Unless you live under a rock, you’ve no doubt read about, heard about and discussed the SOPA blackout that’s happening all over the Web. Web giant Wikipedia has gone dark to protest SOPA and PIPA, while others like Craigslist, Google, Wired, WordPress and dozens of other sites have put prominent messaging and graphics that clearly show opposition to the proposed legislation. Wired and WordPress show large portions of their home pages blacked out as if they have been censored.

Wow. Let’s just stop and consider the reach of these Web site giants.

Google is ranked by Alexa as the number 1 site in the US and is visited by half of ALL global Internet users daily. So at least half of us today got messaging from Google about SOPA and PIPA. If you use the search tool embedded in your browser, you missed the black censor bar over the Google logo and the simple plea to: Tell Congress: Please don’t censor the web!, but the Google logo is still blacked out in the top left corner of all pages.

If you ignored Google’s censor logo and call to action, you probably did a search on Google and found a link to Wikipedia, which was blacked out for the day (just the English version). Alexa says Wikipedia is the 6th most popular site on the Web, so millions of us didn’t get to use Wikipedia to look up names, places and things.

If you were looking for a job, car or apartment today, you probably went to Craigslist, the 9th most popular site in the US. Although Craigslist did not go completely dark, an intro page urges everyone to oppose SOPA and PIPA.

And oh yeah, even though Facebook and Twitter didn’t join the dozens of sites that participated in the SOPA blackout, the conversations on these sites were dominated by SOPA and PIPA.

And then of course, there was the overwhelming coverage about the SOPA blackout by mainstream press, alternative press and bloggers.

All of this means that today, January 18, I would bet that the vast majority of American got some kind of exposure to SOPA and PIPA, most of it negative. And if just a fraction of the millions of Google, Wikipedia, Craigslist, Reddit, Wired, WordPress (and on and on) users took action and contacted their representatives and Senators, today was a very busy day on Capitol Hill.

That’s one heck of a grassroots movement. How about you? How many sites did you visit that had some mention or call to action re: SOPA and PIPA? Did you contact your representative in Congress?

A couple of months ago, someone claiming to be an exhibitor at a client’s trade show called, asking for the client’s logo so they could use it in an e-mailing going out.  The person said they had the approval of the client.  My responsive Project Manager opened up a work request and got the logo sent out asap.

In both cases, the persons making the requests were legitimate and no harm was done.  BUT, they just as easily could have been hackers or scammers and my helpful staff could have been duped into giving them information or access they were not authorized to have.  Which is why Matrix Group covers security during orientation and training for all new hires and we recently brought in a security expert to discuss social engineering.

Social engineering is “the act of manipulating people into performing actions or divulging confidential information, rather than by breaking in or using technical cracking techniques.” Kevin Mitick, the famous computer hacker, claims that it’s “much easier to trick someone into giving a password for a system than to spend the effort to crack into the system.”  There are many social engineering techniques, including:

• Pretexting is the act of getting people to divulge small pieces of information, which hackers use to obtain more information from the next person.  Knowing bits of information establishes legitimacy in people’s minds and makes them more willing to divulge even more information.
• Phishing is used to fraudulently obtain private information.  Phishers typically impersonate legitimate businesses via phone or e-mail and convince victims to divulge sensitive or private information.  Think of the hundreds of e-mails you get that look like they’re from your bank; nearly all of them ask you for your account information, login information and/or SSN.
• Baiting is a technique whereby hackers leave CDs or USB sticks containing viruses or trojans in public places, in the hopes that a curious person will pick up the items and insert them into their systems, effectively infecting them and making them vulnerable to hacker attacks.

Social engineering is highly successful because of the natural human tendency to trust other people. In addition, most people want to be helpful.  In fact, we train our staff to be helpful because helpfulness is key to a successful business.  If you’re wondering if you or your organization are vulnerable to social engineering tactics, ask yourself these questions:

• How easy or hard would it be for someone to gain access to your office by mentioning the name of the CEO and some key staff?
• How difficult would it be for someone to impersonate you by providing your name, address, SSN, mother’s maiden name, spouse name, etc.  I’ll bet a lot of this information is on public Web sites and social networks.  Just look at some of your friends’ profiles on Facebook; you’ll find hometown, e-mail, birthday, the works!
• How hard would someone have to work to impersonate someone and convince a network admin to divulge or reset a password?
• Have you held the lobby door open for someone off the street while entering a secure building?

Okay, now that you’re paranoid, what are you going to do about this potential threat to you and your organization?

While I love Facebook, Twitter, instant messenger, etc., I try very hard to limit the amount of personal information that I share on those networks, including and especially my address, home phone number, information about my family, etc.  But with the social networks constantly updating their terms of use and adding new functionality to their sites and apps, it’s hard to keep up with the changes and monitor the impact on our privacy.

Which is why I recommend an audit of your Facebook (and other social network) privacy settings on a regular basis. Here’s how:

• Log in to Facebook and click on Account in the top right corner of any Facebook page.
• You’ll get a dropdown of options; click on Privacy  Settings.

Facebook Privacy  Settings Landing Page

Here’s what your Facebook Privacy Settings Landing page looks like.  Note that you can share parts of your profile with Everyone, Friends of Friends and Friends Only.  I have edited my profile so that nearly everything about my profile is visible to Friends Only.  But wait, this page only shows you a fraction of the privacy settings available to you.  To view and edit all of your privacy settings, click on Customize Settings.

You’ll also notice two navigation items on the left for Recommended and Custom.  Click on Recommended and you’ll see that Facebook recommends that a great deal of your profile be available to everyone.  You can select these default settings with a click.  Me, I definitely opted for the Custom Settings.

Customize Settings Page

Here’s what the Customize Settings page looks like.  You’ll see that you can select who can see elements of your profile.  Here are my recommendations:

• If you post photos of your family, especially your children, make Posts By Me visible to Friends Only.
• Be sure to pay special attention to the Things I Share section.  This is the section where you can control what others are doing, including tagging you in photos and videos, checking you into Facebook Places, etc.  This allows you to NOT allow friends to check you into a bar or party, and stops them from tagging you in photos and videos and thereby making your photo visible to their friends.  Here’s a blog post about how someone nearly sabotaged a dinner party by checking all the guests into Facebook places.
• If your Facebook network is vast, consider creating custom lists and then specifying with each post and update which list can see your updates.  For example, I have a Family list that I use to share family photos and insider updates.
• Be sure to audit your privacy settings for existing photo albums. If you created albums before Facebook rolled out its new privacy settings, you may find that all or many of your albums are available to Everyone (I know I did!).

As for that pesky iPhone app that uploads your personal information to Facebook, unfortunately, there’s nothing you can do about that.  Facebook did recently add a warning to the app, warning users to make sure their friends are comfortable sharing their information with others.  This is a small consolation to me; I would venture to guess that most people don’t think about the privacy ramifications of their actions and apps and will blow right past this user agreement.  What to do?  This may sound dorky, but here’s what I’ve told my friends:

• Please don’t sync your iPhones with Facebook.
• Don’t try to check me into Facebook places.
• When you’re at my house, never check into Facebook Places or FourSquare so you don’t reveal my home information.
• Please don’t upload photos and videos that are unflattering to me and my friends/guests.  (When I throw Rock Band parties at my house, videos are not allowed; we DO allow photos of us band members looking cool with our instruments.)

How about you?  Have you audited your Facebook privacy settings recently?  Any revelations?  Any privacy disasters?  What are you doing, if anything, to maintain a semblance of privacy online?

FourSquare is a location-based social network. The idea is that you share your location with your friends and followers by “checking into” locations.  For example, every time I go to a restaurant, I pull up the FourSquare app on my phone, let the app determine my GPS coordinates and show me possible options.  I can select one of the venues select and “check-in” or add a new venue.  When I check in, I can write a little message and share out my update on Facebook and/or Twitter.

Last Saturday, I checked into four locations, including three restaurants and I got hilarious comments from friends about how all I did on Saturday was eat!

Here’s what I’m enjoying about FourSquare:

• I don’t feel compelled to check in multiple times a day, every day. My check-ins are usually to restaurants, but increasingly, I’m checking into events.  Tonight, I checked into the DCWW Content Strategy Workshop held at the Matrix Group office.  I check in only a few times a week, if at all.
• I love the gaming aspect of FourSquare.  People who have the most check-ins at a specific get a Mayor badge.  So far, I’ve earned a Newbie badge and an Explorer badge.  I’m hoping to become Mayor of one of my favorite restaurants sometime soon!
• It’s fun to see where my friends are and what they’re doing.
• FourSquare is not nearly as chatty as Twitter and Facebook.
• I have learned about so many great, local businesses through FourSquare!
• Some enterprising retailers are rewarding frequent customers with discount coupons and other goodies.  The retailers are glad for the patronage AND the free advertising from the check-ins!

FourSquare has its detractors, of course.

• Some critics say FourSquare is just another tool for sharing TMI (too much information). Yep, I agree, some people should Just Say No to checking in everywhere they go.  Seriously, do you need to check at Planned Parenthood or the strip club?
• On a more serious note, there are legitimate privacy and security concerns about constantly broadcasting where you are and where you are not. The Web site PleaseRobMe.com used takes FourSquare and Twitter feeds and broadcast location updates of thousands of people.  The founders of PleaseRobMe say the public is now paying attention and they’re now trying to figure out whether to continue the service.

Me? I only update during the day when I’m normally at work and yes, I have an alarm system at home that is always on when nobody is home.  And I never, ever update Twitter, Facebook or FourSquare and broadcast that I’m going to be away for an extended period of time.

As of a couple of days ago (June 22) TechCrunch reported that FourSquare had 1.7 M users and that it had added 100,000 users in the last 10 days.

How about you?  Are you on FourSquare?  What do YOU think about the new location-based social networks?

Back in 2005, Facebook’s privacy policy clearly stated the following:

No personal information that you submit to Facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.

The Evolution of Facebook’s Privacy Policies

But then, slowly and over time, Facebook’s privacy policies changed.

• In 2007, Facebook made your name, school name and profile photo available to the search engines unless you specifically prohibited this in your privacy settings
• In 2009, Facebook revamped its privacy settings and gave users more control over who gets to see which aspects of their profile.  Trouble was, the default gave “everyone” access to information.
• In April 2010, Facebook made the decision to make specific elements of all profiles public (name, hometown, school, interests and fan pages), and eliminate the ability to limit access to these fields.  If you didn’t want those elements to be public, Facebook recommended that you delete the information from your profile.
• In April 2010, Facebook also launched the Open Graph, which shares user profiles with third party sites so that visits to those third party sites can be personalized based on a person’s Facebook interests.  On the flip side, Facebook opened up its API (application programming interface) so that third party sites can add a Facebook “Like” button to their pages; when clicked, the information would be saved back to a user’s profile.

The Electronic Frontier Foundation has a great timeline of Facebook’s privacy policies, including links to archived versions of Facebook’s policies.

These changes to Facebook’s related to privacy and sharing data have prompted public outcry and scrutiny.  Gizmodo published of Top 10 Reasons to Quit Facebook.  On May 5, the Electronic Privacy Information Center and 14 privacy and consumer protection organizations “filed a complaint with the Federal Trade Commission, charging that Facebook has engaged in unfair and deceptive trade practices in violation of consumer protection law.”  Wired says Facebook’s Gone Rogue and calls for an open alternative to Facebook’s convoluted privacy policies and settings.

Take Back Control of Your Facebook Data and Privacy Settings

Okay, now that you’re totally freaked out, what should you do?  Here are my top recommendations:

1. Go to your Facebook page and edit your Privacy Settings.  Go to Account -> Privacy Settings.  Click on every link and update your defaults.  For example, under Personal Information and Posts, I set my default to Friends Only.  If I ever want a status update or a photo album to be available to Everyone, I can change the access level when I submit a specific update.
2. Delete sensitive information about yourself. For example, I don’t see any reason for my birthday to be on Facebook.  My family and friends know when my birthday is, I don’t really care if my family and friends don’t remember my birthday and who the heck needs to know how old I am?
3. Under Account -> Privacy Settings, I limited Activity on Applications and Games Dashboards to Friends Only and under Instant Personalization Pilot Program, I opted out of Facebook sharing my data with third party applications.
4. Go to ReclaimPrivacy.org and use their Facebook privacy scanner tool to audit your privacy settings.  I did it and it identified a couple of areas that needed shoring up.  Turns out that friends could share information about my Online Presence so I turned that off.  I did decide to keep some settings turned on, including the ability for friends to share my links and Web site.  I am in the Web business, after all, and I want people to be able to find me.
5. Remember that if you post a comment on a company Fan page, remember that your comment will be public since company pages are designed to be public.  If you don’t want your comment to be public, don’t post a comment; there is NO WAY to make it private.
6. If you don’t people to know about your interests, don’t click on Like buttons all over the Web. Clicking the Like button is like commenting on an article or blog post.  That action is meant to be public.  If you don’t want it to be public, just say No and don’t click.

Am I quitting Facebook?  Nope.  But I am keeping a close eye on the company’s ever-changing privacy policies, I’m auditing my settings regularly, and I remember the golden rule: if you don’t want specific information to be public, don’t share it anywhere.  Period.  End of story.

How about you?  What do you think of Facebook’s privacy policies?  Are the new policies making you think twice about joining or staying on Facebook?  Have you audited your privacy settings recently?

P.S.  Today, May 19, news organizations reported that Facebook is considering an about face on some of its recent privacy policy changes.  I guess we’ll have to stay tuned.

Does the social Web mean the end of privacy?  Are MySpace and Facebook to blame for all the personal revelations we spew out every day?  Or should we blame Google and Bing, which manage to index the Web and let anyone find out gobs and gobs of information about each of us?  When I Google my name (Joanna Pineda), I find lots of information that I WANT the search engines to find and index.  But I also find pages that have my address, my political contributions and address, yada, yada.  I’m not happy that Facebook changed its privacy settings and defaulted some of my information to be available to everyone, but I actually appreciate the more granular control that I now have over my posts, link and photos.

What do you think?  Is privacy dead?  How much do you reveal on social networks?  Are you doing anything to keep out of the search engines?