How we’re losing our privacy online

An interesting article on the topic.

Any comments? Reactions?

Advertisements

9 Responses to “How we’re losing our privacy online”

  1. Mikey D Says:

    Hopefully, and this could be a big stretch, future websites and applications will put security first rather than last. It doesn’t seem like most people are willing to compromise usability or entertaining features for security. I mean what average person is going to think about where their pictures are being stored when they upload them on facebook? Or if clicking a privacy setting checkbox really does anything substantial? I suggest making security the issue from the start. When you sign up for FB, instead of making the user fill out private information to display to the public, force them to fill out security preferences. Make it just as easy for someone to say “I don’t want people to see this” as it to say the opposite. Just like with airport security, if you want the average person to take security steps you have to ‘force’ them to take part in it. They will grumble and moan but in the end, appreciate it.

    On a side note, here’s an article from a while ago that highlights how security was definitely not a priority when facebook was created:

    http://blog.taragana.com/index.php/archive/facebook-hack-how-to-see-the-album-of-any-private-user/

    • Josh Wright Says:

      @Mikey

      I think you’re starting to blur the line between privacy and security with FB. For example, if you tell FB that you only want certain people or groups to be able to view a photo, that is your choice of privacy settings, not security settings(at least not security in our courses sense). Now if FB has bad security controls on their servers/code, like in the link you posted, that would be a security issue. But requiring people to specify who they want to see what information doesn’t increase user security.

      But I do agree that security from the ground up needs to be a priority because security as an after thought rarely provides any real security.

  2. Mikey D Says:

    I would argue that it does fall in the realm of security settings. Maybe not any type of security we’ll study in 414, like you mentioned, but that doesn’t mean it’s not a security risk. The way the twitter guy was hacked was all by means of gaining personal information about him. Even though the average person won’t have randoms digging for security questions in their facebook profile, the risk is still there. Organizations who make security a priority consider these ‘privacy settings’ a vital part of keeping themselves secure. If the White House gave out vital information about the president or the DOD made the location of a missile public, that would be an incredible security risk. Now I know comparing Joe Smoe’s FB profile to the DOD is a stretch but it highlights the difference of putting security first. If people really want to be secure that means going all the way with it. It’s a completely different mindset and not just an encryption scheme.

    • JB Says:

      I agree, but I think what you’re talking about is a much bigger problem than network security. Facebook is populated with a generation of narcissists, myself included. I’ve got the news feed to prove it. We’ve been told “You’re special” from the day we were born, and the internet is the easiest way to tell everyone “Hey, look at me! I’m special”.

      Speaking of Facebook, I realized today that there is no way to log in and enable forced https. You might want to change your DNS settings to force facebook.com to redirect to https://facebook.com, otherwise your password could get sniffed (I think)

    • Josh Wright Says:

      @Mikey

      I agree that depending on the organization in question, personal privacy can be a matter of security. Especially concerning the government and military. On the other hand, for most people this isn’t the case and even if they wanted to, they can’t control the amount of their personal information that becomes available. The Twitter hack is a perfect example. The attacker didn’t even use personal information from anywhere in the beginning. In the article, the attacker requested the Gmail password be reset, and the request was sent to an old Hotmail account. The Hotmail account was inactive, so the attacker re-registered the Hotmail account, resent the Gmail password reset and was in. Going back to Facebook, personal privacy is really non-existent, because applications that you install can see everything about you, regardless of the privacy you choose. It can even see everything that other users allow you to see(ie your friend only allows a certain list of people to see their cell phone number. If you can see it, so can your applications). Going outside of social networks that you can choose to join or not, the government puts a staggering amount of data online, which is good for transparency, but sometimes dangerous. For example, both of my parents are pharmacists, and they are both registered and licensed in California. It took me 2 minutes to pull up their current address in Florida, it’s all online. All that I needed was a first and last name and there is no opt-out option. Another example was when my grandma wanted to send something to her neighbor back home, but she couldn’t remember the street address or their phone number. So I pulled up her cities GIS mapping, set the layers viewable to just the home and business lots, and got her neighbors address from their tax records.

      The missiles aren’t too hard to find either, here’s a link on Google Earth that is probably a nuclear missile silo. http://maps.google.com/maps?f=q&source=s_q&hl=en&q=Harlowton,+Montana&sll=37.0625,-95.677068&sspn=34.534108,79.013672&ie=UTF8&cd=1&geocode=FZ2SxAId1xF0-Q&split=0&ll=46.562261,-109.512641&spn=0.003659,0.009645&t=h&z=17
      It’s in the middle of nowhere Montana, about 100 miles south east of Malmstrom AFB, where they work on the Minuteman IIIs.

      Now just because all this information is out doesn’t mean that it should be. The trick is informing users about things that are beyond their control, like government records, so they know what to safeguard and what not to safeguard. It’s kind of like HIV/AIDS, just knowing that you have it is half the battle. The other half is figuring out how to live around/with it, because you can never take it back.

  3. jonkatz Says:

    There are several issues here that are being conflated.

    There is certainly no way to prevent someone from posting whatever they want about themselves on-line. On the other hand, maybe people need to be educated about the consequences — like potential employers now looking at applicants’ facebook profiles before hiring them. (And you can imagine their reaction if they see pictures of you drunk at a party…) It’s also difficult if not impossible to “retract” information once it’s out there.

    Then there is the general issue of privacy violations that are not your own fault, e.g., public records, or satellite maps of your neighborhood. The law decides what is and what is not allowed here, but one can argue that in some cases the law should change.

    An issue of relevance to this class is the use of public data for authentication. Why are birthdays used as an identifier (e.g., by credit card companies)? Birthdays are public information! (For this reason, I do not list my actual birthday on my facebook profile…)

  4. jonkatz Says:

    Another issue regarding facebook in particular is that you essentially have to share either everything or nothing with another person, e.g., there are not separate categories for “good friends”, “acquaintances”, and “co-workers”.

    Recent work by other people at UMD is aimed, in part, at addressing this problem.

    • JB Says:

      Actually I think Facebook has already addressed this. About 6 months ago (maybe more), they added a feature where you can create groups for people, and then add either those groups or individual people to lists of information they are restricted from seeing. Hover over ‘Settings,’ then click Privacy Settings, then click Profile. It even lets you type the name of a friend to see what your profile looks like to them

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: