Sunday, October 12, 2014

The Snappening Blame Game: Protect Yourself and Your Family With Awareness and Action

VentureBeat featured an article entitled, "Who’s to blame for the ‘Snappening?’ You are." While I strongly disagree with the writer's use of the word "blame," I also believe there is nothing wrong with empowering people to take as much control as possible of their privacy and reputation. Those who strive to prevent others from being victimized are too often accused of "blaming the victim," but there is nothing incompatible with assigning blame to criminals while simultaneously helping people to become more informed and protect themselves and their family.

"The Snappening" is the hack and leak of hundreds of thousands of images that people intended to be seen (and immediately deleted) using the Snapchat application. It has been reported that many of these images are of minors. This hacking crime occurred at the same time hundreds of personal photos and videos of celebrities are being leaked, an event disgustingly given the cutesy name of "The Fappening."

Both are crimes, and all blame and legal responsibility rests with the hackers and those distributing the photos. Again, just so I am absolutely clear: The hackers and those distributing users' private photos and other information are wholly to blame ethically and legally. 

That said, there are steps you and your family can take to avoid becoming victims. Saying this does not alleviate hackers from their legal accountability should your family's data be unlawfully collected. All this acknowledges is that we live in an increasingly digital, social and mobile world, and it is vital we recognize and consider the risks associated with our devices, applications, privacy settings and actions.

Telling children not to get into cars with strangers does not blame the victim when tragic situations occur, but it does prevent other children from becoming victims. In the same way, urging our children to understand the risks of their digital, social and mobile actions does not increase their fault should a dreadful crime occur, but it will prevent other children from being victimized as is happening today. Blaming victims is disgusting and wrong; empowering people to avoid becoming victims is smart and caring.

In our digital, social and mobile era, here are some things you and your children must know so that risks can be reduced:

  • Consider the applications you use: Every application you allow on your phone or permit to access your data on social networks increases risk. Who created the app? How will they use your data? Will they protect your data? These are difficult but essential questions we must ask about each and every application that we allow to access our most personal data.

    While few of us possess the technical capability or time to answer these questions specifically, we can take some simple steps: Identify and evaluate the reputation and size of the application developer; consider the access requirements; and review the ratings in the App Store, Google Play and elsewhere.

    The risk posed by third-party apps seems to have contributed to the Snappening leak. Snapchat released a statement saying "Snapchat’s servers were never breached and were not the source of these leaks. Snapchatters were victimized by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security." In other words, once you allow a third-party application to access and use your Snapchat data, there is nothing Snapchat can do to protect your privacy, and the same is true of other social networks and mobile platforms as well.

    Facebook's Privacy Checkup--stop
    griping Facebook makes privacy
    difficult and use it, already!
    Steps you can take today: Review the applications on your and your children's phones. Do you know and trust the developer of each application?  Do the same for the applications that you and your children have allowed to access Facebook data; to do so, visit Facebook in a browser, click the lock icon on the upper right corner and do a "Privacy Checkup" to review "Your Apps." You can do the same in Twitter--click on your profile image and select "Settings" and "Apps" to revoke access to applications you do not know and trust.

    These steps are vital to protect you and your family. To use a real-world metaphor, no amount of locks on your door can keep you secure from those you freely allow to access and use your home.
  • Consider the people to whom you connect:  If a stranger watched, snapped photos of or followed your family around, you would call the cops. Many people not only ignore that strangers do this online but welcome them to so, because this is what happens when you accept invitations from strangers on services such as Facebook and Foursquare.  The people with whom you connect can know where you are at every moment, see and save your family photos and know other information you may not wish shared.

    Parents, who have your children friended? Do they know them well? I will admit I am not a parent, and I understand issues of trust and privacy are sensitive ones with kids; nonetheless, the same parents who would never allow their kids to talk to strangers in the real world are often willfully ignorant of the strangers talking to and monitoring their children via social and mobile applications.

    Steps you can take today: Review your Facebook and Foursquare friends today, and do the same for your children. Do you know them well enough to give them access to your location, photos and personal communications? Many people seem to feel social pressure to accept and maintain "friend" connections on Facebook. My advice: Get over it. There's nothing wrong with rejecting or deleting a connection from someone you do not know well.  An ounce of prevention is worth a ton of cure when it comes to filtering your friend lists.

  • Consider your security settings: Every application and service you use permits you to set your preferred level of security and privacy. I choose to make most of my Facebook posts public, but I do so with awareness and consideration of what I post. My recommendation to most people is that they do NOT make their posts public by default, and as a rule, children should never do so.

    Nowadays, it is not simply the security settings of applications you must consider but also the settings built into your devices. Thanks to services such as iCloud, Dropbox and Google Drive, many mobile phone users automatically upload their photos and data into the cloud without even knowing. Of course, you can stop that from happening if you want, but then you may lose your photos and data in the event your phone is lost or dies. There is no simple answer to how you should set your or your children's security and privacy settings, but it is important we make informed decisions and take proactive action rather than having an unpleasant surprise later.

    Steps you can take today: First, review the security settings in your applications--who can see your data and what data can they see? As noted above, Facebook has made this much easier with its Privacy Checkup feature.

    Perhaps even more important is for you to use two-factor authentication. It is easy and only adds a smidgen of complexity. Apple has suggested that if the celebrities hacked in the Fappening had used two-factor authentication, their data would still be safe (although I find this a bit disingenuous since iCloud allowed unlimited signon attempts, permitting simple "brute force" attacks to be effective.) You can learn more about two-factor authentication on CNET, but Facebook's two-factor authentication is called "Login Approvals" (found under "Settings" and "Security") and it is easy to use.  You can also learn more about two-factor authentication available for Apple ID, Dropbox and Google.
  • Consider what you capture and share: This is, inevitably, the advice that causes people to start tossing around accusations of "blaming the victim." It seems some people mix up having the right to do something with whether it is wise to do that thing. The two are not the same.

    There is nothing wrong with suggesting people consider the risks associated with taking, storing or sharing nude selfies. Yes, you have a right to do so (if you are an adult). No, doing so does not in any way reduce others' culpability should they hack and share your nude selfies. But yes, taking nude selfies does, in fact, increase risk they could be accessed and distributed without your permission. So go ahead--strip down and snap away--just do so with knowledge it comes with risks: You can lose your phone, your iCloud account can be compromised and the people with whom you share may save and disseminate them further (even if you use Snapchat).

    Of course, the same is true of ANY data. You can legally post, share or store your social security and credit card number online. It is an insane and risky thing to do, but doing so does not alter the blame or criminal responsibility of anyone who uses that data to steal your identity. Once again, suggesting people consider the potential ramifications of their digital, social and mobile actions is not "blaming the victim" but a simple reminder that the best offense is a good defense when it comes to your personal data.

    Steps you can take today: Simply consider what you capture, store and save on your devices. Do you save your credit card numbers in Evernote? Do you have a photo of your social security card stored on your device (and backed up in the cloud)? Do you save passwords? These are somewhat obvious examples of actions that raise your risks, but there are less obvious ones:
    • He had a "family emergency,"
      posted this and lost his job
      Have you ever shared your "porn name," which includes the street on which you grew up? Have you posted your mother's maiden name as part of #TBT on Facebook or Instagram? Both are examples of information you use to recover your passwords and can be misused to gain access to your accounts and data.
    • Do you share when you and your family are traveling and announce to the world that your home is empty and unguarded?
    • Do you complain about your coworkers on social networks, an action that can cause you to (at worst) lose your job or (at best) lose relationships and reputation?
    • Do you "like" your bank, revealing to others where your financial accounts are maintained?
    • Do you use the same password on every site so that a single hack opens up all of your accounts and data to hackers? (And when is the last time you changed your passwords?)
    • Do you ever call in sick when you are not and then publicly share your leisure activities? (That's another good way to lose your job.)
    • Do you capture and disseminate (even privately) pictures of you and friends doing things that others (such as potential employers, significant others or family members) might judge?
    • Do you often use profanity or poor grammar in your Facebook or Twitter posts? Recruiters react negatively to profanity (65%), grammar and punctuation errors (61%) and references of alcohol use (47%).

Educating and empowering others to make smart decisions is not "blaming the victim" but an act of caring. We must always blame the perpetrators who hack and share our personal information, but empowering people to protect their data and privacy is simply the smart thing to do.

No comments: