Tuesday, November 10, 2009

The confession of a Facebook scam maker

Everyone is social networking. Privacy is dead. Social media are the information jungle where personal data are rife and threats are real. I always advocate: be open and enjoy the transparent information environment, but be careful out there. It is very important to know the risk. So it is really a surprise when I read an article in Techcrunch written by an ex-Facebook scam maker giving first hand information on the technique he used to trick people. You may read the full article yourself.

Dennis Yu is the CEO of Blitzlocal, a web advertising agency. Before that, he did a lot of work on Facebook advertising which were mainly spams and scams. In June 2007, Facebook opened up their application developer platform so that anyone could build games on top of the social network. Users could share quizzes, race cars, grow vegetables, and so forth, all with a click of a button. Users in one click gave the game permission to access their profile data. By having access to user data, game developers could make their games more interesting.

Facebook had not considered what was possible when the game developer passed on user names, profile pictures, and personal details on to an advertiser. The result was that advertisements thus created looked like they were from Facebook, with the same blue button, white background, and the same font. Also, your profile picture, your name and that of your friends, were put in the advertisement. By early 2008, the platform was generating 400 million impressions a day, as people poked, bit, slapped, kissed, and drop-kicked each other on Facebook.

You may think that all such advertisements are just trying to sell something online, like flowers on Valentine's Day or automobile insurance. However, Dennis Yu did a research and realised that people on Facebook were not interested in shopping. The advertisements were just trying to optimize online traffic. They just tried to trick people into doing the following things. First, click and access a website which could be malicious. Second, download something like a toolbar or interesting things which could also be malicious. Third, give up their email address, or even their phone number.

We are always asked to be careful in opening suspicious links. In Facebook, you should also be careful about familiar links. Because user profiles, photos and lists of friends are commonly available to the advertisers and scam makers, messages from friends should be viewed with caution. These messages may directly address you in the name of your friend with their photo in it, just like the everyday Facebook messages or writings on your wall. Of course this does not simply mean that you should lose trust with everyone. Just be careful if you find your friends suddenly doing something unusual. If in doubt, send them a message to confirm before clicking on something.

Sunday, November 8, 2009

Privacy is dead

I have been paying much attention to the topic of personal data privacy, not because I am a defender of privacy but because it is an important human resource management issue. In a modern society where survival depends on the services of others, it is necessary to interact with others and provide them with your personal information. However, there are risks associated with such interaction and we sometimes hear horror stories on personal data being in the wrong hands. In human resource management, there is always a flow of personal data from employees to employers. The line is whether an employee voluntarily gives out personal data, and that he should be aware of what personal data are being collected.

So it is quite refreshing to read in CNN an article by Pete Cashmore that privacy is dead. If you are interested, you may read his full article. According to Cashmore, who is an expert on social networking and media, there is no more such thing as privacy in today's wired world. The culprit is social media which have become so widely used and popular that they have encouraged lives to be lived in public.

People need other people to know them in order to be successful. In the old days, people gave out name cards advertising their personal information. Many successful people have their biographical data published. In the government, senior officers have their biography ready to be distributed to the media. Such information include personal data such as academic background, work experience, achievements, age, birthday and even family particulars. In today's world much of such information are distributed through social media. The mindset has changed. You can find valuable audience for your work in social networking. Without which, you are not even on the radar. Such phenomenon is now widely seen in many professions. Those who broadcast themselves well online will be more connected and influential. In fact, the popularity and success of a person can even be measured by the number of clicks and hyperlinks to their personal information, just like the way the search engines prioritize the search results.

The smoking gun for this trend is of course the social media and the way they treat the personal information. Cashmore raised the following several examples on the on-going development.

Flickr, the photo-sharing site, is a fore-runner. It makes all the photo uploads public by default. With good customer acceptance, the choice now seems obvious. What is the value of photos if they are not to be seen by others?

Twitter also makes its updates public by default. Its private accounts are rare. Cashmore remarked that Twitter's fire-hose of updates is becoming an invaluable stream of the world's consciousness. Twitter updates have just been licensed to both Microsoft and Google to bolster their search efforts.

Facebook, which has a model of private sharing among close friends, is now pushing an "everyone" button that makes your updates public.

Foursquare is a location-based service. Using your phone and GPS technology, it can post an update from your phone every time you "check in" to a restaurant or bar. Such broadcasting of your location will increase your chance of business and friend connections. In this connected era, a private life is a lonely one.

Fitbit offers a clip-on pedometer to be worn day and night, logging your exercise and sleep patterns and sending the data wirelessly to the Fitbit website. This data can then be shared with your doctors, friends and family.

SenseCam is a web camera worn on a cord around the neck, and capture an image every 30 seconds. The technology has been licensed to Oxford-based Vicon, which will produce a version for Alzheimer's and dementia researchers by the year's end and a consumer version in 2010. Just imagine having your entire life, not just some personal data, captured and stored, and the possibility of it being shared.

People read 1984 and are appalled at the possibility of the state controlling all personal information. This is already true in many areas, and the trend is that more personal information are being collected, stored and used, not just going public. I see a scenario that as the global intelligence integrates, personal information will inevitably be shared. It will only get better connected and interacted. The fear of 1984 is not that personal information are being made known to others, in particular the state. It is actually the fear of loss of personal freedom with the assumption that the state will condition and control all minds. However, take the simple Facebook as an example, even if personal information are shared among a group, it does not mean we are obliged to do what Facebook asks. There could still be freedom of individual minds under a transparent information environment.