Posts Tagged ‘privacy’

The PROTECT IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 or PIPA), which was introduced by Senator (D-VT)  on May 12, 2011, aims to give the US government and copyright holders additional tools to curb access to “rogue websites dedicated to infringing or counterfeit goods”, especially those registered outside the U.S. On the House side, the Stop Online Piracy Act (SOPA) was introduced by Rep. Lamar S. Smith (R-TX) on October 26, 2011. The bills had bipartisan support and were expected to sail through Congress.  But today, passage of the bills are is looking more and more unlikely as SOPA and PIPA opponents’ voices grow louder and members of Congress are flooded with calls and e-mails about the bill.

Unless you live under a rock, you’ve no doubt read about, heard about and discussed the SOPA blackout that’s happening all over the Web. Web giant Wikipedia has gone dark to protest SOPA and PIPA, while others like Craigslist, Google, Wired, WordPress and dozens of other sites have put prominent messaging and graphics that clearly show opposition to the proposed legislation. Wired and WordPress show large portions of their home pages blacked out as if they have been censored.

Wow. Let’s just stop and consider the reach of these Web site giants.

Google is ranked by Alexa as the number 1 site in the US and is visited by half of ALL global Internet users daily. So at least half of us today got messaging from Google about SOPA and PIPA. If you use the search tool embedded in your browser, you missed the black censor bar over the Google logo and the simple plea to: Tell Congress: Please don’t censor the web!, but the Google logo is still blacked out in the top left corner of all pages.

If you ignored Google’s censor logo and call to action, you probably did a search on Google and found a link to Wikipedia, which was blacked out for the day (just the English version). Alexa says Wikipedia is the 6th most popular site on the Web, so millions of us didn’t get to use Wikipedia to look up names, places and things.

If you were looking for a job, car or apartment today, you probably went to Craigslist, the 9th most popular site in the US. Although Craigslist did not go completely dark, an intro page urges everyone to oppose SOPA and PIPA.

And oh yeah, even though Facebook and Twitter didn’t join the dozens of sites that participated in the SOPA blackout, the conversations on these sites were dominated by SOPA and PIPA.

And then of course, there was the overwhelming coverage about the SOPA blackout by mainstream press, alternative press and bloggers.

All of this means that today, January 18, I would bet that the vast majority of American got some kind of exposure to SOPA and PIPA, most of it negative. And if just a fraction of the millions of Google, Wikipedia, Craigslist, Reddit, Wired, WordPress (and on and on) users took action and contacted their representatives and Senators, today was a very busy day on Capitol Hill.

That’s one heck of a grassroots movement. How about you? How many sites did you visit that had some mention or call to action re: SOPA and PIPA? Did you contact your representative in Congress?

• 1 Comment
• Tags: marketing, privacy

A couple of years ago, I discovered strangers walking through our office unescorted.  They told our receptionist that they were looking at office space in the building; they were well dressed, the referenced the name of our landlord and they asked nicely if they could just walk around and take a look at our space.  Our receptionist, ever on the lookout for ways to be helpful, let them wander the halls.

A couple of months ago, someone claiming to be an exhibitor at a client’s trade show called, asking for the client’s logo so they could use it in an e-mailing going out.  The person said they had the approval of the client.  My responsive Project Manager opened up a work request and got the logo sent out asap.

In both cases, the persons making the requests were legitimate and no harm was done.  BUT, they just as easily could have been hackers or scammers and my helpful staff could have been duped into giving them information or access they were not authorized to have.  Which is why Matrix Group covers security during orientation and training for all new hires and we recently brought in a security expert to discuss social engineering.

Social engineering is “the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.” Kevin Mitick, the famous computer hacker, claims that it’s “much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.”  There are many social engineering techniques, including:

• Pretexting is the act of getting people to divulge small pieces of information, which hackers use to obtain more information from the next person.  Knowing bits of information establishes legitimacy in people’s minds and makes them more willing to divulge even more information.
• Phishing is used to fraudulently obtain private information.  Phishers typically impersonate legitimate businesses via phone or e-mail and convince victims to divulge sensitive or private information.  Think of the hundreds of e-mails you get that look like they’re from your bank; nearly all of them ask you for your account information, login information and/or SSN.
• Baiting is a technique whereby hackers leave CDs or USB sticks containing viruses or trojans in public places, in the hopes that a curious person will pick up the items and insert them into their systems, effectively infecting them and making them vulnerable to hacker attacks.

Social engineering is highly successful because of the natural human tendency to trust other people. In addition, most people want to be helpful.  In fact, we train our staff to be helpful because helpfulness is key to a successful business.  If you’re wondering if you or your organization are vulnerable to social engineering tactics, ask yourself these questions:

• How easy or hard would it be for someone to gain access to your office by mentioning the name of the CEO and some key staff?
• How difficult would it be for someone to impersonate you by providing your name, address, SSN, mother’s maiden name, spouse name, etc.  I’ll bet a lot of this information is on public Web sites and social networks.  Just look at some of your friends’ profiles on Facebook; you’ll find hometown, e-mail, birthday, the works!
• How hard would someone have to work to impersonate someone and convince a network admin to divulge or reset a password?
• Have you held the lobby door open for someone off the street while entering a secure building?

Okay, now that you’re paranoid, what are you going to do about this potential threat to you and your organization?

• 3 Comments
• Tags: privacy, security

I found out recently that the iPhone version of the Facebook app synchronizes with personal profiles on Facebook.  Which means (gasp!) that if a friend has your private phone numbers in his/her phone, it’s possible that those numbers are now on Facebook.  Egads!

While I love Facebook, Twitter, instant messenger, etc., I try very hard to limit the amount of personal information that I share on those networks, including and especially my address, home phone number, information about my family, etc.  But with the social networks constantly updating their terms of use and adding new functionality to their sites and apps, it’s hard to keep up with the changes and monitor the impact on our privacy.

Which is why I recommend an audit of your Facebook (and other social network) privacy settings on a regular basis. Here’s how:

• Log in to Facebook and click on Account in the top right corner of any Facebook page.
• You’ll get a dropdown of options; click on Privacy  Settings.

Facebook Privacy  Settings Landing Page

Here’s what your Facebook Privacy Settings Landing page looks like.  Note that you can share parts of your profile with Everyone, Friends of Friends and Friends Only.  I have edited my profile so that nearly everything about my profile is visible to Friends Only.  But wait, this page only shows you a fraction of the privacy settings available to you.  To view and edit all of your privacy settings, click on Customize Settings.

You’ll also notice two navigation items on the left for Recommended and Custom.  Click on Recommended and you’ll see that Facebook recommends that a great deal of your profile be available to everyone.  You can select these default settings with a click.  Me, I definitely opted for the Custom Settings.

Customize Settings Page

Here’s what the Customize Settings page looks like.  You’ll see that you can select who can see elements of your profile.  Here are my recommendations:

• If you post photos of your family, especially your children, make Posts By Me visible to Friends Only.
• Be sure to pay special attention to the Things I Share section.  This is the section where you can control what others are doing, including tagging you in photos and videos, checking you into Facebook Places, etc.  This allows you to NOT allow friends to check you into a bar or party, and stops them from tagging you in photos and videos and thereby making your photo visible to their friends.  Here’s a blog post about how someone nearly sabotaged a dinner party by checking all the guests into Facebook places.
• If your Facebook network is vast, consider creating custom lists and then specifying with each post and update which list can see your updates.  For example, I have a Family list that I use to share family photos and insider updates.
• Be sure to audit your privacy settings for existing photo albums. If you created albums before Facebook rolled out its new privacy settings, you may find that all or many of your albums are available to Everyone (I know I did!).

As for that pesky iPhone app that uploads your personal information to Facebook, unfortunately, there’s nothing you can do about that.  Facebook did recently add a warning to the app, warning users to make sure their friends are comfortable sharing their information with others.  This is a small consolation to me; I would venture to guess that most people don’t think about the privacy ramifications of their actions and apps and will blow right past this user agreement.  What to do?  This may sound dorky, but here’s what I’ve told my friends:

• Please don’t sync your iPhones with Facebook.
• Don’t try to check me into Facebook places.
• When you’re at my house, never check into Facebook Places or FourSquare so you don’t reveal my home information.
• Please don’t upload photos and videos that are unflattering to me and my friends/guests.  (When I throw Rock Band parties at my house, videos are not allowed; we DO allow photos of us band members looking cool with our instruments.)

How about you?  Have you audited your Facebook privacy settings recently?  Any revelations?  Any privacy disasters?  What are you doing, if anything, to maintain a semblance of privacy online?

• 3 Comments
• Tags: Facebook, privacy

In my quest to try out new social networks, I signed up for FourSquare last year.  I didn’t start using the service until a couple of months ago, when I get my new Palm Pre and I felt ready to dive into another social network.

FourSquare is a location-based social network. The idea is that you share your location with your friends and followers by “checking into” locations.  For example, every time I go to a restaurant, I pull up the FourSquare app on my phone, let the app determine my GPS coordinates and show me possible options.  I can select one of the venues select and “check-in” or add a new venue.  When I check in, I can write a little message and share out my update on Facebook and/or Twitter.

Last Saturday, I checked into four locations, including three restaurants and I got hilarious comments from friends about how all I did on Saturday was eat!

Here’s what I’m enjoying about FourSquare:

• I don’t feel compelled to check in multiple times a day, every day. My check-ins are usually to restaurants, but increasingly, I’m checking into events.  Tonight, I checked into the DCWW Content Strategy Workshop held at the Matrix Group office.  I check in only a few times a week, if at all.
• I love the gaming aspect of FourSquare.  People who have the most check-ins at a specific get a Mayor badge.  So far, I’ve earned a Newbie badge and an Explorer badge.  I’m hoping to become Mayor of one of my favorite restaurants sometime soon!
• It’s fun to see where my friends are and what they’re doing.
• FourSquare is not nearly as chatty as Twitter and Facebook.
• I have learned about so many great, local businesses through FourSquare!
• Some enterprising retailers are rewarding frequent customers with discount coupons and other goodies.  The retailers are glad for the patronage AND the free advertising from the check-ins!

Read the rest of this entry

• 2 Comments
• Tags: privacy, social networking

Remember when Facebook was a closed network, open only to college students? Then Facebook went mainstream and everyone could create a profile. But even back then, Facebook remained a closed network: you had to have a Facebook profile to see other profiles and connect with friends.  Facebook was closed to Google and other search engines, which meant Facebook profiles and pages never showed up on search results.

Back in 2005, Facebook’s privacy policy clearly stated the following:

No personal information that you submit to Facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.

The Evolution of Facebook’s Privacy Policies

But then, slowly and over time, Facebook’s privacy policies changed.

• In 2007, Facebook made your name, school name and profile photo available to the search engines unless you specifically prohibited this in your privacy settings
• In 2009, Facebook revamped its privacy settings and gave users more control over who gets to see which aspects of their profile.  Trouble was, the default gave “everyone” access to information.
• In April 2010, Facebook made the decision to make specific elements of all profiles public (name, hometown, school, interests and fan pages), and eliminate the ability to limit access to these fields.  If you didn’t want those elements to be public, Facebook recommended that you delete the information from your profile.
• In April 2010, Facebook also launched the Open Graph, which shares user profiles with third party sites so that visits to those third party sites can be personalized based on a person’s Facebook interests.  On the flip side, Facebook opened up its API (application programming interface) so that third party sites can add a Facebook “Like” button to their pages; when clicked, the information would be saved back to a user’s profile.

The Electronic Frontier Foundation has a great timeline of Facebook’s privacy policies, including links to archived versions of Facebook’s policies.

Read the rest of this entry

• 3 Comments
• Tags: Facebook, privacy

Facebook Founder Mark Zuckerberg has gotten a lot of flack lately for his pronouncement (during an interview with TechCrunch) that privacy norms have evolved over the years and privacy is essentially dead.  I watched the interview myself and think the criticism is overdone.  I think that Zuckerberg has correctly described the times and his company is taking advantage of our voyeuristic culture.  Facebook did not create this culture.  I think it started with the first reality show on MTV back in 80s. We watched the teens living together and reveled in their pranks and arguments.

Does the social Web mean the end of privacy?  Are MySpace and Facebook to blame for all the personal revelations we spew out every day?  Or should we blame Google and Bing, which manage to index the Web and let anyone find out gobs and gobs of information about each of us?  When I Google my name (Joanna Pineda), I find lots of information that I WANT the search engines to find and index.  But I also find pages that have my address, my political contributions and address, yada, yada.  I’m not happy that Facebook changed its privacy settings and defaulted some of my information to be available to everyone, but I actually appreciate the more granular control that I now have over my posts, link and photos.

What do you think?  Is privacy dead?  How much do you reveal on social networks?  Are you doing anything to keep out of the search engines?

• 3 Comments
• Tags: Facebook, privacy