How do search social media?

Originally posted 07/07/2011 on lubbockonline.com

Last Friday Nick at the Police-Led Intelligence blog posted "Social Media Search Tips for Cops & Law Enforcement Analysts." It covers the basics of social media searching, from kurrently, a search engine for Facebook and Twitter, to Google hacking to Facebook's search engine.

I don't know about the usefulness of kurrently. It only found 1 out of 5 people I searched for. I was one of the people it didn't find. But Google hacking and the Facebook and Twitter search tips are great. On the downside, these same tips work for stalking. But if you're looking for long lost friends and relatives - or a socially networked perp, these tips are a big help.

Should your employer care about your (off time) privacy?

Originally posted 4/7/2011 at lubbockonline.com

Have you ever thought about how the things you do online when you're not at work could affect your job? I'm not talking about a careless rant on Facebook or an ill-considered tweet about your boss. I'm talking about all the information you put up online. Even if all you do is use Google to find information you've probably put far more than enough information online to identify you.

In 2006 AOL released "anonymized" search data that was used by the New York Times to identify several searchers. For an idea of the kinds of things available in search data, look at the Consumerists post on AOL User 927. I'm sure he didn't want anyone knowing what he was searching for. Just to make sure we understood how much we tell about ourselves online, around the same time Netflix released anonymized data that ultimately outed gay and lesbian members, or would have if the researchers had publicly released the data. An in-the-closet lesbian mother sued Netflix over their release of the data. The researchers who were able to determine sexual preference were also able to determine political affiliations. All based on the movies people rented and rated.

If so much can be discovered from supposedly anonymized data, imagine what can be learned from your Twitter and Facebook accounts. It's not uncommon for people to post their full name, birthday, all the schools they attended, the names of most of their family, pets past and current, favorite everything, first everything, and just about everything else. How many of those things are used as security questions to recover you password for your online banking? How many of those things, or some permutation of them, are used for passwords by people? How many of them are used for passwords related to work?

But even if you use randomly generated passwords all of that information is useful to bad guys. It is the ammunition for the weapons used in social engineering attacks. With the information on many peoples Facebook pages a skilled social engineer can gain trust, either from you or from someone you know. After all, if he knows so much about you he must know you. Using that trust he (or she) will get information a person would normally never give someone they barely know. It works better than you might think. A lot better. But if a salesman has ever sold you something you didn't really want or need, or if you've ever watched John Edwards on "Crossing Over" you know that.

Without privacy you can't have security, and many of us don't even think about privacy while we're online. It's bad enough when I think about all the individuals exposing themselves to all the bad guys on the internet. Then I think about the CSO's who are trying to protect data hidden behind passwords and relationships tied to all that data being published on Facebook, Twitter and the rest of the web and I wonder that we manage to keep any data secret at all.

Twitter much more than a social network

Twitter is the surprise contender in the free speech arena. It is also becoming a surprise tool/weapon in the fight over the line intellectual property rights and fair use.

Twitter is becoming a lot more important than anyone would have expected in the case against WikiLeaks. CNET reports that a judge has set a hearing to determine whether the Justice Department has a right to the Twitter accounts and records of several Wikileaks members, including a member of Iceland's parliament. A decision in Twitters favor could hamper Justices case against Wikileaks, but it's unlikley it would scuttle it.

I've been blogging about Sony's war against George Hotz, but today there was an amusing development. David Kravets at Wired reports that a Twitter user sent the PS3 unlock code to Sony's "Kevin Butler" Twitter account. Whoever runs the account wasn't looking and retweeted it to all 75,000 of his followers. Gotta love the irony. Sony probably sent the unlock code to more people than George Hotz ever did.

When the internet was turned off by the government in Egypt people used their cell phones to text updates to Facebook and Twitter. In the past year there Twitter has been a major source of information in several areas of unrest and civil rights abuses in the past year.

A few years ago no one would have thought a "microblog" site would become a major source of information and a major tool for the oppressed to make public their plight.

Going after Wikileaks causing more problems

The ancient Polynesians navigated the Pacific using the moon, stars and motion of the waves. As the ripples from the Wikileaks scandal travel around the planet I wonder if we can chart a course that brings us to greater privacy and security by seeing the way various governments, agencies and businesses react to them.

Last week we learned that the U.S. government tried to force Twitter to release user information on people who had been associated with Wikileaks. Wikileaks fought back, and has been widely praised for it. Wired's Threatlevel blog even stated that Twitter's response should be the industry standard when such requests are made.

As ripples move across the water they strike object and bounce back. In the Privacy Inc blog at CNET Declan McCullagh reports that a group of European politicians is protesting the U.S. subpoena of information from Twitter. Along with concerns that EU privacy rules may have be broken by the subpoena's, there is concern over the fact that one of the accounts subpoenaed belongs to a member of Iceland's national parliament. That does not please the government of Iceland, which summoned U.S. Ambassdor Luis Arreaga to a meeting at their foreign ministry.

Wikileaks did not steal the information it is releasing. By the governments own admission most of the data shouldn't have been classified, and nobody believes any of it is more than embarrassing. There was a similar case in the '70's that determined journalists releasing secrets were covered by the First Amendment. Is going after Wikileaks and Julian Assange worth causing international incidents? To have a trial that will probably go in Assange's favor?

Is this an attempt to catch and punish a wrongdoer or just to cover somebody's embarrassment?

Twitter stands up for users privacy.

The Threatlevel blog reports that Twitter did not cave in to a U.S. government subpoena for data on members associated with Wikileaks. Twitter fought a gag order and won, enabling the micro-blog site to notify members so they could fight the subpoena.

Tell me what you think. Should Twitter's action be acknowledged?

Is social media safe for work?

As we become ever more involved with Facebook, Twitter and the like it's becoming more common for companies to allow employees to access them online. But is that a wise decision? Both Facebook and Twitter have been hit by malware recently, and it is only expected to happen more often. Facebook is built on trust - a commodity that has to be earned in less open environments.

While social networks rely on people trusting each other, in a business environment a certain amount of paranoia can be a good thing. Clicking the wrong link or friending the wrong person can place a companies data and resources - even the most important resource, the customers, in jeopardy. Spam and phishing email rely on people's trusting nature. Facebook encourages it.

Companies often block websites that are known malware hosts. Many block, or used to block, Facebook, Twitter and other social networks. As they have become more popular and marketing departments see promotional opportunities, the demand for access at work has risen, and many companies have relaxed their policies. There are good and valid reasons for businesses to market on Facebook and other social networks, but is it necessary for them to allow all employees access to them?

Companies routinely block sites that are known to be dangerouse or objectionable. Most also have provisions for employees who need to access those sites. The same could be done with social networks. It would make sense to only allow access to social media to those who need it as part of their job. It limits the exposure and can make it easier to track down the source of an infection.

As more companies allow unlimited access to social networks it's only a matter of time before there is a major breach from access of social networks. The only question is when.

Will Facebook make fair trial impossible?

Over the past fifty years there has been an ever growing problem in taking people accused of high profile crimes to trial. How do you insure an unbiased jury when the pool has been tainted by repeated reports of facts, speculation and fiction on the case? With the popularity of the internet and the instant reporting of Twitter and Facebook this problem has become even more severe.

Which bring us to the case of a 16 year old alleged victim of gang-rape in Pitt Meadow, British Columbia. The story was reported on CTV News British Columbia by Julia Foy. A group of males allegedly raped her at a rave. The stories are fairly predictable: The men say she consented, the girl and the police say she didn't. Both sides agree that she had taken drugs that night.

A Facebook page, "Support-for-16yr-old-victim-in-Pitt-Meadows" was put up in defense of the girl, and before long a second page, "Reasonable Doubt in Pitt Meadows, was formed to support the alleged rapists.

Not surprisingly, the group supporting the girl has many more friends. Even if you are willing to be open minded and admit that the men may be telling the truth, few people will want to come out and say publicly that none of us know enough to say who's story is true. Especially since the men are guilty of statutory rape, regardless.

I realize that I am, in a sense, perpetuating the problem I am complaining about. I'm probably not going to have much affect on the jury pool, even if they change venue, but as time passes and ever more people are connected the viral nature of the internet will make it harder and harder to find unbiased jurors. As I write this there are 9200 followers of the "Support" pages and a mere 92 followers of the "Reasonable Doubt" pages. Pitt Meadow has a population of about 17,500. I know that not all of the followers are from Pitt Meadow, but the odds are that most are from within the coverage area of local news, which means there probably 9200 potential jurors who have already made up there minds about the case.

This is not one of the things I think about when I talk about the importance of privacy, and the problems of Facebook. But it is a problem. And it is important. Accused criminals have a right to privacy that must be maintained until the trial is over for a fair trial to be possible. To be fair, it's not so much a Facebook problem as it is a human problem, and it would exist whether Facebook allows such groups or closes them down as soon as it hears about them. Add Twitter and the myriad other social networking sites, and we are fast approaching a time when unbiased juries are hard to find. So, admitting that, how can we protect the right of the accused to a fair trial with an impartial jury in an age of instant communication?

Take your headlines with a grain of salt

Earlier this week Time reported that Kosuke Tsuneoka, a kidnapped Japanese journalist, was freed thanks to Twitter. It sounds really good, but after reading several reports, I didn't see the connection. Sure, Mr. Tsuneoka did manage to get a message out by tricking his captors into letting him use Twitter - to show them how to use it. He was freed a few days later, but no one can actually show a connection. I finally came across a story on Newser that admitted as much.

It was a good headline, all the variations of it: "How Twitter helped free a hostage," "Journalist tricks captors with Twitter," etc. But it didn't have anything to do with the real story, which amounted to, "Muslim journalist freed after five months captivity."

The funny thing is, there are probably true stories out there, if anyone looked hard enough. But they aren't stories about (Muslim) Japanese journalists who tricked their ignorant (not really) Taliban captors into letting them send out a Twitter message. At least the part about the Twitter message was real. But did it really call for such sensationalist headlines that only undermine the reputations of the sites that use them?

S.N.A.P. the Social network privacy app for iPhone and iPod Touch

Bit Systems has created S.N.A.P. the Social Network Analyzer for Privacy. It's something like reclaimprivacy.org, but for your phone. It analyzes your privacy settings on Facebook and lets you know how public you're really being. The app is free from the iTunes App store, so if you have iOS 4, download it, go to Facebook and check your privacy settings. See how you're doing and how much you're revealing about yourself to the world.

Social Networks enhance political protesting in Middle East

In an opinion piece by Mona Eltahawy at the Washington Post tells us that free speech is getting a boost in the Middle East, thanks to social networking sites like Facebook, Twitter and Youtube. This is the result of an event I blogged about a little over a month ago, the death of Khaled Said.
Khaled Said's alleged murder by two Egyptian police officers spread quickly on Facebook and Twitter. Shortly after that Facebook groups were started in Khaleds name, and protests were organized.
Ms. Eltahawy discusses the events since his death, including the trial of two of the officers involved in the beating. The trial isn't over, but the fact that there was a trial says a lot.
The beauty and power of the internet is wrapped up in the fact that no one really controls it. As governments and industries try to control what can be transmitted and who can transmit it the freedom that many of  us take for granted is threatened. It may not seem like a big deal to those of us in countries who enjoy constitutional protections, but the activists in countries that don't enjoy those protections can tell you that it is a very big deal, indeed.

Facebook users love sex!

Shira Lazar of CBSnews.com reports that Dan Zarella has written an algorithm that analyzes social media posts and create a psychological profile of the poster. And according to his analysis of 12,000 posts (posts, not users posts), Facebook users love sex. I have to wonder if his sample is large enough to be statistically significant, and how he selected them, but it still puts that English researchers conclusions about Facebook and syphilis in a new light.

I also have to wonder how many of those people posting about sex will have reason to regret it later.

Facebook, Twitter used to scam brides-to-be, vendors

This is an interesting tale. Setup a Facebook page, garner followers (real or not), get a Twitter account, and rake in the dough. These internet entrepreneurs created a facebook account and tweeted about a nonexistent bridal show, and sold upwards of 5000 tickets, plus getting booth fees from hopeful vendors and a free radiospot in exchange for a reduced booth rental. Not a bad scam. I first read of the scam on Ars Technica in an article by Jacqui Cheng.

It seems that almost $150,000 was scammed from attendees and vendors with this scam. The Facebook page is down, and the twitter account probably is, too. The bad thing is, short of calling the convention center to see if the event is really scheduled, I don't know how you could see through this scam. Maybe the fact that payment was taken through paypal? That's not really an indicator. I'm sure we'll see more about this, and more examples of similar scams in the future.

http://pleaserobme.com/

It's not a joke. Do you use one of the numerous services that let you tweet or otherwise post your location for the world to see? pleaserobme.com searches twitter and posts the tweets that give away the tweeters location.

It's not as nefarious as it sounds (or as it could be). The site was developed by three guys to demonstrate that we have some very bad habits, security-wise. The actual address data appears to be substituted with data from lands far away from the original poster. But that doesn't change the fact that large numbers of people are making their locations known. And part of knowing where you are is knowing where you're not. Which is exactly the information a burglar wants. Not to mention stalkers, psycho exes and assorted crazies.

Do you tweet your location? How often have you said something like, "Going to the game, hope we win. Go Tech!" How many hours would that give a crook to burglarize your home?

Facebook: Help Haiti gag and more

It's amazing the things people will do on Facebook. For some reason they think that, even though everyone they friend (and most people they don't) can see their posts, the posts are private. Here are a few examples:

A story in the Register today shows us that the Swedes are a generous people - and every bit as gullible as any other nationality. Swedes joining the group "2 kronor per member to earthquake victims in Haiti" expected 2 kronor to be donated to Haiti relief when membership reached 200,000. Imagine the surprise when, after 200,000 was reached, the group announed it was actually the Swedish Necropilia Association. The perpetrators of the hoax said they were wanting to get a good laugh and teach people about critically reviewing their sources. Since no one had to actually donate any money, I guess I can see the humor, and the lesson. But some of their material was reportedly pretty graphic, so I can't help but think someone's going to get into some kind of trouble over this.

AP writer Thomas Watkins tells us, "Use of Twitter, Facebook rising among gang members." That may be a good thing. It's enabling the capture of more violent criminals as they put incriminating evidence up on the social media sites.

A teen drinker, Ashley M. Sullivan, was about to be sentenced as a minor for the negligent homicide of her boyfriend while driving under the influence. The the judge saw a picture of a drunk Sullivan on her Facebook page. He sentenced her as an adult.

Three Illinois high school students were suspended for their Facebook videos. Other students reported the videos because they were frightened by them.

How's your Online Rep?

I was going through my alerts today, and a Smart Planet blog caught my eye. Titled, "How to build and manage an online reputation," it's a good primer, and has some good links at the end of the article. We'll go over some of what they say, and some of what some other people say, but I recommend checking out all of the sites linked today. They all have a lot more to say than I can repeat here.

According to the article at Smart Planet, the first thing you need to do is find out what's out there about you. Just a few years ago the only people who really had to worry about their online rep were people who'd reached a certain status level in certain technical fields. Today almost any job you go to will check out your Facebook page and/or hit the search engines.

Have you googled your own name lately?

Some privacy advocates say googling yourself is a bad idea. Frankly, you can't afford not to google yourself - and Yahoo and Bing yourself (that last one just doesn't sound right, does it?).  What you see is what potential employers are going to see, and each search engine give slightly different results.

Another blog entry at onlinereputationedge.com brings up a good, but seldom talked about point - what you say about other people online usually says a whole lot more about you than about the person you're talking about. So be careful what you say. And remember, once you put something online, it will never be gone, so the bad impression you create today could come back to haunt you thirty years from now.

Onlinerepmanagement.com uses Kanye West to teach us that even the biggest blunders - or group of blunders - can be mitigated by an active online presence. Because he is very active online you won't see much negative about him when you search for his name, even after 2009's gaffs. It's amazing what an active online presence can take care of.

That's it for now. Stay safe and work on that online rep.

Twitter hacked via email

Twitter was hacked and their DNS data changed. The trick was done through a compromised email account. This isn't the first time something like this has happened to Twitter. It makes me wonder just how safe social media really is, if security failure is just one weak password away.