It's the famous data-kraken! He'll get us all.
When I was playing around with Facebook lately to setup an excuse account with my valid eMail address, in case some retard wants to impersonate me, I found out that social networks not only collect member data. Newer (iPhone/i* - stuff) applications for example make users synchronize their phone contacts into these web-services.
That of course builds a contact profile that is more than suitable for any kind of background analysis. It has been well criticized that Twitter scans through Gmail contacts in order to suggest who you should follow. However neither critics nor warnings made people change: the fact that the services are used that way is dominant. Because normal users just follow instructions - like sheep.
A decision with disadvantages?
Social Web-Apps use user-profile data in order to change the service experience. They can rapidly correlate data and compare profiles in order to match them. So you have a usability disadvantage if you do not follow the instruction of that lila-blue bird that wants your eMail password. It's simple as that: no data - no gain.
Business people like networking. It's what they do. Without contacts - as a youngster especially - you're out. So if you can use your business-iPhone (yes, it's there) in order to sync your business-contacts into your Facebook you're actively getting contacts. Contacts you can use obviously.
Humans want to communicate. Privacy is not an issue. That's something every security-professional has to learn: privacy doesn't mean not to publish private data and to just keep it. Because data aren't part of the real life.
In other words: the system is much too abstract for non-technical folks to understand. They will do what the lila-blue bird says nevertheless the security-professional advises differently. Have you ever seen a bloody wild crocodile advising to handle out eMail passwords like: "I WANT YOUR MAIL, NOW!"? First of all it's framed much nicer - what the bird says in opposite to this dry and boring security stuff - and it's more convenient. To hell with security. I want contacts. NOW!
Obviously you cannot win. The lila-blue bird pwns you. And your employees.
And well... I have to say that when there was a case of a nude photos of someone I know - on the internets - I didn't feel too sorry for her. I mean... horrible of course. But didn't you look at these photos, too? Or did you ignore them... photos like that... in order to protect his/her privacy? No, you're like that crocodile. You want that data, NOW. There's practically now difference between you and every other user. But as security professional you've got a longer password. And your own profile hasn't got access to the nude-photos. Because she didn't feel the same instant "digital-sympathy" she felt when all the other people sent friend requests who had tons of information on their profiles.
So you won't get the fun. Short as that: you want data two. Believe it.
Data-mining, data-this, data-that, data-loss... my. Who cares. At the end of the day it's just that there're some folks, some companies, who actively use that data. And that's a problem? Why? The same amount of data that they will have about you, it's the same amount you will have about them, isn't it? Surely some assessment centers do deeper analysis and stuff, but hey... when there're no profile-data, and there's no obvious flaw, they'll find something else. The best way to hide really dirty secrets is to control people to find a lesser dirty one. In most cases you can reframe the secret easily into a common weak-point that gives you honesty and sympathy points. "Yes, I like the waitress in the Hooters... damn I added her to Facebook. But I'm a man." So what?
What are the advantages of digital privacy?
You stay in the dark like a shadow if you don't actively create a digital "picture-frame" of your social life into the web. That's the advantage?
Web-information will be dominant. They will reach decision-makers, companies, people around you, stores you use, every-thing-you. Your every-day experiences will be optimized for you with your data. Whether it's just your Amazon shopping history, your Blippy account, your interests and Facebook groups, your Xing professional information, your LinkedIn reviews, your Twitter popularity or your MySpace creativity. Many information-security professionals falsely assume people don't care for these advertisement infested junk-sites. But people do, because people don't have values like: "Hey, if that blog isn't html5 I wont read it. And if it contains JavaScript and Flash I won't take it seriously." Whether you take a blog, tweet... anything in the web... seriously is dependent on who wrote it. And what do you know about him. WHO is he? "Ah that's Bruce Schneier. He blogs, see..." There're countless examples of people who shaped their profiles online and gained popularity. Because they set the right focus. No one knows whether there's a crypto-genius 100-times smarter than Bruce Schneier. You could try to find out, but you don't.
The advantage of digital privacy now is to be able to dynamically shift the focus in order to reach your goals. And that's a huge advantage. Control the image social networks create about you. Pwn them. And because of the fact that these platforms get more common every day it gets a much more interesting ability.
Have fun,
wishi
Post new comment