Social Networks

School teachers used to warn students that any bad grades they received would be forever noted on their infamous permanent record.  In a digital era where social networking sites dominate the internet, and privacy has become more of a luxury than a necessity, individuals everywhere have much more to worry about than a bad report card.  In the endless controversy regarding our first amendment right versus consumer privacy rights, the 20^th Annual CFP (Computers, Freedom, and Privacy) Conference brought together rights activists, companies and attorneys from a variety of backgrounds in hopes of striking a balance between online information brokers and privacy.

The argument between free speech and privacy is in many ways two sides of the same coin.  Consumer advocacy groups argue that not only are consumers unaware of how their personal information is being collected and used, but they also cannot do anything to change this.  On the other hand, certain attorneys, large search engines and information commerce companies cite that while privacy is valued, so is safety and trust to the people you are interacting with on a daily basis.  Luckily, both sides support forums like CFP that can create functional transparency in the public information industry and can help define and clarify the large gray area that is the foundation for endless lawsuits and controversy.

In a CFP panel titled, Online Information Brokers and Privacy: Where’s the Balance, representatives of non-profit consumer advocacy organizations like the Privacy Rights Clearinghouse and the World Privacy Forum instilled concern in viewers by alluding to specific anecdotes where public records of individuals (such as witnesses or domestic violence witnesses) have led to harassment and identity theft.  Generally speaking, these activist groups aim to spread awareness and advise consumers on how to protect their privacy rights.  They also stated how public records can pose security concerns because of the way fraudulent businesses in the past have used data in malicious ways.

Intelius Chief Privacy Officer, Jim Adler, served on the other end of the panel working together with privacy activists to create a balance and ultimately find a way to better serve the needs of consumers.  Adler noted that Intelius is not only aware of emerging concerns, but is also interested in increasing communication and collaboration with rights advocates to reach a middle ground.  In addition, he noted that the company understands that the higher level of transparency being created by social media and the internet also means privacy issues that need to be addressed.  For these reasons, Intelius has developed specific policies to differentiate itself from many other online information companies. While other businesses do not give you the option of deleting your information (citing free speech), Intelius has a free opt-out policy where individuals (i.e. threatened witnesses, law enforcement, and domestic violence victims) can remove themselves, no questions asked.

Different from a large amount of information brokers being attacked by activists, Intelius does not sell lists of information.  Instead, they act as an information retailer that buys lists, gathers information and sells it one at a time to consumers in hopes of providing insight and security.  Intelius, Adler states, believes that in order to “strike this balance, you’ll need to be able to have an environment where you can innovate responsibly… trust the individuals you interact with, and provide people with valuable services,”  requiring industry collaboration.  Ultimately, he believes that it is necessary to work together with privacy organizations to use public records in proactive ways that ultimately empower consumers.  However, even though Intelius can help you remove your name from their database, there are still hundreds of other companies willing to give out your information for a price.

In the midst of a social media phenomenon, consumer advocacy groups show how free basic public records have recently transformed into more robust reports from aggregators like Spokeo.com, who compile a wide range of information, including personal information from social networking sites.  The average consumer, they argue, is unaware of how much of the personal information is online and how it is being used. In a new age of modern permanent records, popular sites like Facebook and Twitter are the face of a hidden world of commercial data brokers.  Moreover, not all information is accurate, and even if consumers are aware, they are unable to erase or correct their personal records.  As a company dedicated to ultimately providing customers with a valuable service, Adler declared “the next step is to give you transparency to the info that’s out there, know what your digital footprint is, and then provide a way to comment, dispute and correct (it)”.

Privacy advocate organizations also noted there is a wide spectrum of information commerce companies that make up the industry, and not all can be placed in the same negatively perceived category.  The very idea that certain companies, like Intelius, were interested in participating in such a conference sheds light upon companies and their willingness to address their consumers concerns.

Forums like CFP are able to bring together all sides of the issue, and through industry cooperation, increase the likelihood of creating clear definitions and viable solutions.  Both consumer privacy activists and information brokers  support an approach that requires advocates, consumers, companies, and regulators to come together to figure out what’s right.

All participants on the CFP panel agree that in the future, data collection is inevitable, and panels like this can help create a balance between privacy and public records.  Adler ended his speech reminding viewers that “innovation is a team sport and it requires everyone to help us get through this in a productive way that empowers the customers.”  In the meantime, consumers need to be informed and aware of the availability of their personal information, knowing their online activity may forever be accessible on their modern permanent record.

With an estimated 3.7 billion phishing emails sent in the past year it is no surprise that phishers have set their sights on Twitter. The latest phishing scam sweeping the ‘Net' is a spam campaign designed to look like legitimate Twitter notifications.

The emails take many forms: Some resemble messages from Twitter customer support claiming that the site has detected an attempt to steal the receiver's Twitter password. Others claim that the recipient has changed the e-mail address associated with their account and ask them to confirm. The links in these emails lead either to a downloadable "secure module" which the emails claim will protect the account but is actually malware or to a phishing site designed to steal the user's account information. Online pharmacy spammers have also taken to Twitter-formatted emails to advertise non-FDA approved pills.

Those these scams don't seem very threatening at first (I mean, how much damage can some do with 140 characters?) but the repercussions having your Twitter account hacked are HUGE! Many people use the same password they use for Twitter for many other online sites; from Facebook to online banking, people just aren't taking necessary precautions with their passwords. So, if you enter your account information into phishing site and you use the same password for Twitter as sites like Facebook or your email that may house more personal information, the scammer can potentially get into your other accounts.

These scams, discovered by Trend Micro, are easily avoidable if you are aware of them and know what a legitimate Twitter email does and does not contain.*

• Twitter does not send links to "secure modules".

• Twitter emails request confirmations include the new account information.

• Twitter emails do no describe or promote new services or products.

* Twitter email specifications via Trend Micro

Before you get hacked, consider taking these precautions:

• Always read emails completely and thoroughly before clinking though the links. It can take a while for news of the latest scam to reach your ears so keeping a vigilant eye on all your emails is a must!

• Use different, high quality, passwords for Twitter, Facebook, your email, and your online banking account. Secure passwords contain a random series of lower and upper case letters, numbers, and approved symbols. Such passwords should be more than 8 characters in length

• Consider and Identity Protection service. Investing in and identity protection service, such as Intelius IdentityProtect, can prevent a scammer that acquires your information from using it. This useful advantage could save you tons of time and money.

The mass ‘unfriending’ of Facebook has signaled the public’s dissatisfaction with the social networking site’s privacy policies. Social networking sites have provided millions of people with the ability to connect and keep up to date with friends and family around the world. From keeping up with friends from the past to helping you form new ones, social networking certainly has its purpose; as long as you’re ‘safe’.  Even with their ambiguous privacy settings and indiscernible security policies, no matter how insecure centralized social networks become, without a viable alternative the vast majority of users will not abandon sites like Facebook, Twitter, Myspace, and Bebo. Enter Diaspora*.

Diaspora*, the new craze in social media has already raised nearly $200,000 in pledges via the funding website kickstarter in less than one month. That’s 1792% of what the four guys from NYU requested to help them make it through the summer! But what makes Diaspora* worth $200,000? I mean, do we really need ANOTHER social networking site? No. This is why Diaspora* got our attention—Diaspora* promises to be a “privacy aware, personally controlled, do-it-all, distributed, free, open-source social network.”

What this means is that, as individuals, we will each be able to download the Diaspora* software (which the Diaspora* team hopes will go live in September) onto our OWN computers and from there, set up our OWN ‘seeds’ (mini social networks). Each user will be in complete control of what they send to whom. There will be no hub and no moderator. Add a user-friendly interface and a sleek design and everyone will want to have their own ‘seed’.  The privacy settings will all be automatic. With heavy encryption and full user control, Diaspora* has the potential to make social media privacy concerns a thing of the past.

As co-founder, Maxwell explains, Diaspora* will allow you to store all of your information (photos, comments, conversation threads) in one place: your seed. From there, you will be able to push pieces of that information out to whichever ‘friends’ you choose to share it with. After all, when we share data online there is no guarantee that, even if we delete it, that information won’t be available on someone else’s computer due to archiving. Since the internet is still relatively new, as far as anyone knows, the information we’ve posted across the social web will exist forever. But, as the Diaspora* project is set to prove, it doesn’t have to be that way. As the guys put it, “Sharing is a human value,” and everyone should be able to share what they like with who they like without fear of identity theft or damaging their reputation.

On April 14^th the Library of Congress sent out an official tweet that would stir the masses: "Library to acquire ENTIRE Twitter archive - ALL public tweets, ever, since March 2006! Details to follow." Twitter's millions of users send out more than 50 million tweets each day, all 140 characters or less. These snap-shots into everyday life are about to become part of human-kind's cultural history. The Library of Congress, whose goal has long been to preserve the "universal body of human knowledge", intends these posts, from Obama announcing his presidential victory to the musings of a teenager in the American Midwest, to provide insight to future generations about our culture.

The web-capture will include every public tweet since March 2006. Private tweets and direct messages will be exempt since they were never meant for public viewing. There will also be restrictions on the use of archived tweets. According to the Twitter blog, archived tweets will be available for internal library use, non-commercial research, and public display only after a six month delay.

For Tweeters this means that your every tweeted-thought will be available for future generations to study. But is this an invasion of privacy? The library of congress says ‘no', it is a preservation of culture. It will highlight only those tweets that it believes have strong cultural significance. The tweets are expected to capture a moment in history, similar to the letters and journals of the past, which the Library has been archiving for 210 years. Besides, each twitter user agreed to the terms and conditions of Twitter which means that Twitter, rather than the authors, own every tweet on the network. Twitter is therefore well within their rights to donate the tweets to the Library of congress.

As of now, there is nothing that can be done to have your tweets removed from this web-capture project if you, for whatever reason, want your tweets excluded.  However, you can set your profile to private to prevent any future tweets from being archived.

One possible effect of archiving all public tweets: Maybe people will start thinking before they post. "After all," as Fred R. Shapiro, associate librarian and lecturer at Yale Laws School notes, "your indiscretions will be able to be seen by generations and generations of graduate students."

MySpace, Facebook, Twitter, LinkedIn - with all the options and advantages, who doesn't have at least one social networking profile these days? The growth of online social networking in recent years has provided people with a new way to keep up with friends and family and connect with people all over the world.

What we sometimes don't realize, is that a lot of the information we post on these sites intended for our friends, family or trusted colleagues can also be seen by complete strangers.  Criminals have found a new source for information that can be used for crimes like identity theft, fraud and other scams that are sweeping the internet.   These criminals aren't looking for simple public record data, rather; it is the content of posts, updates and tweets that is putting social networking site users at increasing risk.

Social networking sites allow us to be constantly connected, to post whatever we want whenever we want, and we often don't think twice about what we post. Even in Twitter's 140 characters you have the opportunity to divulge enough personal information for an experienced online criminal to do harm. You may inadvertently give away your location by posting about your job, or you may post about a struggle you've been having with your bank and thus alert the social networking universe as to where you bank, what kind of banking you do, and what kind of account you have. Posting you mother's maiden name, mentioning an upcoming high school or college reunion, or talking about your favorite pets can provide criminals with just enough information about you to guess your password.

So what can you do to keep you identity from being stolen based on the information on your social networking profile? Check out the tips bellow to find out how you can keep safe:

• Keep your information to yourself. Don't post your full name (at least leave out your middle initial), your address, your email address, birth date, or your phone number to any of your social networking profiles. Though most social networking sites prompt for them they aren't required, so don't post them.

• Make all of your social networking profiles private, allowing only limited information to be viewed by people you have not approved as ‘friends' or ‘followers'.

• Only ‘friend' people you actually know. It isn't uncommon for people to accept a friend request from someone because they have a mutual friend or even a complete stranger. Often online fraudsters will friend as many users as they can with the hope that someone will take the bait. If you aren't sure if you know someone, confirm their identity before you add them. If you can't confirm, don't add them. Remember, the casual social networker uses their profile to keep up with friends and family, so why would you allow someone into your network who wasn't a friend or family member?

• Use secure passwords. Pick your passwords wisely, passwords that reflect your personal tastes or are ‘easy' to remember are often easy to guess. Consider a random set of capital and lower case letters and numbers, no less than eight characters. It's also a good idea to use different passwords for things like bank accounts than you do for social networking sites or email accounts.

• Always think twice before you post. Remember that if you post something online it can't be taken back. Just because you delete something, there is a chance that the information is cached on the site or is available on archiving sites. So before you update your page on-the-fly from your cell phone be sure to THINK about what you are posting and how the information could be used and who has the ability to see it.

• Talk to your kids about the risks. You aren't the only one online; if you have kids make sure they are practicing safe online habits. Talk to them about internet and social networking safety before anything has the chance to go wrong.