Posts tagged privacy
Anticipating The Future of User Account Access Sharing
We might learn what the future holds for information technology by observing how teens use IT. After all, a decade or so from now, today’s teenagers will be consuming, influencing and creating a significant portion of IT products and services. In this note I’d like to consider how today’s use of shared user accounts among teens might influence our future access restriction practices.
User Account Access-Sharing Among Teens
A recent New York Times article by Matt Richtel discusses teens’ customs of “sharing their passwords to e-mail, Facebook and other accounts. Boyfriends and girlfriends sometimes even create identical passwords, and let each other read their private e-mails and texts.”
Exchanging something as intimate as logon credentials is a way of expressing affection for each other, Matt explains. This is also a way of expressing trust for each other, because of the potential for the person misusing access if the relationship goes sour. The article references Sam Biddle from Gizmodo, who called password-sharing “a lynchpin of intimacy in the 21st century.”
In a blog posting on this topic, danah boyd, who researches teenagers’ social media use, likens access sharing among teens to giving out one’s school locker combination to friends. She also references a study by Pew Internet & American Life Project, which found that “roughly one in three online teens (30%) reports sharing one of their passwords with a friend, boyfriend, or girlfriend.” Such practices are the result of “parental online safety norms,” says danah. She elaborates:
“With elementary and middle school youth, this is often a practical matter: children lose their passwords pretty quickly. Furthermore, most parents reasonably believe that young children should be supervised online. As tweens turn into teens, the narrative shifts. Some parents continue to require passwords be forked over.”
User Account Access Sharing Among Adults
In reality, adults frequently share user account access as well, though our practices are tinted by the guilt of violating modern societal norms and corporate security policies:
- You might give our colleague a password to the accounting system, so she can perform business-critical duties while you’re on vacation.
- You might store shared Administrator account password in a spreadsheet on the internal IT team SharePoint site.
- You might borrow your spouse’s iPhone when running out for an errand, because you cannot find your own in the rush to leave.
- You might allow your friend to login to your Netflix account to share the joy of legal Internet movie streaming.
- You might be privy to our parents’ email account passwords, so you may help make sense of the data overwhelming their inboxes.
Implications for the Future of Information Access
Societal norms are continuing to adjust, as information systems gain a more profound presence in our lives. Teens are at the forefront of this change, because they have grown up in the world where computers, mobile devices and the Internet is everywhere. Their account-sharing practices, when compared to the limited but still significant sharing among adults, suggest that we’ll become more accepting of sharing account access.
What does this mean for information technology and security professionals? Nothing for the short-term horizon, as these changes will be gradual. But there will be an increasing need for tools, applications and policies that support shared access in a way that somehow provides an element of privacy or auditability. Here are a few examples of what we have today to illustrate that we are already moving in that direction:
- Gmail allows its users to delegate access to their email accounts.
- HTC’s Sense 4.0 phone supports Guest Mode, which restricts “what can be accessed if someone else is browsing their device.”
- Several password vault products support shared access to logon credentials in an enterprise environment.
- Facebook allows its users to recover forgotten passwords with the help of their friends.
What form will shared access controls take ten years from now? I don’t know, but I bet it will be more more elaborate and sophisticated than what we have today.
What learn more about the future from teenagers? Here are a few tips:
Learn the Future of Privacy and Social Interactions from Teens
Observing the rapid rate at which on-line social networking is taking over the world, I cannot help but feel that our perception of data privacy is changing. Some might declare privacy dead, but I think the situation is more complex than that. We might be experiencing a shift from a private by default to a public by default mentality, though we haven’t yet developed the societal norms to deal with this change.
Learning from Teenagers
We might learn what the future of data privacy may hold 15 years from now by understanding how teenagers see this topic today. After all, teens will will be playing increasingly important roles as they gradually turn into adults over the next decade or two. The behaviors they are developing now will have a strong affect on society when they grow up.
One of my favorite source of insights into the world of teenagers’ online social networking is the research conducted by danah boyd. The draft of a paper that she and Alice Marwick recently published offers a wealth of information on teens’ privacy attitudes, practices and strategies (PDF).
The paper defines privacy as “a social construct that reflects the values and norms of everyday people.” The values and norms of one generation differer from those of another. Our children are our future, to quote a song. We can project the future of social interactions and technologies that affect privacy by understanding the values and norms emerging among teens.
The Importance of Context
According to danah and Alice’s research, teens’ perception of privacy being violated depends greatly on the context within which information is shared. For instance, when educators attempted to teach students about privacy by showing during an assembly public photos from the teens’ Facebook profiles, the students were furious. “By taking the images out of context, the educators had violated students’ social norms and, thus, their sense of dignity, fairness, and respect.
Private by Default vs. Public by Default
The paper points out that until recently, communication protocols and technologies made it easier not to share information. Sharing information with a large audience historically required an effort, such as making a formal announcement in a medium that could reach the audience.
As the result, our social norms for exchanging information developed to support the notion of private by default. For instance, most adults assume that when having a one-one-one conversation, each party will not share the information with others unless explicit permission was granted. Those who violate this norm risk being labeled gossipers.
On-line social media is changing those norms, making content easily available to a mass audience without significant effort. As the result,
“Rather than choosing what to include or what to publicize, most teens think about what to exclude. They accept the public nature of information, which might not have been historically shared (perhaps because it was too mundane), but they carefully analyze what shouldn’t be shared. Disclosure is the default because participation—and, indeed, presence—is predicated on it.”
The Future of Data Privacy
Adults associate privacy with controlling what information is made public. Their perspective is that data is private by default. In contrast, teens seem to see privacy as controlling what information to omit from being public.
To support this public by default view of the online world, teenagers are organically developing elaborate societal norms and sensitivity to the context in which the information is shared. Understanding these dynamics may help us predict what the on-line—and perhaps the off-line—world will be like in the next decade or two.
Related:
Teens on Formspring Are Redefining Privacy Norms
I read about Formspring in the New York Times, which described the site as a “fast-growing social network that lets people ask each other personal questions and then has others answer them.” Doesn’t this sound like a goldmine of information for attackers? Having briefly toured the Formspring site, I’ve come to appreciate the changing norms of Internet privacy and confirmed that we’re headed for troubled waters.
Teens and Privacy on the Internet
What personal details are considered private on the Internet is rapidly changing. We increasingly reveal information about our jobs, families and interests on social networking sites, photo galleries, blogs, and so on. This means that on-line scammers have an increasing wealth of information to use for social engineering and password-reset attacks.
The group that’s truly influencing societal norms regarding privacy on the Internet is teenagers. They are using various public forums to exchange uncensored free-form banter without considering the long-term repercussions of having their conversations archived and searchable forever. As these teens grow up and take on professional personae, more personal information will be available about them than about the current generations of professionals on the web.
Formspring’s Questions and Answers
Unlike professionally-focused Q&A sites, such as Quora, Formspring encourages its users to ask and answer deeply personal questions. When a new user signs up, he is presented with a list of questions to “seed” his profile, such as:
- Who’s the most overrated musician?
- What video game have you played the most?
- What’s the furthest you’ve ever traveled?
By default, the answers the person provides are public. The user can change the privacy settings, but I suspect many people don’t even think about this.
Formspring users can search the site for other people using the “Find Friends” feature, which supports searching by username, email and name.
According to The New York Times, “20 million people have signed up for the site and nearly two billion answers to questions have been posted through the Web site.” As far as I could tell by randomly sampling a few public profiles and reading the Q&A streams, many—if not most—of the users are teens.
How Formspring Data Could Be Misused
An attacker can use the “Find Friends” feature to locate profiles of targeted individuals, or might create a script to mine data in bulk. Furthermore, the attacker doesn’t need to be a registered Formspring user to view public profiles, if he knows the victim’s Formspring username.
The collected details could be used to target people using social engineering techniques. Moreover, many of the questions answered by users of Formspring are similar to those used for resetting forgotten passwords. Here are a few examples from various public profiles:
Implications for Information Security
When designing security systems, we are making assumptions regarding personal details and related data that is only known to the user. For instance, many applications provide a secondary login mechanism by asking the person for “private” details, such as his favorite color, flower or restaurant. However, privacy norms are changing rapidly. What was once private will soon be public. We need to anticipate this change and adjust our security mechanisms in anticipation of the increased transparency of people’s once-personal information.
If you found this useful, take a look at my other posts related to social networking
Why On-line Social Identity and Reputation is a Big Deal
We’re at a cusp of an era where the reputation of one’s on-line social identity is becoming as critical as one’s “real world” reputation. Control over social identity data is the prize for which privacy advocates, individual consumers and business are fighting.
Who Are You?
In a formal setting of the “real world,” we typically think of our identity as our name or perhaps a personal identifier such as the driver’s license number. In the on-line world, though, our identity is defined by our social network and how we interact with its participants.
We are whom we know and what we do with them. That’s our social identity on-line.
Credit Reputation vs. Social Reputation
Trade practices in the “real world” began with the barter system, but ran into limitations where Pearson A wanted an item from Person B, but Person B didn’t want anything of Person A’s. Cash took care of that stumbling blog, and allowed trade to flourish. The next challenge to commerce was cash flow: individuals or companies might not have enough cash to make a purchase today, but would have the cash tomorrow. The system of borrowing (e.g., trading on credit) took care of that limitation. The challenge with borrowing, from the lender’s perspective, is whom to trust? Credit rating bureaus appeared to keep track of persons’ and organizations’ credit worthiness.
The credit worthiness of a customer in the “real world,” often represented by individuals’ FICO scores, represents the person’s financial reputation.
In contrast, an on-line consumer’s reputation and “business-worthiness” is often measured in terms of the person’s social identity. Knowing the consumer’s social identity—his contact details, his on-line friends, his interests—allows companies to engage the person and “convert” him into a paying and hopefully loyal customer.
Individuals look up the social reputation of others all the time as well. You and I do it when we Google a person we just met to see what they wrote about himself and others. We may also look up the person’s profile on a social networking site, such as LinkedIn and Facebook to see if we share any friends and interests. The expectation is that it is hard, though of course not impossible, to create a fake reputation on social network that’s rich with social activities.
Social Identity Reputation Score
How do you know whether an email address of a person is accurate? Look it up in one of many social networks to see if the address is associated with an active profile. How do you know whether the profile is fake? Look at the number of the person’s social connections, the frequency with which the person interacted with others, the time during which the person has been active on-line and the richness of the person’s social networking activity. The more meaningful activities you observe, the more trustworthy is the person’s social identity.
The trustworthiness of the person’s on-line social identity can be measured. We can come up with a formula that accounts for the elements of the person’s social activities, such as those I listed above, and converts them into something we might call a social identity reputation score. Let’s even give it an acronym to make it official: Social Identity Reputation Score (SIRS).
SIRS is the FICO score of the on-line world, and it will be as crucial to the economy in the future as the FICO score is today.
My friend Slava Frid brought up the similarity between the concept of SIRS and Google’s PageRank during our conversation. Just like Google computes a coefficient of importance to elements of an HTML page, so too can we compute a number to measure the relative value (related to trust or importance) of a social identity.
Importance of the Email Address
The workflow for determining the person’s SIRS, which I outlined above, starts with the person’s email address, because the email address can be used to discover the person’s social networking activity.
Companies that aggregate social data, such as Rapleaf, will be becoming increasingly important. They will be increasingly valuable from a business perspective and increasingly scary from a privacy perspective. When describing how individuals are profiled on the web, Om Malik explained:
Think of Rapleaf as the provider of the FICO score about an email address. That email address comes with Facebook ID, Flickr ID, Twitter account information and other social details. For a marketer, or even someone trying to hit you up for business, this is pretty relevant data, for it allows them to target a customer and connect them socially. In another scenario, you can buy an email list of a million addresses for $1000, check them against Rapleaf and end up with about 10,000 emails worth targeting. That’s a pretty good deal.
Rapleaf seems perfectly positioned to calculate people’s SIRS. Maybe the company already does it today.
Privacy and the Social Identity
People often feel comfortable some sharing details about themselves, such as the car they drive, their income and age range, and so on, as long as they maintain anonymity. The notion of anonymity is starting to change in the on-line world: your name and “physical world” details might be less important than your social identity.
People’s privacy considerations on line are starting to change beyond protecting the person’s “physical world” identity. Individuals recognize that they need to give up some information about themselves to establish a social identity. However, we want to control which aspects of our identity are available to which entities.
This granularity of social identity data sharing is the crux of privacy debates, and the reason we are concerned about issues such as Facebook data sharing and data aggregators such as Rapleaf.
As on-line social networks increase in importance for regular, “real world” interactions, so will the criticality of social identities. The battle is only still at its onset.
I wrote several posts on social networking and associated security risks. If you’re interested in this topic, be sure to take a look.
Update: If you found this note useful, take at the posting by Bindu Reddy, titled Why We Need PageRank for the Social Web, in which Bindu proposed the idea of engagement score as a way of measuring the “level of social engagement that a person can generate with a post on their [social media] stream.”
In order to enjoy the convenience of using web-based services, one has to make some sacrifices, and living socially online will eventually lead to an erosion of privacy.
