want these photos to be public).  So, you select the upload photo option, point to the picture on your local computer, make sure that the Friends option is selected, and click Post.

The picture appears on your wall where only you and your friends can see it.  You verify this by viewing the audience for the picture as follows:

Your friends comment and you all get a big laugh from the picture.  But one of your not so close friends thinks it would be funny to show the picture to someone else – outside of your friends community – without your permission.  Now, they could download the picture to their local computer and upload it somewhere else, but that takes too many steps – Facebook makes it much easier for you to be compromised.

Simply click on the image to open Facebook’s photo viewer.

Now right-click on the photo and select “Copy Image URL” from the browser menu that opens.  You will have copied something like this:

https://fbcdn-sphotos-a.akamaihd.net/hphotos-ak-ash4/417289_3438286326144_1540095830_3027971_342095865_n.jpg

If you look at the URL, you can see that this image is not hosted on Facebook’s site.  Instead, it is hosted on Akamai’s site (a place where your privacy settings do not apply).  By simply knowing this photo’s URL, anyone in the world can see this picture.  All your “friend” has to do is share out this URL and all the time and efforts that you have taken to be private are now out the window.

Don’t believe me?  Try this for yourself.  Or simply click on the link above to see a picture that I have supposedly made private in Facebook.

Which Line Do You Want To Be In?

March 3, 2012 1 comment

I stumbled across the following image the other day and thought it was too good not to share.

Consider the information that you share with social networking sites on a daily basis.  Are you guilty of giving up your privacy in return for things that are transient?  I think to some degree we all are.  We have become a society that is willing to trade the important things in life for short term gain.

But it is time to ask yourself, which line do you want to be in?

Disjointed Identity

March 3, 2012 Leave a comment

Having my identity located in so many different databases is like wearing multiple watches

You never really know what time it is!

Image

Dealing with Grief in a Social Setting

December 1, 2011 1 comment

We had to put our family dog down.

Princess Buttercup of Petersburg was my daughter’s first real pet and as my daughter grew so  did Buttercup.  For the past twelve years we celebrated life’s events and Buttercup was right there with us, every step of the way. Birthdays, holidays, even more pets; we could look back through our memories and there was my daughter’s best friend, a part of the family, celebrating right there with us. And now there is a hole in our hearts and lives where Buttercup used to live on a daily basis.

The sorrow that gripped my family was intense and each of us dealt with it in a different way; but it seemed to hit my daughter the hardest.  She withdrew from the family and seemed to want to deal with the death of her friend on her own. At least that is what I thought until I saw my daughter’s Facebook status.

Had to put Buttercup down this morning... She was the best dog I could ever ask for and I love her so much... I'm gonna miss you baby girl, you'll   always be my little puppy

I read her words and they literally tore open the wound that I had so carefully closed the previous day.  As I fought back the tears I suddenly realized that my daughter had not withdrawn, she had simply found a way to share her pain in a way that I could not and she chose to use her social network to do so.

Don’t get me wrong, I also wanted to say something about Buttercup, but I struggled to find just right words. It seemed that every carefully crafted message that I wrote was quickly dismissed as I considered each one inappropriate for one group of friends or the other. I wanted to confide in my closest friends but not share with a general audience.  I wanted to post something that would honor Buttercup’s memory, but I didn’t want to deal with the awkward questions or the “I feel your pain” stories that were sure to follow as people felt obligated to respond to my post.  So I simply said nothing wishing that Facebook truly had some way for me to selectively share my feelings with my closest friends.  But on Facebook, you are either an open book, or you are forced to take your business elsewhere? But where?  They have already cornered the market on all of my friends.

My lack of saying something made me question if I truly shared in my family’s grief.  But my wife did not rush out to post either so it made me wonder if this is a generational thing.  Are today’s youth able to post about every aspect of their lives while we still like to compartmentalize ours?  Are the concepts of context and roles breaking down as everyone has access to the same information about you?  Should your clients be privy to the same information as your family members? Does that draw them closer or push them away?

 In 2010, Mark Zukerberg declared that privacy was no longer a “social norm” and that user information should be public.  This was largely based on Facebook’s observation of the types of information that people were sharing with each other.  As such, Facebook modified their privacy policies and subsequently their platform to share more and more information.  But there are some things that I simply don’t want to share with the entire world. So my only options are to either adopt Facebook’s open model or suppress my activity on the site.  Thus far, I have chosen the later, not because it is what I want to do, it is only because it is the prudent thing to do.  Some people are comfortable sharing everything with everyone, some are not. But while I was struggling with the right words to say, my daughter was saying them.

What I find interesting is that there is an entire generation that has essentially become open books with both their feelings and their personal information.  While older folks value their privacy, it seems like the younger ones are more open to sharing.  Is this because they agree with Zuckerberg’s view on privacy?  Or is it that they simply do not have a choice and they must play by someone else’s rules.  I contend that it is the later and people are willing to exchange privacy for convenience in a world where they don’t have both. Facebook takes advantage of the fact that humans are social beings and the drive to be social is stronger than the drive to be private or simply careful. Most “Millennials” are OK with this and don’t give it a second thought – that is until their openness is taken advantage of and they are compromised in some way.  Then they scream about how this could have happened and why they were not protected.

In the case of Buttercup’s passing, my daughter chose to play by Facebook’s rules and share her feelings with the world.  Did she consciously make this choice, or did she simply use the only tool available to her express her feelings?  Does she value privacy as much as us “older folks” and would she have chosen to use another conduit to share her grief if it were available?  Ah, there’s the real question, but it is one that is impossible to answer until she has real alternatives to choose from.  Ultimately Facebook will face more and more competition (think Google+) and some competitors will place a higher value on privacy than Facebook, but they have a lot of catching up to do.  As Facebook continues to grow larger each day and as they approach an impending IPO that will put them on par with companies like General Electric, it is going to be more and more difficult for competitors to capture the intellectual capital that so many users have elected to invest in Facebook.  Can competitors erode Facebook’s market share? Only time will tell, but in my opinion, it is about time.

Categories: Identity Theft, Privacy, Trust

Trust – The Missing Ingredient

November 18, 2011 Leave a comment

I was having a conversation with friends the other day and while it may sound nerdy as hell, the topic was focused on identity.  I swear (trust me) that no drinks were involved but the conversation went pretty deep, nonetheless.  What is identity, how is it used, and how can it be protected?  Like Aristotle and Plato before us, we modern day philosophers discussed the various aspects that make up our identity, how we can control it, and how we can selectively share it with our intended audiences.  In an era when our private information has been unleashed like the proverbial opening of Pandora’s Box, how can we regain control of our identities without impacting our existing relationships or experiences?

But what about identity?  What is it really, and why should you care?

When I think about identity, I think in terms of aggregation, management, and sharing.  Each of these are key ingredients when it comes to users owning their own identities, but each of these can be further strengthened when we add trust to the mix.  So, what is the recipe for success as it pertains to trusting identities in cyberspace?  Let’s take a closer look at each of these ingredients to see.

Aggregation

My identity is the aggregation of all the things there is to know about me.  One could trivialize this by saying it is simply all the discrete data elements about me (i.e. hair color, height, ssn, etc.) but in essence, it is much more.  It consists of my habits, my history, my data, my relationships – basically everything that can be me and everything that can be tracked about me.  Identity information is not found in a single location, it is distributed across multiple repositories but this informaiton can be aggregated into a virtual identity – which is essentially, me.

Management

When we allow someone to manage their own identity, we are allowing them to control their discrete data elements, but we are also allowing them to manage every other aspect about themselves as well.  You can change your mobile number attribute (data element) when you get a new phone, or you can change your address attribute when you move.  But just like you can remove the cache, history, and cookies in your browser, you should be able to maintain your privacy by removing (or hiding) your identity characteristics as well.  Identity management simply means that I am able to manage those aspects of my identity that are my own.

Sharing

In real life, I have the ability to select which characteristics and/or information about myself that I want to share with each of my friends, family, co-workers or acquaintances.  My work-related benefits stay private between my boss and I in the workplace.  Conversely, I don’t share my family conversations within the office.  Investment information stays private between my broker and I, yet I Tweet favorite quotes to the world.  In essence, I selectively share information with different audiences based on the role I am playing at that time.  Online personas facilitate the same selective sharing within the social web similar to our interations in the real world.  I may take on a different persona as I interact in the virtual world and elect to share different information with each audience based on where I elect to use that persona.  This also means that I can act anonymously if I so choose (which is similar to going ‘incognito’ in your browser).

Trust

Sharing data with others fulfills my desire to communicate information about me to you, but just like in real life it is totally your option to accept the validity of that information or not.  To take the sharing to the next level (and address a major need on the Internet today), we need to have some method of trusting the information that we receive.  Trust is transient (it changes), contextual (it is based on the situation), and 100% given by the receiving party – essentially they decide to trust you or not.  In the real world we use driver’s licenses, passports, or referrals from friends to validate users and establish trust.   This is no difference in the social web except for the fact that we are not seeing each other face to face and do not have the ability to provide a driver’s license as proof of identity.  Hence the need for another method.

If the ingredients in the identity cake are aggregation, management and sharing, then validation is the icing on the cake; not the cake itself.  While each of these ingredients are key in making the perfect cake, leaving trust out of the mix is kind of like leaving salt out of the recipe.  Trust simply brings out the flavor and without it, the cake is way too bland!

“Breast-Grabber Dude” Caught on Camera

August 26, 2011 Leave a comment

Invasion of privacy debates have escalated once again as a traffic camera snaps a shot of a speeder caught touching a woman’s breast.

"Breast-grabber dude" Caught on Camera

(Full story can be found here.)

It is right to debate surveillance cameras, but am I the only one wondering how the picture made it to the Internet in the first place? Aren’t governments supposed to keep the information they collect on their citizens safe?

(Wait, did I just use the words “government”, “information”, and “safe” in the same sentence? I need more coffee.)

What’s next, TSA body scans leaked to the Internet? Uh oh, been there, done that last year (see One Hundred Naked Citizens: One Hundred Leaked Body Scans).

End point privacy is definitely up for debate, but come on guys, protection of information on the back-end is imperative!

Categories: Privacy

Secret Identities

August 24, 2011 Leave a comment

Methinks that Ziggy secretly works for Facebook.

He is incorrect, however, everyone needs secret identities.

Categories: Identity, Privacy Tags: ,