Why would Facebook want to enroll children in a service built with little regard for adult safety/privacy/security? For the money.

June 7, 2012

A floundering Facebook is under increased pressure to shore up their revenue and flat per user minutes. So it was no surprise to see the Wall Street Journal report that Facebook is developing technology to allow children younger than 13 years old to use the social-networking service under parental supervision in spite of their abysmal track record in protecting older consumers.

Yet Facebook is already in deep trouble over their consistent encroachment on consumer privacy, the service is a hot bed for malware and scams, their advertising is not suitable for younger users.

The issues around Facebook’s interest in onboarding the under 13’s fall into three categories:

  • Facebook’s predatory privacy practices
  • Facebook’s financial woes
  • There is a need for a responsible social network where children, adults and commercial content can mix, but Facebook isn’t it

Facebook’s Predatory Privacy Practices

From its inception, Facebook has shown a deliberate disregard for consumer privacy, trust, or safety. This attitude was evidenced by founder Mark Zuckerberg’s early IM comments, and has continued ever since through the company’s privacy policy choices, and blatant deception and exploitation of users information.  Consider the following points:

  • Consumer’s feelings of betrayal run so high that 70% of Facebook users say they do not trust Facebook with their personal information.
  • The FTC found Facebook’s assault on consumer privacyso egregious that last fall (2011) they charged Facebook with deceiving consumers by failing to keep their privacy promises. The FTC complaint lists a number of instances in which Facebook allegedly made promises that it did not keep:
    • In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.
    • Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.
    • Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.
    • Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.
    • Facebook promised users that it would not share their personal information with advertisers. It did.
    • Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
    • Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

The settlement bars Facebook from making any further deceptive privacy claims, requires that the company get consumers’ approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years.

Facebook also failed from the beginning to build in strong security, monitoring or abuse tracking technologies, issues they’ve attempted to patch with varying degrees of seriousness or success as evidenced by the constant circulation of malware on the service, the breach of consumer’s information, consumers inability to reach a human for help when abuse occurs, and so on.

Facebook’s financial woes

It’s always about the money. With over 900 million users Facebook is still a force to be reckoned with, but their trajectory is looking a lot more like the climax before the cliff that MySpace faced.

Facebook’s financial problems have been building for some time but the company’s IPO brought financial scrutiny to the forefront and highlights their need to infuse new blood into the service – even if that means exposing children to a service that already poses clear risks to adults. Here’s a quick recap of the financial failings of Facebook:

  • Facebook stock is in a free fall, closing at $26.90 on June 4th when this article was written. That’s down more than $11 dollars, or 29% in the first 17 days of trading – and the stock continued to fall in after hour trading.  
  • The IPO valuation fiasco is far from over; Zuckerberg is now being sued for selling more than $1 billion shares just before stock prices plummeted. The suit says Facebook a “knew there was not enough advertising revenue to support a $38 stock valuation but hid that revenue information in order to push up the share price”.
  • In April, Facebook’s payments revenue went flat according to Business Insider. After growing a consistent 20% quarter over quarter, the first quarter of this year “revenue from payments and other fees [from games and partners] actually fell slightly, according to its latest filing with the Securities and Exchange Commission.”

A new Reuters/Ipsos poll shows that 4 out of 5 Facebook users have never bought a product or service as a result of ads or comments on the site, highlighting Facebook’s inability to successfully market to users.

  • The amount of time users spend on Facebook has also gone flat according to ComScore, a fact also highlighted by the Reuters/Ipsos poll which found that 34% of Facebook users surveyed were spending less time on the website than six months ago, whereas only 20% were spending more.

 

  • Advertisers are bailing. A nasty reality check came from General Motors just days before the company’s IPO as GM pulled their ad campaigns saying “their paid ads had little effect on customers” according to the Wall Street Journal.  

And an article on HuffingtonPost.com  reports that “more than 50 percent of Facebook users say they never click on Facebook’s sponsored ads, according to a recent Associated Press-CNBC poll. In addition, only 12% of respondents say they feel comfortable making purchases over Facebook, begging the question of how the social network can be effectively monetized.”

It’s easy to see why investors are angry, lawsuits have been filed and the government is investigating the debacle.

When 54% of consumers distrust the safety of making purchases through Facebook, and 70% of consumers say they do not trust Facebook with their personal information, and reports that consumer distrust in Facebook deepened as a result of issues around the IPO the company are surfacing, Facebook is looking more tarnished than ever.

As Nicholas Thompson wrote in The New Yorker, “Facebook, more than most other companies, needs to worry deeply about its public perception. It needs to be seen as trustworthy and, above all, cool. Mismanaging an I.P.O. isn’t cool, neither is misleading shareholders. Government investigations of you aren’t cool either.” And ´ The reputation of Facebook’s management team has also been deeply tarnished, particularly by the accusations that it wasn’t entirely open to investors about declining growth in its advertising business.”

There is a need for a responsible social network where children, adults and commercial content can mix, but Facebook isn’t it

Facebook has identified a real gap. There is a legitimate need for a social networking platform where kids can interact with adult family members and other trusted older individuals as well as commercial entities.

This need is evidenced by the 5.6 million underage youth still using Facebook today with or without their parent’s permission for lack of a more appropriate solution.

This 5.6 million underage user number is noteworthy for two reasons:

A)      It shows a significant number of children are using the site.

B)      More importantly it represents a 25.3% reduction of underage users over the past year when Consumer Reports found 7.5 million underage users on the site.  One could reasonably assume that the dramatic drop in underage use of Facebook is precisely because Consumer Reports published their data and that alarmed parents stepped in to block their use.

That 25.3% reduction strikes at the very heart of two of Facebook and their advocates’ key tenants; 1) since so many underage kids are already using Facebook, it would be safer for them if Facebook opened up the service for underage users and gave parents some access and controls to manage their use, and 2) parents want their children to be able to use Facebook.

To be clear, of the 5.6 million children still on the service, many have parents who helped them get onto Facebook. According to Dr. Danah Boyd, one of the researchers studying the issue of parents helping children get on the site, the reason parents told her they allowed their children on Facebook was because parents “want their kids to have access to public life and, today, what public life means is participating even in commercial social media sites.”

Boyd added that the parents helping their kids with access “are not saying get on the sites and then walk away. These are parents who have their computers in the living room, are having conversations with their kids, they often helping them create their accounts to talk to grandma.”

Note that Boyd’s findings don’t say parents want their children on Facebook. The findings say parents want their child to have access to public life. Given the dearth of alternative options, they allow their kids on Facebook with considerable supervision.  Why with considerable supervision? Because the site has inherent safety issues for users of all ages, and the safety issues would be greater for kids.

To date, Facebook has chosen not to cater to children under 13 because to do so requires complying with the Children’s Online Privacy Protection Act (COPPA) which Facebook advocate Larry Magid suggests “can be difficult and expensive” – yet hundreds of companies who take children’s privacy seriously comply with the policies today.

It is more than a little suspicious that Facebook made public their consideration to open their service to children just after they doubled their lobbying budget and just before the upcoming review of COPPA requirements – where the company will have the opportunity to press for weaker COPPA regulations.

Would it be safer for kids using the site to have additional protections such as Facebook suggests implementing?  Yes. But that’s the wrong question.  It is also safer to give kids cigarettes that have filters than to let kids sneak cigarettes without filters.

The real question is how do we fill the existing gap that compels kids to get onto a service that was never designed to protect them?

We need a service that has all the safety, privacy and security protections of the best children’s sites that also allows access to the broader public, news, events, and even appropriate advertising.  That service could easily interface with aspects of Facebook, yet leverage reputations, content filtering and monitoring, and human moderators to provide an environment that Facebook does not have, nor has shown any interest in creating.

This service is imminently buildable with technologies available today, but Facebook’s track record shows they are not the company to entrust with building the online service capable and willing to protect our children’s online safety, privacy and security.

Facebook’s proposal is all about their financial needs, not the needs of children.

Linda

Advertisements

Infographic – Mother, Can I trust Google?

June 3, 2012

This infographic by BackgroundCheck.org provides a great timeline of Google feature rollouts and some of their largest privacy breaches. It also suggests ways for users to reduce tracking of their online actions. It’s definitely worth a scan.

Contact us

Linda


The Digital Marketing Mess – And Insight into Who’s Looking to Profit from Your Information

June 2, 2012

A new infographic showing the social media marketing landscape was unveiled by Buddy Media this month and though the intent was to show how complicated the marketing world has become, it is also an excellent representation of some of the companies fighting to make money off of your information. It’s staggering.

While not every company listed here is collecting or sharing your information – like the URL shorteners – most of these companies would not exist if it were not for the personal information shared online.

Make no mistake, it’s all about the money. You and your information are commodities driving a multi-billion dollar ecosystem. There is absolutely nothing wrong with this business model – you gain tremendous benefits from the internet and all the tools and services it provides – it’s critical that every user to understands just how far their information may be spread and why managing the information they share, and with whom they share it is critical.

 

Linda


Frustrated by CAPCHA’s with wavy, pale, weird or unintelligible characters? Now, there’s hope!

May 14, 2012

You’ve seen CAPCHA’S – Completely Automated Public Turing Test to Tell Computers and Humans Apart – on plenty of websites, the words are scrambled, twisted, wavy, or embellished with lines, wiggles , (even overlaid  with images of cats), and are designed to be decipherable by humans, yet block automated programs from getting into websites.

The problem is that all too often they’re NOT decipherable. You’ve probably cursed the darn things on numerous occasions as you fail – repeatedly – to figure out the characters and are presented with a new set of largely indecipherable options.

If you’re among the millions frustrated with wiggles and dots, take heart. I’ve recently seen very cool security checks that allow you to pass the ‘human’ test by applying basic logic. AMEN!

In the example shown below, users are asked to identify a number in a sequence based on instructions, and it was such a pleasant experience that I’m recommending companies switch methods. The key is to have infinite number of variables, some spelled, some shown numerically so a automated system can’t simply recognize a few options.

Is it possible an advanced scripted program could figure out the logic? Probably. But there are additional tests that can be performed to identify non-humans by their interactions on a site, and that don’t put humans through visual contortions.

Whoever thought of this alternative is brilliant.

Linda


9 Tips for Staying Secure Online – Infographic

May 1, 2012

This infographic by ReversePhoneLookup.org has some great data points – including the sobering stat that 16% of consumers who create passwords still use a person’s first name – but I especially like their 9 tips for staying secure online.

Check it out:

Online Security

Linda


The Real Woes for Apple Security Begin – 1 in 5 Mac Computers Now Carries Malware‏

April 25, 2012

At the start of the month, in what was the largest attack on the Apple OS to date, a beleaguered Apple released two security patches to address flaws in their Java code that had enabled malware to infect over 600,000 computers.  According to Symantec, in just 2 weeks consumers downloading the security patches dropped the number of infected computers from 600,000 to 140,000, where it seems to have stagnated. Symantec urges consumers that suspect their Mac has been infected with OSX.Flashback.K, to install the latest patches, and ensure that your antivirus is up to date.

But the problem doesn’t end there as a new variant has sprung up. Sound familiar? It should. Apple has grown in relevance to now face the same frustrations as the Windows platform – fix a hole and watch hackers find a new angle.

On April 23rd, the New York Times reported that “researchers at Intego, another computer security firm, discovered that a new variant of the malware, called Flashback.S, continued to spread through the same Java vulnerability. Security researchers said the variant was “actively being distributed in the wild” and noted that the malware deletes traces of itself on victims’ machines to avoid detection.

Today (April 24th) the Wall Street Journal reported that security firm Sophos released new research that analyzed “100,000 Mac computers running its free anti-virus software, and discovered that one in five machines was found to be carrying one or more instances of Windows malware.” And that “2.7 percent (one in thirty six) of Macs were found to be carrying Mac OS X malware.”

The Journal article included comments from Graham Cluley, senior technology consultant at Sophos, who said “Some Mac users may be relieved that they are seven times more likely to have Windows viruses, spyware and Trojans on their Macs than Mac OS X-specific malware, but Mac malware is surprisingly commonly encountered. Mac users need a wake-up call about the growing malware problem.”

“The simple fact is that you can scan your Mac for infection from your armchair. The test is painless and free; you just download an anti-virus product and allow it to check your computer and protect it against infections in the future,” explained Cluley.

At the end of the day the question is this, will Mac users be any better than Windows users at securing their devices with anti-malware tools?

Linda


Microsoft Conducts More Raids to Stop Criminals Behind Botnets

April 6, 2012

An article in the New York Times outlines the latest counterattack by Microsoft and law enforcement agencies as they work to shut down what the article calls “one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.”

Congratulations to Microsoft for their dedication to helping all internet users have a safer, more trusted experience.

As this raid highlights, the often heard desire to blame some rogue country for facilitating online crime, or at least to blame an underdeveloped country for failing to maintain proper oversight of their internet traffic, is unwarranted. This week’s sweep targeted command and control servers in Scranton, Pennsylvania and Lombard, Illinois. How banal is that?

Heading up the initiative from Microsoft was Richard Domingues Boscovich, senior attorney in Microsoft’s Digital Crimes Unit on the official Microsoft. Here are excerpts from the company’s official blog:

“As you may have read, after a months-long investigation, successful pleading before the US District Court for the Eastern District of New York and a coordinated seizure of command and control servers in Scranton, Pennsylvania and Lombard, Illinois, some of the worst known Zeus botnets were disrupted by Microsoft and our partners worldwide.

Valuable evidence and intelligence gained in the operation will be used both to help rescue peoples’ computers from the control of Zeus, as well as in an ongoing effort to undermine the cybercriminal organization and help identify those responsible.

Cybercriminals have built hundreds of botnets using variants of Zeus malware. For this action – codenamed Operation b71 – we focused on botnets using Zeus, SpyEye and Ice-IX variants of the Zeus family of malware, known to cause the most public harm and which experts believe are responsible for nearly half a billion dollars in damages. Due to the unique complexity of these particular targets, unlike our prior botnet takedown operations, the goal here was not the permanent shutdown of all impacted targets. Rather, our goal was a strategic disruption of operations to mitigate the threat in order to cause long-term damage to the cybercriminal organization that relies on these botnets for illicit gain.”

This is the fourth high-profile takedown operation in Microsoft’s Project MARS (Microsoft Active Response for Security) initiative – a joint effort between DCU, Microsoft Malware Protection Center (MMPC), Microsoft Support and the Trustworthy Computing team to disrupt botnets and begin to undo the damage they cause by helping victims regain control of their infected computers. As with our prior takedowns, Microsoft will use intelligence gained from this operation to partner with Internet service providers (ISPs) and Community Emergency Response Teams (CERTs) around the world to work to rescue peoples’ computers from Zeus’ control. This intelligence will help quickly reduce the size of the threat that each of these botnets pose, and make the Internet safer for consumers and businesses worldwide.”

You play a role in online security

Are you contributing to the botnet problem? If any of the following statements sound familiar, you are a botnet risk.

  • Your anti-virus and anti-malware tools haven’t been updated since you bought your computer.
  • You’ve ignored those pesky popups telling you that your computer, browser, or programs need updating to get the latest security fixes installed.
  • You love chain emails, and answering survey’s and quizzes.
  • You respond to spammers asking them to stop spamming you.
  • You trust links you come across in emails, Twitter & Facebook and in online ads.
  • You don’t know a phish from a fish, a worm from a grub, or what a botnet is.

4 simple steps can make all the difference in your level of security protection – and in the protection of the whole internet

  1. Start by ensuring your computers are up-to-date with all available patches, fixes, and upgrades.
  2. Then confirm your browsers are up-to-date with all available patches, fixes, and upgrades.
  3. Next, check to see that your security software is up-to-date with all available patches, fixes, and upgrades.
  4. Now, strengthen your spam filters, and smarten up about spam so you don’t click on malicious links.

Learn more about how to protect yourself and your devices in these blogs:

Are You Sure Your PC is Malware Free??

Are You a Malware Magnet? 4 simple steps can make all the difference

Every 3 Seconds an Identity is Stolen – Don’t Be Next

Need help understanding botnets?

See my blogs What are Bots, Zombies, and Botnets? And  McAfee Infographic Makes Botnets Understandable.

Here’s a quick illustration to get you started…

Note: I was a Microsoft Employee for 13 years, until the fall of 2006. I have written both positive and less favorable articles on Microsoft, but hold an abiding respect for the company’s ongoing commitment to security and to providing a responsible, trustworthy environment for consumers.

Linda