Carleton University has been in the news lately for being the victim of a hacking attack. Erm, more accurately, Carleton has been in the news for having a student, Mansour Moufid, identify a serious security flaw in the Carleton Campus Card, which enabled him access to the email passwords of 32 of his fellow students. Moufid then wrote a report on how he was able to breach the school’s security, and snail mailed it to the school’s security department, who ignored him (says Moufid).
Ten days after mailing the physical copy of the report to Carleton, Moufid emailed the 32 students whose accounts had been completely compromised, and informed them that the school had been made aware of the attack on security, and had decided to ignore it. One of the students happened to be an intern at a CBC newsroom, and her supervisor found the story to be interesting — it grew from there. Carleton said that they only received the package the same day that Moufid emailed the 32 students, leaving them with no time to do anything at all. Read More »
We all know the stories about 2-3 year olds playing Playhouse Disney on the computer with mom and dad. Just this weekend my 8 year old nephew and 10 year old niece showed me the websites they built on freewebs.com where they posted a few of their favorite games (it was great to see classic Pac-Man included!), as well as some cute quizzes and guest books to sign. So the question is not when do children start using the computer because I think we have more than enough proof that use of computers starts pretty early, but at what age should our children get social online? What messages do parents need to communicate to their kids? How good are the security policies on places like Facebook and MySpace AND are parents even aware of them?
When speaking with a few other GenX/Boomer parents this week it was interesting to hear that they were all aware of the dangers of letting their 12-15 year old children…especially their daughters on social networks, however not one of them could talk about the different security options on the sites. I was amazed that people that claimed to be very involved parents had not even visited the sites to see what they’re all about. Even if you “ban” a site from your home computer, do you think your kids aren’t logging on from their friends’ computers, or other places?
Look, I know there are crazies out there that take advantage of children online, but kids will get online one way or another so parents need to get involved sooner rather than later. As many internet safety sites state, in the end it all comes down to the time tested policy of open and honest communication with our children. Speaking to them about how the internet works, what is and is not appropriate behavior online and what concerns you have. Simply cutting off access or “spying” on your kids is not the answer. So, put away the PDAs and cell phones and have a straight forward talk to your kids. Am I preaching to the choir here? How do we reach those parents that are not electronically connected?
To those readers with pre-teen or teenage children please share your thoughts. What has worked/not worked for you?
For those interested, below is a small sample of the many internet safety sites available for both kids and parents:
Photosynth (ted talk, demo page, our coverage), a project acquired by Microsoft, made for one of the coolest tech demos to grace the internet in a very long time. The experience that Photosynth provided by inferring 3d structures from collections of 2d pictures made for a very rich — and jaw dropping — user experience. But not rich enough, it seems: Microsoft has a competing project another such tool from some people on that team, developped jointly with the University of Washington. Introducing Photo Tourism (project homepage, /. coverage). Check out the video:
Like Photosynth, Photo Tourism assembles its 3d models from photos on flickr. Photo Tourism, however, allows you to not only add your own photos to a 3d set, but “walk” between the locations where your pictures were taken, virtually. Photo Tourism also allows a user to rotate their point of view around a landmark or object, and can even determine if photos of that landmark/object were taken during the day or at night, grouping them accordingly. This results in a very high “feels like you’re there” experience, but what’s the next step? Read More »
One rainy day earlier this summer, nGenera’s Gov 2.0 Program Director, Dan Herman, locked three summer interns in a room (Ben and Jude, and I) and asked us to think about what life - and government - would be like ten years from now. One of the results was the following short story about a day in the life of a man named Donald, in the year 2018. Hope you enjoy.
7:00 AM. The alarm rang, and Donald pressed the confirm button to silence it. His bedroom monitor switched on and began playing his morning video feeds.
According to Stanford law professor Dr. Lawrence Lessig, the U.S. government is prepared to react to an online version of 9/11 with a digital equivalent to the Patriot Act, i.e. locking down the Internet.
He likens this to a post i9/11 future, one where our online rights and privacy will face unprecendented scrutiny by government. You can watch part of his talk at Fortune’s Brainstorm Tech conference in California where he made the comments below.
This message mirrors part of the thesis proposed by author and Harvard Law School Professor Jonathan Zittrain in his new book “The Future of the Internet and How to Stop It.” In it, Zittrain argues that we’re on the path to Internet lockdown thanks to a combination of proprietary devices and malicious intent. You can read my colleague Naumi’s review here.
There’s some great discussions and ranting taking place about this pretty much everywhere so I’ll pass on the summary of what’s being said and instead pose two questions: what constitutes an i-9/11 attack, and what would such an act allow that isn’t already being done today?
I will be the first to admit that I am something of a Facebook stalker. Although it sounds creepy, it just means that I have kept up with friends’ lives via Facebook. Some Facebook stalkers take it to a whole new level, browsing strangers’ profiles within their networks. I do not do that.
I say all of this to preface the fact that I am not really a stalker even though I just spent the last hour on criminalsearches.com, where anyone can enter in someone’s name and get a whole list of criminal offenses ( if any) for free. Most criminal records are public information and anyone can search individual state databases for free. The cool thing about CriminalSearches is that it aggregates all of these disjointed databases and delivers a more comprehensive result with much less time and effort. Launched just last month, CriminalSearches is garnering serious attention.
So what did I turn up in an hour’s time? I found my black sheep cousin and all six of his quite impressive drug and alcohol convictions. I even found an old high school teacher (who was fired the year after I graduated) who now has a conviction for assault. Nice.
In my last blog I pondered my personal brand and how to manage my information. While I am fortunate—or maybe just law abiding—enough to not have any dubious offenses tarnishing my online identity, there are likely thousands more who find themselves struggling to move past a youthful indiscretion or other similarly embarrassing-but-not-as-bad-as-it-sounds offense in a society that highly stigmatizes criminal activity.
In theory, a judge decides how much time and effort it will cost a convict to repay their debt to society. After that period is over, the ex-convict’s debt is considered paid and the ex-convict moves on with their life. But now, with such data so readily available, a convict’s debt to society will now be decided by the court of public opinion for better or worse.
CriminalSearches may become a powerful law enforcement tool. One blog about CriminalSearches describes how a family researched the criminal record of the person suspected of killing their son. The blogger claims that the site’s alias information helped investigators find missing records that put the suspect behind bars.
While that may be a rare case, it benefits society to be able to thoroughly screen people they come in contact with and in whom they place their trust. While some people may be upset to find themselves listed as a criminal for a traffic offense, others will highly value this information when hiring drivers and nannies and babysitters. Parents could even look up their kids’ friends’ parents to see if they are safe drivers and trustworthy people before letting their kids hop in the backseat or attend a sleepover.
But there is a fine balance between society’s right to know and the individual’s right to move on with their lives. How will society adapt to such pervasive and powerful information in an increasingly voyeuristic world?
In any case, better look yourself up and see what dirt there is on you. It’s all a part of curating that ever-expanding online identity. If you find incorrect information, such as a ticket that was supposed to be dismissed or expunged, contact the authority that issued the citation and clean up your image. It’s the only one you get.
Last week, O’Reilly Media hosted the 2008 Open Source Convention (OSCON) in Portland, Oregon. The conference is described as “the crossroads of all things open source, bringing together the best, brightest, and most interesting people to explore what’s new, and to champion the cause of open principles and open source adoption across the computing industry,” and featured speakers from all over the open source community. The talks and panels are (of course) available online.
Ongoing, a blog focused on truth, technology, and business, wrote a profile of one OSCON talk in particular, one given by Christine L. Peterson, on the topic of open source security in elections. Peterson argues that the US Government thinks that the best way to safeguard rights is to accumulate as much data as possible through numerous types of surveillance, and that the issue of transparency versus privacy is not even on their radar. Furthermore, Peterson thinks that this approach is fundamentally misguided, as terrorism is a bottom-up problem, and “they’re trying to solve a bottom-up problem with top-down tools.” This leads her to suggest that we need bottom-up physical security — and that the open source community is best tasked to develop this new breed of security systems. Read More »
An article in today’s Financial Times describes how a private citizen has been ordered to pay £22,000 for starting a group called “Has Mathew Firsht lied to you?”
From the article:
In a legal ruling likely to send a chill through the -global social networking phenomenon of Facebook, a British businessman has been awarded £22,000 ($44,000) in damages from a former school friend who created a fake profile of him on the website.
Mathew Firsht brought the landmark libel action after coming across a Facebook group titled “Has Mathew Firsht lied to you?” as well as a profile containing false claims about his sexuality, religion and political views.
It is significant because: a) the defendent is a private citizen, not a newspaper or other entity that is typically held to a higher standard and b) there are thousands of groups like this on Facebook. Some are in good fun (see here for one about a childhood friend of mine), others get a little nasty (no example provided…see title of blog).
Is this a one time event? Will it vary by jurisdiction? How many lawsuits are currently underway?
Last week, The New York Times covered a new project by Google: having targeted, text-based advertisements that are influenced by past user search history. With this new program, a user who makes separate searches for “golf” and “shoes” is more likely to see ads for golf shoes during subsequent searches - reminiscent of how Amazon recommends products based on past searches and purchases.
Google, already owning two-thirds of the search market, has an advertising relationship with many businesses. These businesses only pay Google when their ads get clicked. So far the system has been beneficial and lucrative for both Google and their advertisers. By integrating past search data with current contextual advertisements, Google is greatly
expanding the context within which they can display ads. Google can therefore improve the relevance of ads, increasing the chance that users will click them.
If this model is successful, users become more than one-time search results; they could develop robust profiles of interests to allow very specific, tailored selection of advertisements. But does such a collection of user-interest data pose privacy concerns?
The argument in favor of new advertising approaches like this is that this data can be used to display advertisements that, far from being annoying or distracting, actually offer useful solutions and products to consumers at exactly the right time in exactly the right place. Personally, I don’t even notice a lot of ads on websites that I view just because I’m so used to seeing ads for products that don’t interest me at all. I’ve grown immune to ads but if they are going to be tailored to my interests, I may actually start noticing and clicking these ads now.
Is Google the right company to implement this? Already, people seem very quick to trust Google, but it seems to me that there should be limits on how much information any one company can have about their users, and those limits should be set by the users themselves. I get the feeling that many users just don’t comprehend or realize how much information of theirs can be tracked via programs like these.
What level of transparency are you prepared to offer up to Google?
As my colleague Lawrence notes in his latest blog, the potential abuse of personal data shared by users in social networking spaces is of increasing concern. But key to the discussion is the potential value that such shared data might create for the owners of that data.
Amongst the discussions at our Government 2.0 meeting at the Harvard Kennedy School of Government was a debate over the merits of data sharing, and whether the collection of citizen data in the name of public safety and service delivery outweighed the risks of abuse and the potential for infringement of personal freedoms and privacy.
To kickstart the discussion, one of our colleagues shared this video from the American Civil Liberties Union that highlights a perhaps perverse or perhaps not-so-perverse future:
Last week, The Washington Post published an article about potential privacy concerns that result from using Facebook applications. Facebook greatly increased their popularity by letting users add custom functionality to their Facebook profile by installing application widgets — of which there are nearly 30,000 available.
However, many people do not realize that by adding these applications, they’re giving the applications (and therefore the application’s developer(s)) access to their personal information — irrespective of any privacy settings that a user may choose. Given that Facebook is an open platform where anyone can write an application, users are effectively giving complete strangers a slew of personal information. Read More »
Looks like Facebook has upset some sensitive law students at the University of Ottawa.
According to this article, a group of students as part of one of their courses have decided to lodge a complaint stating that Facebook commits 22 violations of Canadian privacy law.
From the article:
They allege Facebook fails to inform members about how their personal information is disclosed to third parties for advertising and other profit-making activities, and also that it doesn’t get permission from users to do so.
The students drew up the complaint after analyzing the company’s policies and practices as part of a clinic course during the winter term.
Clinic director Philippa Lawson says the group focused on Facebook - which boasts more than seven million Canadian members - because it appeals to young teens who may not realize the risks of exposing personal information online.
Proposed details of ACTA (the Anti-Counterfeiting Trade Agreement), a treaty being negotiated between a number of international partners including the US, Canada, and the European Union to help fight intellectual property theft, were leaked last Thursday via Wiki Leaks.
According to a survey of 5,000 adults and 3,000 children in the UK released by OfCom (Office of Communications) yesterday, 49% of children between the ages of 8 – 17 are on some form of social networking site.
It’s amazing the difference a few years makes in the daily lives of young people. When I was young (and I’d like to think I’m still relatively young), at elementary school, the only way to keep in touch with classmates was through snail mail (at that age I wasn’t allowed to, nor was I interested in, using the phone) – and snail mail definitely isn’t the best way to communicate with anyone. But even as I got older, I never got to use technologies such as IM to keep in touch with my friends at school during the summer time or to discuss questions about homework. (I remember when I first started using IM at the end of high school, probably around OAC, my friends thought I was really geeky and nerdy – my IM use really took off when I got to university though). I look at how my sisters study and do work now in high school and it seems like light-years have passed from the archaic idea of dictionaries, encyclopedias and even libraries – who uses books these days anyways? When you have Wikipedia! Why do you need to consult any of those ‘old-school’ resources when everything can be found online?
In order to combat automated robots and other forms of cheating, World of Warcraft comes bundled with a rootkit (which has since been named Warden) that monitors your computer for signs of “suspicious” activity contrary to their EULA (End User License Agreement).Greg Hoglund first identified Warden in October 2005, a rootkit installed by World of Warcraft that monitors your machine every 15 seconds to identify programs that are attempting to hack or interfere with the operation of WoW that would be against the EULA (bots, unauthorized interface hacks, etc). The rootkit acts similar to spyware, and according to Hoglund:
“Besides Monitoring the WoW process space and keeping track of DLLs running in that space, the Warden pokes around into other processes, doing things like reading the window text in the title bar of every window and doing a scan of the code loaded for every process running on your computer (which it then compares against known cheat code).”
“As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”
The entire Internet- that’s quite a bit I must say. This is the basis for a great pitch that Phorm is throwing at AT&T, Verizon, Comcast and other ISPs (as reported in the NY Times by Louise Story)- we can track everything. That comprehensive view of what every individual does on the Internet has to add up to advertising dollars somehow, right?
Well, of course. However, there’s the simple problem that maybe, just maybe, people will have some apprehension about a company tracking every single thing they do and selling (or otherwise profiting from) that information somehow. But apparently Phorm is already rolling in Britain, and claims to have access to 70% of British households that have a broadband connection. Naturally, the British Government is investigating the privacy ramifications… of a company… tracking everything many of their citizens do online. Should be a tough investigation.
PostSecret.com is a site where members obtain a form of therapy from anonymously sharing their secrets with the world. The project started with physical post cards about 4 years ago and has since made the migration to social media. There have also been a number of books and videos created as a result of the more than 180,000 secrets that have been shared.
It amazes me the creativity, honesty and emotion that individuals are willing to display anonymously via the web. The most recent compilation from PostSecret.com, A Valentine Video, can be seen below.
The key to the success of the PostSecret model is the anonymity of those who are sharing their secrets. However, when we talk about collaboration in the enterprise that same anonymity that drives creative and honest expression is shunned. The truth is that when companies implement Web 2.0 solutions they are afraid of what employees might say or do if they are not held accountable. What if someone blast the CEO in a blog post, post inappropriate content on the social network or vandalizes project information in the wiki?
These are all valid concerns, after all companies have rules and regulations that they must abide by and need to maintain a safe work environment for employees. But what about the creativity, the innovation, and the honesty that comes from the freedom to express your thoughts anonymously. In the enterprise cultural and political reasons often prevent employees from feeling comfortable to share their true opinions, but the good news is there are ways to get the best of both worlds.
Companies could try creating a forum for employees to anonymous submit thoughts and ideas being clear that all content must be work appropriate. If needed, monitor the site and allow users to flag inappropriate content (ala youtube) or if necessary monitor the submissions before they are posted (making it clear to submitters why the have been censored). If that is to radical, start by allowing employees to express themselves by ranking and rating content. The idea is to give employees a voice and the freedom to break free of the hierarchy and danger of group think. I was just talking with my colleague Alan and we discussed how an anonymous forum could be valuable tool on those occasions when everyone is thinking the plan from the top is flawed, but doesn’t feel comfortable voicing their opinion.
I think it’s something worth thinking about if you are moving the way of Web 2.0 in your organization.
There have been concerns in the past over Facebook becoming a hotbed for identity theft. With all of the personal information available on profiles industry pundits feared social networking sites would be easy pickings for hackers. What they didn’t predict was ‘Facebook identity theft’, meaning someone virtually stealing your identity on Facebook?
“Fouad Mourtada, 26, was arrested in Casablanca for “villainous practices” in connection with the theft of Prince Moulay Rachid’s identity, Maghreb Arabe Presse reported.” The problem seems to be that Fouad was a little to too good (ad perhaps even a little devious) at pretending to be the Prince of Morocco. I did a quick check on facebook for the closest thing to a Canadian prince, Wayne Gretzky, and to my surprise ‘the great one’ has about 30 Facebook profiles (although his choice of profile pictures are sometimes questionable - signed hockey cards and cardboard cut outs). If I were to wager I would bet the over/under on the number of fraudulent Gretzky profiles to be at least 29 maybe 30.
Will this be the start of the rich and famous pro-actively defending their online identities? Perhaps this will help push initiatives such as OpenID forward? I will leave you with a clip called Facebook Off (a spoof on Face-Off), my favorite line “Your just a person, facebook is a website”.
Here’s a summary of just a few of the wikinomics-related stories that have popped up over the last few days.
The Economist’s article The Challengerstakes a look at the new multinational companies that are evolving in the emerging markets. From the perspective that the Ford-Jaguar-Tata story brings, to the data on Developing countries cross-border M&A, it’s a fascinating study of how the world is changing right now.
CIO.com has a nice little article on how Sun Microsystems is leveraging Second Life to facilitate internal collaboration and social interaction. The best quote provided in the mini-interview is: Up until now, Sun, like most companies, has used audio conferencing. We’ve used a little bit of video conferencing too, but a lot people working at home don’t have video because that’s their personal space. So we mostly use audio conferences. The problem with this is we’re not getting the social interaction and the informal brainstorming you’d get in person. We figured [we] can create a virtual world where you can begin to re-create that social interaction, and then we could really create a wonderful place to bounce ideas off each other, both as a group or just between two people.
We’ve talked about the potential for RFID tags (and related technologies) to bring about a lot of positive changes in business and society, while also creating some major concerns in terms of privacy (etc.). Think about both sides when you read this story about Ministers in Britain planning to implant RFID tags in prisoners.
While a lot of people in Western nations are focused on the rise of India and China as major exporters, one of the more interesting trends to watch is there trade with each other. This article in the Times of India sums up the situation nicely, and it will be interesting to see how India reacts.
The fact that confidence in many major financial institutions is going into the tank won’t surprise too many people in Second Life. To quote: “As of January 22, 2008, it will be prohibited to offer interest of any direct return on an investment (whether in Linden dollars or other currency) from any object, such as an ATM, located in Second Life, without proof of an applicable government registration statement or financial institution charter,” Linden Lab wrote on its blog Tuesday. “We’re implementing this policy after reviewing resident complaints, banking activities and the law, and we’re doing it to protect our residents and the integrity of our economy.”
The NY Times has a great article on “bruising Senate fight” over the Patent Reform Act of 2007. The quick version is that big firms are increasingly antsy about patent trolls and excessive leverage being given to small patent holders, while the “little guys” are worried about the big firms using their heft to trounce them.
Amid the hype of product launches and keynote addresses at this year’s CES in Las Vegas, AT&T confirmed yesterday that it is actively seeking the tools to filter Internet traffic at the network level, in an effort to manage online piracy of copyrighted material.This confirms month-old speculation of the telecom giant’s efforts to manage subscribers’ web usage and it is the latest threat to net neutrality.
Following in the familiar footsteps of competitor Comcast, AT&T cited an “overwhelming” and “unacceptable” volume of peer-to-peer online traffic sharing copyrighted materials as the impetus for action. Senior vice president, external & legal affairs, Jeff Cicconi revealed that AT&T is “very interested in a technology based solution and we think a network-based solution is the optimal way to approach this.”Partnering with firms such as Vobile, creator of VideoDNA, would allow Internet Service Providers to eliminate copyrighted material traffic, thereby eliminating what some estimates peg at up to 40% of traffic, freeing up bandwidth and nearly doubling capacity (and potential paying subscribers) without additional bandwidth investment.
While legal experts have chimed in on the (il)legality of the telecoms’ move towards filtering web traffic, implementation by AT&T could be the first step in a trend that would see net neutrality become an idealistic reverie as other ISPs follow suit.Cicconi acknowledges that whatever actions are taken “must pass muster with consumers” and in a perfect world consumers would maintain the power to choose an ISP that fit their needs (and values).In reality, this power would only hold true as long as ISPs without filtering exist, but unless (or hopefully until) such filtering is deemed beyond the legal rights of ISPs, subscribers are likely to face an impending clampdown on their Internet freedom - Stay tuned.
(For those avid blog readers, this move would make ISPs the new emperor Palpatine on the Brendan Peat hierarchy for piracy.)
Technology and the US election I've written several times about the impact of social networks on this year's US Presidential election - see here and here. And let's be honest, the use of such networks and new web 2.0 technologies has been dominated by Obama. He’s embraced social networks like no other candidate in an attempt to connect with [...]
