Note
I'm resurrecting this old Blogger account to post entries for my CS 280 class (Risk and Reward in the Information Society) at the University of Regina. This will include posts that don't fit on my business site (http://www.reginavirtualhelpdesk.com). Any posts from there that apply here will be copied and pasted for the benefit of my classmates and professor.
Now on with the show....
Many of the students in my class are very concerned about privacy in today's information age, and I while I find that concern valid, I believe that it's overblown. When I post, I don't post anything that I wouldn't want others to find. For instance, you won't see me swearing, complaining about clients, or posting pictures of me getting plastered (even if it wasn't for the fact I'm severely allergic to alcohol). I try to maintain a professional appearance because my clients could read what I have to say.
What is the deal?
For this post, I will focus on Facebook. People often complain that their data is being breached by Facebook and being made available to others without permission. However, at no time has Facebook ever held a gun to anybody's head and forced them to post anything. It was you who posted the pics from the Beer Pong tournament, it was you who posted that status that said exactly what you thought about your boss (and it was you who friended him so he could read it), and it was you who invited all your friends to play Farmville. If you don't want the information up there - don't post it.
Are you a customer?
Chances are you are NOT a Facebook customer. Yup, you are not a customer of Facebook, even if you have an account and use it. Facebook has customers, and lots of them, but it isn't you. Mark Zuckerberg has made a lot of money from Facebook, and it remains a very profitable company, yet despite all the rumours about it, they will not charge for accounts (and posting a status won't change that).
Facebook's customers are the advertisers. Zynga's (Farmville) customers are advertisers. "Which Lord of the Ring's Character are you"'s customers are advertisers. They are the ones who pay Facebook, not you. You are an expense, a vendor. Facebook sells the advertising space to their customers in exchange for real cash money. In order to make the advertising space valuable, they need eyeballs and lots of them. Yet eyeballs are not the only factor in what makes advertising space valuable.
As a local business owner, advertising to 6 million people living in New York City would be a waste of time and money. However, Facebook allows me to target my market as specifically as I want. I could limit my ads to only appear to Business owners, 40 - 50 years old, living in Regina who have Post-Secondary education. That would be more valuable to me, and I would pay more for that ad space. How does Facebook target that specifically? Easy, you, as a vendor, gave them that information to help others find you.
It's like going to Walmart and grabbing a shirt of the rack. You wouldn't walk out of the store without paying for it would you? Of course not, you hand the cashier some money, and you walk out with the shirt. Most people, who aren't business owners or have taken Economics courses, only think in terms of being consumers, customers.
With Facebook, instead of giving them cash money you give them information about you (demographics, your friends, and your interests) which allows them to charge their customers more money. In exchange you get a "Social Network" however you wish to define it. The "Social Network" is the shirt from Walmart, your information is your money.
So when it comes to Privacy rules, Facebook has a conflict. Their real customers need that information from you, and the customers are paying the bills. You are a vendor, an expense. If I had to choose between upsetting one of my customers, and upsetting one of my vendors, who am I going to choose? I will always side with my customer - they pay the bills. Since you aren't a customer of Facebook, Facebook isn't going to give you the benefit of the doubt. And nor should they. You are getting a service for "free", but you still have to pay for it - just remember, there's no need to post something you don't want your (future) boss to see.
TANSTAAFL always applies. There ain't no such thing as a free lunch.
Monday, January 30, 2012
Sunday, January 29, 2012
Repost - You weren't hacked. . .
For those who aren't technical, here's the English explanation of the descriptions
- The orange one is what most people think of when they think hackers are hacking into their account - they find a vulnerability in Facebook's security and steal all the user ID's and passwords. This is why you should have a DIFFERENT password for every site - that way a breach on one site doesn't make you vulnerable on another.
- This is why you need anti-virus software, and more important, why you should be careful about what you click on. In most cases, a cute kitten move is a cute kitten movie, but you shouldn't have to install a Facebook App to see it, if you do - move on. Lots of cute cats everywhere.
- Yep. People do tell other people their passwords all the time. Do you have friends who might like to play a nasty practical joke where you tell off your boss on Facebook, or maybe an ex who holds a grudge, or maybe you were telling your wife your password over the phone and the guy behind you listened in. . .
- This is more of an issue on shared computers - particularly in a University or other public computer lab setting. You finish updating your status and leave without logging off - the next person to sit down sees a golden opportunity to cause some mayhem in your life by putting up an unflattering status update.
- Yes, hackers exists who look to cause damage or steal money.
- Yes, you could be a target
- Yes, hackers who do those kinds of things should be prosecuted.
- And finally, yes you do need an antivirus program and a firewall.
That said, your risk of being attacked by a hacker who breaks into your computer, or one of your online accounts is pretty small. With all the millions of people on the Internet, you just aren't that big of a target, unless your name is Bill Gates, Mark Zuckerberg, Barack Obama, or Warren Buffet.
While the graph is tongue in cheek, is is relatively accurate with a minor change - add a 5th category that takes up about 1/2 the blue area - and call it "Your Password reset question is easily guessed."
The final issue is this - most password reset questions are stupidly handled. While I recognize the need to have the ability to reset a password, it needs to be better thought out. Here is a typical reset question:
Where did you go to High School?
The problem is, here is part of my profile from Facebook.
Yes, I could remove it, but I consider it public information, and it does allow people from my past to find me or see if I'm the correct "me". But as a password reset question, there are only a few possible permutations that it could be (Memorial, MCHS, etc). A data miner could guess it pretty quickly.
So what is the solution? Don't answer the question exactly as it appears. Use it as a hint to come up with a secondary password.
While I don't use this particular answer anymore (it was changed a couple of years ago) I used to answer this kind of question with Okotoks - which was where the high school team I was on won the national championship and I personally picked up 5 medals. My high school is not in Okotoks, I've never lived there, or been there since, but I remember that day very clearly. You could also use your favorite subject, teacher (or least favorite).
And about your mother's maiden name, it's easy to find out. But instead of using her real maiden name, consider using you know about her. (Like the name of the city where she met your dad, or even her shirt size).
Stay safe out there, but you don't have to worry about the hackers out there. Like the joke that says you only have to outrun your friend when chased by a lion, you only have to be a bit more careful than the other guy to be okay on the Internet.
(While it's not a picture of a cute cat, I hope this picture is good enough)
It's been a long day . . .
Sunday, January 22, 2012
Repost - My Online Identity
As part of my professional upgrading, I am taking some classes at the University of Regina. One of my courses is Computer Science 280 "Risks and Rewards in the Information Society". One of the first assignments was to search for your name on the Internet - here is the result of my search. Kind of interesting. What does searching for your name reveal? Does it say something that puts you in a good light?
Google Search Lloyd Johnston
As a result of searching for my name (Lloyd Johnston) on the Internet, I have come to the conclusion that all of you should properly call me "Your Excellency" as I am the Governor General of Canada. While I am not David Lloyd Johnston, it is a bit freaky as my father's name is David. While to the best of my knowledge, there is no connection between myself and the Vice-Regal, I could see some potential confusion.
The other common choice for a Google search for Lloyd Johnston is actually someone my clients have been asking about. Lloyd Johnston was a Regina-born philanthropist, engineer, and business owner who passed away in December of 2011. When my clients hear that my name is Lloyd Johnston, I am often asked if I am related to this man, to which I must answer no. That said, he appears to have been a great man.
The final major finding is that apparently I'm a blacksmith from Woodville ON where I run a blacksmithing school.
The only listing on the first two pages of the Google search that was actually me, was a public Picassa photo album of some graphics that I used for the Geocaching RACECAR 2010 event that I organized in Regina. One picture was actually a logo designed by a fellow geocacher, and the other was a photo I took for one of my caches that was hidden for the RACECAR event.
Google Search Lloyd Johnston arrested
Doing a search for this would make someone believe I am a murder victim from Michigan. Apparently, my wife, Laura, poisoned me and the dog and was arrested for second degree murder, manslaughter, and practicing medicine without a license. Samples of human tissue were found in the house. What is the difference between truth and fiction? Fiction has to make sense. . .
Google Search Lloyd Johnston Regina
In order to find someone that is actually me, this search turns up one item, my LinkedIn profile which I haven't updated in years. The information is all accurate, but outdated, but nothing I don't want people to know about. Since I'm self employed, I should update this to be more current and make more use of it. However, other results still focused on me being the Govenor General or having died in December after being a well known business owner and philanthropist (According to these sources, I used to own the Travelodge on Albert South).
One other finding that was interesting was that of an RCMP officer, Lloyd J Johnston (J does happen to be my middle initial) who died in Salmon Arm, BC on July 10, 2011.
Conclusion
My main conclusion is that I am not likely to experience any confusion in my online identity.
In fact, any confusion would likely be to my benefit. However, our Governor General should be careful, as if I get into a highly publicized scandal, it could lead to some brand confusion that affects our Head of State.
Unlike other people, I wouldn't mind more information being out there on me, as it could allow potential clients to find me more easily.
Tuesday, January 17, 2012
Repost - Creating the Perfect Password
If it was up to many computer geeks we would all have passwords like:
To make it easy to remember all the different passwords, have a system. For example, your email password could be "DearAuntSallyThankYou4theLetter". Your Facebook password could be "2BlueEyesMobyDick". You get the idea. Come up with a creative password that is long, but easy to remember. If you have troubles, try verses from your favorite song or religious text - you'll be surprised at what you can remember. As little as four words can make your account fairly secure - unless your name is Warren Buffet or Bill Gates (then you might want to use the ugly password at the start of this article).
If you happen to have a site that limits the length of your password (which I think is dumb), try using a password like this:
If you can't remember this password, think of the song "Danny Boy" which starts:
Now if you excuse me, it's Friday, Friday . . .
gaidnjkt734$%8FJb%4jhgsyoduh5bfoFRDTgbfa746729.,lo][danj338u9dbt
If it was up to Grandma, all our passwords (assuming we actually had to have one would be:
f
Somewhere in the middle there has to be a solution, and guess what? There is. But before I get to password creation, let's review the rules:
- All passwords you have, on all sites, must/should be different
- None of your passwords should be a real word (in any language) or a simple variation of a word (p455w0rd is out).
- You cannot use the names of your spouse, children, grandchildren, dog, cat, hamster, boss, chimpanzee, or their phone number.
To make it easy to remember all the different passwords, have a system. For example, your email password could be "DearAuntSallyThankYou4theLetter". Your Facebook password could be "2BlueEyesMobyDick". You get the idea. Come up with a creative password that is long, but easy to remember. If you have troubles, try verses from your favorite song or religious text - you'll be surprised at what you can remember. As little as four words can make your account fairly secure - unless your name is Warren Buffet or Bill Gates (then you might want to use the ugly password at the start of this article).
If you happen to have a site that limits the length of your password (which I think is dumb), try using a password like this:
ODbtptprc!
If you can't remember this password, think of the song "Danny Boy" which starts:
Oh Danny Boy, the pipes, the pipes are calling
Now if you excuse me, it's Friday, Friday . . .
Friday, January 13, 2012
Repost - Bad Passwords
Okay, you need to have a unique password for every site, and it needs to be a GOOD password, and one that won't be found in a hacker's dictionary of words and phrases. That's a lot to think of, but it doesn't have to be hard.
To start with, let's look at a list of the top 500 passwords out there, which you can find at http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time (warning: not all passwords are family friendly).
Some of them are easy - qwerty (#8), zxcvbn (#207), qazwsx (#273) are simple keyboard patterns; 123456 is used when you need a minimum of 6 characters (it's also the most common password), if you need 8 characters, then 12345678 (#3) is a logical choice. Others are more interesting; ncc1701 (#139) is recognized by Star Trek fans, and the ubiquitous 'password' which is number 2 on the list. Other common ones are michael (#14), cowboys (#131), and phoenix (#115).
Guess what, the hackers already have this list, with almost all words in the English language, and any other language for that matter. Think you are being clever by using p455w0rd - nope. They have "leet speak" spellings as well in their list. If your password is in a password dictionary, it will be broken quickly in an attack.
To make matters even worse, if you use one of these passwords, AND if you (like most people on the Internet) use the SAME password on multiple sites, guess what? One crack, and you loose everything. This become even more important if you use things like Facebook Connect to login to other sites. If someone guesses that your Facebook password is your dog's name (and they might be able to guess that from all the pictures you posted of your precious pooch), they can then use that on other sites, like your email, your work place computer, your bank - you get the picture.
The best solution is to use a different, complex, password for every site you use. That is difficult for most people, so in my next post, I will provide a simple solution to this problem.
To start with, let's look at a list of the top 500 passwords out there, which you can find at http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time (warning: not all passwords are family friendly).
Some of them are easy - qwerty (#8), zxcvbn (#207), qazwsx (#273) are simple keyboard patterns; 123456 is used when you need a minimum of 6 characters (it's also the most common password), if you need 8 characters, then 12345678 (#3) is a logical choice. Others are more interesting; ncc1701 (#139) is recognized by Star Trek fans, and the ubiquitous 'password' which is number 2 on the list. Other common ones are michael (#14), cowboys (#131), and phoenix (#115).
Guess what, the hackers already have this list, with almost all words in the English language, and any other language for that matter. Think you are being clever by using p455w0rd - nope. They have "leet speak" spellings as well in their list. If your password is in a password dictionary, it will be broken quickly in an attack.
To make matters even worse, if you use one of these passwords, AND if you (like most people on the Internet) use the SAME password on multiple sites, guess what? One crack, and you loose everything. This become even more important if you use things like Facebook Connect to login to other sites. If someone guesses that your Facebook password is your dog's name (and they might be able to guess that from all the pictures you posted of your precious pooch), they can then use that on other sites, like your email, your work place computer, your bank - you get the picture.
The best solution is to use a different, complex, password for every site you use. That is difficult for most people, so in my next post, I will provide a simple solution to this problem.
Subscribe to:
Posts (Atom)
