safety: February 2011 Archives
One of the problems with the speedy emergence and massive popularity of Facebook and other social-networking websites, like Twitter and LinkedIn, is that we haven't really grown into a realistic cultural knowledge of how to use them. With other technologies, even when rapidly deployed, society had a sort of grace period to figure them out -- automobiles took a place that had logically been occupied before by horses and carriages, and there were more than two decades between Carl Benz's 1886 patent on the gas-driven automobile and Henry Ford's 1908 introduction of the Model T, during which the new technology of the automobile could start to settle into a place in the popular mindset.
With the Internet generally, and in particular with sites that enhance the individual's ability to share instantaneously with a global audience, we haven't had the same kind of break-in period. All of the mistakes we make now are not only potentially public for all the world to see (as the Star Wars Kid learned) -- they're also really durable, as well. Once something finds its way onto the Internet, it can quite possibly reside there forever.
Thus when we equip ourselves with tools like Facebook, we're potentially a lot like toddlers in an armory full of loaded weapons. We don't really know the full extent of what we're doing, and the consequences can be permanent. This potentially dangerous situation is made even more hazardous by the fact that social-networking sites are designed to encourage the user to over-share. This is very much by design. The act of adding another person to one's social network on Facebook is called "friending". Whether or not we should even do something like that to the English language, the fact remains: One is programmed to believe that Facebook information is just shared with a bunch of "friends". This psychological programming just enhances some participants' willingness to throw caution to the wind and share too much. But no matter how the language of a social-networking site is framed, it is nearly impossible to ensure that the information one shares there will only go to true friends, and that it won't be deliberately misused by others. Thus, some precautions are in order.
There are many things that should never be shared online, and particularly not in a semi-public space like Facebook. Here are four particular examples:
#1: Never share your full birthdate or place of birth in a social-networking profile. There's a lot of pressure to do this. Facebook recently changed its profile layout, and it leaves a gaping hole for the user to see if he or she hasn't entered a hometown. And there's no doubt that one of the most popular uses of Facebook is to leave a birthday greeting for friends (and, most people should be ready to admit, mere acquaintances). But the problem is that those two facts, long assumed to be the kinds of things that only close friends and family might know, have also long been used by companies and organizations to help positively establish a person's identity. There are innumerable websites, for instance, that still ask "What is your hometown?" or "What was your place of birth?" as a security question. And while it's patently irresponsible for those sites to continue using those as security questions (since it really is absurdly easy to figure out anyone's place of birth), until they stop, it's unwise for anyone to share that information willingly on the Internet. And if there's any factoid used more often than the place of birth to establish a person's identity, it's the date of birth. In some cases, a name and date of birth are all that a person might need to offer to get access to medical records at a doctor's office -- especially by phone. Hometowns should always be omitted from social-networking profiles, and if one can't resist the urge to share his or her birthday, then one should at least leave off the year of birth. Again, it might not be very difficult for a crook to deduce, but there's no reason to make the job easier.
#2: A social-networking profile should not include photos or names of minor children. This prohibition probably sounds needlessly harsh, but it's actually surprisingly vital. First, bridging the notes in rule #1 about security questions, a question that remains much too widely-used in the security field is "What is your mother's maiden name?" Again, that may have been a suitable security question 20 years ago, but it's absolutely not today, when Facebook profiles, e-mail addresses, and old accounts of a million kinds routinely contain a woman's married and unmarried last names. A woman's "maiden name" is no longer any more challenging to figure out than her eye color. And if she leaves a digital footprint behind with her children's names, then she totally renders useless any online security checkpoint that asks the question. The question itself should be thrown out because it's totally obsolete today, but until that happens, there's no need to make crime easier for identity thieves and other crooks.
But there's also a more immediate risk for children, and it is that they become too easy to identify when their parents advertise them on the Internet (which is exactly what happens on a Facebook page, unintentionally or not). There is no reason to make the task easier for potential abductors by sharing names, routines, schedules, and photographs of a whole set of family members via Facebook. One might think, "Well, I only have 100 friends on Facebook, and I'm not worried about any of them." But how certain can a person be that each of those 100 friends are sufficiently security-conscious that they'll never have their accounts hacked?
And then, of course, there's also the concern that a parent should have about his or her child's reputation and good name. As of the latest count, a video entitled "David After the Dentist" had been viewed more than 82 million times on YouTube. It's funny, to be sure. But it's also going to be something for which that child will be known most likely for the rest of his life. Celebrity may be fleeting, but once it's been digitized and placed on the Internet, it's pretty durable as well. Leave the choice in the child's hands whether to put up pictures or videos of him- or herself once they reach adulthood. It's shocking, really, that virtually everyone can agree that youthful fame probably did permanent damage to Michael Jackson, but so many of those same people have no second thoughts about exposing their own children to Internet fame.
#3: No profile should detail a favorite book or movie or song. There are a few errors made here: Either one makes the mistake of sharing just a single favorite of each (which is, following the basic details of a person's birthdate and birthplace, yet another favorite "security" question), or one shares far too many of these items. If there's one thing to be learned from Netflix and its movie-recommendation algorithm, it's that a whole lot of predictive power is attached to whatever a person has strongly liked or disliked in the past. There's nothing particularly wrong with sharing five or ten favorite books or movies, but sharing dozens or scores of them gives away a lot more about one's psychological profile and other behaviors than are necessary to share. Sites like Facebook aren't being operated for the public interest; they're not charities. They make money, and they do that by selling detailed profiles of their users, whether that's as aggregated data, anonymous profile information, or otherwise. No matter how it's sliced up and sold, the data itself has enormous value, and simply giving it away for free -- especially in massive volume -- is a lot like going to work and declining to take a paycheck.
#4: One's immediate location does not need to be shared, ever. Shy of those rare instances (like the moment a commuter snapped a photo of the US Airways flight that landed in the Hudson River) when something truly remarkable has taken place, it's a bad idea to publicly share one's location -- or one's plans to be somewhere at a particular time. Giving away the details on an upcoming two-week vacation is the equivalent of putting a sign in the front lawn saying "We're not home". Posting a snapshot to Twitter of crazy times at a bar might just be telling an unstable ex or a faceless stalker where they can find inebriated prey. Even sharing too many photos of the commute to and from work might be an act that betrays when one's latchkey kids might be home alone.
It's altogether too easy to forget that what we place on the Internet appears on a global stage -- a stage that's not full of just bubblegum and teddy bears. It's a world in which today's supercomputers will very shortly become cheap, affordable tools that could be used by anyone -- with any kind of intent, whether innocent or malicious -- to scrape together the many little breadcrumbs we leave behind on the Internet to build a profile of any one of us that would have made J. Edgar Hoover envious. It is essential that nobody be lulled into a false sense of security about what they share on the Internet. As it's been said about crime, "The crooks only have to get lucky once. The cops have to get lucky every time." As Internet users, we are collectively in the same position as the police -- hoping, almost as much as deliberately trying, to keep our privacy, dignity, and security intact in the face of a world that may have a lot of reason to try to take those things away.
With the Internet generally, and in particular with sites that enhance the individual's ability to share instantaneously with a global audience, we haven't had the same kind of break-in period. All of the mistakes we make now are not only potentially public for all the world to see (as the Star Wars Kid learned) -- they're also really durable, as well. Once something finds its way onto the Internet, it can quite possibly reside there forever.
Thus when we equip ourselves with tools like Facebook, we're potentially a lot like toddlers in an armory full of loaded weapons. We don't really know the full extent of what we're doing, and the consequences can be permanent. This potentially dangerous situation is made even more hazardous by the fact that social-networking sites are designed to encourage the user to over-share. This is very much by design. The act of adding another person to one's social network on Facebook is called "friending". Whether or not we should even do something like that to the English language, the fact remains: One is programmed to believe that Facebook information is just shared with a bunch of "friends". This psychological programming just enhances some participants' willingness to throw caution to the wind and share too much. But no matter how the language of a social-networking site is framed, it is nearly impossible to ensure that the information one shares there will only go to true friends, and that it won't be deliberately misused by others. Thus, some precautions are in order.
There are many things that should never be shared online, and particularly not in a semi-public space like Facebook. Here are four particular examples:
#1: Never share your full birthdate or place of birth in a social-networking profile. There's a lot of pressure to do this. Facebook recently changed its profile layout, and it leaves a gaping hole for the user to see if he or she hasn't entered a hometown. And there's no doubt that one of the most popular uses of Facebook is to leave a birthday greeting for friends (and, most people should be ready to admit, mere acquaintances). But the problem is that those two facts, long assumed to be the kinds of things that only close friends and family might know, have also long been used by companies and organizations to help positively establish a person's identity. There are innumerable websites, for instance, that still ask "What is your hometown?" or "What was your place of birth?" as a security question. And while it's patently irresponsible for those sites to continue using those as security questions (since it really is absurdly easy to figure out anyone's place of birth), until they stop, it's unwise for anyone to share that information willingly on the Internet. And if there's any factoid used more often than the place of birth to establish a person's identity, it's the date of birth. In some cases, a name and date of birth are all that a person might need to offer to get access to medical records at a doctor's office -- especially by phone. Hometowns should always be omitted from social-networking profiles, and if one can't resist the urge to share his or her birthday, then one should at least leave off the year of birth. Again, it might not be very difficult for a crook to deduce, but there's no reason to make the job easier.
#2: A social-networking profile should not include photos or names of minor children. This prohibition probably sounds needlessly harsh, but it's actually surprisingly vital. First, bridging the notes in rule #1 about security questions, a question that remains much too widely-used in the security field is "What is your mother's maiden name?" Again, that may have been a suitable security question 20 years ago, but it's absolutely not today, when Facebook profiles, e-mail addresses, and old accounts of a million kinds routinely contain a woman's married and unmarried last names. A woman's "maiden name" is no longer any more challenging to figure out than her eye color. And if she leaves a digital footprint behind with her children's names, then she totally renders useless any online security checkpoint that asks the question. The question itself should be thrown out because it's totally obsolete today, but until that happens, there's no need to make crime easier for identity thieves and other crooks.
But there's also a more immediate risk for children, and it is that they become too easy to identify when their parents advertise them on the Internet (which is exactly what happens on a Facebook page, unintentionally or not). There is no reason to make the task easier for potential abductors by sharing names, routines, schedules, and photographs of a whole set of family members via Facebook. One might think, "Well, I only have 100 friends on Facebook, and I'm not worried about any of them." But how certain can a person be that each of those 100 friends are sufficiently security-conscious that they'll never have their accounts hacked?
And then, of course, there's also the concern that a parent should have about his or her child's reputation and good name. As of the latest count, a video entitled "David After the Dentist" had been viewed more than 82 million times on YouTube. It's funny, to be sure. But it's also going to be something for which that child will be known most likely for the rest of his life. Celebrity may be fleeting, but once it's been digitized and placed on the Internet, it's pretty durable as well. Leave the choice in the child's hands whether to put up pictures or videos of him- or herself once they reach adulthood. It's shocking, really, that virtually everyone can agree that youthful fame probably did permanent damage to Michael Jackson, but so many of those same people have no second thoughts about exposing their own children to Internet fame.
#3: No profile should detail a favorite book or movie or song. There are a few errors made here: Either one makes the mistake of sharing just a single favorite of each (which is, following the basic details of a person's birthdate and birthplace, yet another favorite "security" question), or one shares far too many of these items. If there's one thing to be learned from Netflix and its movie-recommendation algorithm, it's that a whole lot of predictive power is attached to whatever a person has strongly liked or disliked in the past. There's nothing particularly wrong with sharing five or ten favorite books or movies, but sharing dozens or scores of them gives away a lot more about one's psychological profile and other behaviors than are necessary to share. Sites like Facebook aren't being operated for the public interest; they're not charities. They make money, and they do that by selling detailed profiles of their users, whether that's as aggregated data, anonymous profile information, or otherwise. No matter how it's sliced up and sold, the data itself has enormous value, and simply giving it away for free -- especially in massive volume -- is a lot like going to work and declining to take a paycheck.
#4: One's immediate location does not need to be shared, ever. Shy of those rare instances (like the moment a commuter snapped a photo of the US Airways flight that landed in the Hudson River) when something truly remarkable has taken place, it's a bad idea to publicly share one's location -- or one's plans to be somewhere at a particular time. Giving away the details on an upcoming two-week vacation is the equivalent of putting a sign in the front lawn saying "We're not home". Posting a snapshot to Twitter of crazy times at a bar might just be telling an unstable ex or a faceless stalker where they can find inebriated prey. Even sharing too many photos of the commute to and from work might be an act that betrays when one's latchkey kids might be home alone.
It's altogether too easy to forget that what we place on the Internet appears on a global stage -- a stage that's not full of just bubblegum and teddy bears. It's a world in which today's supercomputers will very shortly become cheap, affordable tools that could be used by anyone -- with any kind of intent, whether innocent or malicious -- to scrape together the many little breadcrumbs we leave behind on the Internet to build a profile of any one of us that would have made J. Edgar Hoover envious. It is essential that nobody be lulled into a false sense of security about what they share on the Internet. As it's been said about crime, "The crooks only have to get lucky once. The cops have to get lucky every time." As Internet users, we are collectively in the same position as the police -- hoping, almost as much as deliberately trying, to keep our privacy, dignity, and security intact in the face of a world that may have a lot of reason to try to take those things away.