Facebook put in play the privacy policy updates they promised on December 1st. I blogged about it yesterday, lauding the process that will it will at least cause users to think about how they share information on Facebook – it’s likely to be the only time they are pressed to do so.
Today Adam Ostrow at Mashable posted responses from various organization who have put themselves at the front of the personal-privacy-on-the-Internet issue. They have all come out with responses that portend the end of personal privacy on the web, should users ignore the process and just blindly accept the ‘suggested’ setting proposed by Facebook.
When presented with the dialog box and process today, I took extra time to understand what they we’re asking and what it might mean. I do recognize that many users will not take the time, they will trust the recommendations and they will just click through the dialog boxes, permitting a level of visibility of their Facebook presence they perhaps did not intend.
If Facebook users are concerned about what they share, this process will allow them to review their setting (a good thing) and establish a level of personal visibility commensurate with their wishes. If a Facebook user is not concerned with what they share, they will be able to quickly and easily set their account to be as open as the front door at Macy’s on Black Friday.
If later they wish to retract that level of permission, they will be able to albeit perhaps some information may ‘escape’ control of the account holder, but not because of Facebook – it would be because of a personal decision that I think Facebook is making an honest effort to help users confront.
The responses of the ACLU N. California Chapter, EFF, Sophos and Trend Micro are summed up by Adam in saying “All of these sources are essentially saying the same thing: the privacy changes at Facebook have the potential to create significant issues for those who don’t carefully review them, which, let’s be honest, is likely to be most users.”
Yes, it will be most users who ignore the best efforts of Facebook to involve them in this very important and pertinent issue, but the changes are being presented appropriately and honestly by Facebook, not being slipped in at the backdoor under some false pretense. Instead of taking issue with Facebooks’ legitimate effort, I’d like to see the experts supporting the personal responsibility users SHOULD be taking in addressing their personal privacy, not deriding the effort by Facebook to have them address it.
Image Courtesy of Alicia Rae on Flickr
Learning a lesson about phishing scams seem to me to be a lot like the lessons learned about the likelihood of data loss on a computer, namely that there are those that have lost data, and then there are those who have not lost data… yet – *sigh*.
I suppose it will happen to all of us at one time or another, but it still really bites… this was my turn I guess.
I consider myself a pretty literate user of computer technology and to allow this to occur, for me, was a sign that I was just not paying attention to what is probably one of the most important elements of an online presence – securing my identity.
The fact that it happened to me on Facebook was disconcerting; Facebook is a relevant social network for me, TheSocialMediaBible.com Community site is more so and FastPitchNetwork.com is coming up fast as a place for me to hangout lately (very nice B2B environment BTW, well worth a look-see if your are a small- to medium biz wanting to connect / sell to others).
On May 21st I get an email from the phiser, via Facebook, that looks like an email from a friend, Pat Kitano. I know Pat to be a pretty literate user as well, so I do not question the source of the message. Little did I know what will come out of this message from a trusted friend.
The message looked like other emails I’ve received from my community via Facebook, and says I should “Check <<insert URL here>>”, which looked like a legitimate link – I happily click thru to the site. Still OK…
As the site comes up I fail to inspect the site closely. It looks ‘Facebook-ish’ and I give up my Facebook login credentials – poof… almost immediately I begin getting tweets from friends telling me that I am spamming them. As I hear from my friends, at first I am incredulous. I value my online community and I’d NEVER intentionally spam my friends, it just couldn’t happen!
…then suddenly the realization comes over me – I’ve been phished… dang… I think through the steps next to take –
- Stop the spamming, if I can
- Reset my credentials on Facebook ASAP
- Apologize to my network for the bad judgement / lack of presence that allowed it to happen
- Move forward – not the end of the world…
- Share the experience so others do not get caught too
I know how to do most of this, but unsure on other parts, so I tweet about my predicament. I get back a series of responses on what to do next that range from deleting my Facebook account and restarting to simply changing the login credentials. Another, very techy friend suggests I may have even been hit with a downloaded component that may have infected my local computer. I’m working at home, so fortunately I have another computer nearby that will allow me to keep working.
I get to work on establishing just what the phisher might have done to my laptop. I make sure my WiFi is turned off and then reach around and disconnect the Ethernet cable and drop off the net on my laptop. I start a virus scan; I use Avast AVG as my anti-virus provider and AVG updates almost everyday so I believe that it is current. Click, click – I kick off the virus scan right away.
I get back to the web and keep checking replies from the community – the suggestion that I might have downloaded something by simply logging onto the phising site is clarified that it in order for it to have executed a download of anything, it requires that I be on IE. I breath a sigh of relief – as much as I like Microsoft products, I rarely use IE as my browser; I’m usually in Google Chrome or Firefox for browsing, feeling like I might have dodged a bullet there, but still let the virus scan proceed.
I then look at the change of credentials. I know I cannot delete my name, I want to still be ‘Steven Groves’ and while my community on Facebook is not large (362 as of today), I am in no way interested in trying to recreate the connections I have there. Just changing my password will probably do what I need, which is to keep the phiser out of my account. I think about password management and realize that I lack a robust capability to generate and manage passwords. I have multiple computers, dozens of accounts and if I want to reduce or eliminate the likelihood of this happening again, I need a better solution.
I had come across LastPass.com a few weeks earlier and begin to explore it in earnest – I love what it does. LastPass connects to FireFox as a plug in and can securely manage an identity online by generating wonderfully random characters for a password and by handling the fill-in for the login page. As I implement LastPass, I’m feeling fairly secure but recognizing the weakness of counting on the LastPass.com solution to handle this critical capability of managing my online credentials.
Paranoia and conspiracy theories only travel so far with me, so I make the plunge. LastPass can generate a powerfully cryptic password, one a human would NEVER remember and one that, I hope, a hacker would never discover either. As I work with LastPass on other accounts, I realize how powerful this kind of capability is, that is the ability to auto-generate a secure password for ALL my accounts. I like it – a lot… I decide to also get the USB key, which turns a thumb drive into an authentication device so now you need my thumb drive, my password protected laptop, account access to LastPass and know where I have accounts to have an impact on my online presence. Feeling significantly better now.
Finally, the virus scan completes – no known viruses found. I breath a very big sigh of relief… definitely feel like I’ve dodged a bullet here and feel badly that I’ve spammed so many people.
Lessons Learned – consider using ‘non-industry standard’ web browsers more, pay attention to the links you click on, check into a password / single sign-on management product like LastPass.com. Will it make a difference? Yes, I think so and the solutions out there make the implementation very easy and non intrusive once you’ve got things set up.
Image credit – The Tech Herald
First to state my perspective – I’ve been a TweetDeck user almost since it came out and usually have it running on a second screen at my desk so I can manage the messages from the 1,100+ followers and 840+ people I follow myself.
It’s an important tool in the social media tool box for me because I’ve stopped trying to manage a mobile twitter capability on my Moto Q. The SMS flow just gets jammed up whenever I do turn it on – might be a cause of the hardware, network, but regardless of the root cause, I just leave it off on the mobile; it’s the desktop for me and in my perspective the client war just heated up with the introduction by Loic Le Meur’s group at Seesmic with the Seesmic Desktop.
Both of these are free clients available from their developers, but TweetDeck recently secured some $300K in angel-level investment so I’d imagine Iain Dodsworth is looking to make sure his product is tight and does not loose any substantial part of his user base to Loic’s product. Seesmic is ready for him though with a much larger warchest of over $6M raised last year. This could get real interesting real fast, today TweetDeck posted an update with Facebook Integration and a few patches that had been plaguing them.
I downloaded it at the tweeted behest of my friend and social media mentor, Francine Hardaway / Stealthmode Partners, and after installing it I immediately liked what I saw – a clean, brighter skin than I had with TweetDeck and a built-in color coding of tweets send to me and my direct messages. I have been exploring it since and here’s what else I like -
- ability to click-select the URL trimming service of my choice (I use TR.im)
- easily create Userlists of friends (easily created lists of ‘Friends’, ‘The Social Media Bible’, ‘Arizona Tweeters’ and ‘Second Life’)
- quickly built / remember searches (variations on The Social Media Bible and Second Life, using Boolean operators like ‘OR’ for a single search)
- ability to add other Twitter accounts quickly and easily (just loaded up @StevenGroves, but have a few others I’ll get to)
…and all this is easily accessed via a easy to view left side panel.
I am finding the need to edit, change something a little frustrating, like having made a mistake (me?! a mistake!?) in the search parameter, changing the Userlist name and wanting a bigger header in the search panels, but I may be missing the edit function somewhere. Let me know if you’ve come across it…
Verdict - I like the new Seesmic Desktop and I just saw a tweet from a friend that suggested the new TweetDeck upgrade wiped out his groups – bummer @Shailesh. I think I’ll stay on Seesmic Desktop a few more days. Ask me later what I decided to stay with.
Facebook put in play the privacy policy updates they promised on December 1st. I blogged about it yesterday, lauding the process that will it will at least cause users to think about how they share information on Facebook – it’s likely to be the only time they are pressed to do so.
