Social Media Top Links April 2010: Epic Zuckerpunched in Your Privacy

Here are the top links, articles, and news regarding social networking sites such as FaceBook. The big news this month was continual decay of users’ privacy on FaceBook. There has been an general outrage and growing distrust with the crew at FaceBook.

Favorite Tweets April 2010

There are some funny people on Twitter. Whenever I find a funny, witty, or thought provoking I usually retweet it and favorite it. Here is a small collection of recent tweets that stoop out to me.

  • @nickbilton: Off record chat w/ Facebook employee. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.
  • @stephenkruiser: Pants are important. Sometimes.
  • @crazeegeekchick: So grateful for salary and for direct deposit. AT least one thing is consistent in my life :)
  • @puredanger: wife: "why are these blankets always on the floor!?" me: "gravity?"
  • @godolcevita: You have to be where you are at to get where you are going….
  • @cdixon: It’s getting to the point that when a big company calls something "open" == they are about to screw you. Need a new word for actually open.
  • @ericaogrady: What to know if he’s a Man or a Boy? Make eye contact with him and hold his gaze. If he looks away, he’s still a boy.
  • @Archimage: I would rather throw down than throw up.
  • @nandoism: it smells awesome in Brooklyn. like fresh rain mixed with urine. aaah.
  • @michaelg: Overheard: "Zuck sounds like Lex Luthor" #f8
  • @Archimage: This tweet is (c) 2010 Archimage. All rights reserved. Any retweeting is a violation of applicable laws.
  • @KaciBrownMonroe: Don’t look at me; look into me. To the deepest, most real, places in my heart and soul.
  • @stevenharman: Apple, if you’re going to limit how many computers I can play my content on, please allow me to de-authorize one I no longer have access to.
  • @wilshipley: Why do DJs wear earphones? Isn’t the music loud enough? I can hear it fine from down here.
  • @girlonetrack: I’ve spent the last four hours immersed in non-stop politics: eight times as long I as give foreplay. Which I guess shows my priorities…
  • @joeracer: FUCK YOU IRS. Seriously.
  • @tedneward: Oracle’s sponsoring IronMan 2?!? What next, Microsoft Star Trek 2? "Mr Spock, where do you want to go today?"
  • @thekarladam: 290.2 MB of space for Adobe Reader!? WTF is wrong over at Adobe!?
  • @bkorte: Dear Facebook: Stop using my default notification sound for your push alerts on my iPhone – be original and come up with your own sound.
  • @hotforwords: The Average Woman Dates 24 Men Before Settling Down.
  • @dotjenna: Is it possible to hate someone you love? #love #hate
  • @shanselman: I need an online alias for some programming projects. I wonder if Slim Shady or Sasha Fierce are taken…
  • @MsLizziA: I mean Kick Ass SUCKED ASS!
  • @techknow: Is there such a thing as tofu salmon?
  • @markramsey: how the hell can ticketmaster charge a $10 convenience charge on $25 tickets, I’m buying them online, making it convenient for them!
  • @ebarrera: It is no coincidence that in no known language does the phrase ‘As pretty as an Airport’ appear.
  • @thediva: Some times women’s clothing annoy me. I wear 3 different sizes depending on the brand. It’s so insane of retailers to play head games
  • @adactio: This is my browser; there are many like it but this one is mine.
  • @ehthayer: My body clock needs an hour change button too
  • @RobotDeathSquad: I think there is a direct relationship between the number of tattoos and bad waitressing.
  • @gkmaestro: Software involves sending more emails that writing code!!!
  • @meph: Why do computer programmers confuse Halloween with Christmas? Because Oct(31) = Dec(25). #geekfun
  • @godolcevita: I’ve learned that people will forget what you said, people will forget what you did, but people will never forget how you made them feel.
  • @timacummins: Worry is a brain drain.
  • @NicoleJordan: Instead of asking what is the return on investment, we should be asking what’s the return on objectives? #digiday
  • @swedal: Why is the alphabet in that order? Is it because of that song?

Powned Internet Terms of Service

I’ve seen a trend in the Terms of Service legalese for social networking sites such as Twitter, Facebook, and recently reported LinkedIn. In essence, these claim to have rights anything you publish on said services until the end of time. They have worldwide unlimited God-like rights over your photos, comments, posts, social graph, usage data and analysis, etc. It is important to note that they claim rights over the data you explicitly post, and data that implicitly is provided such as IP address, login date/time/duration, etc.

I thought that I can take also post my own Terms of Service on the whole wide web and that they might enough provide legal precedent for me to claim all world’s data, muhahahaha.

Additionally, you grant MEEEE!!! a nonexclusive, irrevocable, worldwide, perpetual, unlimited, assignable, sublicenseable, fully paid up and royalty-free right to us to copy, prepare derivative works of, improve, distribute, publish, remove, retain, add, process, analyze, use and commercialize, in any way now known or in the future discovered, any information you provide, directly or indirectly to WHO DAT, ME!!!, including but not limited to any user generated content, ideas, concepts, techniques or data to the services, you submit to ME ME ME ALL MINE!!!!, without any further consent, notice and/or compensation to you or to any third parties.

Stupid Security Questions

I’ve always have a problem with security questions asked by banks and other financial institutions. For one part, these security questions are not really that secure and are easy to guess and reverse engineer. In 2008, the Republican vice-presidential candidate, Alaska Governor Sarah Palin’s email hacked by guessing the answers of security questions. From a Wired report on the account of the email crack.

The Palin hack didn’t require any real skill. Instead, the hacker simply reset Palin’s password using her birthdate, ZIP code and information about where she met her spouse — the security question on her Yahoo account, which was answered (Wasilla High) by a simple Google search.

Recently, it was reported that President Obama’s Twitter account was hacked by guessing the security question related to password recovery systems. These type of ‘hacks’ require no computer science degree, computer security expertise, or black hat hacking skills. This is the sort of ‘hacking’ that an ex might find themselves doing on your Facebook account. I would not put a lot of blame on curious kids with a lot of time on their hands and an internet connections, I put the blame on enterprise software architects that impose stupid and weak security systems in place.

At first, security questions consisted of naming the town you where born, or the maiden name of your mother. Then the progressed to the name of your third grade teacher, then the last name of your fifth girlfriend, then to the where you where in the 1989 Loma Prieta earthquake, and they have gotten worse since then. Here are some security questions I found myself forced to answer.

  • Who was your childhood hero?
  • What is the first and last name of your first boyfriend or girlfriend?
  • Which phone number do you remember most from your childhood?
  • What was your favorite place to visit as a child?
  • Who is your favorite actor, musician, or artist?
  • What was the last name of your third grade teacher?

The problem now, with the current trend of security questions, is that even I don’t know the answers to them or that their answer might change over time. Trying to answer any of the the above security questions in five years from now and you might sounds like the following… “I liked both Spiderman and Wolverine, but I might have answered Superman. I liked Britney Spears then, but not as much as Miley Cyrus, but wasn’t Lady Futura big then.”

I think that security questions are not secure or practical. They are a annoyance for users and high light security flaws in computer systems.

Here is a list of security questions considered good and notice that they all suffer from the issues outline here, they are either easy to guess or easy to forget.

  • What was your childhood nickname?
  • In what city did you meet your spouse/significant other?
  • What is the name of your favorite childhood friend?
  • What street did you live on in third grade?
  • What is your oldest sibling’s birthday month and year? (e.g., January 1900)
  • What is the middle name of your youngest child?
  • What is your oldest sibling’s middle name?
  • What school did you attend for sixth grade?
  • What was your childhood phone number including area code? (e.g., 000-000-0000)
  • What is your oldest cousin’s first and last name?
  • What was the name of your first stuffed animal?
  • In what city or town did your mother and father meet?
  • Where were you when you had your first kiss?
  • What is the first name of the boy or girl that you first kissed?
  • What was the last name of your third grade teacher?
  • In what city does your nearest sibling live?
  • What is your youngest brother’s birthday month and year? (e.g., January 1900)
  • What is your maternal grandmother’s maiden name?
  • In what city or town was your first job?
  • What is the name of the place your wedding reception was held?
  • What is the name of a college you applied to but didn’t attend?
  • Where were you when you first heard about 9/11?

Another trend that I have noticed is that financial institutions and credit companies have a lot of private data on you and other perspective borrowers. So they don’t need to ask you such security questions, they can generate they own and match your answers to the years of paper trail and data fingerprints they have on you. If you call your bank in the near future, don’t be surprised if they ask you who you lose your virginity to.

Computer Error Led to 50 Plus Visits from the Police

The home of an elderly couple in Brooklyn, New York was visited by police “50 or so” times over a span of 8 years. If you’ve had the police come for a visit, you would know that they don’t bearing gifts. When the police come a knocking, they might pound your door in with a battering ram and kill you dogs. So you can only imagine what fright the retired couple had to endure. The numerous police visits where traced to a software glitch in a computer system used by the New York Police to track crime complaints and criminal activity. As it is customary for Associated Press reports, there is very little information or follow up on the nature of the software system in question. The exact details behind the computer error were not given, other to say that the error started in 2002 when the police upgrade from a manual process to an automated computer system.

From working with a variety of computer systems, I know how an error like this can potentially have been introduced. Often times, when working on a new software feature, you have test said features but with fake data. A common practice is to simulate a small portion of the computer system with fake data to mock the environment. In the worst situations, actual test data or test conditions are hard coded in the actual application. If fake test data is embedded in a production system, like that used by the New York Police, their might be certain conditions like a certain date or time or report type that will trigger the test data to percolate to the surface.

Along this lines, I have seen certain feature in a computer system not function correctly because it is installed in a Windows Vista as opposed to Windows Vista, or that on leap years it behaves erraticly, or that if you installed it on the D: drive as opposed to the C: drive you won’t be able to save files, etc.

As we wrap database and computer systems around every piece of personal data, from credit report to no fly lists, it is important to design them in such a way to limit the number potential victims of said systems. For example, if you are a victim of identity theft you will have to go to great lengths to clear your name and credit history because of how these systems are replicated and copied and ultimately considered to never be wrong.

Sources:

Neo-American Revolution

If the American Revolution was held today, instead of the Boston Tea Party it would have been the San Francisco bay electronics party. If the American Revolution was held today, the Federal Papers would have been the Federal Blogs. If the American Revolution was held today, the constitution would read life, liberty, and the pursuit of privacy. If the American Revolution was held today, instead of ‘taxation without representation’ our rallying cry would be ‘representation without special interest.’

Social Media Top Links February 2010: Google Buzz Privacy Debacle

Here are the top links, articles, and news regarding social networking sites such as Twitter, Facebook, and Google Buzz. The big news this month was the announcement and initial release of Google Buzz. Google Buzz generated a lot of buzz with users, mostly because of it’s thoughtless disregard for user’s privacy.

Twitter

Facebook

Google Buzz

Who Does Mark Zuckerberg Follow on Google Buzz

It took me about a day an half to get on Google Buzz after it was announced. The first thing I noticed was that I was already following a half dozen accounts and worst off that some people where following who I had only emailed but a few times. Google Buzz’s first failure was that it auto-followed certain contacts in your address book based on some ‘algorithm.’ The second mistake in Google Buzz was that it pushes you to make your profile public, even an experienced social media maven can inadvertently make their profile page public. A third oversight in Google Buzz is that your profile name is your email address. The fourth mistake is you can see, by default, the people that other people are followings and their followers. There are many more mistakes and hiccups, like blocking not working correctly, and these have been covered many times over. The problems I have listed here have a perfect privacy shit storm. The Eric Schmidt, CEO of “do no evil” Google, has defended Buzz and their lack of privacy awareness as a end user confusion. So maybe this is the perfect Schmidt storm as I don’t think he is using Google Buzz.

It was reported that the Google boss said the following:

I would say that we did not understand how to communicate Google Buzz and its privacy. There was a lot of confusion when it came out… [last] Tuesday, and people thought that somehow we were publishing their email addresses and private information, which was not true.

Eric Schmidt is either a liar or a dummy, pick any two! With the issues outlined above, it is possible to find out peoples email address, and worst, find out people close to however you are virtually stalking, I mean friending. Let’s take a public example, let’s see if we can find Mark Zuckerberg’s close contacts and email address using Google Buzz.

First you will need to log into your GMail account and click into the Buzz inbox. If this is your first time, you will probably already have a few followers. Under the text area to enter your buzz, you will see a link that reads ‘Find people.’ There is a search box where you can find more people to follow. In this box, enter Mark Zuckerberg. Mark of Facebook fame should be one of the first few people that comes up. Originally I was going to do this experiment with Eric Schmidt but I had a tougher time finding his profile. You can follow Mark or view his public profile. Mark is probably busy playing Farm Ville or working on new Twitter features to copy so he probably has not configured the privacy settings of his Google Buzz account.

It might also be worth while to question if this is the real Mark Zuckerberg, we can not be sure, but if you see the people that are following this profile you will see that very connected Silicon Valley technologists are following this person.

Mark Zuckerberg's Google Buzz contacts

Mark Zuckerberg's Google Buzz contacts

In Mark’s public profile you will see that he is currently following 16 people. A quick glance of said followers shows Mark Zuckerberg is following Charles Cheever, Dustin Moskovitz, Adam D’Angelo, Paul Buchheit, amongst others. So now you can do this to each person that Mark follows on Google Buzz, etc. and easily develop a social graph of people Mark Zuckerberg contacts and connects with via email. Looking these folks up, on Google, you will find that they are early Facebook founders and fellow Silicon Valley entrepreneurs.

If you click on his public profile you will see that his Google Profile vanity URL is the following.

http://www.google.com/profiles/mark.zuckerberg#buzz

Notice his user name, mark.zuckerberg. If you append “@gmail.com” to his profile name, you will get Mark Zuckerberg’s GMail address. Feel free to send him a note telling him how much you enjoy getting updates about your friends finding alien cows on Facebook. Mark is a private guy, I mean you can’t just add Mark Zuckerberg as a friend through his Facebook profile page. As the founder and CEO of Facebook, Mark is tech savvy so I can’t imagine him intentionally making his GMail address publicly available.

It is evident, that Eric Schmidt is not aware how easily it is to find private email address of Google Buzz users or he is lying. I think that Google should change their motto from “do no evil” to “it’s okay to do dumb shit with your privacy.” What I can’t believe is that apparently Google Buzz was in use inside of Google and by some of their 20,000++ super genius bar qualified engineers for a year or so and no one caught this.

Mark Zuckerberg's Friends on Google Buzz

Mark Zuckerberg's Friends on Google Buzz

Social Networking Bill of Rights

After the multiple privacy disasters at Facebook and more recently with Google Buzz, it is clear that users of social networking sites need to define Bill of Rights. We have the unalienable rights to our data, and right to request any other data collected on our us, whether it be social graph data, usage patterns, or marketing analytics. Having rights to our data means that we have the right to share it with any one at any level at any time, we have the right to leave a given service taking our data with us and purging our profile completely. We should be given adequate time to review any new Terms of Service carefully and not be force to just click away our rights. We have the right to our own vanity urls where it does not blatantly infringe on trademarks, and this right includes the right to sale and transfer said vanity urls.

Bill of Rights

  • You have the right to retain copyright of all your data.
  • You have the right to own your vanity url, copyright, and trademarks.
  • You have the right to import/export data in different formats.
  • You have the right to set privacy settings including name, profile name, email, phone number, address, friend list, etc.
  • You have the right to not use your real name.
  • You have the right to not be spammed, and opt out of any marketing email or contact.
  • You have the right to share data at the individual post with the whomever you wish at whatever time you desire.
  • You have the right to delete your profile or data at the individual post at any time.
  • You have the right to review all data collected about you, your profile, your usage.
  • You have the right to opt-out out of any system that collects data on your profile.
  • You have the right to review any change in Terms of Service and be given enough time to accept, decline, or export your data.

Are there any other rights that we are users of social networking sites we need to defend.