On the impossible dream that is Infomation Security in a University.
Information:
Links:
I’m shocked, shocked I tell you, by how hard Facebook make it to find all the options. Ok, no I’m not. It’s just par for the course, but I was surprised to find that I’d missed the option that lets friend’s applications read your location. Graham Cluley has an excellent step-by-step guide to getting it right.
Ars Technica sums it up well Privacy groups on Facebook updates: meh
The defaults are still very open and called “recommended” settings. It’s still opt-out not opt-in for pretty much everything. Meh.
Facebook has just offered me a great set of options:
1) Link publicly to a like page for my location, make my employer public etc. or,
2) Have location, employer etc. deleted completely from my profile.
How do they manage to keep getting this so wrong?
A small thing, but an annoying one. When you type an entry into the URL bar in Firefox, it tries to be helpful. First it tries to correct an invalid domain name (e.g. turning http://www.clune to http://www.clune.com. Which is annoying as clearly what was meant was http://www.clune.org :)
That’s annoying, but the next stage is worse. If you type something into the URL bar that doens’t resolve and isn’t a url, Firefox will conduct a Google search using your text as the keyword and then take you to the first hit. Since the Google search isn’t encrypted, this leaks information as well as potentially taking you to a random site that you know nothing about.
The fix is to edit two entries in about:config. Set both browser.fixup.alternate.enabled and keyword.enabled to false. Job done.
Remember that you’ll need to do this on every instance of Firefox you use. I don’t know if Mozilla Weave syncs these particular settings (the FAQ lists the unhelping “selected preferences”) but I’ll udate the post later when I’ve done some testing.
(See BrainOnFire.net for more details if these instructions are a little cryptic.
These posts keep getting written for me :)
15 year old girl posts some pictures of herself on her Bebo profile (and presumably leaves the on public year). They get copied all over the net and end up in Loaded magazine next to words to the effect of “Phwoar look at that, can anyone get her to pose for us”.
The girl, now an adult, sued Loaded for breach of privacy but lost because the images were already widely spread. Which seems, in itself, a reasonable decision. Now if she’d sued for breach of copyright, she’d have been on much firmer ground (though IANAL) but if she’d understood privacy to start with, and her social networking site set sensible defaults, the whole thing would have been avoided.
(again, via The Register)
By chance, after my post earlier this morning, this popped up in my RSS feed:
Facebook has called a general meeting on privacy amid widespread user discontent over a succession of privacy-eroding changes by the social network.
The “all hands meeting” of Facebook staffers is due to take place at 4pm PDT on Thursday. It follows a critically panned attempt by Elliot Schrage, Facebook’s vice president for public policy, to justify its privacy stance in an online Q&A with readers of the New York Times earlier this week
(Via El Reg)
Something that I’ll come back to later when I finally finish my half-written post about “security” questions, but for some reading while I get round to finishing that post, the NYT has a nice short article on how data mining can be used to remove the illusion that is online privacy.
