privacy

An email received from Google to my [deprecated] Gmail address:

Google rarely contacts Gmail users via email, but we are making an exception to let you know that we've reached a settlement in a lawsuit regarding Google Buzz (http://buzz.google.com), a service we launched within Gmail in February of this year.

Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case.

The settlement acknowledges that we quickly changed the service to address users' concerns. In addition, Google has committed $8.5 million to an independent fund, most of which will support organizations promoting privacy education and policy on the web. We will also do more to educate people about privacy controls specific to Buzz. The more people know about privacy online, the better their online experience will be.

Just to be clear, this is not a settlement in which people who use Gmail can file to receive compensation. Everyone in the U.S. who uses Gmail is included in the settlement, unless you personally decide to opt out before December 6, 2010. The Court will consider final approval of the agreement on January 31, 2011. This email is a summary of the settlement, and more detailed information and instructions approved by the court, including instructions about how to opt out, object, or comment, are available at http://www.BuzzClassAction.com.

Original article.

According to Trend Micro, an internet security firm, more than 40% of teens are "social hackers".

Sigh. I remember a day when being a hacker meant that you had to actually know how to do something.

The "social hackers" are still split by gender though. Boys are twice as likely to go for the profile assassination, while girls are three times more likely to go straight for the PayPal.

What can I say - boys want power, girls love the bling. It's the nature of things.

The "new" idea of "social hacking" is that many social details are on view via social networking sites such as Facebook. A competent social hacker can find information which tends to give away security question answers.

And an incompetent target will use public information in their own security questions and password. And deserve everything they've got coming.

Rik Ferguson of Trend Micro said, "It's the online version of kids breaking into school to change their reports, it's just so much easier now."

Breaking into school to change your report card took planning, skill and cojones.

Anything that can be done from behind the safety of a computer screen requires nothing more than an Internet connection, a decent mix of self-loathing and lack of self confidence, and maybe some Red Bull. Sure, maybe a "social hacker" (*cough* *hack* *cough*) can find out where you live and hang out by hacking into your Facebook profile, but then what? Years of sitting on a couch with his laptop drinking latte mochaccinos will have left his body too weak and atrophied to pose any real threat.

I, on the under hand, can find out where you live, chase you down because I can run faster than you, and then dead-lift you off a bridge.

See kids? It's about branching out.

Oh, and it's called social engineering, and it's not new at all.

So, some anonymous dude (who is actually not quite as anonymous as he'd like to believe) left some comments on my nearly 2-year-old post about closing my Facebook account, then decided to try and prove a point about his views on privacy by cleverly looking up my cell number (which is public) and doing a Google search to find a photo of me (which is also public).

The point he ended up proving, of course, is that he's a slightly creepy person who calls up random people about an old blog post they wrote when he disagrees with them. Also, he knows how to perform the shit out of a Google search.

I was driving Mir - much more stalker-worthy material than I, if you ask me - to pick up some food for her dog, when my cell rings:

• Is this Steven Mansour, from stevenmansour.com, about the facebook post?
• Yup, who's this?
• Just wanted to tell you that nothing is private, case in point I found your phone number, I'm not trying to stalk you or anything but you know how easy it is to find information about people on the internet.
• Ok...
• Ok.
• Goodnight!
• *click*

Followed by Mir and I looking at each other with a quizzical "WTF?".

So yes - it's true! You can find lots of information about people on the Internet, off and on Facebook. Especially if that information is, you know, supposed to be public in the first place. I don't hide my contact information from the world, and even if I did, a simple whois lookup on anyone (including Mr. "Anonymous") would be more than enough to get any more information about anyone else. That's why closed networks like Facebook are so insidious - people put more information on there than they would on an obviously public page such as this one, with the misconception that only their friends and family can access it. They - especially young people - are duped into jumping into bed with Facebook with the idea that they can retain control over who gets to access what.

They can't.

So what can we keep private? Lots. I'm pretty open - I make a point to use my real, full name in online games or on the handful social networks left that are genuinely useful to me; it makes it easier for me to keep track of and aggregate everything I'm doing. On others - ones where I prefer remaining private - I always use a pseudonym, encryption and TOR. There is data (music, videos, games) on my home PC that you'd probably be able to access without much difficulty if you really wanted to get at my Lionel Ritchie Paris Hilton Audioslave high-fidelity OGG files. Then there is other data and information that anyone would have a bitch of a time trying to find, decipher, crack and decrypt.

So, what's the point? Well, that problems with privacy control and things like identity theft have been around long before the Internet ever came to be, and will stick around long after the Internet has withered to dust copper flakes. That it's about corporate responsibility, education, and governance - not paranoia. That anyone with a phone book and fingers can find whoever they're looking for. And finally, whether you live down the street or in Florida, that you shouldn't look up my number and call me unless you've got something to say.

Or unless you're a blond-haired blue-eyed college cheerleader from the south. Then, you can just ask.

Sigh. I suppose it's normal that my first post in a few weeks here would be about Facebook.

So, some dude set up a mischievous fake Facebook profile for some other dude in London, and ended up having to pay £22,000 in damages for libel and breach of privacy.

A businessman whose personal details were "laid bare" in fake entries on the Facebook social networking website has won a libel case at the High Court.

Mathew Firsht was awarded £22,000 in damages against an old school friend, Grant Raphael, who created the profile.

I'm not exactly sure how much £22,000 equals in real money, but I think the conversion process in my head puts it hovering somewhere near a gazillion dollars.

Why is this semi somewhat passingly important?