Log in

No account? Create an account
entries contemporaries archives bio Previous Previous Next Next
jody franklin
multidisciplinary artist
security and social networking
Over the past year or so I've received several invitations from online friends to join various social networking systems that I'm not yet part of (as if the handful I'm already part of isn't a little too much already.) I found it curious, at first, that some of these invitations came from folks I had long been out of touch with, or sometimes barely knew at all, and, despite the fact they were always form letters, part of me was touched: "gee, that's nice they're thinking of me." In a couple of instances early on, I actually wrote letters to these friends explaining why I didn't wish to join another social networking site at the time, and thanked them for inviting me, all the same.

Gee. I feel a little red in the face about that now. Before I joined Facebook last summer, I had no idea people had the option to give these giant networking corporations access to their email accounts so they could send out letters to everyone on their contacts list. When I realized that, it made me somewhat uneasy. I was only mildly annoyed to know that friends were essentially spamming me, but it really kind of blew my mind that people were giving these companies their passwords and essentially letting them see everybody in their contacts list. Yeah, okay, I get it, they all say "we don't store your passwords" or use the information they've gathered for any other purposes than the one you've expressly given them permission for, but... I'm really skeptical.

Now I'm getting invitations to services like Flock and Wink that will (presumably) ask for my passwords to all of my social networking accounts so they can set up one convenient mega-network for me. I actually did sign up for Wink months ago, but balked when I realized that the only way to effectively use the site would be to give up my passwords. If you get phished on Wink, does it potentially compromise all of your accounts? Are there horror stories out there of people losing a dozen social networking accounts at once? I've know several people who, once phished on MySpace, were simply SOL and had to set up new accounts. Imagine if this happened across your entire network of social networks.

This really seems to fly in the face of everything I've learned about 'net security throughout the years: you know, the standard mantras of "don't share your password with anyone" and "have a different password for every account." Yet I'm supposed to trust faceless start-up corporations with this data. I don't know much about password encryption or all the various data-mining operations these companies get up to. I refuse to add modules to my Facebook profile because I simply have to assume that many of the module developers will harvest my personal information and use it (Facebook in fact warns you before you opt-in, but most of my friends on Facebook use an add-on of one sort or other.)

But here I see thousands, millions, of wired Web 2.0 types just diving right into this stuff, signing up for Flock, giving companies access to their email, adding dodgy applications to their Facebook profiles.

What do y'all think about this? Am I being paranoid? Have you willingly given up your email account passwords and/or passwords to social networking sites to any of these companies? Should I just say, "sure, [social networking start-up], I don't know you, but I'll trust you when you say there's no harm in giving up my passwords to you?"
13 memes dropped or drop a meme
sciencequeen From: sciencequeen Date: February 22nd, 2008 06:13 am (UTC) (Link)
What makes that more likely on FB or MySpace than anywhere else, really?

Good thing Firefox warns me when I'm about to get phished on MySpace!

Hey add me to crackbook! Stephanie Hendy (yes I'm using my real name because of school, I'm running for their student union)
jodymeme From: jodymeme Date: February 24th, 2008 11:33 pm (UTC) (Link)
You've been added!
luxsmitten From: luxsmitten Date: February 22nd, 2008 07:45 am (UTC) (Link)
hi jody!
i too am creeped out about the invasion of privacy and the vulnerability we are experiencing both in our reliance on these social networking tools, and their alterior motives. but i have recently come to believe that phishing can be done through more than just getting your password on a single sight. i believe them when they say they are erased, but there's ways of hacking that i think, or getting into your computer files that save your passwords for you. i think theres something called password safe or password box or something...anyways, i just found out about this. there are security holes in forum software that can allow someone to break in to your computer. do you have a password for your computer? because there are ways to get inside, to all of your files, and even lock you out! I was told one should have an admin log in and a user log in, and don't ever log in as admin. there are probrably many amongst our firends that would know more about hacking then lil ol me. i'm thinking of tempus for some reason. I just cross my fingers and use a program called crap cleaner, that erases all your cookies and other downloaded spammy robots. and i use fire walls and secure internet connections, not floaty wireless for when i' feeling paranoid. i'm glad you posted about this, i'll be reading the other replies.
jodymeme From: jodymeme Date: February 24th, 2008 11:39 pm (UTC) (Link)
Our computer is pretty secure and has all the standard firewall / anti-virus / spyware / registry cleaner / etc. software, so I'm not worried too much about that kind of thing. I just really don't see the point or the advantage from the perspective of a person using a social networking site to give up their passwords, or to become an unpaid advertiser by spamming all their contacts.
luxsmitten From: luxsmitten Date: February 25th, 2008 07:13 am (UTC) (Link)
"unpaid advertiser by spamming all their contacts."
fer sure, but whadya expect from capitalism?
From: neobitch Date: February 22nd, 2008 02:17 pm (UTC) (Link)
Give up my password / my e-mail contacts to a social networking site? Not on your fucking life, sir. ;)
jodymeme From: jodymeme Date: February 24th, 2008 11:35 pm (UTC) (Link)
Yeah, I hear ya.
molasses From: molasses Date: February 22nd, 2008 05:16 pm (UTC) (Link)
zoe_serious From: zoe_serious Date: February 22nd, 2008 06:24 pm (UTC) (Link)
Actually the code that they use to send the information to google or hotmail or wherever does not store your password, it simply passes it along to the host. We are in the process of building this functionality into our online software (built only for non profits to allow them to run large fundraising events online and it's useful to have an address upload tool component for registrants who want sponsors) and nothing is stored, it's simply passed along via an encrypted handshake otherwise the companies that host your email (google, homtail etc) would not have given out the API to bulid the widget that allow imporatation of address book information.

I guess I'm not too worried overall. I'm only on Facebook and do not have a lot of the additional apps added. I'm not under my real name and you know nothing is really that personal or totall secure on the web anyways, once it's out there it's out there. If you're going to get hacked you'll get hacked, I can't worry about it otherwise I would not have the connectivity that I'm getting from some of the tools that does make my life easier. I essentially go with the rule that if it's that private it should be offline and nothing I have going on concerns me so much that I'm hiding it other then not using my real name but that is mostly to avoid being contacted by people in highschool that I do not care about at all.

jodymeme From: jodymeme Date: February 24th, 2008 11:46 pm (UTC) (Link)
I'm not too worried about getting hacked, and I tend to put out more personal info than a lot of people on these sites (like my real name). Even if the technology is sound and secure, it just irks me that companies are asking people for passwords to email accounts and other social networking sites. These are the same companies that try to raise awareness about phishing scams, telling people not to share their passwords out on spoofed pages, etc., then they turn around and directly ask the very same people to share their passwords with them. For less experienced 2.0 users, I think this kind of thing could put them in more danger of being phished.

Nice to hear from you! I miss you and feel so out of touch!
tudgedelta From: tudgedelta Date: February 24th, 2008 11:24 pm (UTC) (Link)
I've been getting many invitations lately as well, mostly from former colleaguesor colleauges of colleagues. Many business acquaintancesof mine are on LinkedIn, as I am, to "hang our shingles" so to speak. Some of them have been experimenting with so-called Web 2.0 social networking, in the hopes of expanding their business networks, and also because it's the "latest thing". I am astounded that people, especially those that work in uptight corporate environments, would willingly hand over their passwords so that their own contacts can be automatically "invited" to join and do same.

I too at first was flattered to be receiving invites to join cool new "2.0" sites (you put this so much more eloquently!), until I read more about how the sites worked, and realized this was all automatated. Silly, but I actually felt a little disappointed when the form letter invite came from someone fairly close in my network...no personal note. I wrote this person back, and asked why they thought the site was cool enough to invite me to join (the site was Spock). He said he actually would not recommend it now.

Well, moving on to what I think about this: I don't think it's a good idea to give passwords out, even if they are "not stored". Hey, they *are* stored somewhere! But that's not even what upsets me most. What I find most distressing is the erosion of trust that could happen as a result of mindless trolling of contacts.
jodymeme From: jodymeme Date: February 24th, 2008 11:53 pm (UTC) (Link)
Yeah, that's an excellent point, the erosion of trust thing. I also think that these kinds of practices may desensitize inexperienced or new 2.0 users to phishing scams, as they'll learn that sharing their password in any form on any page that appears to be a trusted social networking site is a normal practice.
luxsmitten From: luxsmitten Date: March 5th, 2008 09:09 pm (UTC) (Link)
maybe it's just my love of the absurd but i couldn't help laughing at this
13 memes dropped or drop a meme