Rafal Los posed the question recently in his blog: "am I too paranoid?"
The context is he was speaking about a Twitter statistics website that he found which requires your login credentials in order to provide capabilities beyond statistics. Being the good security-minded chap that he is he looked into what this widget will do for you if you provide your credentials. Here's what he found.
It will...
* Read Tweets from your timeline.
No worries here, everyone can do that.
* See who you follow and follow new people.
Okay to the see who you follow, that's public. ...wait, "follow new people"? Why? What makes it think I want to follow these people it auto-follows? Nope, don't like this. I would accept suggestions on who to follow though.
* Update your profile.
Huh? What for? What would it add? Don't like that. Rafal mentions he doesn't even let his marketing people do that. Heh, I don't have marketing people but if I did I might let them access it...well maybe.
* Post Tweets for you.
What are you going to post? Advertisements spamming ppl? That's get me fewer followers. Ah no, no you won't you lil widget, you won't be doing this.
* Reading direct messages.
Excuse me! Why? For what purpose?
There's no way I would want a widget like this to have complete access to my Twitter profile. Am I too paranoid like Rafal? Maybe but I think for good reason, well many reasons. One such reason is need to know principle. In my opinion, this widget does not need access to some of the areas it accesses. It's the same reason why I don't give out my social security number easily or without asking why they need it. At the DMV, sure, at a department store, nope.
So no Rafal, you aren't being too paranoid...you're being sensible, safe, smart.
Check out Rafal's blog, he writes some good stuff.
http://h30499.www3.hp.com/t5/user/viewprofilepage/user-id/604516
Entry related to this topic:
http://h30499.www3.hp.com/t5/Following-the-White-Rabbit-A/Am-I-Just-Too-Paranoid-Federating-Identity-by-Twitter/ba-p/2414931
Showing posts with label Social Networking. Show all posts
Showing posts with label Social Networking. Show all posts
May 16, 2010
Replacement for Facebook?
I discovered an interesting project the other day where 4 software developers are embarking on a project this summer to develop an open source, distributed, privacy-aware social network. It sounds kind of like what Tor is for surfing this network is for socializing. In the video on the main page they complain that they don't want a central hub handling their messages to their friends.
It's an intriguing project and one that has attracted quite a few supporters. I know this because they launched a donation website where one can donate to their project and receive certain benefits. They said they need at least $10,000 to fund the development of the project: as of 12:00 PM UTC on Sunday May 16 they have 4,493 backers who donated a total of $168,730. I wonder what they'll do with the extra cash.
One wonders if this will seriously compete with Facebook's 350 million users or maybe it will get Facebook to fix their privacy policy which has gotten a beating recently. Time will tell with this.
Check out the project here.
It's an intriguing project and one that has attracted quite a few supporters. I know this because they launched a donation website where one can donate to their project and receive certain benefits. They said they need at least $10,000 to fund the development of the project: as of 12:00 PM UTC on Sunday May 16 they have 4,493 backers who donated a total of $168,730. I wonder what they'll do with the extra cash.
One wonders if this will seriously compete with Facebook's 350 million users or maybe it will get Facebook to fix their privacy policy which has gotten a beating recently. Time will tell with this.
Check out the project here.
July 27, 2009
Advertising on social media site raises privacy concerns
Quick post about an interesting story I just read...
One day a married man (important to mention) logged into his Facebook account to check his messages. While on his page he was presented with an ad that entised him to visit a singles site. The ad said "Hey Peter. Hot singles are waiting for you!!" So what you ask? Well it just happens that along with the ad was a picture of a woman, that woman happened to be his wife. See below:
As it turns out, a 3rd party advertiser scraped her picture and others off Facebook profiles and used them in their ads. The victim, Cheryl Smith, talks about the incident on her blog.
According to Facebook officials this violates their policy and they have removed this advertiser. They even kicked off two whole advertiser networks for terms-of-service violations (not necessarily related to this particular case).
At first this story gave me a great laugh, but that quickly turned to shock and concern. Shock that an advertiser would use such a tactic, well I guess I've seen worse but still shocked. Concern regarding privacy on social media websites.
The folks at DownloadSquad have a writeup about this incident here and Sunbelt Software talks about it as well.
Want to protect yourself from the scrapers? Read Tom Eston's Facebook Privacy & Security Guide.
One day a married man (important to mention) logged into his Facebook account to check his messages. While on his page he was presented with an ad that entised him to visit a singles site. The ad said "Hey Peter. Hot singles are waiting for you!!" So what you ask? Well it just happens that along with the ad was a picture of a woman, that woman happened to be his wife. See below:
As it turns out, a 3rd party advertiser scraped her picture and others off Facebook profiles and used them in their ads. The victim, Cheryl Smith, talks about the incident on her blog.
According to Facebook officials this violates their policy and they have removed this advertiser. They even kicked off two whole advertiser networks for terms-of-service violations (not necessarily related to this particular case).
At first this story gave me a great laugh, but that quickly turned to shock and concern. Shock that an advertiser would use such a tactic, well I guess I've seen worse but still shocked. Concern regarding privacy on social media websites.
The folks at DownloadSquad have a writeup about this incident here and Sunbelt Software talks about it as well.
Want to protect yourself from the scrapers? Read Tom Eston's Facebook Privacy & Security Guide.
January 12, 2009
Guide to Protecting Yourself on Facebook
There is a great guide about how to protect yourself on Facebook written by a friend and security colleague of mine, Tom Eston. Tom has alot of experience researching social networking and has some really great tips that could be applied to Facebook or any social networking site.
Highly recommend you check this guide out and send it to your friends and family. Get it from his blog here:
http://spylogic.net/item/370
Highly recommend you check this guide out and send it to your friends and family. Get it from his blog here:
http://spylogic.net/item/370
November 17, 2008
Protecting Your Brand Online: Is There Another You on the Internet?
There's a great article by Richard Stiennon over at the ThreatChaos blog about the potential for Twitter being used to attack brands. Washington Post's Brian Krebs also talks about claiming your space on these social networking sites. If you are worried about protecting your company's or YOUR brand go read these articles.
I, for one, have been working on Internet brand protection for the past year or so. From my name to the organizations I help run I've been registering domain names and setting up accounts on various websites; all in an effort to try to protect the brand. It's time consuming and expensive and I still have much work to do.
There are a TON of social networking sites: see this great Wiki page listing various sites along with information such as the focus of the site. And the big problem with this is that they don't validate the creator. I could set up a profile using the name George W Bush with no problem. Well, that is until the Secret Service show up at my house. doh. Worse, sometimes they don't even index on the profile name allowing an evil twin attack to occur. It would take you days to set up profiles on all of these sites and honestly I don't feel you need to do this. Focus in on the popular sites and the sites that are appropriate for your brand. For example if you aren't into or brand doesn't relate to fantasy or sci-fi than you don't need to register on Elftown. However, you might want to consider Yelp.com which is an online city guide where people rate businesses in their neighborhood. Yelp even offers a page for business owners to monitor your business page.
Even though anyone can impersonate you there are some measures you can take to help protect yourself and your brand. So the areas that I recommend you consider in your online protection strategy are:
Domain Names
I, for one, have been working on Internet brand protection for the past year or so. From my name to the organizations I help run I've been registering domain names and setting up accounts on various websites; all in an effort to try to protect the brand. It's time consuming and expensive and I still have much work to do.
There are a TON of social networking sites: see this great Wiki page listing various sites along with information such as the focus of the site. And the big problem with this is that they don't validate the creator. I could set up a profile using the name George W Bush with no problem. Well, that is until the Secret Service show up at my house. doh. Worse, sometimes they don't even index on the profile name allowing an evil twin attack to occur. It would take you days to set up profiles on all of these sites and honestly I don't feel you need to do this. Focus in on the popular sites and the sites that are appropriate for your brand. For example if you aren't into or brand doesn't relate to fantasy or sci-fi than you don't need to register on Elftown. However, you might want to consider Yelp.com which is an online city guide where people rate businesses in their neighborhood. Yelp even offers a page for business owners to monitor your business page.
Even though anyone can impersonate you there are some measures you can take to help protect yourself and your brand. So the areas that I recommend you consider in your online protection strategy are:
- Domain Names
- Social Networking Sites
- Email Addresses
Domain Names
- Of course!
- firstnamelastname.com: at a minimum
- firstnamelastname.name
- Twitter (http://twitter.com): Consider registering your online name as well as real name.
- MySpace (http://www.myspace.com)
- Facebook (http://www.facebook.com)
- LinkedIn profile AND group (http://www.linkedin.com)
- Zoominfo (http://www.zoominfo.com)
- Bebo (http://www.bebo.com)
- Orkut (http://www.orkut.com)
- Yelp (http://www.yelp.com)
- Gmail
- Yahoo
Subscribe to:
Posts (Atom)
