Security

Privacy, security and hackers...oh my

Several weeks ago, LinkedIn had an enormous security fail when 6.5 million user passwords were leaked. Since that incident you can add sites like Last.fm, Yahoo and, most recently, Formspring to the list.

Some people may be wondering what the big deal is. You change your password and move on.

Not so fast, my friend. Let’s think about this:

1) How many of those people use the same password for every site they sign up for (yes, even their bank)?


2) How many of those people who use the same password everywhere are your friend on Facebook? (The one place you share your kids’ names because it’s “private”.)

I’ve said it before and I’ll say it again: Your information on Facebook is only as secure as the weakest password amongst 300 of your closest, nearest and dearest friends.

How many of your friends’ Facebook accounts have been hacked in some way? Just among my friends, I’ve seen about a dozen friends get hacked over the years. It’s happened to friends who are self-proclaimed luddites and those who are fairly tech savvy in equal measure.

If we connect the dots of the LinkedIn password leak and Facebook friends using the same password for both networks, how many of your friends do you think use the same password for both? Probably a decent number of them.

I used to.

I don’t anymore. In fact, my project for 2012 just got kicked into high gear when I heard about Danny Brown’s Facebook account being hacked over the weekend.

Beefing up online security

 My New Year’s promise to myself was to be more secure with my data. So, I’ve started implementing the use of a password manager (LastPass) and creating unique and randomized passwords for every site. Given the number of sites I have memberships on, the only way I’m willing to do this is with a password manager. 

I think you need to join me in my challenge. Take some time to learn about how passwords are stored online and what makes a strong password (pro tip: complex doesn’t always equal unhackable). Sadly, the five most common passwords are:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123

Number one just boggles the mind.

Knowledge is power

Does it scare you to think that someone might try to access your accounts with malicious intent? It is kind of scary, but here are a few more important points for you to think about:

  • The Internet isn’t private. It IS public, even if you’re in a walled garden like Facebook.
  • Any password is hackable: Strong and long passwords are hackable. Long ones just take longer.
  • If you aren’t 100% fine with seeing it on a billboard in Times Square, it probably doesn’t belong on the Internet.
  • You need to thoroughly review privacy settings on Facebook (read Danny’s post for more info).

You don’t have to fear privacy and security breaches as long as you remember these things and stay true to who you are. Your authenticity will reduce the impact of a malicious attack. 

Have you ever had a web-based account hacked? What did you do?

Buzz and Brilliance: Week ending October 29

I think we all know what the biggest story this week was. But just in case you missed or want to read more about what exactly is going on you can catch up through the Kloutastrophe roundup I posted on The Mini Mesh. That's two posts this week on the Klout changes, so I don't need to say anything more about it.

In general, I think reports on studies like this one are interesting to look at, but they rarely have an impact on my behavior. However, it was interesting to me that link placement in the middle of a tweet could get more click-throughs. I've tried it a bit, but I haven't tested it with tracking. There are so many variables that can affect when and why someone clicks on a link that I'm wary of trusting such assertions as hard and fast guidelines for why I do something. The other type of report I see at least once a week is one that outlines advice on the times to post to various networks to get the most engagement. Steve Olenski from The Star Group tells brands that after hours will net the greatest engagement, information that may come as a surprise to many (and goes against what I've personally experienced). Take these suggestions with a grain of salt. Test them with your audience to see what works best. Or these tools might help.

Do you have great ideas for video? There's never been a better time to expand to doing video. It's unbelievably popular and its popularity just keeps growing. And you can make money doing video (if you hit viral gold). When we made the decision to drop our cable over two years ago, I wondered if we'd be bored to tears. That hasn't been the case at all. Technology keeps us in touch with anything we want to see and I don't miss the cable bill at all. More and more are going to do this and it's forcing advertisers to think of new ways to get their message out. Just make sure that if you're going to start doing videos that you tell really cool stories.

QR (quick response) codes are taking off all over the place. It's a technology that is getting a lot of buzz, but not nearly enough users understand or even have an interest in it. The companies who are using QR codes often have flaws in their plan, but Starbucks seems to have come up with a creative use that will help their customers and enrich their knowledge and experience of the brand.

Now that Facebook has had a big overhaul, it looks as if Twitter is next. How do you feel about an expanded timeline with the ability to see conversation threads? Yeah, those are already available in third-party clients and since I rarely ever use Twitter on the Web, these changes don't phase me, but I do think it's a step in the right direction to make their Web access more user-friendly.

How many times has some new information repository started up that will "revolutionize your world" that made you a bit squeamish inside? One thing I clearly remember was 3-4 years ago hearing about Google Health, I think it was called. A place to save your entire medical history. Who wants to do that!? Then I read this and I finally get it. If you've never done a move that took you thousands of kilometers/miles away from home, you might disagree. I have. Digital medical records? Not such a bad thing. With seriously tight security.

A few items to be watchful about

We all know that the intersection of social media and work (for the non-social media worker) can be tricky. I've personally been at companies that had some relentlessly strict guidelines for social media usage outside of working hours. I think it's safe to say I wouldn't want to work for a company that's trolling Facebook to find out if I'm complaining.

Do you comment on public Facebook posts of your friends or those you subscribe to? Does your family? Be sure you want to comment badly enough for third-party apps, like Klout, to pick up on your existence. If you don't want it to happen, refrain from commenting on public posts and be sure to educate your family members too.

Did you know that employers are looking at social media? Who doesn't know that? Yet I see posts nearly every week about it. Now it's affecting law school admissions. What you say on social networks matters and yes, it can come back to haunt you too.

It's discouraging (as a U.S. citizen) to see that the government there has made nearly 6,000 requests for information from Google. Thankfully, Canada (1/10th the size of the U.S.) has made only 50.

The moral of the story? Don't post anything online ever anywhere that you don't want a future potential school administrator/employer/government to see. And don't be fooled by upcoming Facebook privacy updates because with 600,000 compromised logins per day, Facebook privacy still depends a lot on the strength of your friends' passwords. The best way to keep something private on the Internet is not to put it on the Internet.

A little bit of fun

Have you ever been to a site that had established linking guidelines? I think I'd leave and not come back, personally, but to each his own, I guess.

If you're anything like my family, you already have your (five) pumpkin design(s) in the works but these are fun to look at anyway. (What? You don't carve five pumpkins?)

It's not fair to include the pumpkins if I don't include the geeky awesomeness of these costumes! I really wish I'd seen this a few weeks ago - I would have totally used the cloud costume.

Speaking of Klout, what exactly is it again?

The Mini Mesh, which I referenced in the first paragraph, is my Tumblr blog that I try to post to on days I don't post here. Typically, the posts are much shorter and usually contain commentary on a news story or other social media commentary. If you're on Tumblr, I'd love to have you follow me!

Who is responsible for privacy on social networks?

This morning, I was flipping through my RSS reader and got to Margie Clayman's post, "Let's Talk About Keeping Kids Safe on Facebook". My curiosity was piqued right away because this subject is one I feel strongly about. As a parent, it's close to my heart as well. I don't always agree with Margie's point of view, but I have a  lot of respect for how she presents it - with class and an open mind to different perspectives. I have so much to say on this subject that I'm devoting a blog post to it instead of just leaving a novel-sized comment on Margie's site.

This isn't strictly an issue about children. There are a lot of misconceptions out there about privacy and social media among adults - and we're the ones teaching our kids how to use these tools "properly". The expectation of privacy on the Internet, to me, is a misnomer. The Internet is inherently connected and open. Even secure sites are occasionally breached. Does that mean we should all disconnect? No. It just means we have to think more strategically about how we're using these tools to protect ourselves.

Data Security
In the opening paragraph, Margie states (emphasis mine):

"I think that on Facebook in particular, it’s really easy to do things that could have alarming consequences because everything seems so safe there on the surface. You can lock down your content, you’re talking to your friends and family for the most part…what could go wrong?"


Those words in bold? That is the problem with any and every site that requires a login - I would even include twitter in this for the people who don't make their tweets public. But Facebook is, by far, the most common place that users feel safe. Here's why that's false security:

Your data on Facebook is only as secure as the weakest password of the people on your friends list. Assume that at least one has "password" as their password and post information accordingly.

Back when I had only around 100-150 friends, about five had their accounts broken into or clicked on nefarious links within a few weeks of each other. That's a high enough percentage that I'm not comfortable with posting much personal information on Facebook. Further to the password point, it is naïve to think that anything you share on social Web sites is secure. It's social. It's sharing. I'm repeating myself here, but it's the Web, which is inherently shareable, hackable and not private.

This is a great reason for businesses NOT to have a personal profile on Facebook. Pages can't see the profiles of their fans, but since a profile set up by a business can, there are definite privacy concerns. If a business account was hacked and "friend" data used for nefarious purposes, that could be devastating to the business' reputation.

Location Services
Margie moves on to discuss the use of location-based services, i.e., Foursquare, by parents - specifically parents who check-in at their children's school. If you're checking in at any location where you leave your child on a regular basis without being there with them every single time, it's a bad idea. Check-ins shouldn't be done everyday or at every location you visit. Personally, I won't check-in at work or even on the bus route that I take, because that narrows down where I live a little too much for my liking.

Social media is like one big puzzle with lots of pieces spread out all over. It doesn't take a rocket scientist to find the pieces and put together a really thorough picture of your life, unless you're smart about how and what you share. The safest bet is to assume that everyone in the world can see everything you've ever posted on the Web.

Real Names
I absolutely support using a name online that one is comfortable with using. A word of caution: It's far better to think about this before you start using your real name than it is to try to change mid-stream. I recently almost unfriended a person on Facebook because I saw this name in my friends list and had no idea who they were or why I'd friended them. Then I happened to notice the vanity URL and realized that it was, in fact, someone I knew; they'd changed their name. But that vanity url? It's permanent and identifies them as their previous self via - you guessed it - their real name. That kinda defeats the purpose of changing the name, don't you think?

It's my personal belief that the risk of using your real name online is no greater than using it in your day-to-day life - for the average person (and without a doubt, there are exceptions). It is a reality that there are people in this world who will use that information to do harm, but there are countless ways to get that information about you that don't include online interactions. Just think about how many people and places have your name and/or contact information - track it for a month or two; you'll be amazed. For kids, it's fewer, but there are still many.

Ultimately, the responsibility for privacy lies with individuals using social tools. Posting without a clear idea of the ramifications could lead to unintended negative consequences, from lost job opportunities to greater potential for being the victim of a crime. We control what we post online - not Facebook, Twitter or any other social networking site. It's worth it, then, to learn how to protect ourselves rather than relying on someone else to do it for us.

What steps do you take to protect your privacy online?