I’ve complained about Facebook before, reduced my participation, and now, I am ending it. Facebook has become what can only be described as an attractive nuisance. One of my friends clearly had their account broken into. The last time this happened it was possible for me to report the matter to Facebook, and they shut the account down in a matter of minutes. This time, they not only would not do so, but there is no longer a way to report an account break-in. The only way to send FaceBook a message is to close one’s account, and so I have done so. Done. Fini. For my friends’ and your sake.
This year’s Workshop on the Economics of Information Security (WEIS2010) enlightened us about Identity, privacy, and the insecurity of the financial payment system, just to name a few presentaitons.
Every year I attend a conference called the Workshop on Economics of Information Security (WEIS), and every year I learn quite a bit from the experience. This year was no exception. The conference represents an interdisciplinary approach to Cybersecurity that includes economists, government researchers, industry, and of course computer scientists. Run by friend and luminary Bruce Schneier, Professor Ross Anderson from Cambridge University, and this year with chairs Drs. Tyler Moore and Allan Friedman, the conference includes an eclectic mix of work on topics such as the cyber-insurance (usually including papers from field leader Professor Rainer Böhme, soon of University of Münster), privacy protection, user behavior, and understanding of the underground economy, this year’s conference had a number of interesting pieces of work. Here are a few samples:
- Guns, Privacy, and Crime, by Allesandro Acquisti (CMU) and Catherine Tucker (MIT), provides an insight into how addresses of gun permit applicants posted on a Tennessee website does not really impact their security one way or another, contrary to arguments made by politicians.
- Is the Internet for Porn? An Insight Into the Online Adult Industry – Gilbert Wondracek, Thorsten Holz, Christian Platzer, Engin Kirda and Christopher Kruegel provides a detailed explanation of the technology used to support the Internet Porn industry, in which it claims provides over $3,000 a second in revenue.
- The password thicket: technical and market failures in human authentication on the web – Joseph Bonneau and Sören Preibusch (Cambridge) talks about just how poorly many websites manage all of those passwords we reuse.
- A panel on the credit card payment system, together with a presentation that demonstrated that even credit cards with chips and pins are not secure. One of the key messages from the presentation was that open standards are critically important to security.
- On the Security Economics of Electricity Metering – Ross Anderson and Shailendra Fuloria (Cambridge) discussed the various actors in the Smart Grid, their motivations, and some recommendations on the regulatory front.
The papers are mostly available at the web site, as are the presentations. This stuff is important. It informs industry as to what behaviors are both rewarding and provide for the social good, as well as where we see gaps or need of improvement in our public policies, especially where technology is well ahead of policy makers’ thinking.
As opposed to my previous post, BBC reports an instance where the FBI has made use of public information to predict a possible threat to St Aelred’s Catholic Technology College in England. The information was on Facebook, and was available probably because the defendant hadn’t protected his postings, perhaps due to FB’s confusing approach to privacy. Imagine, however, that FB didn’t confuse anyone, and this information were protected. Would the FBI have been prevented from warning St. Aelreds? If if they couldn’t, would Facebook? And if Facebook didn’t would the FBI insist on new powers? Watch this space.
Here is a really good article from the Electronic Frontier Foundation (EFF) about deceptive user interface practices. The funny thing about all of this is that people are missing the most offensive and dangerous part of Facebook’s warning:
So in other words, they’re going to violate your privacy no matter what you do, because your friends are going to divulge your information. Put another way, you may end up divulging your friends information. What can you do about this? Don’t share that much information with your friends. But you say, “They’re my friends!” Of course they are, and they probably already know most of the information you would share, anyway.
How to do this? Go to the following part of the site:
Privacy Settings -> Personal Information and Posts
as well as
Privacy Settings -> Friends, Tags and Connections
Then consider each category. Here comes another wingdinger: in order to keep something to yourself, either you must remove it entirely, or select “Customize” and then “Only Me.” You can’t just pull down “Only Me.”
I’m seriously considering being through with Facebook over all of this.
What are your thoughts? Take the OfcourseImRight poll.
As many will have seen, Facebook won a court judgment today for $711 million from well-known spammer Sanford Wallace. It’s always nice when a spammer gets told “stop that”, but as bad as some people might think Wallace is, he is a walk in the park compared to the real villains out there. They are faceless, nameless, thugs who want to steal your money, your identity, and whatever else they think they can take from you and your family. They have no scruples and cannot be easily traced. The occasional bust makes the news across the world, which is one way of knowing that these miscreants are hard to find. The other way is that your mailbox is still collecting spam, some of it dangerous.