Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Social Networking Site Safety Questioned

Zonk posted more than 7 years ago | from the is-it-safe? dept.

Security 73

An anonymous reader writes to mention a TechNewsWorld article about social networking sites. Researchers are finding these places are goldmines for social engineering exercises. Between worm attacks and simple human observation, sites like MySpace are the perfect place to obtain saleable personal information. From the article: "The danger is real, according to a study conducted by CA and the National Cyber Security Alliance (NCSA). In October, the alliance issued its first social networking study examining the link between specific online behaviors and the potential for becoming a victim of cybercrime. Despite all the publicity about sexual predators on sites like MySpace and FaceBook, the alliance took a different approach by measuring the potential for threats such as fraud, identity theft, computer spyware and viruses. Although 57 percent of people who use social networking sites admit to worrying about becoming a victim of cybercrime, they are still divulging information that may put them at risk, as Boyd suggested. Social networkers are also downloading unknown files from other people's profiles, and responding to unsolicited instant messages that could contain worms, the NCSA reported."

Sorry! There are no comments related to the filter you selected.

it holds true for myspace (1, Insightful)

User 956 (568564) | more than 7 years ago | (#17463688)

Researchers are finding these places are goldmines for social engineering exercises.

Yeah, well you know what you have wherever there's a goldmine. Gold diggers.

Re:it holds true for myspace (2, Interesting)

tehwebguy (860335) | more than 7 years ago | (#17464138)

Local White Pages Safety Questioned

Aren't your local White Pages more dangerous by default? I mean those are opt-OUT, while MySpace is opt-IN

Re:it holds true for myspace (1)

Thansal (999464) | more than 7 years ago | (#17464616)

Yes but the white pages do not tell you:
1) What I look like
2) My ethnicity
3) My age
4) My interests
5) My apparent level of intelegence
6) My buying habits
7) How I react to different situations

Heck, the white pages tell you my name, number, and where I live (white pages do have address, right? I have never bothered looking in them as I livei n NYC and it is an exorcise in futility)

Re:it holds true for myspace (2, Informative)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17464648)

No.

True, the white pages are an opt-out system. All you have to do when you sign up for new phone service is ask for an unlisted number; some operators will give you the option during the call. If you choose to have your number listed, while it will be available through directory assistance, your number will not be listed in the local white pages until the new book is published. Even then, with the local white pages your number is only seen locally.

With MySpace, your information is instantaneously available to not just your local weirdos but weirdos nation and world-wide.

Another problem with MySpace, people can create accounts for you and post information about you and you may be completely unawares. While you can get these accounts closed (though I hear it's not easy to do, I have no experience with this), how do you know to have this account closed unless you or someone who knows you stumbles upon this MySpace page that has your home address, maybe your phone number, perhaps the ages of your children, you're wife or husbands daily routine, etc. Information ad nauseum, far more than can be found in your local white pages.

Re:it holds true for myspace (1)

mdwh2 (535323) | more than 7 years ago | (#17472960)

With MySpace, your information is instantaneously available to not just your local weirdos but weirdos nation and world-wide.

If you choose to put it out there - you don't have to put your address and phone number on. I don't see why posting on MySpace is inherently more risky than posting on Slashdot.

Another problem with MySpace, people can create accounts for you and post information about you and you may be completely unawares.

This is true of everywhere on the Internet. Maybe someone could post all your details to Slashdot.

Re:it holds true for myspace (1)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17490358)

You're right. Posting to MySpace is no more or less risky than posting to /., the risk comes from what information you choose to post. The reason I specified MySpace is because it was mentioned in the summery and article.

Fix the ohter end? (2, Interesting)

zotz (3951) | more than 7 years ago | (#17463754)

Should the other end be fixed? Why should it be possible to steal someone's identity with the simple personal details people make available online?

all the best,

drew

Re:Fix the ohter end? (5, Funny)

eln (21727) | more than 7 years ago | (#17463886)

I think the problem is with MySpace's default layout. I mean seriously, doesn't this sidebar information just invite abuse?

General:
Music:
Mother's Maiden Name:
Movies:
Television:
Social Security Number:
Books:
Heroes:

Re:Fix the ohter end? (1, Redundant)

D4rk Fx (862399) | more than 7 years ago | (#17464312)

I think the problem is with MySpace's default layout. I mean seriously, doesn't this sidebar information just invite abuse?
The Layout was recently updated to include this seemingly generic and useless information:

Favorite Color:
First Pet's Name:
Date of Birth:
City where you were born:
Drivers License Number:
Credit Card Numbers and Expiration dates:
Your Password:

Re:Fix the ohter end? (1)

garcia (6573) | more than 7 years ago | (#17463994)

Should the other end be fixed? Why should it be possible to steal someone's identity with the simple personal details people make available online?

You have the wrong "other end" identified. The "other end" that needs to be fixed is the human creating the profile. People should not be entering data that can be used against them (birth date, sex, full name, etc).

"If someone tells you to jump off the Empire State Building, would you do it?" Just because the form asks for your personal info does it mean you will openly give it?

Re:Fix the ohter end? (1)

tcopeland (32225) | more than 7 years ago | (#17464244)

> People should not be entering data that can be used against them

Or they should use a system that lets them display only the appropriate profile details for each group or person or whatever - like indi [getindi.com] .

Re:Fix the ohter end? (1)

Viper Daimao (911947) | more than 7 years ago | (#17465100)

I believe facebook has security like this too.

Re:Fix the ohter end? (1)

WilliamSChips (793741) | more than 7 years ago | (#17465382)

It does.

Re:Fix the ohter end? (2, Insightful)

derF024 (36585) | more than 7 years ago | (#17464880)

You have the wrong "other end" identified. The "other end" that needs to be fixed is the human creating the profile. People should not be entering data that can be used against them (birth date, sex, full name, etc).

Ah, yes, people revealing incredibly personal details like their name is the problem. Phone books must scare the crap out of you.

No, the problem has nothing to do with myspace or any other directory of names, the problem is that it's trivially easy to do things (like getting a credit card or a bank loan) pretending that you're someone else. The only possibly secret bit of information needed to do either of those things is the social security number. Anything else can be pulled out of the phone book or public records.

Once someone has your social security number, they can do *anything* as you. And people will put their social security number into any form that asks for it, because so many things require it.

We desperately need a better form of verifiable identity. Unfortunately, I don't know what that is.

Re:Fix the ohter end? (1)

garcia (6573) | more than 7 years ago | (#17465000)

Ah, yes, people revealing incredibly personal details like their name is the problem. Phone books must scare the crap out of you.

I suggest you read my signature.

Re:Fix the ohter end? (1)

zotz (3951) | more than 7 years ago | (#17466160)

"No, the problem has nothing to do with myspace or any other directory of names, the problem is that it's trivially easy to do things (like getting a credit card or a bank loan) pretending that you're someone else."

Bingo, and yet you are liable. My take is that the whole thing comes down to laziness and a desire for convenience on the part of businessmen.

Well, plus, this thread shows how many want to blame the public for the results of an insecure system.

I should be able to put out all my personal details and still no one should be able to do business as me using that info. Now, why is that not possible?

As you respond, I do not have the other wrong end in mind at all.

all the best,

drew

Re:Fix the ohter end? (1)

A.Gideon (136581) | more than 7 years ago | (#17474174)

I should be able to put out all my personal details and still no one should be able to do business as me using that info. Now, why is that not possible?


You know the answer: because some of that information is used to verify that you are you.

If we used (for example) public keys for identification, then it would be foolish to send someone your private key. And I guarantee: some people would do that on request.

If we used biometrics for identification., then it would be foolish to send someone your genome. And I guarantee: some people would do that on request.

The only protection that would work is to deny the owner of the identity access to the information defining that identity. Ironically: a form of security through obscurity. Therefore, this opinion of mine should be immediately mistrusted.

Re:Fix the ohter end? (1)

zotz (3951) | more than 7 years ago | (#17477362)

"You know the answer: because some of that information is used to verify that you are you."

But it obviously doesn't verify that I am me as others can use it to pretend to be me. That is a large part of my point.

Let me put it another way, if you use this info to do business with "me" and it turns out not to be me at all, the risk should be entirely yours.

all the best,

drew

Another place to fix it - backup identities? (0)

Anonymous Coward | more than 7 years ago | (#17464020)

If my laptop's stolen (encrypted hard drive now), I have a backup. If my credit card's stolen I have another one in my safe. If identities get stolen that often, I wonder if people should have backup identities - so at least they can function while they're fighting with their financial institutions to unfreeze their main accounts and recover their losses.

Before saying it's nuts - consider that rich people have this in the form of numbered swiss bank accounts. Even in extreme cases where their entire accounts are frozen by governments, they have backup resources to sustain themselves for a while.

But for the less wealthy, perhaps it's best to do it the other way around - use an alternate identity while online like on myspace; and keep your real one as the hidden backup one.

Re:Another place to fix it - backup identities? (2, Funny)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17464766)

I wonder if people should have backup identities

Hi, my identity was recently stolen so for today I'm going to be... Bob. I'm a middle aged career... actuary? Actuary, is that right? Okay. I have... three kids and a mortgage that's 2 months overdue. But I didn't buy that house, this is just my backup identity. Wait, what do you mean there's a warrant out for my arrest. I've never even been to Georgia.

Ex-fricking-actly (2, Interesting)

SatanicPuppy (611928) | more than 7 years ago | (#17464058)

Why is this such a big issue? Because we don't currently have a reliable way of verifying identity. Until that basic problem is fixed, there is no way to fix the identity theft issue.

Of course, the only really reliable way of proving identity is some kind of private key crypto backed up by high-end biometrics (eg, retinal scan, or dna), and the odds of something like that being implemented are hilariously low, for about a million reasons.

At the very least there needs to be some sort of private ID that is used to verify the "public" id that you pass along to the credit companies and whatnot.

Yeah, why is this just now an issue? (1)

Peter Trepan (572016) | more than 7 years ago | (#17464354)

The phone book has my full name, address, and phone number. The kind of information MySpace asks for can be obtained by meeting me briefly in person and acting friendly. Is putting this information online really qualitatively different from the regular act of walking around and meeting people?

Re:Yeah, why is this just now an issue? (1)

Jonnty (910561) | more than 7 years ago | (#17469174)

Because this stuff can be easily harvested en masse - the probability of you stumbling upon an ID fraudster on your travels and accidentally divulging information to him is much smaller than him finding it nicely categorised on a social networking site.

the answer to this is so simple... (4, Interesting)

CheechBG (247105) | more than 7 years ago | (#17463758)

Just make your damn profile private! If you are naive enough to think that everyone in the world wants to read your profile, you are probably too naive to understand that everyone's intentions sometimes aren't friendly.

One of our HR people just to prove a point attempted to look at my profile, and then sent me a friend request which I denied for that reason. Making a definitive wall between work and whatever it is that I do at home is very important.

Re:the answer to this is so simple... (1)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17464900)

Just make your damn profile private!

Perhaps I'm being trite but wouldn't that fall into the same category as "Don't put that information up there in the first place"?

Consider that you're telling people to make their profile private when they were naive (dumb) enough to publish their personal info for everyone to see to begin with.

Re:the answer to this is so simple... (1)

jinxidoru (743428) | more than 7 years ago | (#17468218)

...wouldn't that fall into the same category as "Don't put that information up there in the first place"?
No. Making your profile, or particular data private is not the same as not putting the information there in the first place. While I may want my friends to know what my calendar holds, I probably don't want perfect strangers to know. Therefore, I put the data as private. That way my friends know and others don't. It makes perfect sense to me.

Re:the answer to this is so simple... (1)

WhyDoYouWantToKnow (1039964) | more than 7 years ago | (#17470022)

Allowing you personal friends to view your calendar is quite a bit different than posting you home address, phone number, the names of your children, pictures of your children, etc for everyone to see. I would assume that your personal friends already know these things about you, already know what your children look like and probably don't need to see your latest 250 image homage to "Our Trip to Chuck E. Cheese".

The problem isn't that people aren't making their profiles private, the problem is people are putting personal information that has no business being on the internet on the internet.

"Slashdot" is not Facebook's target audience (1)

Valacosa (863657) | more than 7 years ago | (#17470392)

...already know what your children look like and probably don't need to see your latest 250 image homage to "Our Trip to Chuck E. Cheese".
The mention of children leads me to believe you are not a university student.

I take a lot of pictures. A lot of pictures. As in, I've taken 12 gigabytes of photographs since March 2006. And every time I'm at a party or barbeque or Frosh Week or some audition, taking pictures as I'm wont to do, people always say the same thing. "You're going to put these pictures on Facebook, right?"

I don't know if its our age or our culture, but all the friends my age (admittedly, also university students) love posting and seeing photos of the latest goings-on. But that's just it. They're called social networking sites for a reason. It's not a news site like Slashdot, nor should it be implemented as one.

Please don't berate the photo-sharing features of Facebook. The UI is well designed, the implementation is good, and the feature is quite useful.

Re:"Slashdot" is not Facebook's target audience (1)

A.Gideon (136581) | more than 7 years ago | (#17473926)

The mention of children leads me to believe you are not a university student.


The claim that people aren't interested in the pictures rather preclude that poster from being a parent too. We parents all know just how deperately the world awaits our next couple of Gig of pictures (and video!). And when I take pictures at various events (ie. a school field trip), all the parents want to see the pictures.

On the other hand, Facebook is far too limited. My "alumni" account from grad school has long since aged away. And when I left undergrad, campus-wide email was a gleam in some dean's eye. And, of course, there's not a lot of overlap between the universities I've attended and those attended by all the parents of my childrens' classmates.

Perhaps a geographic network (which I believe Facebook now supports) would work, but why bother? We've our school's extranet which serves very well for this purpose (as well as many others). And when it's beyond school, I've my own family website on my server for the placement of photos. Given what's been happening with disk space recently, I've been moving videos there too w/o concern.

Perhaps its my age or culture, but there's little reason to depend upon someone else's server or some limited concept of "network". And I know where my backup is, which is another source of comfort.

Re:the answer to this is so simple... (0)

Anonymous Coward | more than 7 years ago | (#17465172)

One of our HR people just to prove a point attempted to look at my profile, and then sent me a friend request which I denied for that reason. Making a definitive wall between work and whatever it is that I do at home is very important.

You denied him because you have no friends and you weren't sure what to do when someone requested to become one.

"Friends?!"

Re:the answer to this is so simple... (1)

Plutonite (999141) | more than 7 years ago | (#17466722)

One of our HR people just to prove a point attempted to look at my profile, and then sent me a friend request which I denied for that reason.

That's the funniest thing I read all week. What do you mean you denied him..your HR staff want to be your friend! Don't be such an ass. Besides, you don't want him to report to your boss saying that he sent you a friend request on Myspace and you declined. Oh wait, maybe you do.

Re:the answer to this is so simple... (1)

Jonnty (910561) | more than 7 years ago | (#17469190)

I think the social networking sites should make it as hard as possible or even disallowed for things like phone numbers and addresses to be public, even if the rest of your egotistical drivel is.

This is new... (0, Redundant)

muindaur (925372) | more than 7 years ago | (#17463764)

I was under the impression that this was a well known and obvious problem for a long time. Maybe I'm wrong it's new. Meh.

In other news (5, Funny)

timeOday (582209) | more than 7 years ago | (#17463766)

Never leave home and you'll never catch a cold or get run over by a car. Join the fight against leaving home now!

Re:In other news (1)

7macaw (933316) | more than 7 years ago | (#17464000)

Yes! And don't eat tomatoes! Everyone who eats tomatoes, dies!

Re:In other news (2, Interesting)

kfg (145172) | more than 7 years ago | (#17466038)

Never leave home and you'll never catch a cold . . .

Nooooooooooow ya tell me!

Actually, I think, in a bit of irony, I caught this one from the UPS man the last time he handed me a crate of Kleenex through the basement window, 'cause I don't remember leaving home lately. I'll have to wear gloves and soak them in Vodka for a week before handling them next time.

In a bit of further irony today I had intended to be far away from anywhere with a net connection, or people, but I couldn't leave home, becasue I have the flu.

So here I am.

Lucky you.

KFG

of course (2, Interesting)

jrwr00 (1035020) | more than 7 years ago | (#17463776)

Its a meeting place for all the morons on the interweb (as called by a few of my friends)

Myspace, hi5, bebo, is just to name a few i see around here in job corps,

ever wonder why AOL Userers got the most phising emails, because most AOL users where morons

Re:of course (0)

Anonymous Coward | more than 7 years ago | (#17464672)

where morons

Igor: There morons. There castle.
Dr. Frankenstein: Why are you talking like that?
Igor: I thought you wanted to.

You reap what you sow. (0)

Anonymous Coward | more than 7 years ago | (#17463810)

Things I don't put on my accounts:
1. Real name. Anywhere.
2. Publicly displayed email address.
3. Any location info more specific than state.

Also, it helps to use different handles on different forums/blogs/"social networking" sites/etc.

Newsflash: People are STILL stupid. (5, Funny)

R2.0 (532027) | more than 7 years ago | (#17463862)

In shocking news today, it was revealed that human stupidity is not relieved by the internet, but is actually exascerbated by it. News at 11:00!

Re:Newsflash: People are STILL stupid. (0)

Anonymous Coward | more than 7 years ago | (#17464486)

In shocking news today, it was revealed that human stupidity is not relieved by the internet, but is actually exascerbated by it. News at 11:00!
Who are you, and why are you pretending to be Ric Romero?!?
I mean, this man has to SURVIVE off of his impeccable journalism. He doesn't need people like you taking the scoops away from him.

Re:Newsflash: People are STILL stupid. (1)

too_old_to_be_irate (941323) | more than 7 years ago | (#17465260)

Yep. Presumably includes exacerbating awful spelling, too...

Re:Newsflash: People are STILL stupid. (1)

StikyPad (445176) | more than 7 years ago | (#17465320)

The word "exascerbated," aside from containing one s too many, has about as much chance of showing up in a teaser as the less asexual word with which it rhymes. Also, was your teaser in the form of a question? Keep readnig to find out!

Re:Newsflash: People are STILL stupid. (1)

Adambomb (118938) | more than 7 years ago | (#17465552)

You've got red on you.

Re:Newsflash: People are STILL stupid. (1)

owlnation (858981) | more than 7 years ago | (#17466312)

Some people are actually astonishingly stupid. The Internet is simply a reflection of this, not the cause.

I used to work for a large multinational company. Occasionally customers would be asked to prove their identity for certain services. For this, they would be asked to send/fax in photocopies of documents proving their identity. Which is of course normal practice for many companies.

Regularly, and I mean at least one a week, people would send in things like their passports. Not copies, their actual passport. Picked it up, put it in an envelope and put it in the post. Regular mail, not even registered (as they were instructed).

There's no way you can regulate against that - well, except in a fascist state maybe.

Re:Newsflash: People are STILL stupid. (1)

The Benefactor (668201) | more than 7 years ago | (#17471694)

As an aside to this I once saw a copy of a passport cover which was sent in as a "copy of their passport" Which kind of proves your point.

Obviously (1)

Elentari (1037226) | more than 7 years ago | (#17463914)

They're bound to be havens for social engineers. Those sites are full of people who are usually fairly young, almost guaranteed to click on any link they're sent - especially if from a "friend" on the site - and entirely uninterested in the workings of computers, or the internet.

People don't find these sites anymore. They go online specifically to accumulate profiles, with no knowledge of what they're doing. Of course it's going to go horribly wrong.

Nosey sites (2, Interesting)

Threni (635302) | more than 7 years ago | (#17464028)

Part of the problem is sites asking for identifying info when you sign up, including passwords, email addresses, real addresses sometimes, or postcodes/zipcodes, dates of birth etc? Why? None of this stuff has anything to do with what I post on Slashdot, my opinions on music, films, games. Having it stored on the site owners server does nothing to aid my attempts to get answers to technical problems on usenet or forums. And I'm not entirely sure it can be said to help reduce trolls and other problems that afflict public sites. If people didn't have to exchange all this info to register on sites etc, and it was only provided when absolutely necessary then maybe people will be more aware of exactly who's asking for it and how safely it'll be stored.

Re:Nosey sites (0)

Anonymous Coward | more than 7 years ago | (#17468294)

You mention passwords, which is a requirement when you register at slashdot and any site where you are actually creating an account. However you are only focusing on one genre: forums. Let us take, for comparison, a site such as Neopets. Its playerbase is huge and filled with young people, many of which do not have a lot of common sense. To register requires an email (to confirm that the email is your own, and to help users in case their account information is compromised and they cannot log in) and a date of birth (COPPA requirements). Both are important and should indeed be provided by the user.

Re:Nosey sites (1)

Threni (635302) | more than 7 years ago | (#17470648)

> To register requires an email (to confirm that the email is your own, and to help users in case their account information is
> compromised and they cannot log in) and a date of birth (COPPA requirements).

Why do I need to `confirm that the email is my own`? Why not just let me create a user name and password so I can log in in future. Messages could be sent to an account on the site, and not email. I don't want any more email, thanks - I get all the email I desire from friends, family and work. You know - email I want to read, not crap coming from companies associated with the websites I visit.

Also, how does entering a date of birth prove anything? What's to stop me from entering 1932 as a date of birth? Going to check up on me?

Really, you couldn't have picked a more blatant example of exactly what I mean.

This...just in! (2, Funny)

PingSpike (947548) | more than 7 years ago | (#17464046)

Another recent study said that walking down dark alleys while jiggling your car keys and waving a wad of cash around may increase the likelyhood of muggings.

Automated Privacy Rights (2, Insightful)

Doc Ruby (173196) | more than 7 years ago | (#17464082)

Best practices to protect personal data like IDs should be consistently supported in software if most people are to practice them.

I'm really annoyed every time I have to type my name/address/email into a Web form. How many times have I typed that info in the past 10 years of the Web? Why can't forms include either Javascript or even standardized APIs for requesting the same personal info? In increasing scopes with simple descriptive names. So I don't have to let my info sit cached at so many remote servers with which I do intermittent business, any one of which can leak my info at any time.

I want to see a Web GUI show submittable form sections tagged by their target org. I'd like to subscribe to a service that rates forms by their risk, demonstrated by proven vulnerabilities in distributed reporting databases (or whatever my selected advisor uses to decide its ratings). Many people would pay for such a service to advise how much info to disclose to a given recipient. And many organizations would pay to make using them free, like insurance and bank corps, not to mention governments with insight into the preventive value of informing consumers of disclosure risks, without slowing down acceptable transactions.

People can protect ourselves even more than with just tech fixes. We have the right to privacy in our "papers and effects" [wikipedia.org] : our personal data. We produce a government to protect that privacy. We should specify how they protect it, like requiring all disclosed personal data to be redistributed only within the context of the transaction into which it was delivered, unless explicitly agreed otherwise by the sender. Maybe even a Constitutional Amendment, to make more clear the privacy rights implicit in the Constitution, explicit in the 4th Amendment, but still not protected enough for adequate security in the modern age.

Re:Automated Privacy Rights (0)

Anonymous Coward | more than 7 years ago | (#17464398)

I want an API for this info too. All my entries are different and with an API I can automate the generation of them.

Easy Sum: (2, Funny)

Penguinisto (415985) | more than 7 years ago | (#17464176)

Yes, Virginia, there is a such thing as "Ignorant People Who Will Click On Anything Others Send Them"

/P

Re:Easy Sum: (1)

StikyPad (445176) | more than 7 years ago | (#17465392)

but it was from my bff! :(((

On the other hand, (4, Interesting)

Peter Trepan (572016) | more than 7 years ago | (#17464198)

Socializing at a bar puts you at greater risk of physical harm. Socializing at a church puts you at greater risk of personal judgment. Socializing at a coffee shop puts you at greater risk of cardiac arrhythmia. Socializing at a restaurant puts you at greater risk of clogged arteries. Not socializing puts you at greater risk of dying alone.

Re:On the other hand, (2, Interesting)

presentt (863462) | more than 7 years ago | (#17465010)

I agree. I think there is a difference between caution and paranoia. As long as you aren't stupid, and don't make available information such as credit card numbers, social security numbers, and so forth, I don't see much wrong with posting basic demographics like age, sex, and even locations. It's the type of information that can be obtained by someone who wants it, anyways, and can potentially add to the sense of the online "community." I don't have a MySpace, but I do have a Facebook profile. I keep it private, but still recognize that the information in it, including cell phone numbers, AIM screennames, and pictures, are online and thus potentially available to an unauthorized party.

I'm sure my phone number, email address, and even postal address are circulating around without my knowledge offline. Putting it online may expose me to spammers, but hey, I've got a good email filter, I'm not afraid to hang up on people, and who really sends junk mail on paper anymore anyways? Besides, it's in the phone book. And I'm not too afraid of sexual predators--I don't fit the demographic, and I'm not stupid enough to meet some unknown person at a shady coffee shop either.

And my picture? Big deal, check last month's newspaper, because there's a photo of me. What I'm trying to illustrate is the availability of information about me away from the internet, and the futility of trying to protect basic information in the first place. If an attacker (social, sexual, political, or even a government assassin because I heard the wrong conversation somewhere) wants to learn about me, he can. There's risk everywhere, as the parent pointed out.

Poison the Well (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#17464350)

So spammers and marketers and others are data mining social networking sites. Great, I think it is the duty of each of us to go create a fake site with a fake name and link to a few other people. Heck we can even get creative and talk about "favorite" products. Maybe I'll accidentally post the number of a local law firm claiming it is my home number :)

Teach internet responsibility in school (2, Interesting)

businessnerd (1009815) | more than 7 years ago | (#17464514)

I think a great way to combat issues like this is to start teaching safe browsing in school. We are already teaching them how to use the computer and how to find information over the internet, but are they teaching them how to use the technology responsibly. When I learned how to use a computer in school, we learned what bugs and viruses were, but they weren't as widespread then, so there was no lesson on how you might get a virus, how to prevent getting that virus, and if you do get a virus, how do you repair your machine. This was also before spyware was understood as well as phishing and identity theft. We all saw the movie "The Net", but no one really thought that could happen to them, and could only be pulled off by some elite hacker out to get you, and only you.

We need to teach the kids that not everyone on the internet is your friend. Not everyone on the internet is who they say they are. You can protect yourself from malware by using safe browsing behavior (don't click OK at every message that pops up, smiley face add-ons are not so smiley). Never give out personal information on the internet unless you are absolutely positive that the person you are giving it to is in fact who they say they are, and there is a legitimate reason for it. This means no SSN, phone number, credit card/bank numbers, address, etc.

Like I said earlier, when I was in school, all of this was not really a concern, so I'm not sure if schools are actually teaching this kind of stuff.

Re:Teach internet responsibility in school (1)

Jerf (17166) | more than 7 years ago | (#17465608)

To make your curriculum more palatable to schools and more likely to be taught, some simple changes make it even more useful and applicable:
We need to teach the kids that not everyone is your friend, period. Not everyone is who they say they are, period. Never give out personal information, period, unless you are absolutely positive that the person you are giving it to is in fact who they say they are, and there is a legitimate reason for it. This means no SSN, phone number, credit card/bank numbers, address, etc.
(I was going to bold my differences but I ended up just removing "on the internet", and Slashdot doesn't allow <strike>.)

Tack on "how to be critical of advertising" and a few other things and you've got yourself a bona-fide vital 21st class. "Don't believe everything you see" and "Nobody is really going to give you anything for free" are valuable lessons both on and off the internet.

(I'll leave it for somebody else to detail how difficult it will be to get the modern school culture to deal with teaching those things.)

Re:Teach internet responsibility in school (1)

photomonkey (987563) | more than 7 years ago | (#17468012)

I agree that this information needs to be taught at a very early age. School would be a great place to teach and reinforce good browsing habits and behaviors. However, I would endeavor to guess that most schoolteachers are not themselves 'up-to-speed' on the latest exploits and tricks.

Despite it being fairly available at the time (mid-late 90's), my house didn't have internet access until I was a junior or senior in high school. Why? My dad didn't know enough about it beyond the basics of his business email to feel safe handing it over to his kids.

Even still, when we got the internet, the connected computer was in a mostly 'public' place in the house. It wasn't pr0n they were worried about, or even child molesters (we were too old for that at the time). My dad explained to me that an important life lesson is to never turn your back on something you don't understand.

The real problem is that MOST people out there don't know enough about how to be safe online (as well as how to protect from viruses, etc.) to be able to effectively use and maintain a network-attached computer. And yet, they're perfectly willing to go 'play' with it.

Re:Teach internet responsibility in school (1)

businessnerd (1009815) | more than 7 years ago | (#17475828)

I agree that most schoolteachers are not very savvy when it comes to good internet habits, let alone computers themselves, but my hopes at least are that the technology/computer teachers at least have a good understanding of this. They don't need to be up to date on the latest and greatest Windows or IE exploit, but they should be able to understand viruses and spyware, phishing, identity theft, and what social engineering is. The reason I say teachers and not parents should teach this sort of thing is because of the reason you stated above with your parents. They don't know anything about it, so those who do know, need to teach the younger generations so that when they become parents, they can help enforce these behaviors at home.

Let take to noobs what they deserve (0, Troll)

Spartan23 (1047010) | more than 7 years ago | (#17464520)

Personally , I wouldn't mind that much , people think that is all a game , a virtual thing , an unreal world or the "Internet" that Tv News highlight that much with very ignorance , the same ignorance shared by people who do use computers for massive porn , chat for sex , for example , staying in community like paltalk , msn , absorbing those dirty ads , popups , gettin worms... gettin various damage on their "expensive pc monster bought at the mall" , signed by Dell or HP , and so on . Opposite , who knows that bit much is safe anyway and I can tell you that these last kind of people understood from a longtime that I'm trying to tell you now : It's no possible to protect people from their same ignorance , Who want discover things explore , study , ask for things , To know Is Power . So , let take noobs what they deserve , there's nothing to make in order to stop this .

Re:Let take to noobs what they deserve (0, Flamebait)

NineNine (235196) | more than 7 years ago | (#17465642)

How to spot a "noob": Poster cannot write grammatically correct, coherent, English sentences.

Re:Let take to noobs what they deserve (0, Flamebait)

Spartan23 (1047010) | more than 7 years ago | (#17466304)

Now im noob coz im not english?
Dickhead... your ignorance is proof of what you deserve and your website too...
look who's the noob now

Re:Let take to noobs what they deserve (0)

Anonymous Coward | more than 7 years ago | (#17470908)

expecting grammatically correct, coherent English sentences? Welcome, you must be new to the internet.

Without these sites, Chris Hanson is unemployed (2, Funny)

fatnicky (991652) | more than 7 years ago | (#17464530)

How many social researchers salivate when they hear "Hi, I'm Chris Hanson with Dateline NBC".

The industry alone should be salivating, for all the pedo-rific jaw dropping action that goes on in a pedo bust.

Without myspace or any of these, what kind of pedos would we watch get busted on Friday night.

There's only so much Michael Jackson to go around.

If you'll excuse me, I just met a 19 (12) year old kid and am going to drive 300 miles away to meet them. (And yes, I always have protection, erotica, booze, and her favorite perfume with me, you know, just in case...)

.

[disclaimer: this is a joke, no cop calling please.]

Here is what I would like to see... (0)

Anonymous Coward | more than 7 years ago | (#17465662)

Here is the scenerio I would like to see:

17 year old guy that looks 20-22, makes a profile that shows him as 22. You know, birthdates, posts about his hangout being a bar, comments about his job. That sort of thing. Figure out Datelines MO, and start picking up on their fake minor. Then when the plans are made to meet for sex, slip in something along the lines of "Yo, it's illegal for 22yo to sleep with minors, so I am 17, OK? We don't want anyone getting arrested now, right?". Then when he shows up, and it turns out to be Dateline, he has the entire Dateline crew arrested, as they solicited a known minor for sex. There would even be the logs to prove it.

Tell me that you wouldn't have a media circus with a headline like "Dateline crew arrested in underage sex scandle!"

Brilliant! (2, Funny)

evil_Tak (964978) | more than 7 years ago | (#17464574)

So...places where lots of social networking occurs are good places for social engineering?!

Next you'll be telling me that places with lots of water, fish food, and fish habitat are good places to go fishing!

Re:Brilliant! (1)

StikyPad (445176) | more than 7 years ago | (#17465534)

Dave, is that you?

For the last time, there is NO FISHING in my aquarium.

Retarded study!!! Ignore it!!! (0)

Anonymous Coward | more than 7 years ago | (#17464656)

Who is commissioning these studies? And why? Rick Remero?

The people who are really afraid of these sites are LARGE RECORD COOPERATIONS (the same folks who brought you the DCMA and DRM). These sites freak them out and they will use these stupid studies to spread FUD.

Get over it. Nothing to see here.

Its a mad world (1)

Dasupalouie (1038538) | more than 7 years ago | (#17465342)

Isn't it really ironic that these kids put all of their personal info on the internet, but probably won't even tell you their name if you walked up to them in public and asked for it? Stupidity I tell you, welcome to the 21st century of darwinism.

oprah ! (1)

chrisranjana.com (630682) | more than 7 years ago | (#17470836)

Recently saw the show where Oprah hires a hacker to find the personal details of a userid at myspace and he did it in like 5 mins !
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?