This is going to be fairly short, but it’s too long and important to be relegated to a status update.
Social media has come a long way in the last couple of years, mostly due to the smart phones that have become so popular, even I bought one (and am writing this post with it). However, with the rapid advances, security has been pushed to the wayside most of the time, or at least only given a passing glance.
This is apparent when you look at the phishing attacks.that keep happening on Twitter, and sites like http://pleaserobme.com/ cropping up. With so many sites dedicated to tracking your every move and people passing their personal info around like it’s candy (how many of those “I’ve lost my phone and need contacts” groups have you seen on Facebook?), I expect we will be seeing more and more criminals that take advantage of the info we publish without a thought.
In the case of location checkins via services like FourSquare, I think PleaseRobMe.com has it right. Whenever we post this info, it’s telling people that we’re not at home and plenty of people will start taking advantage of that.
Secondly, with services like Facebook, we can post all our contact info for all our friends to see. I don’t know about you, but my “friend” list on Facebook is MASSIVE. Far more than I’m actually friends with. But yet, I’ve got my address, phone number, email address, birthday, employer and much more, all available to these “friends”. Not that I’m saying I don’t trust them, but who’s to say someone I DON’T trust gets access to their account?
Then there’s multiple account access. Services like OpenID are great, but what happens if someone gets your login info? Also, do you really trust 3rd party services with keeping your Twitter or Google (more on them later) password safe?
So what should be done? First, I think I’ll be removing all that contact info from Facebook and avoiding checkins like the plague. But I’d also like to see services like Twitter give the ability to easily restrict some updates to people that are following you (or even better, to a list of people). This way we can continue to keep most updates public, but have some that are private.
I’d also like to see API keys used more so I don’t have to five out my Twitter password to integrate with a 3rd party. And as for things like posting updates, Facebook, Twitter and the like should time sessions out after a short time. Still allow the user to browse info, but not allow posting until the password is verified again. Until that time though, I’m just not going to have the sites remember me which will keep rogue posts to a min.
And with that, I’m tired and going to sleep. I’ll. Next talk about Google and what needs to happen there.
Post a Comment