Posted November 16th, 2009
Two friends of mine have finally decided to get blogging. Yes, I know that blogging seems passé to some of you out there, but it still has it purpose.
First up – Tuesdaynight’s very own Josh Nanberg has launched his eponymous blog. Josh is one of the few people I know who can
- breakdown political messaging techniques in to something I can understand
- cook a four course meal in a 1 course kitchen
- reference deeply obscure music lyrics
all at the same time.
Next up – my friend and mentor, Rob Ciampa has decided to divert his seemingly boundless energies into a bit of blogging. Besides having an encyclopedic knowledge French wine, a photographic memory for menus, and a typical Boston potty-mouth, Rob is one of the best corporate marketers and channel managers I have ever met.
Admittedly neither blog has much content but I know these guys, and I know what’s to come. You’ll want to know it to.
Posted August 25th, 2009
Anyone else not surprised by recently findings from this internal report form the London policy force? The net of it is closed circuit television (CCTV) camera do little to solve crimes. It seems that the success rate is 1,000 cameras per solved crime. Just a few million more cameras and we’ve got the crime thing licked, eh?
Questions that I’d like to see answered are:
- How many crimes were not committed because of the presence of a CCTV camera?
- How many crimes were committed in a different location because of the presence of a CCTV camera?
The first question is impossible to answer. The second can be answered and a UC Berkeley study of the city San Francisco’s CCTV camera efficacy has been released. You can ready about the results here and here. The San Francisco study shows the cameras move crime from areas near cameras to areas away from cameras – no big surprise there.
As I have mentioned previously on Tuesdaynight, trading the feeling of safety (without an actual increase in safety) for an invasive, always-on, 3rd-party-accessible video monitoring presence is a choice that leads to a far more paranoid society, less willing to engage in social behavior and less like the kinds of societies in which we want to participate.
Posted August 21st, 2009
A few Facebook hacks came across my desk this week. The first set are so called “rogue” applications which do the tediously predictable grab of user information followed by the equally tediously predictable spam-a-palooza. Calling such applications “rogue” is misleading. These didn’t start out okay and turn evil somewhere along the way. These apps were built to cause trouble – they are malware. Facebook has a healthy set of malware apps and the number is growing every day. You can easily spot effected Facebook users by their status messages – “Sorry for the email – my Facebook got a virus.”
The second hack is of a far more interesting class. Ronen Zilberman, a security researcher, harnessed features of the Facebook platform to unwittingly perform a man-in-the-middle attack on itself. Zilberman documents how the attack works in very clear language. You can even see a video of the attack in action. Why is this a more interesting class of attack on Facebook? First, it doesn’t require an application to be added to the victim’s Facebook profile. Second and more importantly, this attack fundamentally turns Facebook’s goals against itself.
Facebook’s mission is to “give people the power to share and make the world more open and connected.” Its business is to accomplish this mission before someone else does. This requires that Facebook provide a means to connect as many people, websites and services as possible and as fast as possible. And in the course of this social networking land-grab, it is not surprising that we have seen both Facebook malware and the Facebook’s platform being used to support anti-social behavior. The Facebook platform is optimized to provide frictionless connections and sharing of information. But as exploits for ill-purposes increase, Facebook has to act and act in a manner counter to their mission. Continue reading "The challenge in fixing Facebook’s underlying privacy problems"...
Posted July 27th, 2009
Over the last two weeks, I have been using my homegrown Facebook application, Privacy Mirror, as a means of experimenting with Facebook’s privacy settings. Although Facebook provides a nice interface to view your profile through your friends’ eyes, it does not do the same for applications. I built Privacy Mirror with the hopes of learning what 3rd party application developers can see of my profile by way of my friends’ use of applications. I have yet to speak with representatives of Facebook to confirm my findings, but I am confident in the following findings.
Imagine that Alice and Bob are friends in Facebook. Alice decides to add a new application, called App X, to her profile in Facebook. (For clarity’s sake, by “add”, I mean that she authorizes the application to see her profile. Examples of Facebook applications include Polls, Friend Wheel, Movies, etc.) At this point, App X can see information in Alice’s profile. App X can also see that Alice is friends with Bob; in fact, App X can see information in Bob’s profile. Bob can limit how much information about him is available to applications that his friends add to their profiles through the Application Privacy settings. In this case, let’s imaging that Bob has only allowed 3rd party applications to see his profile picture and profile status. Continue reading "Looking beyond the Privacy Mirror"...
Posted July 25th, 2009
I find that I rely on my debugging skills in almost every aspect of my life: cooking, writing, martial arts, photography… And it helps when you’ve got friends who a good debuggers as well. In this case, my friends lent a hand helping me figure out what I was seeing in my Privacy Mirror.
The following is a snapshot of the Application Privacy settings I have set in Facebook:
Given these settings, I would expect that the Facebook APIs would report the following to a 3rd party application developer:
- My name
- My networks
- My friends ids
- My profile status
Continue reading "Further findings from the Privacy Mirror experiment"...
|
lawyer bait I work for The Burton Group, but the postings on this blog reflect only my personal views; they do not necessarily represent the views, positions, strategies or opinions of The Burton Group or its management.
|
what others say