Tagged: privacy

Two paths to online privacy

Eric Schmidt, the Google executive chairman, tells us . This is like warning us about the dangers of .

There are two paths to online privacy. Path One: Do not participate, in any way shape or form, ever. Good luck with that. I know exactly one person who has taken Path One.

I am here to tell you about Path Two

Path Two was discovered by . It involves populating the social networks’ databases with fake data. It took me a while to warm up to it.

At first I didn’t understand it. It felt childish and disingenuous. Why would anyone want to disguise their gender or home town? Don’t my friends already know my gender and where I live? Why would I post a fake phone number? Don’t my friends already know my real number?

Yes, yes, and yes! That’s exactly the point. My friends already know all they need to know about me. Why do I also have to give it to Facebook? I don’t. I can take Path Two.

If you go to , you will see that I like cycling, Coors Light, Diet Pepsi, and sailing. You will also see that I was recently at the Playboy Mansion, by the Great Beds Lighthouse, and at the Cannes Film Festival. My friends will know what’s real and what’s fake. I wonder if Eric Schmidt can figure it out.

Bruce Schneier on privacy, security, and the future — video interview

An excellent video interview (22:23) of security expert Bruce Schneier given at an artificial intelligence conference in Oxford, England. He talks about social media, privacy, Facebook, government, and the generation gap.

Excerpt:

We have to be careful not to project our fears onto another generation that doesn’t have them. This is a generation gap. The younger generation always wins, because the older generation dies. The older generation always tells you about the horrors, and what will go bad, and they are often right, but the younger generation makes them not horrors.

It’s wrong for us to predict and prescribe. We really have to observe.

Follow me on Twitter 

I “Like”d one thousand random Facebook pages, and so can you

Many people are up in arms about the upcoming . As they should be.

On the other hand come on, grow up already. Facebook is searching data that YOU VOLUNTEERED! What did you think they were going to do with it? Lock it up in a vault?

So what now? You can delete your Facebook profile and quit Facebook, as some have done already. But if you want to keep using the network to stay in touch with friends and online (and don’t we all?), this won’t do.

What then? How about you put up some insulation between yourself and Facebook AND VOLUNTEER SOME MORE DATA?

Here’s what I did today:

  1. Installed — a simple browser extension that stops Facebook from tracking your browsing data
  2. Installed — an ad blocking extension (self-explanatory)
  3. Liked over one thousand (mostly) random Facebook pages — to make my Facebook profile more, shall we say, challenging to make sense of

Items 1 and 2 above were suggested by the ever-resourceful . Item 3 is yours’ original. Neither item can possibly violate Facebook’s Terms of Service (TOS), although I can’t say for sure because I haven’t read them.

###

UPDATE January 22, 2013 12:09 PM: I just discovered  published in The Atlantic a few days before my post, which discusses the same issues (privacy and obscurity) much more eloquently.

UPDATE February 1, 2013 5:17 PM: Disabled Adblock Plus, mainly because it was causing performance issues.

Follow me on Twitter 

My email + my blog = my social network

Did you think that a social network such as Facebook or Google+ might one day cover all your online communication needs? I did, but I don’t any more. It doesn’t work.

Not for lack of trying. I have spent a lot of time on the social networks in a sincere effort to turn them into a serious productivity and communications tool. It hasn’t worked for me. I offer a few speculations as to why:

  • For many, social networks such as Facebook and Google+ are still just a place to goof off, to play, to waste time. People don’t take them and their users seriously (cf. the internet 15 years ago). It appears that things will stay that way, at least for the foreseeable future.
  • The “friend circles” concept is impractical. I need to categorize communication units, not people. A message is either important enough to require delivery guarantee and receipt acknowledgement (therefore requiring a push to the recipient (email)), or an FYI type of announcement, in which case the pull method (a blog post) is appropriate. Social media communications live in the continuum between push and pull, making them neither.
  • The pull-type messages’ reach is limited to members of one’s circles on a particular social network. This is unnecessarily restrictive.
  • Privacy and content ownership ambiguity generate uncertainty. People are increasingly sensitive about what they post where and who owns what. Social networks’ privacy settings are a cruel joke and a nightmare to keep up with. In contrast, my system is unambiguous: A message is either private (email) or public (blog post and its comments).

I will continue to use the social networks, of course, but won’t rely on them to carry important communications reliably. For that I will use my email atanas@entchev.com, my personal blog Oblivious A.T. (RSS feed), or  ().

Follow me on Twitter 

The Rome Statute

The Rome Statute — real or imagined — makes a prominent appearance in a faux legalese text that spread like wildfire across Facebook yesterday. Facebook users, concerned about their copyright and privacy, kept reposting this equivalent of a chain letter with abandon. But not all users.

Not my business-owner friends, who marvelled at the notion that one could hope to retroactively negate an agreement they had previously entered into by merely posting a bunch of text on their Facebook wall. Not my database geek friends, who laughed at the notion that changing some Facebook setting — any setting — could somehow ensure a user’s privacy.

What both of these groups of friends agree with me on is that the vast majority of Facebook (and other social media) users live in a bubble, insulated — by choice or lack of education — from the reality of how this internet thing works.

This is how it works: If you agreed to the Terms of Service (TOS), you agreed to the Terms of Service. Don’t complain about it later. If you don’t want to see it on a billboard, don’t put it on the internet. Regardless of the “settings”.

You’ll thank me later.

Follow me on Twitter 

For security purposes, my father’s maiden name is “QWERTY”

“Elevated” online accounts security measures create more problems than they solve

I have been paying bills online since 1994. By the mid-1990s I had already set up most of my accounts and things have been routine for years. Until recently. In the last few months I had to set up several new financial accounts online. Boy, have things changed!

Gone are the days of “your mother’s maiden name” (which is apparently a spent token, along with my date of birth and the last four of my social). The security measures taken “for my protection” have been “elevated” to a whole new level. Now I must answer a series of four to six “secret” questions just to create the account. The systems ask (for my protection, of course) for my mother’s, my father’s, my spouse’s and siblings’ first and middle names, the street I grew up on, the schools I went to, the names of my pets, the makes, models and colors of all my cars, miscellaneous important dates in my life, etc., etc., etc. Merely going through the account set-up feels like a full-body scan.

In most cases users are not REQUIRED to answer these questions truthfully, yet most people do anyway. The real issue is that these pseudo-security measures point to (and in a way contribute to) a giant security hole waiting to be exploited. Example: Do the answers to these “secret” questions have an expiration date (like passwords for many networks) or do they provide a permanent link to my identity?

The way I see it, this newish strategy serves two purposes: 1) Serves as a for the service provider, and 2) Shifts the responsibility of securing the account away from the service provider and on to the account holder. The obvious unintended consequence of this apparently mass-adopted strategy is that it creates databases chock-full of personal information. How long before these databases are broken into, or sold?

It is clear that the current security “solution” puts a Band-Aid on the problem, while exacerbating it by forcing users to volunteer tons of personal information. I wish I had a better solution (other than the obvious “feed it bogus data or don’t partake.”)

NOTE: This article originally appeared in November 2010 on .