Friday, February 25, 2011

Experts: Web Generation Clueless About Online Privacy

Last April Fool's Day, the online game store created a customer license agreement that asked gamers for their immortal souls. About 7,500 gamers unthinkingly clicked the "agree" button without reading the devilishly fine print.

The gamers kept their souls, but plenty of netizens have clicked "I agree" to download a new music service, software update or game demo without realizing that they had agreed to let the service provider access their personal information. Many more don't bother to figure out how to update their ever-changing privacy settings on social networks such as Facebook.

Thoughtless users don't deserve all the blame for giving up their personal privacy so easily. Online privacy safeguards have been deliberately designed to be irrelevant or annoying to the online experience, said Bruce Schneier, a security consultant who works with British Telecom.

The challenge is whether new generations that have never known a world without the Internet can adapt their online habits to better secure their privacy.

"The business of social networking sites is to invade privacy, because they want more users who lead to more revenue," Schneier explained. "The [user settings] are deliberately designed to be difficult to navigate and opaque."

Schneier spoke as a member of a panel at a symposium titled "Promoting Security and Sustaining Privacy: How Do We Find the Right Balance?" at the American Association for the Advancement of Science conference in Washington, D.C. on Feb. 19.

The Internet generation gap

Some of those who inherit the digital age often don't realize just how much information is being gathered about them all the time when they surf the Web. Others have simply become used to trading away personal information in exchange for Internet-based services that they find useful.

Either way, sometimes it seems the "kids don't give a damn," according to Stephan Lechner of the European Commission's Joint Research Centre Institute for Protection and Security of the Citizen.

But Lechner, who sat on the panel, also pointed to the clunky legal language of long customer license agreements by bringing up the April Fool's example.

Schneier put a slightly different spin on the problem.

"The Internet generation cares very much about privacy," Schneier said. "They might be terrible at it, but they care about it."

Many young netizens have "social fluency" when it comes to navigating the Internet, but they lack the technical knowledge of "where the computer ends and the Internet begins," Schneier pointed out.

They may not know that much of the information which they disclose to social networking websites and consumer websites is no longer as "private" in any strong sense of the word.

But teaching people to better safeguard their privacy can prove tricky as people spend more and more of their time doing computer-related tasks and storing data purely online – the huge trend known as cloud computing.

Other issues come up because of shifting privacy safeguards, such as Facebook's habit of regularly changing its privacy policies.

"This is a problem if you are educating the young and the unknowledgeable; how would you educate them if the info you tell them is outdated in a very short time?" Lechner said.

Forever playing catch-up

The panel experts mostly agreed that humans may never catch up if they hope to adjust social noms and behaviors to the rapid pace of new technological advances.

"I'm wondering if we can't educate users," Schneier said. "I'm not sure we can. I think things are moving too fast."

But a more hopeful view came from Katharina Zweig, a computer science researcher at the University of Heidelberg in Germany, who attended the symposium as an audience member.

The problem is that people fail to realize how the software behind social networks or consumer websites can easily dig up personal information online without direct consent of the human user, Zweig said. She suggested teaching people the difference between the capabilities of a computer and a human.

"I think we can educate people about the fundamental difference between computer thinking and human thinking," Zweig told LiveScience.

If successful, such an approach could help young generationsbetter appreciate the faceless programs behind the Internet websites and services.

After all, "the Internet never forgets," said Jeremy Pitt at the Institute for Security, Science and Technology of the Imperial College in London, and the third member of the panel.

"One question my five-year-old daughter asked, which completely floored me, was 'Does the Internet know who I am?'" Pitt said. "This question was wrong on so many levels."

Schneier jumped in before Pitt had finished.

"It's easy -- the answer is yes," Schneier said.

Wednesday, February 23, 2011

Facebook Phishing Scam Uses Fake Login Page

A new phishing scam currently spreading through Facebook is proving how important it is to read the fine print.

The scam uses chat messages and wall posts on friends’ pages to trick users into thinking they are being directed to a Facebook application, according to the security firm F-Secure.

Instead of landing on the app page, users instead find themselves on a genuine-looking Facebook login page, where they are asked to re-authenticate their account by entering their e-mail address and password.

But if users look carefully at the login page, they realize the URL in the browser’s menu bar includes “.ru” after the regular address, meaning it’s not a legitimate Facebook site, and any information entered can be easily swiped by the cybercriminals perpetrating the phishing scam.

F-Secure says that although this particular Facebook scam hasn’t spread quickly, Facebook users should always be careful when asked to enter any information, and to be especially wary of links, even if they appear to come from friends.

Defend and protect your identity with Razorpoint Security Services!