Posted November 23rd, 2009
Continuing Burton Group’s work of social networking and social media, I’ve been having various forms of this conversation over the last few weeks. First, I was at TechAmerica talking about social networks, privacy, and data breaches. Although the audio isn’t great, you can get the gist from this video. Then I was talking to the guys from InfoChimps ahead of their debut of some huge Twitter datasets. (The potential for data they have is pretty breath-taking.) Meanwhile, I am prep’ing a more formalized version of this talk for an upcoming OWASP event. With all this activity I thought I’d share a part of it.
On the whole, people have no problem using social networking tools. Whether for personal or for work reasons more and more people are using a variety of tools to share and connect. And in this regard, we can think of social tools as engines for disclosure. Although people are relatively comfortable making disclosures such as “had a great meal in Ottawa” or “have to burn the midnight oil to get this blog post done,” people feel uncomfortable when these disclosures appear in other places. This feeling is akin to reaching into your computer bag and finding a long lost banana: a little foreign, a little gross, and a little strange. People often want to keep their social structures separates and, using a highly technical word, people feel oogy when they discover that something they have disclosed (an activity, a group they may have joined, a relationship they formed, a trip they have taken, etc) is known by other people in other networks. Continue reading "Why seeing your social activities again seems so uncomfortable?"...
Posted November 17th, 2009
A friend in the industry recently asked me for my thoughts on OpenID, InfoCards, and the US federal government’s work to consume non-government issued credentials. Letting the question rattle around in my head for a while, here’s what I’ve got so far.
My hope is that the overall ICAM initiative is successful—not because I have been eagerly waiting to interact with the federal government using some form of authenticated credential—but because we (citizens, enterprises and government) are at a pivotal moment in the history of the web. With the US government working with both the OpenID and InfoCard Foundations, there exists an opportunity to change how individuals interact with large organizations, both public and private. For the first time, individuals would be able to (even encouraged to) interact with a large organization (such as the US federal government) using an identity asserted, not by the large organization, but by the individual. In this case, the State is no longer the sole provider of identity. This breaks the monopoly that the State has had on credentials and is indicative of the future to come.
But there is a long road to walk before getting there. There are numerous concerns with these plans. Among these are notable security concerns, especially with OpenID, that the identity community is not blind to. These are not my primary concerns. Continue reading "Hopes and concerns for identity"...
Posted November 16th, 2009
Two friends of mine have finally decided to get blogging. Yes, I know that blogging seems passé to some of you out there, but it still has it purpose.
First up – Tuesdaynight’s very own Josh Nanberg has launched his eponymous blog. Josh is one of the few people I know who can
- breakdown political messaging techniques in to something I can understand
- cook a four course meal in a 1 course kitchen
- reference deeply obscure music lyrics
all at the same time.
Next up – my friend and mentor, Rob Ciampa has decided to divert his seemingly boundless energies into a bit of blogging. Besides having an encyclopedic knowledge French wine, a photographic memory for menus, and a typical Boston potty-mouth, Rob is one of the best corporate marketers and channel managers I have ever met.
Admittedly neither blog has much content but I know these guys, and I know what’s to come. You’ll want to know it to.
Posted August 25th, 2009
Anyone else not surprised by recently findings from this internal report form the London policy force? The net of it is closed circuit television (CCTV) camera do little to solve crimes. It seems that the success rate is 1,000 cameras per solved crime. Just a few million more cameras and we’ve got the crime thing licked, eh?
Questions that I’d like to see answered are:
- How many crimes were not committed because of the presence of a CCTV camera?
- How many crimes were committed in a different location because of the presence of a CCTV camera?
The first question is impossible to answer. The second can be answered and a UC Berkeley study of the city San Francisco’s CCTV camera efficacy has been released. You can ready about the results here and here. The San Francisco study shows the cameras move crime from areas near cameras to areas away from cameras – no big surprise there.
As I have mentioned previously on Tuesdaynight, trading the feeling of safety (without an actual increase in safety) for an invasive, always-on, 3rd-party-accessible video monitoring presence is a choice that leads to a far more paranoid society, less willing to engage in social behavior and less like the kinds of societies in which we want to participate.
Posted August 21st, 2009
A few Facebook hacks came across my desk this week. The first set are so called “rogue” applications which do the tediously predictable grab of user information followed by the equally tediously predictable spam-a-palooza. Calling such applications “rogue” is misleading. These didn’t start out okay and turn evil somewhere along the way. These apps were built to cause trouble – they are malware. Facebook has a healthy set of malware apps and the number is growing every day. You can easily spot effected Facebook users by their status messages – “Sorry for the email – my Facebook got a virus.”
The second hack is of a far more interesting class. Ronen Zilberman, a security researcher, harnessed features of the Facebook platform to unwittingly perform a man-in-the-middle attack on itself. Zilberman documents how the attack works in very clear language. You can even see a video of the attack in action. Why is this a more interesting class of attack on Facebook? First, it doesn’t require an application to be added to the victim’s Facebook profile. Second and more importantly, this attack fundamentally turns Facebook’s goals against itself.
Facebook’s mission is to “give people the power to share and make the world more open and connected.” Its business is to accomplish this mission before someone else does. This requires that Facebook provide a means to connect as many people, websites and services as possible and as fast as possible. And in the course of this social networking land-grab, it is not surprising that we have seen both Facebook malware and the Facebook’s platform being used to support anti-social behavior. The Facebook platform is optimized to provide frictionless connections and sharing of information. But as exploits for ill-purposes increase, Facebook has to act and act in a manner counter to their mission. Continue reading "The challenge in fixing Facebook’s underlying privacy problems"...
|
|
what others say