RSSAntisocial media: Lack of safeguards is killing the experience
By Carmi Levy | Published November 2, 2009, 10:35 AM
Say it with me, everyone: Facebook sucks.
I don't mean that in a literal sense, of course. But the growing number of obviously hacked status updates and phishing-like scams coming from folks we all thought were our friends has me wondering if Facebook is having more than a little trouble keeping a lid on the kinds of nasties that have already ruined e-mail, Usenet, and while we're at it, the Web in general.
Face it, folks, the Internet is a cesspool of sleaziness that makes my city's down-on-its-luck downtown core look luxuriously palatial -- and safe -- by comparison. When a full quarter of the status updates I receive in any given day look questionable enough for me to take the time to respond to the sender that I think his/her account has been hacked, it's a sign that Facebook's got a serious security issue, and things only seem to be getting worse.
Facebook saves face
I don't want to pick on Facebook too much. They've had a tough year, after all, with users in a number of countries taking them to task for their Byzantine privacy and copyright policies. Here at home, Canada's Privacy Commissioner just finished a months-long investigation that resulted in Facebook implementing significant changes to its privacy management processes and documentation. I realize it's a big job, and the developers and lawyers who made these changes and rolled them out globally probably need a vacation. Whether they get to take it is another story.
Facebook, unfortunately, isn't alone. Twitter has also fallen victim, with shady links that were obviously sent by a malicious bot or similarly questionable, non-human source now becoming regular fare. An unprintable reply from a complete stranger, for example, would have routed me to an X-rated Web site had I been stupid enough to follow it. Some are a bit more subtle, but no more successful: This morning's direct message from a friend ("hi. I found you on here http://reallyhinkylookinglink.com") caused my antenna to go up because:
- He's my friend and we both already know quite easily how to find each other online;
- He used to teach with me. I know for a fact that he uses both upper- and lower-case letters when he writes; and,
- He loves his sleep. He wouldn't be sending Twitter DMs at 3 a.m.
Like spam before it, I have no doubt that some of these come-ons may be sophisticated enough -- or merely sufficiently normal-looking -- to fool a few gullible recipients. Which, in the end is why such garbage continues to exist. Even if the take rate is 0.0001%, that's enough to keep the cretins who pump this stuff out still in the game.
We thought closed meant safe
But social media platforms like Facebook and Twitter aren't e-mail. Perhaps I'm more than a little naïve, but I'd like to think that because they're large-scale applications delivered by one provider, said provider would have more control over what goes on than, say, an e-mail service forced to work in a wider context. If e-mail is the Wild West with relatively few rules and no one in a position of absolutely control, Facebook at least has some sort of sheriff who dictates -- and hopefully enforces -- something akin to law and order.
Like I said, I'm probably being naïve, but Facebook and Twitter both more or less own their respective playgrounds while Microsoft's Hotmail does not. I'd like to think that that subtle difference should be enough to at least keep a lid on the influx of sewage. Then again, I guess I'd like to think a lot of things...but that doesn't mean any of them will come true.
The problem with social media tools lies in the fact that they are social to begin with. Unlike e-mail or earlier forms of online messaging and interaction, which generally set few limits on who we could reach out to, most social media applications challenge us to build communities of friends. We choose who to let in and who to exclude, and that very process lulls us into a fairly false sense of security. For we believe that once we've vetted our so-called online friends that we're all able to let our guard down because the playground itself is safe. I already let my friend into my house, the feeling goes, so nothing bad can happen from here on out.
Which is terribly wrong, of course, because as much as we'd like to believe that our friends, colleagues or acquaintances would never deliberately harm us, they can do immeasurable damage when they are compromised by their own innocence and/or ignorance. We see it every day in real life: folks too ignorant to understand the risks of H1N1 going to work because they don't want to let their team down, or well-meaning friends bringing nut-laced treats to a peanut-free home. We let these people in because we know and trust them. And in doing so, we expose them to our soft underbelly because we figure there's no need to apply the same kind of protective thinking that applies when we're around strangers.
Paranoia goes social
It's that kind of mindset that makes us that much more vulnerable to social media-borne attacks than those delivered through more conventional channels like e-mail. We've all been conditioned to reject the obvious spam (misspelled subject lines, Nigerian princes, cheap meds and all) but a link from a Facebook friend still doesn't raise the same level of alarm, if at all.
It should, of course. And until more of us become as jaded and cynical when we're Facebooking and Twittering as we do when we're e-mailing and IM-ing, these services will continue to be increasingly popular targets of choice for hackers and criminals. And while that's happening, we need to figure out better ways to convince ourselves -- and more importantly, the connections around us -- that just because it's social doesn't necessarily mean it's safe.
I'll apologize for opening with such strong language. I don't really think that Facebook sucks. But that could change very quickly unless the company, along with Twitter and any other major social media competitor, gets as serious about security as it already has about privacy.
Carmi Levy is a Canadian-based independent technology analyst and journalist still trying to live down his past life leading help desks and managing projects for large financial services organizations. He comments extensively in a wide range of media, and works closely with clients to help them leverage technology and social media tools and processes to drive their business. Join Carmi on Facebook today!
is not only about your friends writing inconsiderate comments on your wall or posting a porn pic, it happens deeper than that. how about being -you- who post that pic or wrote that comment? at least that's what your friends/family/coworkers/church would believe because it was written with your account. and you can't do anything about it because you don't have any "antivirus" to get rid of the (fu)hacker posting those things using your account.
Score: 0
|So, one person clicks on a bogus friend request, and then their account is hacked, their friend list is exposed to the hacker, and it spreads virally to every doofus who clicks on the same link. That's just sad. Have we advanced online security at ALL since ICQ?? I'm so glad I have no use for social networks.
Score: 0
|Facebook is the root of all evil.
Score: -3
|That would be MySpace. Facebook is just a branch (albeit a very large one).
Score: 0
|Just my view...
The issue with social websites like this is the level of policing they do [lack of].. and honestly they shouldn't be doing the policing, the people who get the messages/updates should be doing it.
And how you control this is by providing an option to report this person/entity as a spammer/abuser. And then there should be steps behind that to deal with them or to help the person who's account was stolen.
Rarely, does a site or program get used in the way it was intended and while Facebook and Twitter were noble thoughts at first, we can all realize that they've been commercialized and now a victim to attack and exploitation. Creeps/Criminals find loop holes and they take advantage.
'...cesspool of sleaziness' - it can be, but there needs to be options...
This is fine as long as there's a way to police it. Make it easy; give the people the power to police the traffic and then maybe things will start to get better.
Score: 0
|Perhaps you're making the wrong friends? I have a ton who aren't close and haven't noticed a problem with scam updates. Just the usual, annoying application invites.
Score: 5
|Same here, stupid games etc, which I hide, but never seen any phishing/scam type stuff from any of my facebook friends.
Score: 1
|"Say it with me, everyone: Facebook sucks."
How about...No?
No-one can protect people from their own stupidity. Period. The only "solution" would be to remove them from Faceobok. PR-wise, that's about as stupid as you can get.
Instead, we'll see the cat-n-mouse game we see with every other popular piece of software with a big red target on it.
Nothing new here...
Score: 2
|I fundamentally agree with your post and reasoning. Unfortunately, I realize that - like you - we are far better at using the web than those less experienced people we let loose on the internet. Those kinds of people will always be duped. Arguably, some people just shouldn't be using the internet at all.
As far as popularity goes, it does seem inevitable the same will happen though. Popularity brings opportunity to scam and make money. It's enough to drive me away from large sites.
Score: 0
|