social media pic

Social media security: Sharing is caring?

Posted by

Recently, YouTube prankster Jack Vale searched the closest posts on Twitter, Facebook, and Instagram to his current location and introduced himself to the people behind them.

The resulting video is really interesting. Most of the people were amazed that a random stranger knew so much about them and one man even felt threatened enough to say he would call the police. Yet, all of the information Vale had ‘on’ this man had been put into the public domain by the man himself.

The dicotomy of people wanting to keep their personal life personal whilst posting it all online shows that we are still on a learning curve when it comes to sharing via social media.

In the past users may have been posting and inadvertently geotagging their location, but as Wikipedia says, enough celebrities have been mobbed at a specific location after posting online and, ebay sellers have had stuff nicked whilst on holiday, to make even the most security unconscious user turn off the location tagging on their smartphones.

When I lectured IT Security, I would use Jose J Gonzalez’s example of teenagers not practising safe sex as analogy for users compromising system security. Everyone wants to practice safe interaction but when the moment arrives, circumstances, time pressures, and the thought that others are getting on down without worrying too much about the consequences, causes safe practice deviation.

The teenage sex comparison was useful when we were worried about users inadvertently breaching security systems. Nowadays the worry is more about users themselves becoming the target of a security breach. What is a useful analogy for that?

I have given many a lecture saying don’t share your address, your phone number, date of birth, place of birth, mother’s maiden name, favourite pet, first job, etc., all things that are asked by systems and are used to create user accounts online. This information is often used to hack accounts and in a worst case scenario, identity theft. But today, in the brave new world of social media this advice seems quite quaint. A quick Google+ about and how much of this info is revealed?

The problem with social media is that we are sharing and caring with our friends who know all this information already, so why not have it online? Facebook is always telling me that I won’t forget another birthday if I use the relevant app and let others know when I was born too. Great! It only gets a little weird when complete strangers come up to you in the street and wish you ‘Happy Birthday’.

We are human, we want to be heard, we want to bear witness, we want to share. I know. When my daughter was born with kidney failure and it was super difficult for a very long time, I kept a blog to explain things to friends and family, and to myself. One day she might not thank me for the overshare. But hopefully, she will acknowledge that I stopped well before I typed: ‘Today, J got her first bra.’
And also, before each post, I thought carefully about an older girl reading her history online. I vetoed some media coverage of her which to me was insensitive. My imagined perception of her comfort with what was shared was more important to me that day than the help someone might have gotten from reading that article about her. Who knows though? As someone growing up in a social media world perhaps she won’t feel about privacy in the same way I do. I have blogged before that information is power but it only becomes powerful when you wield it. And you might ask why would anyone? And how could they use certain information? If people know things about you, so what?

When I had breast cancer, a few of my friends said: ‘Oh Ruth, why don’t you keep a blog about breast cancer?‘. But, I didn’t want to share. I didn’t want anyone thinking about my breasts. I didn’t even want to think about my breasts. Even now typing ‘my breasts’ makes me blush (my breasts, my breasts, my breasts). But at the same time, reading other peoples’ blogs on breast cancer helped me in so many ways. Their sharing was caring. Some of those people were so candid and funny, they brightened my dark days. Did they overshare? I don’t think so, they shared what I wasn’t willing to, but that wasn’t oversharing, to me that was bravery.

The boundaries online are as fuzzy as they are in real life, except, as I have blogged before, in real life we know exactly who our audience is, and online it is hard to know to whom we speak and even more difficult, is being conscious of what exactly we are putting out there, if we are not at least a littlebit tech savvy.

The psychological acceptability that has traditionally accompanied system design, especially in IT security, which involves good usability, feedback, system transparency, and a sense that users are responsible for what they do, seems to be intentionally blurred on social media.

In an article on www.national.ae from 2010 Mark Zuckerberg is described as ‘Dr Evil’ for encouraging the thinking that privacy is an old fashioned concept. It mentions too that the Facebook privacy settings change all the time so that users have a hard time keeping information private. In contrast, Zuckerberg’s quotes on thoughtcatalog.com, make him sound completely naive and just idiotically ignorant of the need for user safety and security.

Knowing ourselves what to keep private can be a hard call and can change from day to day. However, not empowering the user to take personal responsibility for feeling safe and secure (the base level in the pyramid of Maslow’s hierarchy of needs) is irresponsible. Social media moguls have a duty to make this really easy for everyone so that when a user presses that post button, they know what they have posted and who is reading it.

Until that happens, Jack Vale has definitely got me thinking about what I share on Facebook, and I have changed a few settings so that I feel more comfortable.

Sharing is caring, definitely. But, in the heat of the moment, a deep breath and a little bit of safety compliance never did anyone any harm.

5 comments

  1. Social media is only part of the problem. This year I finally left the Quebec order of Engineers because they were sharing my confidential information without my permission to marketing companies, despite the fact that confidentiality is considered an ethical responsibility of Engineers. Each of the three times I complained (after being contacted at home, at work, and by email by companies offering services to engineers), I was told I could opt-out, and then that it was merely error in their database and that it would not happen again.

    I’m now a member of the Professional Engineers of Ontario, and they have a Privacy officer. By default my personal information is not shared, and the cost is much less per year.

    1. Thanks for sharing, fuhrmanator. Wow. I wonder why they thought it was ok. Is this Zuckenberg achieving privacy as a thing of the past sooner than he was hoping?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.