Data privacy is the relationship between collection and dissemination of data, technology, the public expectation of privacy, and the legal issues surrounding them.

Privacy concerns exist wherever personally identifiable information is collected and stored – in digital form or otherwise. Improper or non-existent disclosure control can be the root cause for privacy issues. Data privacy issues can arise in response to information from a wide range of sources, such as:

• Healthcare records
• Criminal justice investigations and proceedings
• Financial institutions and transactions
• Biological traits, such as genetic material
• Residence and geographic records
• Ethnicity

The challenge in data privacy is to share data while protecting personally identifiable information. The fields of data security and information security design and utilize software, hardware and human resources to address this issue.
Source: http://en.wikipedia.org/wiki/Data_privacy

Ok, now if we extend that explanation so it deals with online social networks (Facebook, MySpace, Jaiku, BrightKite etc.) you might be left wondering what information is available about yourself.

For this brief study I’ll just deal with Facebook and its affiliates. If you remember back in the old days of the internet we were warned about posting our user credentials and personal information on the internet. Specifically our real names, location, address, birth date and phone number… credit cards and banking details are a given due to the fact most people realise the threat that these items pose.

So what has changed that we no longer need to worry about our personal information and data security? Nothing really. The technologies for achieving data security have grown and there is no doubt that the organisations implementing these technologies can stand tall amongst the many services that either fail or cannot generate enough interest to scale and keep pace. The sad truth is that with all of these technologies being put into place it is left to the user to navigate through EULA’s and sift through the site or services privacy settings. These days most services default to setting users profiles to a somewhat loosely secure setting. Assumptions are made that the user will change them as he/she requires and for the most part these settings are fine.

Problems and issues occur however, when a user installs a third party application or the service in question acquires a(nother) advertising affiliate. For a Facebook example I’m sure you will remember the Beacon advertising debacle and more recently the information leakage of Blockbuster rentals and sales [pcworld.com]. These incidents have brought the issue of user privacy on social networks into the mainstream media.

A typical Facebook profile can yield a wealth of information to someone developing an “in house” application with marketing purposes. It is, in its true form a great way to target specific audiences and niches. But as the saying goes, “With great power, comes great responsibility.”. It is here where trust goes awry… Letting a third party access your personal information is always a risky business as far as what they do with the information and who they share it with goes.

In this day and age there is very little chance that your personal data will stay protected and confined to one source. Facebook and most social network sites need advertising and affiliate marketing companies to stay afloat, so it goes without saying that the currency that these sites deal in is personal information. You personal information can change hands with a staggering amount of companies in a short amount of time.

By now your personal information not only contains your name, address, phone numbers and date of birth…. it contains (more than likely) who you are friends with, who you keep in contact with, your email address, your friends email addresses and phone numbers, where you are and what you are doing and with whom and the list could and does go on. Would you give someone on the street this information? Would you give a telemarketer this information? The most likely answer is no. So why do we entrust all of this information to a Social Networking company? Is it the need to connect to new and old friends and to network for like minded individuals? I don’t have an answer to that one.

As you may or may not have noticed all of this information is tied to your email address. If you lose your password to a social networking site you can get an email sent to your account with a new or the same password. This brings up another issue of sending plain text passwords through email, but I won’t get into that argument here. But this should bring to light the importance of strong email passwords.

Email addresses have been long becoming a commodity as well. This is largely due to marketing and spammers getting paid for harvested email addresses. Although there have been no major email address harvesting from social networking sites in my opinion it is more than likely to happen in the future. Although the personal information that can be gleaned from a users profile will always be worth more an email address might be easier to gain.

These are just a few of the notes that I’ve taken for a Soicial Networking Privacy and Security report that I am currently writing. I’m thinking that this post will be one of three or for in a series, part 2 will be posted sometime late next week. If you haven’t nodded off already, thanks for reading and hopefully part 2 will answer some of the questions this post has brought up.

I posted this earlier today as a comment to an article I found here: [nobosh.com]
“No matter what network restrictions you put in place or what security policy you try to implement you can never protect the user against themselves. With social networks growing there is a rise in link sharing and email forwarding, not to mention drive by downloads and iframe trickery and the like that sit quietly on infected web pages. You can lock a whole network down as tight as you can, but you can never protect yourself fully from an uneducated user. Social engineering is still the biggest risk (in my opinion) to most networks, the more users the more risk. I guess my point here is that an educated user that can be trusted not to abuse policies and privileges is the best security tool.”
Another user asked “How do we educate users?”.
Good question.
My reply was in reference to a business environment setting where you would have departmental policies as access control restriction set. It was only after I wrote another response I realised that he might be talking about users in general.
There is such a broad scope of people that use the internet these days that it would be impossible to educate everyone and just plain stupid to try. The thing is that, most of those people don’t want to be bothered hovering over a link and seeing where it goes, they definitely won’t be bothered using something like noscript to block scripts from being run or executed.
I think the general public want the one app that does everything…. which is unfortunate because all of the ones that claim to do everything…. well, sure they can do everything, but there is nothing that they can do well. So for now we are going to have to stick to auto updating and integrity checking, but that’s not so hard is it? Just click an allow button once in a while if you are pedantic like me and liked to be notified of all network activity.
That brings me to another point, which is how users cope with “learning” firewalls. I’ve seen a lot of people with the best intentions of reading the alerts constantly only to get sick of it after a couple of days and absent mindedly clicking “Allow” as soon as it pops up. To this I don’t think there will ever be a remedy, especially if all of the users of that computer aren’t aware of what do. You all know the sound, “Hey (insert name here), there’s this thing on the screen that says blah blah. Should I click allow or deny? (insert name here)?”. I’m not saying that everybody should be a geek and know exactly what they are doing, but rather every user should have at least some idea what the protection software wants them do do.
You could stand on a hill and yell “Free beer for everyone that keeps their software patched and up to date!” and still not everyone would do it, granted some may prefer wine or spirits but that’s hardly the case. The truth is… most people don’t care. They just want to use their computer and get on with their lives. I have nothing against that and to a large degree think that’s how it should be. All I ask is that if you are knowledgeable about this pass this knowledge on to your freinds and co-workers. Set up their firewalls / IDS/ AV software / malware / spyware / detection / registry backup / patch schedule / OS updates / and whatever else they need (whew, just kidding).
When it comes down to it, help them once to avoid having to help them many times… if you get my drift.

First off, Bigpond: You give me the shits.
I don’t have a problem with their services at all. I love the fact that they appear to like open source software and provide unmetered downloads that are based on user requests. I mean hell, I can request a full linux distro dvd download and a day later I get a nice email stating that it is available for download in the unmetered File Download section. They also allow TWIT netcasts, all of the Revision3 IPTV releases basically anything that falls under the Creative Commons or open source category.

Recently Bigpond even decided to add a Ubuntu repository into the unmetered category as well (no multiverse repository but I can live without that), in fact that is one of the main reasons I have moved from other distro’s to Ubuntu. Bigpond Office is also worth a mention here also…. although I have never used it. I’m guessing it’s a little like the online Google office services with word processing, spreadsheet and presentaition applications and a whopping 250MB storage. I’m not taking the piss here 250MB should be enough for most casual users to store their online generated material.

I also don’t really mind waiting a couple of hours for their customer service phone representatives to take me off of hold and actually address my internet connection problems. I usually have it sorted out by the time they get to me anyway, it must the hold music that kicks my brain into gear. When I do finally get to talk to someone there is always something else I want to ask about them anyway so it’s never a wasted call.

My biggest gripe with Bigpond is their Wireless Broadband service. Until recently we were paying around $160 for a 550kbps to a “supposed” 1.5Mbps connection with a 3GB data cap with excess usage charged at $0.15 per MB. The speed has since been bumped up to 550kbps – 3.0Mbps and the price dropped to $114 with a 3GB data cap with excess usage RAISED to $0.30 per MB. WTF??

!STOP THE FREAKING BUS!

Hmm…. let’s think about this for a second. They increase the speed, increase the excess usage charge, drop the price and leave the data cap the same?? I couldn’t give a crap how much faster the connection is if we can still only get the same amount of content. Sure the monthly price drop was nice but why the hell wouldn’t they increase the data cap? Why the hell did they double the excess usage charge?? An why the hell is the highest data cap plan at 3 gig?? Why all of this when they have inevitably halved the time we can reach our data cap and then double the penalty for exceeding it? I can only think of one reason…. $$$.

As the internet is growing up, the data requirement to browse different sites is increasing. Flash videos for example are everywhere and some sites still insist on making their whole site to run off of flash. I don’t have a problem with flash I think it’s a great delivery medium for static audio and video streaming. Web 2.0 has brought a lot of cool technologies to how we view the net and the integration of mixed media draws a lot of bandwidth. For a perfect example bigpond should look at their own site, it’s big, bloated and uses a fair amount of bandwidth to render itself into a browser. Thankfully the bigpond site is unmetered for bigpond users or it would be easy enough to blow the data cap by just trying to go through the site to look at my mail through the webmail client.

And so to Bigpond I say this:
At the very least jst give us 5 gig for the same price and keep your lousy $0.30 per MB excess usage going and I’ll be happy…. Oh and you can even drop our maximum speed back to 550kbps – 1.5Mbps.
Thanks.

Oh and as a side note to the last Bigpond customer service representative I spoke to:
No, I do not believe you are Australian or in Australia even though you swore black and blue that you were. Melbourne is NOT the capital city of New South Wales and New South Wales is nowhere near my hometown you friggin’ douchebag! And no, I do not live closer than 7 k’s from a telephone exchange…. I think I would know as I happen to live here. Do some research before you get all frothy at the mouth and listen to someone who knows where they live instead of using your fingers trying to count. Christ, I’ll even send you a goddamn map if you like….

*EDIT*
Okay, so my research was flawed. I was Informed that the excess data charge has not gone up to $0.30, it remains at $0.15 per MB. For some reason (thankfully) our plan has kept the excess data charge locked in at the original rate.
Oh, I decided to tone this post down a bit…. I’m not so annoyed now I’ve had a chance to vent.

Well, as live as anything that never really experienced much life at all can be…

Welcome to the new site!
What is it?
Well it is a revamp of my old blog http://momentsindigitallife.blogspot.com. I needed to expand to a properly hosted site to test and build some web applications that I’m currently working on at the moment.
Errmm…. you do have content, right?
Yes, I will transfer all (well most) of the old blog over and I will open up a projects page to give an idea of what I am currently working on at the time.
What about the blogging side are you still going to be blogging about the same old boring crap?
Well, yes actually I will be.
Like what? I never read your last one….
I will be mainly discussing information security, personal information privacy, drunken mumbles, questionably stupid thoughts, internet and tech happenings and anything else I find of interest.
Sounds pretty goddamn boring to me, I’m off… Oh by the way your theme is pretty crappy.
It’s the best I could find at the time, I like it. Goodbye.

I am interested as to what people think of the current WordPress theme. Whether you like it, hate it or just want to bag it can you please leave a comment expressing your thoughts… profanity is allowed! If you can’t find where to leave a comment it’s next to the date up there ^ click on the number after the date.
Cheers.