Consumer Reports Reviews Facebook And How To Use It Safely

If you haven't read it, there is a good review by Consumer Reports of the Facebook social networking website. The news media has focused on some of the controversial aspects of the report. For example, CNN reported, like many other news organizations, the survey finding that about 25 percent of Facebook users lie about information in their Facebook profile to protect their identity.

While lying about profile information may seem like an effective privacy strategy, the Consumer Report review of Facebook highlights the various ways Facebook tracks its members. Some Facebook members have made conscious choices to share personal data, and do so in status messages, sharing items, and commenting upon others' status messages. Yet other tracking methods exist.

The Consumer Reports review is a good reminder that its members are the products:

"... the company uses your data to help advertisers deliver ads that you may find useful. Suppose, for example, that you have “liked” the San Francisco 49ers page, or simply posted comments about football. You shouldn’t be surprised to see ads in the margins for football tickets, fan paraphernalia, and the like. Facebook does not share any of your information with advertisers that buy those ads unless you give permission. If you click the ad and purchase something, the advertiser obviously learns who you are. And even if you simply “like” a brand page, the company can automatically send posts to your account."

One tracking method is the facial-recognition software used to "tag" (e.g., identify) people (and places) in both photos and videos. Members who aren't careful to turn off the geo-tagging feature in their smart phones or tablets will provide even more personal data with photos and videos uploaded to Facebook.

Another method are the Facebook apps member use for music, news, and games -- which are loosely managed by Facebook:

"... according to Kevin Johnson, security consultant at Florida-based Secure Ideas, who has developed apps and tests their security. The sole credential needed to create an app is a verified Facebook account, including a cell phone number or credit card. And the company doesn’t have to review your source code (programming instructions) before it goes live..."

So, there seems to be little to no verification of apps for security or compliance when those apps have a privacy policy.

A method Facebook uses to track both members and non-members includes those "Like" buttons you have see on websites across the Internet:

"... Facebook keeps track of the other websites [its members] visit. That happens via the “Like,” “Recommendations,” and similar buttons that so many sites include. In addition to reporting your presence, the “Like” button sends along the date and time of your visit and your IP address, whether or not you click on it. The company has acknowledged that this happens even when Facebook users are logged out, a practice that had prompted class-action lawsuits in the U.S. If you’re logged in to Facebook, it can collect even more data. The company also said that it collects data from people who are not its users and have never visited its site..."

The review is also a good reminder of the scope of data Facebook collects:

"... thanks in large part to Max Schrems, a 24-year-old Austrian law student who managed to get a fuller copy of his personal information last year from Facebook's Dublin office, which oversees relations with users outside the U.S. and Canada. Schrems was surprised to discover, among the 1,222 pages of data covering three years of Facebook activity, not only deleted wall posts and messages, some with sensitive personal information, but e-mail addresses he’d deleted and names he’d removed from his friends list... Facebook collects the same type of detailed information on American users, as confirmed by documents it released to Boston police during their investigation of Philip Markoff..."

If you want to learn more about Schrems, visit Europe Versus Facebook. The review ends with a list of nine ways consumers can use Facebook (and similar social networking sites) safely:

"1. Think before you type. Even if you delete an account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.

3. Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.

4. Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.

5. “UnPublic” your wall. Set the audience for all previous wall posts to just friends.

7. Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see."

Read the complete review of Facebook.com by Consumer Reports.

6 Threats That Target Consumers' Mobile Devices

If you think that identity thieves and scam aartists have not already targeted your favorite mobile devices, then think again. Dark Reading reported about siz specific threats that target popular mobile devices:

"1. Zitmo - One of the most successful banking Trojans of all time, Zeus, made the jump from PCs to mobile devices through the Zeus-in-the-mobile (Zitmo) spyware application. Prevalent on Android, Zitmo masquerades as a banking activation application and eavesdrops on SMS messages in search of the mobile transaction authentication numbers..."

"2. Mobile Botnets - Since 2009, Perimeter E-Security Research Analyst Grace Zeng has been exploring the possibilities of botnets consisting entirely of mobile devices. Naysayers told her it wasn't feasible, but last month she showed how realistic the possibility is with a presentation at WiSec 2012...:

"5. JiFake - Mobile marketers are loving the convenience of easy-to-scan QR codes to deliver mobile users to their websites and apps through their phones' barcode scanners. Attackers love these codes, too. Researchers are finding that the bad guys are increasingly using the obfuscation of QR codes to trick users into downloading malware..."

To protect yourself and the sensitive data on your smart phone or tablet, experts advise consumers to:

• Download apps only from trusted websites,
• Donwload only apps with privacy policies and terms of conditions that you understand and agree with,
• Keep the anti-virus software on your mobile device updated, just like you do on your laptop or desktop computer, and
• Password protect your mobile device in case it is lost or stolen.

Security Report Describes Multiple Threats Targeting Apple And Android Mobile Devices

Your Apple brand mobile device may not be as secure as you think it is. Trend Micro released a report last week about mobile device security. Key findings from the report:

• During the first three months of 2012, Apple led all major technology vendors with 91 reported vulnerabilities (http://cve.mitre.org/); followed by Oracle (78), Google (73), Microsoft (43), IBM (42), Cisco (36), Mozilla (30), MySQL (28), Adobe (27), and  Apache (24).
• During the same period, Android-based smartphone suffered from the most cyber criminal attacks. Trend Micro identified about 5,000 new malicious apps that target Android devices

The report described a variety of scams and threats targeting mobile device users worldwide. The “one-click billing fraud” scam is particularly nasty. In this scam, thieves target video sharing websites. When a person clicks on a link to view a video, the link redirects to a website that downloads a software virus to their device. The virus locks up the person’s device and demands payment to unlock the device. This scam now targets Android-based smartphones.

Some scams used email hoaxes about new products to spread malware:

“Free “iPad 3” giveaway promos stirred up interest in the product even before its launch and infected systems with malware. Twitter spam touting free McDonald’s gift cards redirected users to adult dating sites..."

Some scams used new social networking sites to spread computer viruses:

“New social networking site, Pinterest, gained not just popularity but also notoriety. Site users were drawn into “re-pinning” a Starbucks logo to get supposed gift cards but instead got Malware.”

The report describes another type of scams, often referred to as “ransomeware” which:

“Refers to a class of malware that holds systems and/or files “hostage” unless victims pay up...”

Ransomeware may also encrypt files on the hard drives of victims’ infected devices, and demand payment to release the encrypted files. Trend Micro reported that this scam previously operated in Russia, but has now spread to several countries in Europe. A variation of this scam includes the use of police department logos on a landing page which demands that victims with infected computers pay a bogus fine for accessing Internet port and materials with violent content.

Before installing apps on your smartphone, the report’s authors advice consumers to:

1. Be ready to give out some personal information.
2. Know that a third-party will gain access to your personal information.
3. Know the app developer’s reputation

Download the “Security In the Age of Mobility” report (Adobe PDF, 2.1 MBytes).

Hackers Target Facebook Users With New Malware Tool To Steal Credit Card Information

In case you haven't heard, scammers and identity thieves have targeted social networking users. Trusteer reported a new scam by identity theives using a new version of the "Ice IX" malware.

After a Facebook member (within an infected computer) has logged into their Facebook account, the "Ice IX" malware spawns a new browser with a fake Facebook page which prompts users to enter credit card information for supposed additional data security protection. Of course, no security protection is provided, and the malware steals both the consumer's credit card information and other sensitive personal data stored on your computer.

This is another fine example of the creativity and persistence of scammers and identity thieves. Visit the Trusteer website to view screen images of the fake Facebook page. To learn more about how to protect yourself when using Facebook.com and its mobile apps, see the links in the "Using Facebook Safely" module in the near-right column.

Can Collectors And Cloud Computing Co-exist?

[Editor's Note: today's post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. Michelle helps others improve their use of technology in their personal or professional life. Today, she discusses the new trend in cloud computing and storage.]

By R. Michelle Green

I love looking at my books and records. (If that statement dates me, eh, kiss my AARP card.) I’m often a completist. If I really like something or someone, say David McCallum – I gotta check out the music he created as well. I like to display my stuff, share it with like-minded others. A neighbor once asked why I had so many movies, hadn’t I seen them already? My rejoinder: “why do you have so many books, haven’t you read them already?” She smiled broadly in understanding, and never questioned it again. I may not understand why Leno collects cars, but I grok the desire to collect.

With iPods, Kindles and their ilk, you don’t get to “look” at your stuff the same way.

Used to be you got such insight from that first walk into someone’s home. What’s the focal point of the living room? What has the person taken care to organize? A litmus test for me as a young person was a suitor’s library. My first and last date with one person hinged on their statement, “oh I don’t really like to read.”

And what to make of what we choose to display? Some visible books I haven’t read but plan to; others I’ve hidden precisely because I love them so – I won’t share them with just anyone. I chose my thesis advisor in part because his office contained both books I’d read and others I wanted to read. I didn’t even know that would matter, until it did. Were I choosing an advisor now, would I even have access to his digital tastes? And if I did, what would that knowledge tell me? My Kindle today does not represent my tastes well.

I would love the money and time to gloriously display the things I love. I used to have Scrabble tile holders taped to the wall to display album covers. Oh I know, you can still do that: if you purchase a track with artwork, if you configure your preferences correctly, if the artist/distributor provided artwork.... Many e-readers can’t be configured to display book covers (while their tablet apps might... but will they display them well?…).

If your collection is in the Cloud, do you really own it? Can you bequeath it to family? What happens if the Cloud provider goes bankrupt (or even just has an outage)? Don’t get me wrong. I’ll always be a technophile, and a wannabe early adopter. Using the Cloud will mean I can collect a lot more stuff, with vastly improved ability to access it, and with potentially perfect fidelity and backwards (and forwards?) compatibility. The Cloud satisfies my left brain’s pragmatism.

In some future home, a giant digital wall with cover art from my Cloud may replace my book wall. But what’s my analog today for the delight of sharing my library with visitors? My Interests page – oh sorry, interest feeds, on Facebook? Where people I do and don’t know see it at some time when I’m not present, and who may or may not give me feedback? And whose comments (if they comment) I may or may not get to see??

Sorry. My right brain (my heart?) says: doesn’t quite cut it.

A Privacy Bill Of Rights For Mobile Users

The Electronic Frontier Foundation (EFF) issued a statement calling for a bill of rights for wireless users. Because mobile devices are always on and store a vast amount of sensitive personal data (e.g., contacts, Internet usage, social networking website usage, GPS location, calendar, phone calls made and received, online banking, photographs, user-created documents, etc.), the EFF believes firmly that:

"... he stakes are even higher for manufacturers, carriers, app developers, and mobile ad networks to respect user privacy in order to earn and retain the ever-important trust of the public."

I agree with this position, and this blog has covered numerous instances where mobile device manufacturers, telecommunications providers, advertising networks, apps-store operators, and/or app developers working singularly or together have abused consumers' privacy. The EFF's proposed Mobile User Bill of Rights contains six items:

1. Individual control: Users have a right to exercise control over what personal data applications collect about them and how they use it. Although some access control exists at the operating system level in smart phones, developers should seek to empower users even when it's not technically or legally required by the platform. The right to individual control also includes the ability to remove consent and withdraw that data from application servers. The White House white paper puts it well: "Companies should provide means of with drawing consent that are on equal footing with ways they obtain consent. For example, if consumers grant consent through a single action on their computers, they should be able to withdraw consent in a similar fashion."

2. Focused data collection: In addition to standard best practices for online service providers, app developers need to be especially careful about concerns unique to mobile devices. Address book information and photo collections have already been the subject of major privacy stories and user backlash. Other especially sensitive areas include location data, and the contents and metadata from phone calls and text messages. Developers of mobile applications should only collect the minimum amount required to provide the service, with an eye towards ways to archive the functionality while anonymizing personal information.

3. Transparency: Users need to know what data an app is accessing, how long the data is kept, and with whom it will be shared. Users should be able to access human-readable privacy and security policies, both before and after installation. Transparency is particularly critical in instances where the user doesn’t directly interact with the application (as with, for example, Carrier IQ).

4. Respect for context: Applications that collect data should only use or share that data in a manner consistent with the context in which the information was provided. If contact data is collected for a "find friends" feature, for example, it should not be released to third parties or used to e-mail those contacts directly. When the developer wants to make a secondary use of the data, it must obtain explicit opt-in permission from the user.

5. Security: Developers are responsible for the security of the personal data they collect and store. That means, for example, that it should be encrypted wherever possible, and data moving between a phone and a server should always be encrypted at the transport layer.

6. Accountability: Ultimately, all actors in the mobile industry are responsible for the behavior of the hardware and software they create and deploy. Users have a right to demand accountability from them.

The industry would be well advised to comply now with this bill of rights, rather than wait, deflect, and avoid. It can simply look at the airline industry as an example of what happens when an industry abuses it customers, loses the public's trust, and is then forced to comply with a airline passengers bill of rights.

Consumers Adapt Their Social Media Use Given Privacy Concerns

Pew Internet recently released the results of a second quarter 2011 survey about consumers' usage of social networking web sites and privacy. The survey found that consumers are adapting their usage of social networking web sites given privacy concerns:

• 63% of survey respondents have deleted people from their “friends” lists, up from 56% in 2009,
• 58% of users restrict access to their profiles on social networking websites. More women (67%) do this than men (48%),
• 48% of users have had some difficulty managing their profile privacy settings on social networking web sites,
• 44% have deleted comments made by others on their profile,
• 37% have removed their names from photos that were tagged to identify them, and
• 11% have posted content they regret.

It will be interesting to see how much further adaptation occurs in next year's survey results, since users will have had more time to use features, like the Timeline feature from Facebook. I have talked with consumers who use the Timeline feature to delete harmful archived status messages, since employers now use social networking web sites to screen job applicants, to determine credit worthiness, and to evaluate insurance worthiness.

Some consumers use the new Facebook Profile Preview feature to screen and reject their friends' attempts to tag them in status messages and photographs. That seems very wise since too many users (42% total) don't restrict access to their profiles.

Should companies use social networking websites for financial, insurance, and employment screening uses? That's debatable, but the reality is that companies use the data anyway for screening, and the social networking sites are happy to make more money. My advice: prune your profile of harmful archived posts, and don't post anything at a social networking web sites that you don't want read/shown in court.

How Companies Analyze Your Spending And Habits

Two really good news article explain how companies analyze consumers spending and social networking activity. I highly recommend that you read both articles.

The Forbes magazine article, "How Target Figured Out a Teen Girl Was Pregnant Before Her Father Did," summarized very well the problematic behavior of many corporations and retailers. To get a jump on its competitors, Target extensively analyzed -- perhaps better than most retailers -- its customers' purchases and attached undisclosed demographic data to each customer's identification number to mathematically predict what customers might by.

The prediction formulas were so good, Target was able to mathematically deduce from past purchases that this teen girl was pregnant and send coupons to her home -- all before the teen told her parent of the pregnancy:

"What Target discovered fairly quickly is that it creeped people out that the company knew about their pregnancies in advance... So Target got sneakier about sending the coupons. The company can create personalized booklets..."

These personalized coupon books were an attempt to hide the fact that Target knew so much, and disguise that knowledge by presenting both coupons not related to pregnancy with coupons that were related:

"... we learned that some women react badly... Then we started mixing in all these ads for things we knew pregnant women would never buy, so the baby ads looked random... we found out that as long as a pregnant woman thinks she hasn’t been spied on, she’ll use the coupons. She just assumes that everyone else on her block got the same mailer..."

One of my friends called Target's behavior "untethered stupidity" to market pregancy products to a teenager. Yes, that was incredibly stupid, and was likely enabled by its rush to make money. Some of my friends were surprised at the content of the above Forbes article. I wasn't surprised because of the amount of personal information shared:

• Consumers share on social networking websites the items (e.g., products, services, television/cable shows, music) products we like or prefer,
• Banks regularly collect and resell both debit-card and credit-card purchases,
• Consumers share on social networking websites a wide variety of sensitive personal data (e.g., birth date, children's names and ages, list of relatives). The full birth date makes it easy for data brokers and advertisers to distinguish several people with the same name,
• Consumers share product preferences and travel vacation habits through loyalty program memberships,
• State motor vehicle registries regularly sell drivers' data to companies and data brokers. That includes the car, from which marketers can deduce your wealth, favorite color, and when to pitch extended auto warranty service plans,
• Data brokers like Spokeo and Acxiom compile consumers' demographic data from public records and social networking websites, which retailers can purchase,
• Leaky entertainment, quiz, and gaming apps on social networking websites regularly collect consumers sensitive personal data,
• Leaky smartphone apps regularly collect consumers' sensitive personal data, they often shouldn't. The lack of privacy policies with these apps mean the app developers are free to sell the personal data collected.

What might that undisclosed demographic data be? It's pretty easy to deduce or infer:

• Name, address, age from the store loyalty program registration
• Income from any store credit cards, loyalty program registrations, surveys, or average purchase history over time (e.g., wealthy people spend more, less wealthy purchase more with coupons)
• Favorite colors from the colors of clothes purchased
• Left-handed preference from types of products purchased
• Personal preferences from any product comments at the retailer's web site or products "liked" at social networking websites (purchased from data brokers)
• Type of vision from purchases (e.g., non-prescription sunglasses indicate good vision)
• Health issues (e.g., eczema, dry skin, dandruff) from the types of lotions and shampoos purchased
• Health issues (e.g., over-weight) by the size of clothes purchased or from retailers offering pharmacies and in-store clinics
• Durable goods (e.g., dishwasher, washing machine, gas or electric oven) used at home from purchases
• Auto and electronics owned from purchases, either the item or related accessories purchased
• Approximate ages of children by types of toys purchased or from photographs at social networking websites
• Where else you shop, based on GPS coordinates collected from any apps installed on your smartphone, or data purchased from mobile service providers
• Retail stores that use facial recognition cameras can track your shopping patterns (e.g., when where, duration), even when you pay with cash and left your GPS-enabled cell phone at home, and supplement this with demographic data from photos you are tagged in at social networking websites
• Any gaps in the above demographic data can easily be filled by data purchased from data brokers like Acxiom and/or ads run on social networking websites

The New York Times article, "How Companies Learn Your Secrets," includes a more detailed analysis, with how marketers look for "chunks" in consumers' behaviors to predict future purchases:

"This process, in which the brain converts a sequence of actions into an automatic routine, is called “chunking.” There are dozens, if not hundreds, of behavioral chunks we rely on every day. Some are simple: you automatically put toothpaste on your toothbrush before sticking it in your mouth..."

Some chunks are more complex; consider the series of behaviors women will perform to prepare for a pregnancy: purchase different clothes, lotions, and/or personal hygiene items. Now, think more broadly, because everyone's behaviors can be chunked. Not just women. The researchers found:

"... when some customers were going through a major life event, like graduating from college or getting a new job or moving to a new town, their shopping habits became flexible in ways that were both predictable and potential gold mines for retailers. The study found that when someone marries, he or she is more likely to start buying a new type of coffee. When a couple move into a new house, they’re more apt to purchase a different kind of cereal. When they divorce, there’s an increased chance they’ll start buying different brands of beer. Consumers going through major life events often don’t notice, or care, that their shopping habits have shifted, but retailers notice..."

And a baby definitely qualifies as a major life event.

Now, consider your past purchases. Advertisers value that so they can serve up different products at these major life events. Coombine this with your GPS location in the physical world, and it is a marketers dream: to know you shop every Saturday morning and then serve up ads on your smartphone before you arrive at the supermarket; or to serve up childrens toy and food ads before you shop for their birthday parties.

Maybe all of this doesn't bother you, or maybe it does. The bottom line: where you go in the world, what you purchase, and how much you consume are all pretty personal facts. Consumers should have control over when and with whom this personal data gets shared. If you choose to share everything, fine. Some of us feel and act differently.

Apple Says Path And Other iPhone Apps Violated Policy

A prior blog post discussed how a developer found the Path iPhone app collecting his contact information without notice nor consent. The All Things D blog reported a reply by an Apple spokesperson:

"Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines... We’re working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Twitter, Hipster, and other apps that collected users' contact information also are modifying their processes to stop collection. The statement by Apple still doesn't explain why Apple did not reject apps that violate its policy from being sold in its app store. Nor does Apple seem to address the consequences for these violators.

The "working to make this even better" sounds disingenuous. Either an app violated the policy, or it didn't. Either Apple checks apps for compliance or it doesn't. There is no inbetween. One cannot be a little pregnant.

At press time, the Apple Press Info website section did not mention the above statement.

Paid And Fake Product Reviews: More Deceptive Advertising

This blog has covered plenty of instances of deceptive marketing tactics by companies. The New York Times reported about a new tactic where companies pay their customers to write glowing reviews of its products. The higher the customer review rating, the more the company paid each customer.

In this case, Amazon.com did the right thing, which all online retailers must do in these instances:

"Amazon, sent a copy of the VIP letter by The New York Times, said its guidelines prohibited compensation for customer reviews. A few days later, it deleted all the reviews for the case, which itself was listed as unavailable. Then it took down the product page itself."

Of course, the companies involved do not advertise the fact that they pay their customers to write fake or glowing customer reviews or products/services. Some customers have admitted in their reviews receiving payments, but many don't.

The related issues are numerous:

1. Paid reviews threaten the credibility of the Internet
2. Is this marketing tactic honest? Of course not. It undermines the reliability and credibility of customer-submitted product reviews. I expect the U.S. Federal Trade Commission (FTC) to investigate and take punitive actions.
3. Are these paid consumer-written product reviews honest? No.
4. Should reviewers disclose these payment arrangements? Yes. If you are paid to write a review, definitely disclose both the payment arrangement and your relationship with the company, so readers can evaluate the reliability and honest of your reviews.
5. Online retailers need clear policies about reviews, which should be clearly and prominently explained in their website terms and conditions. Actions taken against violators should be swift, as Amazon.com did.
6. Yes, it is difficult to uncover paid reviews. Online retailers should explore methods to verify product/service reviews. If not, consumers can and should take their business elsewhere

And yes, that old saying still apples: caveat emptor (buyer beware).

Why You Shouldn't Install Those Entertaining Apps On Facebook

There is an excellent Facecrooks blog post that explains the risks of installing most "fun and entertaining" apps on Facebook. First, you have to understand the extreme limitations of Facebook:

"... there is no formal review process for applications or developers on the Facebook platform. Anyone and everyone (scammers included) can create apps. This is far different from the “Walled Garden” approach taken by Apple. Many unsuspecting users might be under the impression that if it’s on Facebook then it must be legitimate. That is totally not the case."

Second, think long and hard before installing any app that requires you to give it permission to:

• Access all of the data in your Facebook profile
• Access all of your Facebook friends list
• Post as you
• Just because the app address starts with HTTPS doesn't mean it is safe
• Doesn't have a privacy policy
• Has a privacy policy you don't like

Third, it is wise for Facebook members to "like" Facecrooks and follow its posts, so you are aware of emerging threats and scams.

Timeline Security Hoax Circulates On Facebook

If you use Facebook.com, perhaps you have seen the following status message:

"With the new 'FB timeline' on its way for EVERYONE, please do both of us a favor: Hover over my name above. In a few seconds you'll see a box that says "Subscribed." Hover over that, then go to "Comments and Likes" and uncheck it. That will stop my posts -- and yours to me -- from showing up on the side bar (ticker) for everyone to see, but MOST IMPORTANTLY it LIMITS HACKERS from invading our profiles. If you re-post this I will do the same for you. Thanks! (Click like on this post so I will know you unchecked.)"

Beware. This status message is a hoax -- an effective one too, since it trades on consumers' security fears. To learn more about why it is a hoax, visit Snopes and Facecrooks.

I can share this from personal experience. A couple Facebook friends sent this status message to me, and this hoax tricked me, too. The whole experience is reminder:

• Don't believe everything you read on social networking sites, and
• Verify claims before forwarding them as status messages to your friends.

Much Of Consumers' Internet Usage Assumes Unlimited Access

On Friday, my wife and I returned from a two-week vacation in Central and South America. Our cruise ship sailed from San Diego through the Panama Canal to Fort Lauderdale, stopping at ports in Mexico, Guatemala, Panama, and Colombia. The trip included an instructive reminder of how consumers' Internet usage is shaped by price plans.

Cruise ships contain many modern conveniences, one of which is Internet access via WiFi. Typically, each ship has both an Internet cafe and several hot spots for convenient access. Prices are pretty consistent across cruise lines. The Holland America ship we sailed on provided Internet access "as you go" ($ .75 per minute), a 100-minute block ($ .55 per minute), or a 250-minute block ($ .40 per minute). I purchased a couple 250-minute blocks, since I am a heavy user.

It doesn't matter what device you use on board: desktop, laptop, smart phone, or tablet. If it uses a WiFi connection, you pay a per-minute rate because of the satellite connection.

While aboard the MS Statendam, I accessed Facebook.com to tease coworkers and friends who were working hard while I relaxed poolside on the Lido Deck. The experience reminded me -- in monetary terms -- of just how time intensive most social networking sites like Facebook are. I quickly chewed through the minutes I purchased.

The old school approach: you read and created email messages offline, and then signed in online to send and receive email messages. Then, you signed off. It was a quick "in and out" online.

Today's typical online session: you sign into Facebook to browse your timeline for messages to comment upon. Next, you stay signed in to browse the Walls of specific friends, because Facebook uses a formula to selectively display only some from all of your friends. Then, you spend even more time signed into Facebook while reading articles at other websites which you friends mentioned in their Facebook status messages.

Compared to email, Facebook is time intensive. This is good for Facebook but not good for consumers in situations paying for Internet access by the minute. Most consumers access the Internet from home (or work) via unlimited access plans. (Not so for mobile phone access.) Right now, that unlimited access is good for both Facebook and for consumers. Change that unlimited access and you quickly change consumers' online behavior.

Wanting, Waiting -- For Facebook To Justify My Love

[Editor's Note: Today's blog post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Today, Michelle tackles the practice by Facebook to selectively display your friends' status messages.]

By R. Michelle Green

On Facebook (FB), I have 150 friends (like Dunbar, I think more than that is just not manageable, maybe even absurd). That’s above FB’s quoted avg of 130 friends, (likely higher now since I quoted that same stat last December, and anecdotally but obviously, that number differs by age). I embraced some of the early FB tools, like Groups, to manage multiple and disparate friend networks. But Facebook’s tools aren’t cutting it for me. I’m not happy.

FB is a creature by, of and for digital natives – like some huge shark, it’s always moving, changing. As a result, FB can be disorienting, even alienating, for those of us who don’t “live” there, and only occasionally visit. (Who knew one day my tech geek disdain for AOL’s simplicity would become an elder n00b nostalgia for consistency and predictability?...) I feel frustrated at not seeing more from some of my friends, particularly those who, like me, are busy enough that the quick and easy broadcast of an interest or whim is attractive. I believe such friends also tend to visit, rather than inhabit, Facebook. FB (understandably so) caters to its residents far more than its tourists, so I hear a lot from a few, and nothing from many.

With more and more social network choices* available to me, I decided to run an experiment or two. I knew a little about Edge Rank, FB’s way of privileging photos and links over text updates to maximize time on site, so I used a photo for my first test. I asked people to like the post if they saw it. Over three weeks, just 23 of my 150 friends liked, messaged or commented on a beautiful picture of bananas foster. Maybe it’s just the 80/20 rule, where 80% of the outcomes are provided by 20% of the users; 20% of 150 is 30, not too far from my unscientifically identified 23.

I might have stopped there were it not for the unfortunate death of a friend. Within an hour of his death, I posted a status update saying goodbye, sharing it only with the 14 people sub-group on FB who knew him. No one commented, messaged or in any way acknowledged the post. I saw these same people IRL three days later – no one mentioned having seen it. What happened? Was it just a glitch, and somehow the post was never seen? I might once have thought so, but I no longer trusted Facebook. The silence after my friend’s death struck me viscerally, not just intellectually.

I’m enough of a scientist to ask a lot of questions. Was it age? Bananas Foster responders ranged from 15 to 64. Could it be access? If only 15% of my friends responded, maybe 85% aren’t logging on? Not likely, based on Pew Internet Life studies. Two thirds of adult Americans use some social network site; and 96% of them use FB. Of those who are FB users, 83% log on at least once a week; 52% log on daily (FB agrees), and 31% several times a day. And while we’re not Australia or Israel, Americans spend about 6 hours per month logged in. Parse that another way: the average online FB session in the US is 23 minutes and 20 seconds. Surely that’s enough time for a friend to see my post and respond…

Almost exactly a year ago, I warned my FB friends that if they wanted to stay in touch with someone, they shouldn’t rely on FB to do it for them. Satisfaction is the difference between expectations and outcomes; maybe I just want too much from Facebook Nation. I am conducting one more test, posing a question to a specific sub-group of 35 FB friends. My question – can you hear me? And if not, should I follow 6 million other Americans, and leave FB behind?

(*What are those choices, you ask? Google+ or another competitor? And what of FB? Take down everything? Abandon the site, leaving a profile pic with forwarding information? Use HootSuite or TweetDeck to mechanically update my status every other week with “I’m not really here?” Another post, for another day, Gentle Reader. What would you suggest?)

---

© 2011. R. Michelle Green. Reprinted with permission.

A 24 Year Old Student Issues The Challenge: Europe Versus Facebook

Whether you use Facebook or not, this bears watching. After researching the issues, a 24 year-old student from Vienna is challenging how Facebook treats members' personal information: data collection and deletion. Not liking what he found, his next steps were a series of 22 clear and well-reasoned complaints submitted to the Irish Data Protection Commissioner, since European users have a relationship with the Facebook subsidiary located in Ireland.

According to Kim Cameron's blog:

"Europe versus Facebook, which seems eventually to have become an organization, then opened its own YouTube channel. As part of the documentation, they publicised the procedure Max used to get his personal CD... So many people applied for their own CDs that Facebook had to send out an email indicating it was unable to comply with the requirement..."

The article confirms what I found in this prior post about Facebook social plugins: they monitor your usage across the Internet whenever you visit a site with the Like button (or other Facebook social plugins). Using a different web browser may or may not provide the privacy you seek.

For English, click on both the CC and annotation icons to see subtitles in English.

Login Notification Security Feature via Email

I have written in this blog several posts of Facebook.com features I don't like. Today's post is about one feature I do like: e-mail notifications about log-ins.

When I change my Facebook password every 90 days (don't you too?) at the Facebook website, I have to log out and log back in with my smartphone to enable my Facebook apps. Like many other people, I configured my smartphone to allow me to automatically post photos to Facebook.com. Facebook sends to me the following email message for this smartphone activity:

"Hi George Jenkins,

It looks like someone used your Facebook account to log into Facebook for Windows Phone (Friday, September 2, 2011 at 12:23pm).

Was this you? If so, you can disregard the rest of this email.

If this wasn't you, please follow the link below to protect your Facebook account information:
[Facebook login link redacted]

To learn how login notifications like this one can help you to protect your account information, visit the Help Center: http://www.facebook.com/help/?topic=loginnotifications. Please note: Facebook will never request your login information through email.

Thanks,
The Facebook Team"

What I like about this email:

• It confirms login activity I know about
• It's a good security alert feature. If an identity thief stole my password and logged in with his/her smartphone, I would be notified -- and can change my passwords
• It contains a link to relevant help information that's useful for Facebook members who aren't sure what about these alerts
• The alert uses a different method (e.g., mail) rather than simply rely on traditional in-page website confirmation messages

I wish more websites used a similar alerts security feature.

Want to learn more? Some tips about how to use Facebook securely:

• Facebook Photo Tagging With New Facial Recognition Software: What You Need To Do About Your Privacy
• The Risks of Disclosing Your Birthday on Facebook And Other Social Networking Sites
• 7 Things You Should Stop Doing On Facebook
• 13 Things Not To Post On Facebook Or Any Social Media Site
• Facebook Newbie? Read This First
• Facebook Apps Share Members' Personal Data With Advertisers and Web Tracking Companies
• Burglarized By Their Facebook Friend
• Facebook Finally Offers Https Option; Plans To Allow Advertisers To Publish Members' Posts

Browser Plugin Tracks And Shares Your Online Activity

Wondering how much time you spend on Facebook? Curious about which social networking website you spend the most time at? Well, Voyurl is a new browser plugin that tracks (and shares) your online usage. According to Mashable:

"Voyurl‘s private beta version was a recommendation engine based on friends’ and the general community’s online activity, as collected by a plugin they installed. When you added a friend, you could see what new sites he or she was visiting. You could also see what sites the community visited most often... A curated list of recommendations is created based on what sites you visit and how you behave on them. Factors like scrolling and mouse hovering are taken into account to decide what you like."

In my opinion, this product sounds like something for the brainless and clueless. I don't need to know every website my friends visit. They'll often tell me what they like and how they use it. Based on that and my own needs and assessment, I can determine if the site is important or relevant enough to use.

If you want to follow the herd and make decisions based on which sites your friends use most, then go ahead and use Voyurl. Me? I prefer to make decisions about which websites I register at based on:

• The website's terms of use and privacy policies
• The website's features and options for me to maintain my privacy and control my profile data
• The website's data security and history of data breaches
• My content and information needs
• The website's added value (an evaluation of its price and benefits)
• The websites alert and news features (e.g., RSS feeds, e-mail, posts within the social networking sites of my choice)

10 Dangerous Habits Consumers Still Do Online

Based on a recent Symantec survey, the ZDNet Security blog posted a list of ten dangerous habits consumers still do online. The list can be summarized into two broad behaviors:

• Consumers trade convenience for security
• Consumers ignore online risks they are aware of

The list of detailed dangerous habits:

1. Sharing too much information in social networking websites
2. Trusting company websites to protect their information
3. Assuming the links in email, text messages, and social networking posts are safe to click on
4. Not educating themselves enough about the threats and ways to protect themselves
5. Not updating the anti-virus and malware software on their computers and mobile devices

My pet peeve is number four. Regarding number three, every Facebook user should follow the alerts from websites like Facecrooks, which greatly helps you learn about which links to avoid.To view the complete list of dangerous habits, visit the ZDNet Security blog.

Win Some Cash! Enter The Privacy Concern Contest on Twitter

Here is an opportunity to win some cash! PrivateWiFi, a provider of secure wireless services, is operating a contest via Twitter. Tweet your biggest privacy and security concern and you might win one of the following prizes:

• First Prize: $300
• Second Prize: $200
• Third Prize: $100

The contest started July 12 and ends Friday, July 22. Browse contest rules. You can enter multiple tweets. After the deadline, PrivateWiFi will select the three winning tweets. To enter the contest, tweet your online privacy and security concerns to @PrivateWiFi and use the hashtag #ilikeprivacy. Here is my entry:

@PrivateWiFi Banks selling consumers' debit card shopping habits to 3rd parties. Broken trust & don't know where data goes. #ilikeprivacy

Here are a few other entries:

"SarahaADowney My biggest privacy concern is the collection, sale, & public display of personal data on people search websites. #ilikeprivacy"

"TomBarten my biggest privacy concern is not knowing, and not being able to find out, what happens to your personal data. #ilikeprivacy"

"CAPAPA Privacy-invasive provisions of the negotiated-in-secret Anti Counterfeiting Trade Agreement #ACTA #ilikeprivacy"

So, visit Twitter.com or fire up the twitter app on your mobile device and enter the contest today!

Curious? A few related articles:

• Several banking moving to sell consumers' debit card shopping habits. Shopping habits include how much you purchased, where, and when
• Dump The Porn! Spokeo Has Blown Your Cover!
• Who is Acxiom And What Does It Do With Consumers' Personal Data?
• Apple, Mobile Device Privacy Abuses, And Data Plan Theft
• How Telemarketers Get Your Mobile Phone Number
• Video: Invasion of the Data Snatchers
• New ATM Scam Tactic: Glued Keyboards
• BBB: The Top 10 Scams Of 2010
• What Are Your Personal Identity Information Values?

Groupon India Subsidiary Suffers Data Breach

Last week, the online deals company Groupon announced that its subsidiary in India, SoSasta, suffered a data breach. According to Reuters, an unnamed security expert alerted the company.

Unencrypted passwords and perhaps email addresses of customers were exposed or stolen. InfoWorld reported the Sosasta database size to be 300,000 customers.

SoSasta posted a notice on its Facebook account that the security issue had been fixed, and that customers' financial information (e.g., credit card and debit card information) had not been exposed nor stolen. SoSasta advised its customers to change their passwords.

While it is good to see breach notices on a scoial networking account, It is a concern that the company didn't discover the breach itself.