Give the Gift of Internet Security

December 10, 2010

This holiday season LOOKBOTHWAYS LLC has teamed with McAfee to create a Facebook application so you can give the gift of safety to friends and family. Our goal is to help reduce the number of unprotected consumers – and computers – accessing the internet.  The application is free, your gift choice of a security service is free to the recipient, and you get to wrap your gift in a selection of beautiful eCards.  Nothing says I care better than protecting those you love.

I’ve blogged here many, many times to underscore how critical it is for consumers to have up-to-date security in place on your devices – and I do mean all your devices, including any smartphones – and your routers, firewalls and home Wifi.

Unlike your toaster, the internet is not a plug-it-in-and-go experience. Failing to use security software is like trying to keep your family safe in a home with no locks on the doors or latches on the windows. It’s that simple. Without this basis for protection, you simply will not be able to protect your safety or privacy, your identity or your money.  See links at the bottom of this blog to learn more.

How to send your eCards and Gifts:

  1. Go to the Holiday eCard tab on McAfee’s Facebook website.
  2. Follow these 3 simple steps:
    1. Select an eCard of your choice
    2. Select a gift from McAfee to include. Choose between:
      1. McAfee Security Software
        Help your friends and family stay safe and secure – give the gift of online security with a free 6-month subscription to McAfee’ security software.
      2. McAfee WaveSecure
        Ensure your friends and family protect their mobile devices. Give them the gift of a free 7-day trial of McAfee WaveSecure for complete protection and control of their mobile device and data.
      3. McAfee SiteAdvisor
        Make sure your friends and family search safely online. Give them the gift of free McAfee SiteAdvisor’ software that provides color coded safety ratings that warn them before they click on a risky site.
    3. Personalize your eCard and send – this will post your card for all your Facebook contacts to see.
  3. You’re done – unless you want to also send the card to friends and family who are not on Facebook.

To share with others via email:

  • Create an email and include all those you want to share the card with.  (See my blog Respect Others When Sending Email to a Group, to learn how to protect your friend’s privacy when emailing.)
  • Copy the URL to the greeting card. You can either pull the eCard’s URL from the link on your Facebook page, or you can copy it from the open card. (See arrows in graphic for locations).
  • Send the email. Recipients do NOT have to have Facebook accounts to see the card or receive their free security software gift, but you will need to give them an alternate place to download the software from (the link will take them to Facebook).

Learn more about the need, and the ways, to secure your internet experiences:

This is one gift we want to see be shared as broadly as possible – pay it forward.



Worst Facebook Posting Gaffes

November 10, 2010

In an interview for, Linda Criddle, President LOOKBOTHWAYS and the Safe Internet Alliance outlined the most common mistakes consumers make when interacting through social networks.

To read the full article, click here. Read on for an excerpt of Linda’s comments.

Most of the advice about what not to do on Facebook “is falling on deaf ears” says Linda Criddle, president of the Safe Internet Alliance, “there’s a disconnect between the advice and the actions.”

Criddle points out that at one time she had just 23 friends on LinkedIn. If you added the friends of her friends, the network was several thousand people. Adding the friends of those friends, she got to three-quarters of a million people. “Once you’ve shared something with any friends, it’s in their power, not yours, how far it goes. These friends may have their sharing set to public,” warns Criddle.

There are no records of how many thefts have been committed with the help of Facebook profiles or other social networking sites. Notes Criddle, “There’s not a place on the police report for ‘enabled by information found online.'” But police are increasingly aware of the problem, she says, and the FBI is also getting up to speed on Internet-enabled crime. The challenges: These are not topics that most officers learned about at the police academy, and as municipal budgets are cut across the U.S., fewer officers are having to do more work.

The safest thing to do is to put your privacy settings on the least public option possible–and still think twice before you friend strangers or post telling personal details.


Could Facebook Go the Way of MySpace?

October 18, 2010

The Wall Street Journal has caught Facebook in flagrante again This time, WSJ reports, in a front-page expose that the most popular applications, or “apps,” on world’s No. 1 social-networking site  have been selling users’ information—including access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies.

The abuse affects tens of millions of Facebook users – including those who set their profiles to the strictest privacy settings.

ALL of the 10 most popular apps that Facebook’s 500m users play or use to share common interests have been selling user’s information to outside companies. Three of these companies, including Farmville with 59m users, have also been selling personal information about a user’s friends, which means whether you personally used these games or applications becomes irrelevant – if you have a friend who played, your information was likely grabbed and sold as well.

Though the practice of reselling consumer information breaches Facebook’s rules, policy enforcement is clearly lacking when it is the Wall Street Journal, not internal proactive monitoring, that discovers the abuse of consumer information. Confronted with the WSJ expose, a Facebook spokesman said on Sunday that “it is taking steps to “dramatically limit” the exposure of users’ personal information.”  But that comes well after the horse left the barn. To understand just how rapidly that information is sold and resold, see the screenshot taken from a WSJ article at the bottom of this blog.

This expose comes on top of a law suit over Facebook’s own now-discontinued practice of sending users’ data to advertisers without users’ knowledge – a case also brought to light by the WSJ last May. Facebook had been sending Facebook ID codes to advertisers under some circumstances when users clicked on an ad. The codes could then be used by the advertisers to look up individual profiles, which could include a person’s real name, age, hometown, or other details. Facebook has since discontinued the practice.

Attention, Facebook execs: remember MySpace! It used to be considered unstoppable, but as soon as the company became synonymous with sexual predators and scams, the vast majority of users left the site – and what’s left? A shadow.

Consumers, know your strength. Online Companies don’t make money primarily by selling advertising — they make money selling access to YOU, and information about YOU, to advertisers. You and your information are top commodities in the online world.

Think about it: other than its servers and code, what is Facebook’s value? It’s the 500m users they have to attract advertisers and advertising dollars. If Facebook’s users left the site, what would Facebook have left? Just a bunch of servers and code.

The lesson is that if you don’t like the way you’re treated, and you choose en masse to migrate, internet empires topple.

Consumers hold the ultimate power in a model that makes you the commodity, but you don’t yet know it, or how you can wield that power.

How can the Internet become more responsible regarding consumer privacy? Three things that haven’t happened need to happen:

  1. Consumers need to understand how and why their information is being used – and when it is being exploited. Until  prominent disclosure of each company’s policy regarding user information is mandatory, the question of what is being disclosed will run underneath the collective consumer consciousness.
  2. A watchdog organization needs to be established, to which consumers can turn to see how various companies treat their data, their privacy and their safety. The WSJ article series lays a strong foundation for this, but it’s a one-off effort, not the sustained oversight needed. The Safe Internet Alliance has proposed taking on, or helping to create, this role, but it is still far from accomplishing that goal or getting stakeholder buy-in. In the absence of self-regulatory or a consumer watch organization, this role will need to fall to a government body like the FTC.
  3. Consumers need to find a way to collaborate better. It’s a united we stand, divided we fall scenario where any one user doesn’t make a difference to a company wielding 500m users; but 5 million organized users – or 100m users – demanding change can make even the largest company quail. I’m confident that at least 100m users would stand together in outrage over what’s happened to their data, and the data of their friends. They just need a rallying point.

I am not opposed to online advertising — it’s what funds our ‘free’ use of internet services. What does concern me is knowing which companies are tracking me and how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do so.

We consumers played a role in the creation of this ad-driven internet model. The bubble burst of 2000 happened because internet companies built their content and services assuming we would subscribe to use their services and thereby make their companies profitable. But we didn’t want to pay for subscriptions —  we wanted everything to be free. Somehow we forgot that free doesn’t pay the bills, let alone turn a profit.

We forced internet companies to either go bankrupt, or find a new revenue model that would extract money from those willing to pay, and that happened to be the advertisers. What internet companies quickly learned was that the more targeted ads could be, the more advertisers were willing to pay them for access to their users.

It doesn’t take a leap to understand how we’ve come to a place were you and your data are commodities, and where the environment makes ‘shoplifting’ your data (taking it without your knowledge or permission) very enticing.

Which brings us back to the start of this story:  how Facebook’s top applications providers have taken up the practice of stealth exploitation of your data; how Facebook’s previously indulged in stealth exploitation of your data; how your your Facebook privacy settings have changed time after time under your feet (leaving your data information exposed); and how thousands of other websites follow the same practices. Not to mention the dozens of data aggregator and advertising sites who snap up your data knowing full well you did not give your permission for it to be sold or bought.

To learn more, see my blog posts Know Which Companies Track You For Behavioral Advertising?, and Ad Stalking – When Ads Follow You Online, and the WSJ series What They Know that outlines how companies track and share your information. I recommend you search the WSJ list to look at the behavior of any sites you use.

Already this morning I’ve received a flurry of calls and emails from consumers asking what they should do. My advice? Stop using these applications, demand your information be removed from their sites, then let Facebook,  your Attorney General and the FTC know of your outrage.

Since contacting Facebook can be difficult to accomplish, here is the phone number to Facebook’s customer service: 650-543-4800  and Fax: 650-543-4801

Click here to find your Attorney General and how to contact them

Click here to file a complaint with the FTC.


Website’s Rights and Responsibilities – They are Far More Than ‘Fine Print’

October 18, 2010

It’s been a while since I looked at Facebook’s fine print, but knowing they recently made some adjustments I thought I’d check them out.

I’m favorably impressed. These are far clearer and more navigatable than when I last reviewed them. I was especially pleased with their Statement of Rights and Responsibilities page which clearly lays out the terms that every user is expected to abide by.

If you are a Facebook user and you haven’t read the responsibilities that you have agreed to adhere to, do so now. If you’re a parent or guardian of a minor and they use, or are hoping to use, Facebook, this is a must read-and-discuss document.

With privilege comes responsibility

Help youth understand that using any online service isn’t a ‘right’ its a privilege extended to them under very specific conditions laid out by the companies. Just because a service is free does not mean users are free to do what they’d like while on it.

In this case, it’s Facebook that grants users the opportunity to use their site provided users step up to the responsibility of doing so. Coupling the privilege and responsibility elements of website, or web service, is a critical cognitive step in developing socially responsible digital citizens.

It is a step that hasn’t been articulated clearly enough.

It begins with adults accepting responsibility

Though kids can exert a great deal of pressure, our responsibility as parents and caregivers is to model the behavior that will help minors in our care become fully capable, honest, mature adults in all aspects of their lives.

However, thousands (tens-of-thousands?) of parents who know their children are too young to use Facebook, or other sites with age restrictions, let them do so anyway. This sets the unfortunate precedent that accepting responsibility, or acting responsibly, is optional.

If youth are told they can blithely ignore the age requirement, why would they hesitate to ignore other requirements – like acting civilly towards other users or respecting copyrights?

Our collective online experiment is still in its infancy. How we set up behavioral expectations will cast long shadows.


Facebook Updates While Driving? C’mon!

September 16, 2010

General Motors’ OnStar division has developed a system that provides drivers the ability to record audio updates that could be posted to a user’s Facebook page. The system would also allow drivers to hear their friends’ status updates read to them by a computerized voice. OnStar says the idea reflects society’s growing desire to be connected at all times.
What could possibly be so urgent to post or read on Facebook that it would require a driver’s immediate attention?

Research from the University of Utah found that distraction from cell phone use while driving (hand held or hands free) extends a driver’s reaction as much as having a blood alcohol concentration at the legal limit of .08 percent. I’d need to see some hard data to convince me that the distraction level wouldn’t be similar for those listening to posts or adding their own posts on a Facebook page.

As late as last week, OnStar was apparently still deciding whether it will make this service available to drivers or not. “The company will not implement a new service simply because it’s technically feasible, it has to be the right thing to do for the customer,” OnStar said. “All of our technologies are rigorously evaluated prior to launch.”

Company president Chris Preuss says OnStar has data showing there is no correlation between pushing a single button and vehicle crashes, and justifies the service by saying people will continue to send text messages in cars and update Facebook statuses from their phones, so the company decided to let them do it “with safety in mind”. “I don’t think we’re at all engaging in activities that are going to make it worse,” he said. “We’re absolutely engaging in activities that will make things better.”

If we accept the argument of ‘people will do it anyway’, why don’t we apply it to speeding, drinking while driving, and drag racing on residential streets? Why not enable drivers to take these dangerous actions – ‘with safety in mind’?

I get OnStar’s motivation – if nothing else, the deployment of this service should boost their core business of responding to accidents.

GM isn’t alone

GM isn’t the only auto manufacturer going down the distraction path. Ford Motor Co.’s Sync system, available in 2011 Ford and Lincoln models, is very similar. Besides allowing drivers to hear and reply to text messages, Ford’s system also allows drivers to interact with cell phone apps for things like Internet radio and Twitter.

Opponents of these technologies point to the existing body of evidence to say these systems will lead to greater driver distraction, but Ford has a different point of view. They believe that systems like these allow drivers to do things they’re already doing anyway, such as checking text messages, while keeping their eyes on the road.

Ford spokesman Alan Hall said, “Our research has shown that the most dangerous part of having these devices in your car is when they take your eyes off the road or your hands off the wheel.”

That flies in the face of the information on the U.S. Department of Transportation website. Distracted driving is defined as “any non-driving activity a person engages in that has the potential to distract him or her from the primary task of driving and increase the risk of crashing.

The site goes on to say there are three main types of distraction:

  • Visual — taking your eyes off the road
  • Manual — taking your hands off the wheel
  • Cognitive — taking your mind off what you’re doing

Hmm. Does Facebooking while driving qualify as a distraction under this definition?

Following OnStar and Ford’s assertion, your eyes and hand would only have to be off the road for a tiny moment – and we don’t hear recommendations urging a ban on pushing a button to change your radio station….  But there’s that last pesky cognitive point about taking your mind off driving and focusing attention on Facebook, that’s the deal breaker.

To learn more about distracted driving, see my blog post Distracted Driving? Take the Distractology 101 Learning Challenge.

And that’s not all

GM’s OnStar team is also testing a system which would allow drivers to hear text messages read to them by the “OnStar Virtual Advisor” computerized voice. By pressing a button on the steering wheel, drivers would also be able to reply using one of four pre-written responses.

The only message your car should be sharing with you is “keep your focus on the road”.


Why Privacy Is Not Dead

September 13, 2010

The following article is written by Danah Boyd a social-media researcher at Microsoft Research New England, a fellow at Harvard University’s Berkman Center for Internet and Society, and a member of the 2010 TR35.

It is such a valuable read, I present it here in its’ entirety.

Why Privacy Is Not Dead

The way privacy is encoded into software doesn’t match the way we handle it in real life.

By Danah Boyd

Each time Facebook’s privacy settings change or a technology makes personal information available to new audiences, people scream foul. Each time, their cries seem to fall on deaf ears.

The reason for this disconnect is that in a computational world, privacy is often implemented through access control. Yet privacy is not simply about controlling access. It’s about understanding a social context, having a sense of how our information is passed around by others, and sharing accordingly. As social media mature, we must rethink how we encode privacy into our systems.

Privacy is not in opposition to speaking in public. We speak privately in public all the time. Sitting in a restaurant, we have intimate conversations knowing that the waitress may overhear. We count on what Erving Goffman called “civil inattention”: people will politely ignore us, and even if they listen they won’t join in, because doing so violates social norms. Of course, if a close friend sits at the neighboring table, everything changes. Whether an environment is public or not is beside the point. It’s the situation that matters.

Whenever we speak in face-to-face settings, we modify our communication on the basis of cues like who’s present and how far our voices carry. We negotiate privacy explicitly–“Please don’t tell anyone”–or through tacit understanding. Sometimes, this fails. A friend might gossip behind our back or fail to understand what we thought was implied. Such incidents make us question our interpretation of the situation or the trustworthiness of the friend.

All this also applies online, but with additional complications. Digital walls do almost have ears; they listen, record, and share our messages. Before we can communicate appropriately in a social environment like Facebook or Twitter, we must develop a sense for how and what people share.

When the privacy options available to us change, we are more likely to question the system than to alter our own behavior. But such changes strain our relationships and undermine our ability to navigate broad social norms. People who can be whoever they want, wherever they want, are a privileged minority.

As social media become more embedded in everyday society, the mismatch between the rule-based privacy that software offers and the subtler, intuitive ways that humans understand the concept will increasingly cause cultural collisions and social slips. But people will not abandon social media, nor will privacy disappear. They will simply work harder to carve out a space for privacy as they understand it and to maintain control, whether by using pseudonyms or speaking in code.

Instead of forcing users to do that, why not make our social software support the way we naturally handle privacy? There is much to be said for allowing the sunlight of diversity to shine. But too much sunlight scorches the earth. Let’s create a forest, not a desert.

Danah Boyd is a social-media researcher at Microsoft Research New England, a fellow at Harvard University’s Berkman Center for Internet and Society, and a member of the 2010 TR35.

Ringleader of Child Abuse Images Network on Facebook Jailed In UK

September 12, 2010

The British ringleader of an international network who shared up to 100,000 indecent images of children on Facebook has been jailed for four years, reports the BBC. The man is a convicted sex offender who set up eleven Facebook accounts to share these images with other child sexual predators through private groups.

It is important to note that these images were not publicly available on Facebook, they were shared privately in the same way this type of criminal content has been shared; through newsgroups, forums, peer-2-peer file sharing, and via other social sites. Access to the images was controlled and required newcomers to provide “credentials”, usually in the form of sharing child-abuse images of their own.

That said, there is no mention of any interactions this pedophile had with minors or adults outside of these private sites, or whether or not he used this or other sites to identify potential new victims.

Concerning factors with this case:

  1. This convicted sex offender spent 12 months in jail in 2005 for “distributing indecent images of children and committing acts of gross indecency with children”. One year seems awfully lenient for those charges. As does the 4 year sentence this pedophile received  for his latest crimes, after admitting to 24 charges of making, possessing and distributing indecent images of children. That equates to just 2 months per charge. Or, looked at differently, this man will only spend 21 minutes in jail per instance of child sexual exploitation as documented in the 100,000 images. Explain to each abused child the “justice” in that.
  2. That 100,000 images of child sexual exploitation were stored on Facebook’s servers without their apparent knowledge is troublesome. Consumer facing websites that accept consumer generated content need to have automated and manual filtering processes in place to screen images and videos. While it is impossible to guarantee that every image of child exploitation will be caught, 100,000 images begs the question of who’s managing the farm.
  3. In the BBC article, Facebook said that people known to be on the sex offenders register were not permitted to use the site, but it relied on police forces to inform it of new offenders. They also said they  would investigate any suspicious activity or abuses reported to the site.

    There are two key flaws in Facebook’s position.

    1. First, only a small fraction of sex offenders are ever be caught, let alone convicted. Facebook’s policy means they willingly let the vast majority of sex offenders on their site unfettered and unmolested – placing the burden on police to cleanse their user base. Responsible consumer facing services must proactively identify and increase moderation of possible bad actors, for the protection of all.
    2. Second, by taking the position that they will investigate any suspicious activity or abuse reported to them, Facebook seems to place the burden on others – particularly on their users – to rid the site of suspicious activity or abuses. Again, responsible consumer facing services need to proactively monitor users actions for the protection of all. The burden of site management and policy compliance needs to reside with the company, not the consumer, particularly when the consumers may be mere youth.

As an industry, online companies and services need to step up to their responsibilities as stewards of their own sites, or they will surely be forced to do so under less favorable circumstances.

As nations we need to determine the right level of punishment for those who traffic in child exploitation. I would hope the appropriate penalty is greater than 21 minutes per abuse.