blog_photo_Jan2013

There’s no such thing as a private message

blog_photo_Jan2013

You may have heard about Storify. A new tool that you can use to publish private conversations in Facebook. Scary, isn’t it? Or that’s at least the angle many headlines take. But the full picture is a lot less dramatic. In fact, Storify does not enable you to do anything that you couldn’t do before, it just makes it easier. And it is an excellent reminder about the risks with so called private messages.

Most legislations provide a fairly high level of protection for messages in transit. The goal is to prevent 3rd parties from eavesdropping and tampering with the messages. But what many forget is that the parties involved in the communication have rights to use the message. It means that the recipient has fairly free hands to use what you write as soon as the message hits the inbox. Your only protection is really your trust in the other part. You may write things that both parties understand should remain private, and it may be sufficient protection today. But what about the future? We all know that trust can change. Many who have gone through a divorce know that the person you trust the most of all may become your worst enemy.

So what about Facebook and Storify? It’s just a good reminder about what can happen to “private” messages. The same threat exists in any kind of messaging service. Not only on the Internet, phone calls can be recorded and misused as well. Letters on paper can be copied, scanned and published. Facebook didn’t provide tools for publishing private messages, but that never prevented users from using copy-paste or taking screenshots of the messages. And our good old e-mail is no better. It has a button called Forward for this purpose.

The only thing that can protect you from this kind of leaks is to not write things that would be embarrassing if published. Be polite and adopt a no-nonsense attitude even in private communications. Think twice before reveling secrets over electronic communication systems. Even if you use encryption it only protects you against 3rd parties, not against the recipient. And last but not least. Do not turn your friends into enemies. That’s probably the biggest reason for leaked private messages.

Micke

Photo by Sam Catanzaro @ Flickr

More posts from this topic

FB archive

Your digital memories – will they vanish or persist?

If you like sailing and tall ships, I can recommend this podcast about Pam Bitterman’s book Sailing to the far horizon. It’s a great story about the last years of the community-operated ship Sofia, covering both a lot of happy sailing and the ship’s sad end in the early eighties. But this is not about hippies on a ship, it’s about how we record and remember our lives. In the podcast Pam tells us how the book was made possible by her parents saving her letters home. Perhaps they had a hunch that this story will be written down one day. Going on to state that e-mails and phone calls wouldn’t have been saved that way. That’s a very interesting point that should make us think. At least it made me think about what we will remember about our lives in, say, twenty years? We collect more info about what we are doing than ever before. We shoot digital pictures all the time and post status updates on Facebook. We are telling the world where we are, what we are doing and what we feel. Maybe in a way that is shallower than letters home, but we sample our lives at a very granular rate. The real question is however how persistent this data is? If we later realize we have experienced something unique enough to write a book about, have our digital life left enough traces to support us? Pam wrote the book about Sofia some twenty years later. A twenty year old paper is still young, but that’s an eternity in the digital world. Will you still be on the same social media service? Do you still have the same account or have you lost it. Does the service even exist? And what about your e-mails, have you saved them? How are your digital photos archived? You may even have cleaned up yourself to fit everything into a cheaper cloud account. Here’s something to keep in mind about retaining your digital life. Realize the value of your personal records. You may fail to see the value in single Facebook posts, but they may still form a valuable wholeness. If you save it you can choose to use it or not in the future. If you lose it you have no choice. Make sure you don’t lose access to your mail, social media and cloud storage accounts. That would force you to start fresh, which usually means data loss. Always register a secondary mail address in the services. That will help you recover if you forget the password. Use a password manager to avoid losing the password in the first place. Redundancy is your friend. Do not store important data in a single location. The ideal strategy is to store your files both on a local computer and in a cloud account. It provides redundancy and also stores data in several geographically separated locations. This is easy with younited because you can set it to automatically back up selected folders. Mail accounts have limited capacity and you can’t keep stuff forever. Don’t delete your correspondence. Check your mail client instead for a function that archives your mail to local storage. Check your social media service for a way to download a copy of your stuff. In Facebook you can currently find this function under Settings / General. It’s good to do this regularly, and you should at least do it if you plan to close your account and go elsewhere. Migrate your data when switching to a new computer or another cloud service. It might be tricky and take some time, but it is worth it. Do not see it as a great opportunity to start fresh and get rid of "old junk". If you are somewhat serious about digital photography, you should get familiar with DAM. That means Digital Asset Management. This book is a good start. Pam did not have a book in mind when she crossed the Pacific. But she was lucky and her parents helped her retain the memories. You will not be that lucky. Don’t expect your friends on Facebook to archive posts for you, you have to do it yourself. You may not think you’ll ever need the stuff, just like Pam couldn’t see the book coming when onboard Sofia. But you never know what plans the future has for you. When you least expect it, you might find yourself in a developing adventure. Make yourself a favor and don’t lose any digital memories. Safe surfing, Micke  

Oct 13, 2014
BY 
WP_20141003_09_44_53_Raw

On Ello you’re not a product, you’re a feature.

Most of us have some kind of relationship with Facebook. We either love it, hate it or ignore it. Some of us are hooked. Some have found new opportunities, and many have got themselves into a mess on Facebook. Some are worry-free and totally open while others are deeply concerned about privacy. But we probably all agree that Facebook has changed our lives or at least impacted our ways to communicate. Facebook has showed that social media is an important tool for both business and private affairs. Facebook was in the right place at the right time to become the de-facto standard for social media. But the success of Facebook is also what makes it scary. Imagine the power you have if you know everything about everyone in the civilized world. And on top of that with quite loose legislation about what you can do with that data. Ok, everything and everyone are exaggerations, but not too far from the truth. Others have tried to challenge Facebook, but no one has succeeded so far. One reason is that social media automatically is monopolizing. The most important selection criteria is where your friends are, and that drives everyone into one common service. The fact that even Google failed with Google+, despite their huge resources and a ready user base from services like Gmail, just underlines how solid Facebook’s position is. Ello is the latest challenger and they certainly have an interesting approach. Ello tries to hit Facebook straight in its weakest point and provide a service that respect user integrity. They may lack the resources of Google, but they can be credible in this area. The choice between Facebook and Google is like a rock and a hard place for the privacy minded, but Ello is different. Their manifesto says it all. Will Ello survive and will they be the David that finally defeats Goliath? Ello is in a very early phase and they certainly have a very long way to go. But remember that their success depends on you too. You may not be a product on Ello, but you are certainly a feature. The main feature, actually. The team can only provide a framework for our social interactions. But people to be social with is absolutely crucial for any social network. So Ello’s raise or fall is mostly in our hands now. They need enough pioneers to make it a vibrant society. The development team can make the service fail, but they can only create potential for success. Ello needs you to materialize that potential. So what’s my honest opinion about Ello? The fact that the service is based on privacy and integrity is good. We need a social media service like this. But there are also many open questions and dark clouds on Ello’s sky. People have complained about its usability. And yes, usability is quite weird in many ways. It’s also very obvious that Ello is too premature to be a tool for non-technical users. Now in October 2014, I would personally only invite people who are used to beta software. But both usability and the technical quality can be fixed, it just takes more work from the team. A bigger question mark is however the future business model of Ello. On Facebook you’re a product and that’s what pays for the “free” service. But how is Ello going to strike a balance between privacy and funding the operation? This is one of the big challenges. Another is if the privacy-promise really is enough? Many of us are already privacy-aware, but the vast majority is still quite clueless. What Ello needs is either a big increase in privacy awareness or something clever that Facebook doesn’t provide and can’t copy quickly. It may seem futile for a small startup to challenge Facebook. But keep in mind that Facebook was small too once in the beginning. Facebook showed us that we need social media. Perhaps Ello can show us that we need social media with integrity. But anyway, you are among those who decide Ello’s future by either signing up or ignoring it.   Safe surfing, @Micke-fi on Ello   Picture: ello.co screen capture

Oct 3, 2014
BY 
bash

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke   PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good.   Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.  

Sep 26, 2014
BY