Online privacy vs. the need to share

December 8, 2010
Image representing Facebook as depicted in Cru...

Image via CrunchBase

I’ve been on the fence about social networking lately. To what extent does it allow us to connect, reconnect and share, and to what extent does it give far too many third parties access to our personal lives?

And when I say “social networking,” let’s have it out in the open: that means Facebook. I mean, it’s possible to overshare on Twitter, but most tweets amount to inane babble that doesn’t reveal much about anything. It’s possible to overshare on MySpace, but that would require people to still be using MySpace when, in general, they’re not. It’s all about the Facebook these days.

Sure, Facebook can be fun. You can find people you haven’t seen in years. Share photos. Make flippant remarks about everything (this is mostly what I do there).

But I think the company is cocky sometimes. They have been guilty of assuming that, just because you want to share a photo with your friends, you automatically want to share it with literally every single person (and company) with an Internet connection. I also heard they were predicting 750 million, then 1 billion, users before too long, after they hit 500 million. Sorry. It isn’t going to happen. Facebook has been the king for a few years, but if there’s one rule on the Internet, it’s that nothing lasts forever. Unless you’re Google, apparently. I digress.

If you still want to use Facebook rather than be an early un-adopter and delete your account, I think it’s okay to do so, but you have to keep a few things in mind. You can’t just click everything that shows up on your screen.

Privacy Settings

Check your privacy settings every now and then. The safest method is to set everything on “Friends Only.” That mostly locks other people out, as far as viewing your photos and reading what you post.

Whenever Facebook introduces a new feature, new layout, or other big changes, it’s a good idea to re-check your privacy settings. In the past, “new look” usually meant “we changed all your settings back to the default, which is everybody in the universe can see everything you post.” A major update just came out, or is about to; I can’t even tell anymore. At any rate, check your settings regularly, just to make sure.

Regardless of settings, your name, location and profile photo are still visible, though. Keep that in mind. Also, if you use any “Facebook apps” (games, etc.), the publishers of those can also access your information. Which brings us to…

Applications/Games

Here’s the short version: just don’t do it. Farmville. Mafia Wars. Happy Aquarium. Farm Wars. Happy Mafia. Whatever. Just avoid them.

See, the problem with these applications is that they are created by third-party vendors, not Facebook itself. While Facebook has a privacy policy in place with regards to your information (bad PR pretty much forced their hand), these other companies might be a little more…free…with your info. It’s better to keep a tighter watch on who has your data.

Plus, these games are just a massive waste of time. You can’t tell me those hours wouldn’t be better spent away from your computer.

Other Things You Can Click On But Shouldn’t

It’s not all just apps and games on Facebook, either. There are always a million things showing up in your friends’ status feeds, often with accompanying links.

Here’s your first rule: there is no app that will tell you who has viewed your profile. It doesn’t exist. There are, however, scams that use this promise to give crooks access to your profile.

Here’s another one: any combination of words like “OMG,” “this really works,” “five things,” or scandalous videos depicting a celebrity currently huge with teenagers (Justin Beiber is the soup du jour), is not going to lead you to what it says it will lead you to. It’s called “likejacking,” and I’ve written about it before.

One more: your friend is not stranded in London, having been mugged. Someone has hacked his account and is trying to get you to wire money overseas.

Basically, if you’re using Facebook for anything beyond connecting with friends, you’re opening your information up to third parties. Some of them just want to advertise to you. Others want to steal from you.

Okay, it’s probably okay to “like” your favorite band’s official page in order to stay updated on new releases and tour dates. And it was funny when that pickle got more fans than Nickelback.

But, really, is all of this necessary? My goal would be to spend less time on Facebook, not more. I started using the Internet in 1995, and I’ll be honest: I’ve gained some weight over those 15 years. I can’t help but wonder if I’d be more fit now if I’d done more face-to-face social networking, and less BBQ-potato-chip-to-face social networking while sitting in front of a computer screen.

Comments Off | Privacy | Tagged: , , , , , , , , , | Permalink
Posted by Clint

Social network phishing

May 20, 2010

I read an article the other day about Tweets promising free Twitter followers being a phishing scam.

I’d go into details, but it’s the same old story: you click on a link, which takes you to a website that asks for your Twitter username and password. Once the phishermen have this information, they lock you out of your own account and use it to perpetuate the phishing attack or to drive people to other scam websites. The same thing happens on Facebook. When one of your friends suddenly can’t seem to write in coherent language and starts shouting about some iffy product or cheap prescription drugs, that’s a sure sign of a phishing victim.

The thing that bothers me is how well it seems to be working. Why so much emphasis on increasing your Twitter followers?

If you’re a celebrity, I can understand why you’d end up with over a million followers just on the basis of  who you are. If you have a proactive sort of agent, you might even be encouraged to look at your number of followers as a metric of how much “star power” you’ve got.

If you work in the marketing department of a company and have spent six months convincing management that the company really needs a Twitter account, I can understand the desire to get as many followers as possible in a short amount of time.

However, if you’re just somebody who uses Twitter as a communication tool, what reason is there (beyond your ego) for thinking you need to add a hundred random followers (and subsequently falling for this scam)? Unless you’re doing something interesting on the site (telling us what your cat is doing is not one of them), I can’t think of any. For the 99% of us who are “just sorta there,” is there really any advantage to having scads of followers?

You might think this is going to lead into, “What’s the whole point of Twitter, and why don’t you just go outside for once?” but I’ll resist the temptation. Twitter’s neat, and I see the appeal. However, AOL was pretty neat at one time, too.

So have at it—use Twitter. Complain about the cruddy customer service at a store and see how scary-quick they respond to you. See what Pee-Wee Herman and LeVar Burton are up to. But never click on those “add more followers” links, and never, never, ever enter your username and password on a website other than the real Twitter page.

And go outside now and then.

Couldn’t resist.

Comments Off | Phishing | Tagged: , , , | Permalink
Posted by Clint

Ridiculous Spam Friday IX: The Reckoning.

May 7, 2010

Sometimes I think I could go all the way to “Ridiculous Spam Friday, Part Infinity” and never run out of examples.

Here’s a pretty standard advance fee fraud message:

From: Jiang Jianmin <Jiang.Jianmin@ctcb.cn>
Date: Saturday, May 01, 2010 2:02 AM
To: none
Subject: Very Important*

Good Day,

I have a secured business proposal of $28,272,000.00.Contact me via my private
email(cncn1_jiang_jianmin2011@yahoo.com.cn)if interested.

Mr Jiang Jianmin.

I’ve noticed the “business proposal” scam messages never go into much detail. It’s a different approach than the lottery, inheritance or soldier versions, who often practically write you a novel.

From: Twitter Support <support@twitter.com>
Date: Monday, April 26, 2010 2:20 PM
To: [correct address]
Subject: Twit 32-37

Hi,
You have 2 information message(s)

http://twitter.com/account/message/9A2D6-2395

The Twitter Team

Please do not reply to this message; it was sent from an unmonitored email address. This message is a service email related to your use of Twitter. For general inquiries or to request support with your Twitter account, please visit us at Twitter Support.

This one was sneaky. It looked exactly like a message that might come from Twitter. The link on “Twitter Support” even took you to the real page. However, the link for the “information message(s)” was disguised—it led to a website in Croatia (.hr). Eastern Europe is a hotbed of this type of stuff these days.

From: Reward-Aisle <Reward-Aisle@littleb1tes.info>
Date: Tuesday, March 16, 2010 11:07 PM
To: [correct address]
Subject: Take Our TV Survey. Get a $250 Card.

Are you going to watch the reality mom take the dance floor?      
      

http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?0     

      
Let us know if you?re over Kate Gosselin or excited for her Dancing With the Stars(R) debut. Then get a $250 Visa(R) gift card FREE, details apply.      
      

http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?0     

–     
      
Reward-Aisle?s Gift Program is not endorsed, sponsored by or affiliated with Visa, Visa International Service Association, Dancing with the Stars, ABC, American Broadcasting Companies, Inc., or any other merchants listed above. Such terms are registered trademarks of their respective owners.     
      
This promotion is conducted exclusively by Reward-Aisle. Participation terms and conditions apply. To receive the promotional gift, you must: 1) register with valid contact information; 2) complete the user survey; 3) complete the required number of Silver, Gold and Platinum sponsor offers. Available offers will vary and some may require a purchase to qualify. Please refer to the ?Program Requirements? link on the web site for details. Unless otherwise indicated, eligibility is restricted to US residents, 18 and over. Void where prohibited.      
      
UNSUBSCRIBE | http://littleb1tes.info/c/77gydK5R91-R9aC8lizf3g.html?1 | Reward-Aisle | P.O. Box 24017, Dartmouth NS B3A4T4    
     
To remove yourself from this list,
click here http://littleb1tes.info/u/77gydK5R91-R9aC8lizf3g.html
or write to us at:
PO Box 7775
San Francisco, CA 94120

I don’t know if this is a scam, a setup for drive-by downloads, or just some really bad advertising. And I don’t care, because it’s complete garbage.

When you get a message like this, the only action to take is to delete it. You don’t even want to use that link to remove yourself from their list, because these people don’t need to know that your address works.

Comments Off | Spam | Tagged: , , , , | Permalink
Posted by Clint

You’re not getting a free iPad. Nobody is getting a free iPad.

March 4, 2010

Facebook and Twitter are, once again, just lousy with a new scam. This time it involves Apple’s latest device, the iPad.

The iPad is…well, I guess it’s sort of like a giant iPhone, except you can’t make phone calls on it. It’s one of a new category of devices called “tablet computers.”

Personally, I think they’re sort of dumb. They might be good if you’re solely a consumer of content, but they seem limited if you’re actually creating content (video, music, writing, etc.).

I’m sure it will be a big hit anyway; there is a very large, dedicated population that answer “Strongly Agree” to the survey question, “I will always buy any new product Apple releases.” Maybe I’m just not hip enough to get it. I don’t look anything like the people in Apple commercials.

However, since this object has a huge buzz surrounding it, there are already a thousand “Free iPad” scams popping up, many on Facebook and Twitter. In fact, I just did a search on “Free iPad” on Twitter, and there are several new scam messages being posted every minute.

The thing is, this whole scenario seems really familiar. In fact, it’s just one letter away from the “Free iPod” scams that were all over the Internet seven or eight years ago. The only difference is that Facebook and Twitter didn’t even exist back then. The opportunity for scammers to spread their message has grown exponentially—in 2002, they mostly relied on popup advertisements and spam email.

Oh, you say the link took you to a Facebook fan page with thousands of comments from people who claim to have received a free iPad?

Those are fake. It is so extremely easy to create fake positive comments from fake users. You have to just ignore this garbage, no matter how realistic the offer may seem.

For one thing, the iPad hasn’t even been released yet. So there’s no way all these people on Twitter posting “Just playing with Ashley’s new ipad. It was free just for giving an email address at this website” are telling the truth. I’m guessing a lot of these are hacked accounts, but many of them have usernames that follow a specific pattern, which means the accounts were created solely for running a scam. The thing is, even if you know an Ashley and someone you know and follow on Twitter posts this message, ignore it. Tell your friend they’ve been hacked, though.

I’m not sure what happens if you follow the links in these messages. According to what I’ve read, many ask you for a cellular phone number, and then sign you up for a $40/month “service.”

The service? Taking $40/month away from you. I’m sure there are others that take you to infected sites that load your computer up with malware.

The bottom line here is this: nobody is giving away free iPads. Apple doesn’t send thousands of free anything to random people for evaluation. There’s still this lingering myth that the Internet is full of offers like that (“Git on the Innernet n’ you get all kindsa free stuff!”), and I’m not sure where it comes from. It’s not true and it never has been. I’ve been using the Internet since around 1994 and I’ve never once seen a legitimate offer.

Apple is a company that has a singular vision; they already know what their audience wants. Testing is done in-house, not by sending out millions of dollars worth of product for free. By the time it’s at the booth at the Consumer Electronics Show, it’s been tested a million times by people the company knows.

Want one? Cough up.

Comments Off | General Scams | Tagged: , , , , , , , , | Permalink
Posted by Clint

Don’t use easy-to-guess passwords.

February 24, 2010

Passwords. They used to be something you’d only encounter in spy movies or the occasional “No Girls Allowed!” clubhouse.

These days, they’re everywhere. How many do you have?

I know I’ve got plenty; offhand, about 20 work-related passwords, and probably 30 personal ones. Now, some of these are stored by email clients, and since I’m not using public computers, I often check the “Remember Me” box, but still…it’s a lot of passwords.

Are your passwords easy to guess? They shouldn’t be. If you’re using your dog’s name for all your passwords at the same time you’re constantly posting photos of said dog on Facebook, you could be opening yourself up to all kinds of trouble.

Twitter even banned a list of 370 “obvious” passwords recently. Among these were clunkers like “password” and “password1,” but also some pretty specific ones like “NCC1701″ (the Enterprise’s registration number from Star Trek) and “trustno1″ (Fox Mulder’s password from The X-Files).

Strong passwords contain letters, numbers, and even characters (such as !@#$%&). It’s really in your best interests to use strong passwords, change them regularly and never use the same password for everything. “123456″ is going to take a lot fewer guesses than “fh34JF$x.”

However, don’t make them so difficult they’re impossible for you. Back in high school, several of us realized that you could make your programming class passwords very long, as well as include spaces. I immediately changed mine to “Weasels Ripped My Flesh…RZZZZ!” (from a Frank Zappa album).

The chances of (blindly) typing that mess correctly were about 1 in 15—nobody could get into my account, including myself most of the time. Two days later, I changed it to a six-letter sequence.

Comments Off | Computer Security | Tagged: , , , | Permalink
Posted by Clint

« Previous Entries
Follow

Get every new post delivered to your Inbox.

Join 165 other followers