Protecting Against Common Risks in Social Networking

Social Networking sites are all the rage. I'm not going to reprise them all - Wikipedia has a good article if you don't know what I'm talking about generally - but I will centre this article around person-centric portal sites like Facebook and LinkedIn since I have more personal experience with both.

Generally, people are more socially vulnerable than social networking sites are technologically vulnerable. Many interpersonal interactions are safeguarded by the lack of scalability when dealing interactively with people. Unless you are a famous person you're unlikely to draw a crowd, and the communication is highly transient - it's only audible when it is spoken.

Email extends the "phosphorescence" attribute of spoken communications -- Abosolute fidelity of 17% of the message. I myself have archived emails going back to 1992, and Google desktop lets me find out what you "said" to me 5 years ago, with insane ease. I once used to describe the first social networking applications - public Fidonet Echos and Usenet newsgroups - as "email for the world to see".

The advent of Dejanews (now Google Groups) made it "email for the world to see forever". Social network sites typically make even the slightest and most flippant communications public forever. This is not good for all people; and that's a function of a person's behaviour.

Risks can be managed to an acceptable level by following better-than-default practices offered by these sites. Educating one's self and adhering to safe behaviours when using a social networking site can allow a good experience and still realize many benefits of social networking. Some of the larger risks when using social networking come from these practices:

• Believing that never logging into a social networking means you don't have an identity on it.
  Instead, consider signing up on the most popular sites and protect your identity. Even if you don't plan to use it, this ensures others won't be able to target you.
  
• Extending trusts to identities as if the identity were the person.
  Instead, attempt to validate the electronic identity though some other means besides the medium you are on. Voice, in person, alternate email address, are all reasonable ways to validate identity without blind faith.
  
• Using the default permissions to implement a simple model of "trusted/not-trusted".
  Instead, implement a multilevel "rings-of-trust" model where you have at least 3 levels of friends, colleagues, associates, acquaintences, strangers, each with progressively fewer permissions. This inherently limits the personal information and aligns with a better, albeit less-than-perfect, real-world trust model.
  
• Posting detailed and personally identifiable information online, believing you will always own and control it.
  Limit how much information is released.
  Canadians are not protected by PIPEDA or other statutes on most of these sites. Consider the information posted as permanent. Needless facts mistakenly published have a phosphorescence of years. Sometimes intellectual property rights are given away when using these sites.
  
• Trusting all application content from a social networking site.
  Use a browser with selectable active scripting such as noscript. Be aware that not all applications available within a social networking site are an intrinsic or trustworthy part of it. Be skeptical and investigate the privacy and security of data when using new applications on social networking sites.

Many will look for the next "firewall" or "anti-this" tool to manage social networking sites. Unfortunately, you can see that many of these risks are difficult to safeguard with new technology. Using common real world practices that protect you, your family and your job from abuse in real life go along way in the blurry border that is real live online life.

W