Threats and Risks

To say or not to say by @ricklipsett

June 13, 2011 by Raul Colon

Guest post from extraordinary creator of art, writer, and great human being my friend @ricklipsett. This is post 7 on the Online Privacy Please! series I am publishing to share thoughts on issues of online privacy.

Tonight I’m gonna teach you not to mess with me. I’d love to see your face when you go lookin’ for your car and it’s not there. Tough luck, buddy!

I may be exaggerating a bit, but we’ve seen this type of post before, haven’t we? Maybe not. Maybe all you’ve read are along the lines of domestic disputes or “chillería” (spanish for unfaithfulness). Or maybe I need to change my friends on Facebook.

The other day, Raúl wrote a piece on Internet privacy. And it got me thinking about all the things I’ve seen people “talk” about on the Social Network. I understand that some times we need a friend to talk to and get rid of things we’ve been carrying around on our shoulders. Hell, even I have posted some tantrums from time to time. And not only on my status updates, but on blog posts. The difference is I always knew consequences may follow. And some have come knocking later.

We all make stupid decisions from time to time. And posting our thoughts when we are angry is one of those decisions. Spewing bile words or thoughts can and will harm someone. It may be the person that your anger is pointed towards, or it could make a U turn and bite you in the buttocks.

Some things are better left unwritten. Some things are better to say upfront, and wait for the broken nose. Some truths are best when the one that needs it has it in their hands. Some beliefs are better to keep away from those who do not agree.

It’s not about being untruthful to yourself. Instead is about knowing when to keep quiet and reserve things for yourself or simply to wait for the right opportunity to say things in person.

We’ve come to use social media so much, that we forget, we know not exactly how to approach it sometimes. The rules of engagement are different here. It’s not like when someone doesn’t want to have contact with you and you know because of the body language. In this domain, you know nothing of the person who’s reading you. You don’t even know where or what I’m doing while I write this. I could be at Church pretending to listen to mass right now, maybe I’m driving and zig zagging my way along, or in the bathroom, wrestling it out with my intestines! You, the reader, could be an angry boyfriend, a pissed off employer or an FBI agent. I haven’t the faintest. So why do we post without boundaries? Beats me.

Next time you feel like screaming, by all means, DO IT! but in your car with the windows up. Don’t write about it on Facebook with names and addresses. Frankly, no one cares, and no one needs to know.

You know what? now that I’m done, this feels like a tantrum from my part also. Guess I better prepare myself for the backlash.

About the Author

Rick Lipsett – http://www.ricklipsett.com is an Illustrator/Graphic Designer/Digital Artist. Co-Founder of UNDOdigital; Puertorican Digital Artists Community. Fan of blogs, and social networks. You may find him on Twitter as: @ricklipsett.

photo credit by Bottled_Void

Facebook Security by @tommyismyname

June 6, 2011 by Lucilla Feliciano

Guest post by @tommyismyname.

This is post 6 on the Online Privacy Please! series I am writing to share my thoughts on issues of online privacy written by a good online friend @tommyismyname.

Personal security online has been boiled down to one of two vague threats: either someday your future employer will find that embarrassing photo from three years ago and decide not to hire you, or Advertisers will sell your information. Let’s be realistic and look at the real risks involved here.

Facebook is a very public place, and even with high security settings on your profile, you are still either putting self-incriminating information online, or you aren’t. If you take a moment to realize that Facebook people and real people are the same people, you’ll also realize there are some folks you can trust with all your information, some you can trust with some of it, and some you can’t trust at all. The best rule to follow is that if you don’t want your information to be in anyone else’s hands, don’t put it on the Internet. That being said, this is the Age of Sharing and people have come to expect a certain level of sharing (or Over sharing in many cases) that includes updates on our thoughts and activities, pictures of our family members, food, vacations, you name it: it seems like everyone expects to see everything.

But.

This is your decision to make.

Your information is yours, sharing anything with Facebook friends is your call.

Set Your Own Parameters

On October 31, 2010, my 7lb 8oz. son was born at 9:30 a.m. Within 90 minutes, my fiancée and I both had requests -no, demands– from friends who wanted us to post pictures of the little guy on Facebook. We’ve had actual arguments with family members over our choice not to post his photos online. We have become so accustomed to over sharing to the point of dissention when someone chooses not to provide information. My feeling is that our son may grow up to be a private kind of guy who doesn’t want his picture everywhere, or he may not care, but either way my role is to protect that choice for him until he can decide for himself.

Our way of thinking isn’t for everyone, but I share that story hoping that it will encourage you to consider the implications of putting your information, or someone else’s, on Facebook. With lax security settings, a picture can be shared to the far reaches of the Facebook universe. Substitute “photo” with “work history” or “home address” and you start to understand the need to think ahead about what you truly want to make available to the world. (The Facebook Privacy Policy is an enlightening read.)

Once you’ve decided what is and isn’t fit for public consumption, update your “Privacy Settings” and “Account Settings” (both located in the dropdown menu on the top right of the home page, after you log in) accordingly. They can work in tandem if you pay attention to what you’re doing. For instance, you might add your phone number and adjust your privacy levels so that only your Facebook friends can see it.

Adjusting Account Settings

Under “Account Settings,” you’ll find tabs where you can enter basic information and set preferences on the way Facebook contacts you. In order to control whether this information (like your phone number) is made public, you must then make appropriate changes to your Privacy Settings. Account Settings tabs are as follows:

Settings is where you would put the most basic information like your name, email address, etc. Networks is where you could originally affiliate yourself with your university, and now includes work networks as well.

Notifications allows you to permit or decline additional alerts when something happens on your facebook. You can get an email, text, or both for almost any reason that involves you. The list is extensive, so if you permit all of them you could potentially receive hundreds of “extra” alerts per day.

Mobile is where you enter your phone information and control if and how Facebook uses the information to contact you.

Language is very simply a choice of your primary language.

Payments is important if you choose to invest real money into virtual games, apps, or services offered through Facebook

Facebook Ads is complicated and seems at this point to be a preemptive setting. Facebook doesn’t currently allow third party advertisers to use privately owned images for advertising purposes, but in case they decide to (hint, hint) you may decide now whether they may share it with no one, or just your friends. Additionally, you may update the permission for using your name in social actions here. (Insert here a screencap of ad example from this link http ://www .facebook .com /editaccount .php ?ads &pane =social)

Adjusting Privacy Settings

Once you have entered the basic information and preferences here as well as on your profile (things like your hometown, family members, workplace, birthday, and so on) head on over to the Privacy Settings page. Privacy settings are deceptively easy to update; with the click of the mouse, you can make all of your personal information, photos, and wall posts public to:

Everyone, which really does mean everyone with a Facebook account. If a potential employer searches Facebook for you as part of a background check and your settings allow everyone to see your profile, nothing will be held back from their perusal.

Friends-of-friends, which means anyone that any of your friends is friendly with on Facebook. So that still could be your potential employer, that guy you turned down for a date, or your best friend from fourth grade who you haven’t seen in twenty years.

Friends, which means those folks with whom you have sent/accepted friend requests.

Facebook has a “Recommended” set of privacy settings which mixes all three options to allow some information to remain between you and your friends, and things like your photo and status updates to be visible to everyone. “Custom” and “Other” settings work together to allow you to add exceptions to rules. This is my personal favorite, as I can allow my friends to see my contact information except for those folks who I know would abuse the privilege.

The “Privacy Settings” page is also where you will be able to adjust permissions for applications, update your list of blocked users, and review Facebook’s explanation of its privacy controls.

Why Applications Matter

Applications come in the forms of games, tests, quizzes, and any number of other interactive activity. They are owned by third party companies, crafted to run on the Facebook platform, and in order to use them you must allow them varying levels of access to your information. Applications do let you know what they are looking at when you first use them, and you have the option to accept or decline the use of the application if you don’t like what they’re planning.

Alternatively, you can accept their “required” permissions and then change it to suit your privacy preferences. Or, if you find an app has pulled a bait-and-switch (as some will) and started spamming your newsfeed or posting on your wall (as a small number have done) you can remove them via the “Privacy Settings” page. You can review the apps you use and adjust the access levels for each individual application. You can also remove apps that you don’t use anymore in order to stop them from continuing to access your information.

Protect Your NewsFeed

If you have information that isn’t fit for 100% of your facebook population, you have a couple of sharing options available to you.

Let’s say for example that you don’t particularly want potential employers to find your status update remarking on your crazy weekend in Cabo. Before hitting “submit” on the status update, click the tiny image of a lock next to the submit button. This allows you to customize the privacy settings on that single post. You can set it to “friends only,” or, if it’s your grandma you hope to protect from your wild ways, you can choose to show it to everyone but her. (And your mother. She doesn’t want to know.)

Going a step further, let’s say you had a batch of pictures from the trip that you’d like to share with the twenty people who were there, but not the 400 people on your friend list. Facebook Groups have been restructured to be their own sub-network. You can create a group by adding the people who were on your vacation, post those photos to the group, and the pictures will only show up in the newsfeeds of the folks in the group. It’s quicker if you have a large, but exclusive, group of people to share with. Facebook groups also have three different settings

Public: Anyone can search, join, and interact in the group with no restrictions.

Private: People can search, but must request to join the group.

Secret: Only the person who created the group initially knows it exists. All members must be invited. Does not appear in the search and only exists to it’s members. (recommended option for that Cabo trip, family photos, or sharing semi-secure information)

A Word About Advertisers

In the introduction to this entry I mentioned the strange threat of advertisers using your information to sell to you, and it’s 100% likely that that is happening, but not in the way you think. Your likes, interests, and demographic information is how advertisers reach you on Facebook. An advertiser on Facebook doesn’t see “Mary Smith from Washington, DC, likes CareBears, Gummy Worms, and has a family of five.” Instead, he figures, “Anyone who has a family probably needs life insurance,” and targets his ad for the general population, specifically anyone who has entered family information or “liked” certain family-related pages.

Some folks are bothered by the concept of targeting based on likes and interests, but I think it’s great. I’m more likely to be shown an advertisement for a product or service that truly applies to me, and that’s fine. With me.

It’s fine with me, and I hope it becomes fine with you, because we have the ability -the power, if I may be so cheesy- to protect our information to whatever degree we see fit. Share everything with the world, share nothing with anyone, or find a happy medium: the most important thing to know is that you have the choice, and that you can tailor your usage to the degree that you see fit.

This is post was created by Online Marketing Strategist Tommy Walker.

If you have questions, leave a comment here or keep the conversation going with Tommy on Twitter at@tommyismyname.

TMI (Too Much Information) Being Shared in Social Media

May 11, 2011 by Raul Colon

This is post 2 on the Online Privacy Please! series I am writing to share with you my thoughts on issues of online privacy!

On many occasions I see TMI (Too Much Information) being shared in Social Media without people understanding the repercussions it could have by having vast data shared everywhere as part of your digital footprint.

As part of the series of posts Online Privacy Please! that I decided to do I wanted to identify data that is constantly being shared online which can lead to other issues. In others posts in the series I will be touching upon the following but not limited too:

How Organizations Deal with your Information.
Most Common Threats on Privacy
How to defend yourself from threats and vulnerabilities
Based on our friend @raul_ramos recommendation we will be touching on Facebook Security issues from that platform’s point of view.

If you would like to submit an article on the subject or like us to elaborate on a specific subject feel free to leave the idea in the comments area or contact us.

Who is responsible for protecting information?

Everyone is responsible for security especially protecting information. But we have to make our selves accountable first. Working on the IT Security side for various banks I would see how the bank’s customers where the first ones to throw papers with sensitive information in thrash cans near the bank. I am sure that many of them if they got their identity stolen or money taken from their account they would blame the bank first.

Always be aware of what information you should share and where it end up. Many people think that only friends and family are seeing the information but in reality once it is online and traceable by the many search engines you have no control on who can see what you just posted.

Information I want you to think Twice before posting online?

Birthday greetings sent and received

Many people congratulate and celebrate everyone’s birthday online. Be very careful with sharing any other information that can determine the exact birthdate. I guess we all do it I just took off my Birthday from Facebook and I recommend you to do the same. It is great to get people congratulating you on your birthday but it is also a huge risk.

Photos of Family vacations

Depending on the type of work you do be very careful when uploading family vacation pictures. Not only do most people tag everyone’s name in the pictures people are able to identify visually that your closest family members are. I have seen one or two scams where they trick the person in believing they have their family member hostage. They are able to describe the person thanks to all the great photos a family member shared online.
If you upload photos while being on vacation you are also letting the world know your house is probably empty and you are not coming soon at any moment creating an immediate risk to your assets.

Names of Extended Family

I see how people share their mother’s maiden name or something as simple as their pet’s name. There is nothing wrong with that as long as you don’t use any of those as your security questions and answers. Let’s say I use a security question for my online banking example:

Question: What is your Pet’s name?

Answer: Juanga

Everyone who knows me offline or online knows that good old Juanga is a celebrity online so it might not be the best option for a security question.

Third Party Apps that collect your favorite items information (favorite songs, musicians, books, celebrities, and food) can probably be harvesting your personal information so they can try to take over your online profiles from as simple as your email account to your online banking profile. Be careful with apps that are supposedly asking you information that is personal to you just for fun. A good example of one of those apps are the one’s that will tie you to a well-known celebrity based on a series of questions. I would stay away from those types of apps.

Work Related Information

This category of people sharing too much information that is work related worries me a lot. From people complaining about how many more hours they have to work to some of them writing negatively about there clients. I plan to have a post related to this area covering more details as part of this series.

Photo credit by WarmSleepy

Online Privacy Please!

May 3, 2011 by Raul Colon

While reading Curation Nation(Amazon Affiliate Link) I read where Steven ( on twitter @magnify) quotes @LAURENGELMAN the executive director of Stanford Law School’s Center for Internet and Society warning us

“the current state of privacy is “binary”; either you share or you don’t” There’s no way to define that the information you put out in the world can be used or gathered or tabulated or cross-referenced.”~ @LAURENGELMAN

This statement made me think on how sometimes many users mistake using some of the profile settings on their twitter, facebook, foursquare, flickr, and other platforms but they don’t realize that other information they are sharing can actually compromise the information they supposedly want to protect.

For this reason I am planning to create a series of blog posts called Online Privacy Please! I’ll be using my experiences of working with S&P 500 companies and other organizations on how they protected their data.

Having worked for American Systems, KPMG, and now at CIMA IT Solutions I have been working to minimize the risk of information being held in the wrong hands for many years. This will also lay down the groundwork for a unique project I am working on which I will soon write about.

Some of the topics I am planning to discuss are the following:

Personal privacy and how it is no longer and individual thing. The biggest risk you have is what your contacts can share about you.
How people share vast information in Social Media from birthdays to work related information which can be used against them.
Practices to defend yourself from the many threats and vulnerabilities that arise using all these platforms.
What platforms offer the least privacy.
How individuals can predict patterns based on information you share and get to your private data.

Do you guys want to understand any specific platform? Out of the 5 topics I picked which one would you like for me to write about?

Are there any other topics you would like for me to write about or would want to contribute for me to include you in future posts?

I wrote this short post on Validating Safety of Url’s with the help of @kelvinlomboy at my CIMA IT Solutions site

photo credit by hyku

Posts of the “Online Privacy Please!” Series