Just a short note to my military friends. Doubtless you’ll be hearing about this soon enough anyway, but just in case you do not: Tom Ryan is due to present a talk at the upcoming Black Hat Conference in Las Vegas about the dangers of revealing too much information on social networking sites. According to reports on computerworld, FOXNews, and Armed with Science [dod.mil], Ryan ran an experiment to see how much sensitive information he could glean through social networking. He created the ficticious persona of “Robin Sage”, a good-looking twenty-something, hacker grad from MIT who claimed to be an intern at Naval Network Command. In the month Ryan ran the experiment he was able to build a considerable number of social networking connections on Facebook, Twitter, and LinkedIn with active duty military personnel and officials and through these connections was able to glean military intelligence. The simplest and most obviously dangerous example of leaked information should be of immediate concern to military folks:

For example, one of Robin’s soldier friends posted a photo of his unit on surveillance duties at a mountain outpost in Afghanistan. That inadvertently exposed their location, because the photo contained GeoIP data from the camera.

The other night I was having a fantastic time with some friends after a barbeque and the subject of family history came up. I had pulled some old photographs off the walls and we were talking about this and that character in the photo and when someone asked the question, I realized I had no idea what year my grandfather had been born. “No problem”, I said, “I’ll just fire up the Mac and call up my website – I have this awesome software running that I share with the family with lists and graphs and everything, we’ll just look it up!” Seconds later I was staring at the screen wondering what had happened to my data. I couldn’t log into my own site and all my family data was inaccessible.

Read the rest of this entry »

It took me over an hour but I finally managed to manually remove every last photo, video, like, group, note, friend, list, and event from my facebook account. However, the experience was pretty liberating. I also remembered to change my password before deactivating so I wouldn’t accidentally log in from another machine where I had my old password stored and reactivate it again before the 14 days are up.

Hi Nate, We have received a request to permanently delete your account. Your account has been deactivated from the site and will be permanently deleted within 14 days.

I’ll miss the conversations that wouldn’t have happened otherwise, and it was nice to catch up with some old friends again. The events scheduling and rsvp ability was great – but the fact that people you knew who didn’t use facebook couldn’t participate was a real downside to that. I imagine leaving facebook won’t affect how much I hang out with real people other than providing slightly more time to do it in.

The number of sites that are partnered with Facebook to share your personal information is growing. If you’ve been under a rock for the last month than you might have missed the big news that Facebook’s CEO Mark Zuckerberg unvieled what he called “the most transformative thing we’ve ever done on the web”, something he called Open Graph at the Facebook F8 conference. Open Graph is a great name for the new initiative because its aim is to open up all the information that Facebook users previously thought of as being private. Speaking personally, I have no real problem with sharing information – thats what the web is supposed to be all about, but for people who are still relatively inexperienced when it comes to computing and web technologies the changes at facebook may come as a bit of a surprise. Many users have come to the disturbing realization that personal information which they credibly believed to be ‘private’ or available only to selected users has turned out instead to be the property of the site on which they entered it, and that they have relatively little control over it at all. Pictures, relationships, interests, friendships, personal data like birthdates and children’s names have all (incredibly) been offered up without much question to a private firm which now intends to share that information with marketing partners (everyone) with little concern for whether you wanted to share it or not.
Read the rest of this entry »