Consumer Reports Reviews Facebook And How To Use It Safely

If you haven't read it, there is a good review by Consumer Reports of the Facebook social networking website. The news media has focused on some of the controversial aspects of the report. For example, CNN reported, like many other news organizations, the survey finding that about 25 percent of Facebook users lie about information in their Facebook profile to protect their identity.

While lying about profile information may seem like an effective privacy strategy, the Consumer Report review of Facebook highlights the various ways Facebook tracks its members. Some Facebook members have made conscious choices to share personal data, and do so in status messages, sharing items, and commenting upon others' status messages. Yet other tracking methods exist.

The Consumer Reports review is a good reminder that its members are the products:

"... the company uses your data to help advertisers deliver ads that you may find useful. Suppose, for example, that you have “liked” the San Francisco 49ers page, or simply posted comments about football. You shouldn’t be surprised to see ads in the margins for football tickets, fan paraphernalia, and the like. Facebook does not share any of your information with advertisers that buy those ads unless you give permission. If you click the ad and purchase something, the advertiser obviously learns who you are. And even if you simply “like” a brand page, the company can automatically send posts to your account."

One tracking method is the facial-recognition software used to "tag" (e.g., identify) people (and places) in both photos and videos. Members who aren't careful to turn off the geo-tagging feature in their smart phones or tablets will provide even more personal data with photos and videos uploaded to Facebook.

Another method are the Facebook apps member use for music, news, and games -- which are loosely managed by Facebook:

"... according to Kevin Johnson, security consultant at Florida-based Secure Ideas, who has developed apps and tests their security. The sole credential needed to create an app is a verified Facebook account, including a cell phone number or credit card. And the company doesn’t have to review your source code (programming instructions) before it goes live..."

So, there seems to be little to no verification of apps for security or compliance when those apps have a privacy policy.

A method Facebook uses to track both members and non-members includes those "Like" buttons you have see on websites across the Internet:

"... Facebook keeps track of the other websites [its members] visit. That happens via the “Like,” “Recommendations,” and similar buttons that so many sites include. In addition to reporting your presence, the “Like” button sends along the date and time of your visit and your IP address, whether or not you click on it. The company has acknowledged that this happens even when Facebook users are logged out, a practice that had prompted class-action lawsuits in the U.S. If you’re logged in to Facebook, it can collect even more data. The company also said that it collects data from people who are not its users and have never visited its site..."

The review is also a good reminder of the scope of data Facebook collects:

"... thanks in large part to Max Schrems, a 24-year-old Austrian law student who managed to get a fuller copy of his personal information last year from Facebook's Dublin office, which oversees relations with users outside the U.S. and Canada. Schrems was surprised to discover, among the 1,222 pages of data covering three years of Facebook activity, not only deleted wall posts and messages, some with sensitive personal information, but e-mail addresses he’d deleted and names he’d removed from his friends list... Facebook collects the same type of detailed information on American users, as confirmed by documents it released to Boston police during their investigation of Philip Markoff..."

If you want to learn more about Schrems, visit Europe Versus Facebook. The review ends with a list of nine ways consumers can use Facebook (and similar social networking sites) safely:

"1. Think before you type. Even if you delete an account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.

3. Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.

4. Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.

5. “UnPublic” your wall. Set the audience for all previous wall posts to just friends.

7. Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see."

Read the complete review of Facebook.com by Consumer Reports.

MBTA Releases Third Proposal: Smaller Fare Increases And Fewer Service Reductions

Earlier this year, the MBTA held 25 community meetings to collect feedback from the public about its two proposals; each including different amounts of fare increases, service reductions, and service eliminations. Yesterday, the MBTA release a third proposal, based upon feedback from the public, which includes smaller fare increases and fewer service changes than the first two proposals.

Highlights of the latest proposal:

• Reduces its single year deficit from $185 million to $159 million
• 23% overall fare increase
• 35% fare increase for ferry riders
• Green Line: elimination of E branch weekend service between Brigham Circle and Heath Street
• Commuter Rail: elimination of weekend service on Needham, Kingston/Plymouth, and Greenbush lines
• No reduction in RIDE service, but a $5.00 premium territory fare
• Creation of a "Watch List" for low-performing routes

While the overall, average fare increase reportedly is 23%, the actual fare increases for certain segments are greater. These increases are still painful for many residents who can least afford the increases. Single-fare increases:

• Seniors: local bus: 87.5%
• Seniors: rapid transit: 66.7%
• Student: local bus: 25.0%
• RIDE within ADA territory: 100.0%
• RID outside ADA territory: $5.00 surcharge per trip

Fare increases for selected passes:

• Senior/TAP: 40.0%
• Student 5-Day: 25.0%

Several documents describing the latest proposal are available at the MBTA.com website. The fare increases and service changes will affect everyone, not just MBTA customers. The MBTA Impact Analysis (Adobe PDF; 3.4 M Bytes) states the following about air quality and quality-of-life impacts:

"A reduction in transit trips and addition of automobile trips generally causes increases in the generation of CO, VOC, NOx, CO2, and particulates... as the numbers of automobile trips and vehicle hours increase, the congestion on area roadways also increases. This additional congestion results in lower travel speeds (which are associated with higher emissions of pollutants) for all vehicles, not just those of former transit users... Scenario 3 results in increases in all pollutant emissions and an overall worsening of air quality. VOC emissions increase by the greatest percentage, followed by CO and CO2. Scenario 3 bears out a general rule that usually applies in air quality analyses of this kind: any loss in transit ridership that results in an increase in auto vehicle-miles and vehicle-hours traveled will lead to some level of increase in pollutants."

The fare increases and service changes move the state away from sustainable solutions and towards a greater dependence upon automobiles (and petroleum), with both increased air pollutants and greenhouse gas emissions. This is the wrong direction. Commute times will increase and air quality will worsen for everyone. We cannot drive our way out of this problem.

Transportation systems in several American cities face fiscal issues similar to Boston's system. Several consumer groups are planning a national protest about mass transit for April 4, the 44th anniversary of the assassination of Dr. Martin Luther King.

FTC Testifies Before Congress About Identity Theft And Fraud Affecting Children

On September 1,the U.S. Federal Trade Commission (FTC) testified before the House Committee on Ways and Means Committee Subcommittee about identity theft and children. At the hearing in in Plano, Texas, Deanya Kueckelhan, Director of the FTC’s Southwest Regional Office, delivered the FTC testimony.

The theft and fraud involving children's Social Security numbers is a growing problem. Identity thieves can access and steal Social Security numbers from children’s records in schools, doctors offices, social services agencies, and other sources. Sometimes, family members who have fallen on hard economic times use the identities of their children to obtain credit they couldn't obtain otherwise. Experts explore the problem recently in the Stolen Futures forum, hosted jointly by the FTC and the Department of Justice’s Office for Victims of Crime.

For adult identity theft, the Bureau of Justice Statistics reported in its National Crime Victimization Survey Supplement that about 11.7 million persons, about 5% of all Americans ages 16 or older, were identity-theft victims during a two-year period ending December 2008. The financial of that theft was $17.3 billion.

For child identity theft, a study by ID Analytics found 142,000 instances of identity fraud each year in the United States where children are the victims. Another study by the Carnegie Mellon CyLab of 40,000 children who had been enrolled in an identity protection service found that 4,311 of those children -- about 10.2 percent -- had loans, property, utility, and other accounts associated with their Social Security numbers.

In her testimony, the FTC's Kuechelhan describe another aspect of the child identity theft:

"... a child’s unused SSN is uniquely valuable to a thief because it typically lacks a previous credit history and can be paired with any name and birth date. In effect, a child’s identity is a blank slate that can be used to obtain goods and services over a long time period because parents typically do not monitor their children’s credit..."

Kuechelhan also described the identity protection problem:

"... fraud alerts, a key tool used by adult victims of identity theft to warn potential creditors of possible identity theft, are premised on the existence of a credit file. Parents ordinarily cannot place a fraud alert on their child’s credit file if the child has no such file. Further, remedies available under federal law such as extended fraud alerts, access to documents underlying the theft, and blocking of erroneous debts typically require a victim to obtain a police report to document the crime... children victimized by parents or guardians are often reluctant to file a police report naming a loved one or a source of financial support as the perpetrator."

Read the FTC testimony (PDF).

What is a parent to do? First, concerned parents should understand the available credit file protection tools: fraud alert, credit-file freeze, and the differences between the two tools. Second, investigate a credit monitoring and identity protection service to cover both parents and children in your family. Several services exist, which I will explore in future blog posts. Shop around because monthly prices and features vary.

Third, teach your children, tweens, and teens about money, credit, the sensitive personal information they must protect, and their responsibility when they become adults to monitor their credit files produced by the major credit-reporting agencies: Equifax, Experian, and TransUnion. You can find plenty of information in this blog.

In my opinion, a broader solution to the problem would be for credit reporting agencies to automatically place a free Security Freeze on the credit reports of all children. This freeze would automatically be lifted (for free) when the child turns 18. Parents could temporarily lift the freeze for children younger than 18 for instances to apply for education loans for that child.

What do you think of child identity theft?

Living Life Online: New FTC Guide For Teens And Tweens

The U.S. Federal Trade Commission (FTC) has launched the Living Life Online website to help teens and tweens stay safe online, make good choices online, and understand the consequences of their online choices. A companion print guide (PDF, 3.4 MBytes) explains the website. Both include short articles, activities, quizzes, and an ask-the-expert column, all to help kids learn how to think critically:

"As you live your life online and off, some behaviors can help you be more successful: asking questions to help you figure out what’s real and what’s hype; thinking about things to do – or not – that can help you keep safe; figuring out ways to act that can help you treat others the same way you’d like to be
treated."

The guide addresses topics including sexting, cyber-bullying,online manners, your personal information to protect, photo-sharing, how to avoid cell-phone bill shock, and much more:

"What you post could have a bigger "audience" than you think. Even if you use privacy settings, it’s impossible to completely control who sees your social networking profile, pictures, videos, or texts. Before you click send, think about how you will feel if your family, teachers, coach, or neighbors find it. Once you post information online, you can’t take it back. You may think that you’ve deleted information from a site – or that you will delete it later. Know that older versions may exist on other people’s computers... Get someone’s okay before you share photos or videos they’re in."

The print guide includes resources (e.g., worksheets and information) for parents to encourage discussion with their kids. I found the Living Life Online website thin on interactivity and not nearly as robust as it could (should) be to fully engage kids. The website is more a webpage. A better implementation could have presented separate website sections for children and parents. Hopefully, this is the draft version of the webiste and enhancements will be released soon.

The print guide is a good resource for kids and parents to start the process of learning and discussing good decision-making online. Kids living in the USA must ultimately learn who the FTC is and how to use its resources -- chiefly to recognize phishing, to protect their sensitive personal information, and to file identity theft and fraud complaints.

With a variety of topics, the Living Life Online print guide is a good first step to help kids learn to make good decisions online. What do you think of the guide?

10 Dangerous Habits Consumers Still Do Online

Based on a recent Symantec survey, the ZDNet Security blog posted a list of ten dangerous habits consumers still do online. The list can be summarized into two broad behaviors:

• Consumers trade convenience for security
• Consumers ignore online risks they are aware of

The list of detailed dangerous habits:

1. Sharing too much information in social networking websites
2. Trusting company websites to protect their information
3. Assuming the links in email, text messages, and social networking posts are safe to click on
4. Not educating themselves enough about the threats and ways to protect themselves
5. Not updating the anti-virus and malware software on their computers and mobile devices

My pet peeve is number four. Regarding number three, every Facebook user should follow the alerts from websites like Facecrooks, which greatly helps you learn about which links to avoid.To view the complete list of dangerous habits, visit the ZDNet Security blog.

Privacy Crusader: Protecting Children From Tracking Kids Apps

A new class-action lawsuit highlights the privacy issues where mobile devices, gaming, and children intersect. OpenFeint, Inc. and GREE International were named in a class-action lawsuit which alleged that OpenFeint singularly and together with third-party app developers conducted unfair and deceptive business practices and privacy violations that (bold emphasis added):

"... gained unauthorized access to, and unauthorized use of, Plaintiffs’ and Class Members’ mobile devices to access, collect, monitor, and remotely store, without notice or consent, Plaintiffs’ and Class Members’ mobile device’s Unique Device Identifiers, Personally Identifiable Information, OpenFeint user account, GPS “Fine” co-ordinates, and Facebook/Twitter profiles..."

GPS fine coordinates are consumers' exact latitude and longitude (to within a few inches), as opposed to estimates of your GPS location to the nearest cellular tower. It is important for mobile device users to know whether the app tracks your precise or estimated GPS location.

UDID is the "Unique Device Identifier," a 40-digit code embedded in all mobile devices. It identifies your mobile device and when matched with your cellular phone number, allows companies to identify your mobile device, location, and app usage as uniquely you.

I don't need to explain the wealth of sensitive personal information available in Facebook profiles. Facebook members typically upload into their profiles address data, online contact information, family information, education, employment, photographs and videos, hobbies, websites of interest, television shows of interest, and with location-based check-ins the time, date, frequency, and duration of visits to various retailers.

The complaint alleged that OpenFeint violated the Computer Fraud And Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), California's Computer Crime Law, the California Invasion of Privacy Act, and the Consumer Legal Remedies Act (CLRA).

While prior lawsuits have focused on tracking and privacy issues, this suit deserves attention because the allegedly affected mobile device users also included children -- as young as 4 years of age. The complaint describes how OpenFeint offers a huge mobil e social gaming network with at least 5,300 game applications and alleged:

"... many of the downloaded applications affiliated with Defendant OpenFeint involved the unauthorized tracking of minor children."

And:

"... OpenFeint targets minor children with free affiliated gaming applications designed and promoted as “Kid apps,” purposely including storybook tales, friendly animals, and child-like game scenarios to attract children, so that the child’s parents would be more likely to allow for the app download, relying in part on the posted children app ratings. Many of Defendant OpenFeint’s gaming applications are rated 4+, for ages four (4) and up, rated 9+ for ages nine (9) and up, and rated 12+ for ages twelve and up."

The gaming market is huge. Google/Android and Apple/iOS mobile devices are capturing a larger share of the $7.3 billion global mobile gaming market.

OpenFeint is a social gaming platform that app developers use to develop games for the Apple iPhone, iPad, iTouch and Google/Android mobile devices. The game apps typically provide users with the capability to import friends from their Facebook and Twitter profiles. Earlier this year, GREE International acquired OpenFeint for about $104 million. OpenFeint was previously known as Aurora Feint.

The suit was filed in Northern California District Court by attorneys Parisi & Havens LLP, and the Law Office of Joseph H. Malley, P.C. While reading the complaint, I recognized Malley's name, since he is often referred to as a "Privacy Crusader." Malley was involved with class-action suits against Adzilla, NebuAd, Quantcast ("zombie cookies"), Ringleader, Facebook, and Apple. In 2010, Facebook settled its suit for $9.5 million. So, Malley has plenty of experience with online privacy and tracking issues.

The complaint cited a May 2011 investigation by Cortesi about how companies collect UDID and consumer information from mobile device apps. That investigation included both encrypted and unencrypted Internet traffic for about 94 iPhone apps:

"84% of apps tested contacted one or more domains during use... Three big aggregators of UDID-related data dominate: Apple, Flurry, and OpenFeint. Each one of these companies has the vast majority of UDIDs on file, linked to a rich set of privacy-sensitive information. OpenFeint's ubiquity is one of the reasons why UDID de-anonymization using their API is so serious."

Since consumers have no way to stop apps from collecting their UDID, and if consumer data can de-anonymized, then consumers effectively have no online privacy regardless of companies' claims to anonymize the data they collect. That means companies can compile databases rich with value, and make money by selling that information to others.

So, I also read the Cortesi article about de-anonymizing the OpenFeint data. Since Cortesi was able to de-anonymize the data OpenFeint collected, it means that companies could have done so, too, and compiled databases of greater value than otherwise:

"... I was able to link roughly 30% of UDIDs to GPS co-ordinates, 20% of users to a weak identity (e.g., OpenFeint profile picture, user-chosen account name), and 10% of UDIDs directly to a Facebook profile... Although the Facebook and GPS de-anonymization issues have been repaired, we have to consider the possibility that these vulnerabilities have already been used to de-anonymize a database of UDIDs."

While much of API data leakage has been fixed by OpenFeint since the Cortesi article, the fact remains that the data leakage occurred. That makes me wonder how effective OpenFeint's quality control process really is, what other OpenFeint API data leaks haven't been found, and which other companies used their access to OpenFeint data leakage to improve their database value.

The complaint also cited several studies about consumer tracking and sensitive data collection, including the Wall Street Journal Cellphone Testing Methodology, which allegedly included several OpenFeint gaming apps. This cellphone analysis is part of the Journal's What They Know series.

Download the Hines v. OpenFeint complaint (3,782 K Bytes, Adobe PDF format).

It is good to see a focus on tracking and data collection issues related to children. Since teenage children give little or no attention to privacy issues, it is logical to assume that younger online users don't either. Young children -- ages 4 thru 8 -- are too young to read and understand the privacy and terms of use policies at websites.

I like how the complaint mentioned the various costs to consumers. One cost is the value of the stolen sensitive personal information. Another cost is the larger data downloads, since consumers typically pay monthly fees for data plans with their mobile devices. The more data captured and downloaded without notice, the greater the financial impact upon consumers.

It is important for all mobile-device users, especially parents, to research the mobile device apps they or their children want use before purchasing and downloading the apps. There are several helpful resources, including the Wall Street Journal mobile, CNet, MacWorld, and PC World websites.

What are your opinions of Open Feint and this lawsuit? What do you think of companies tracking minor children online?

Teens Don't Give Any Thought Or Consideration To Online Privacy

If you are a parent, then this article is a must-read. This Washington Post article highlighted the fact that teenage children don't given any thought or consideration to online privacy. That is, they don't read privacy policies, terms of use policies, or consider the implications when registering at websites or when installing apps on their mobile devices.

This is great news for marketers and app developers. Terrible news otherwise:

"With few restraints, teens are creating digital records that also shape their reputations offline. All the status updates, tweets and check-ins to specific locations can be reviewed by prospective employers, insurance companies and colleges... the opportunities to share information online are so frequent and routine that [teens] hardly even stop to think about them."

The WP article described a 13-year-old teen who regularly paid for and installed mobile device apps and games with a credit card number his parents had provided. In my opinion, that is poor decision-making by both parents and the teen. Parents who won't let their children go to the mall alone will let their children go anywhere online. That is a recipe for disaster, as the same bad people who frequent pulbic spaces also go online, too.

The article included an honest and disgusting comment from a retailer about the placement of online privacy policies and warnings:

"... if we were to present them with additional warnings, cautions and terms and conditions in a form that is impossible to ignore or misunderstand, it will end up ruining the experience that they paid for."

Really? That attitude emphasizes making money despite the consequences and damages. They are selling services to children and that attitude isn't just helpful. It's counter-productive.

Having raised three children, teens' sloppy online habits are no surprise. When my grown children were teens, I saw this with their their computer usage. They regularly used computers without anti-virus software. and shared game software install disks that were often infected with malware. No thoughts to safe computing.

Unfortunately, peer pressure often rules. Teens will rush to register for a new game or at website to fit in with their peer group. While rushing, risks are ignored and privacy not considered. Teens often have an attitude of invincibility; that bad things won't happen. And when those bad things do happen, a parent will save them.

It's important to remember that they are teenage children, not teenage adults. Just as teens need to be taught good money management, they need to be taught safe online habits:

• Learn how to read website privacy and terms-of-use policies
• Keep the anti-virus software on their computer current and active
• Use valid software and not stoeln copies
• Use strong passwords and passwords to never use online
• Don't disclose family personal information. I really liked how one of the parents in the WP article gave their teen a specific list of sensitive personal data items to never share online
• Learn how to recognize phishing e-mails, websites, and text messages
• Learn how to use search-engine websites while avoiding malware infected websites
• Don't allow online banking until after the teens become adults and master the above list of skills
• Learn how to do online banking safely
• Stop doing these 7 things on Facebook and other social networking sites

Kids, Smart Phones, and The Internet: The Privacy Risks

Over at the Downtwon Women's Club blog, Diane Danielson has written a very good article about some of the risks children can expose themselves (and you) to with today's smart phone and Internet access. I've known Danielson for years and her blog is a high-quality one. While performing some online research, Danielson:

"... found the tweet of a kid writing expletives about the local cops. The child’s account was supposed to be a “protected” Twitter account, but for some reason it came up in a search via 3rd-party software..."

Danielson advises parents that nothing is truly private on the Internet, so some oversight by parents of their children's online use is necessary. Children don't yet understand the privacy issues and threats.

"Even if you don’t want to monitor your child, at least take that phone, iPod, laptop, iPad, and/or Xbox live away at at night. They really do stay up communicating via these platforms all night long. I noted that this offensive “tweet” was sent from a phone at 11:59 pm..."

Danielson advises parents to perform oversight by performing searches (e.g., Google, Yahoo, Bing, etc.) on your children's names, your home address, your name, and your name with your street address. I agree with her advice.

When Anonymous Is Synonymous With You

[Editor's Note: Today's blog post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Today, Michelle tackles online profiles and privacy.]

By R. Michelle Green

I recently wrote a blog post about information available from your smartphone. It described how different their data transmission is from that of computers. Whereas some tools exist on computers to manage various types of cookies (thus allowing the user management of information flow), those tools are absent for smartphones.

But it’s all anonymized, right, so who cares?

Not so fast! There’s anonymous and then there’s anonymous. For example, would you rather:

a)   have a detailed file about you with your name on it;
b)   have a detailed file without your name attached;
c)   have a detailed file without your name, but with the data tied to your face;
d)   have a file so detailed that it’s even called a fingerprint, but without your name.

Please note there is no choice of ‘e) none of the above.’

Option A is basically your credit report, but at least that should not be easy to obtain. Option B is what I expect when I go online. I try to minimize the information flow, to thwart the marketeers, but ultimately they are much more determined and well funded –and they want to know what we’re doing online. PS – just because your name’s not attached doesn’t mean it’s anonymous. Our smartphones are transmitting the phone’s unique identifier along with other data.  And location analysis will probably show that your smartphone sits at a particular address most every evening.

But surely I made up Options C and D. Wrong! Thanks for playing. Attendees at the 2011 Consumer Electronics Show saw Option C in Viewdle, a Qualcomm partner. Viewdle envisions real-time, cross-platform, facial recognition at the point of capture. Identify someone in a picture you take with your phone, and it will recognize and identify that person in other pictures. Take a picture and their latest tweet or status update can appear beneath the image. And Option D? Read this article (go Wall Street Journal!!) about fingerprinted computers and see if your knees get weak.

At one point I worked in a company with 93,000 employees. They would annually ask for anonymous feedback on management styles and company performance. I had moved up quickly and was young for the responsibilities I had. A demographic page asked for job level, age, gender, ethnicity. I took to writing in the margin of my completed demographic information, “and now you know exactly who I am.”

Blue Cava plans to know exactly who you are, merging its fraud protection data with its advertising data. Hell, [x+1] may already know – they’re just being modest about it. "We never don't know anything about someone," says John Nardone, [x+1]'s chief executive, who did not have my English teacher in high school. This JPG image shows information the Wall Street Journal captured as one woman visited a bank’s credit card site. Separately, these and other companies are working on Option E – all of the above.

So does this mean we should just give up and face the inevitable? What, In America? Where we have lawyers? Apple is already facing a suit for transmitting information via iPhones and iPads. Meanwhile, the Mobile Marketing Association is trying to get ahead of the issue by setting standards for behavior. And as history shows, if the wrong member of Congress discovers this, who knows what legislation could result.

My advice? At least stay informed. And stay tuned.

Teenagers And Identity Theft Prevention

A recent Associated Press news story on ABC News highlighted a new trend by identity criminals to steal the sensitive personal information of children and teenagers. Why? Because youth have unused Social Security numbers which thieves can resell to people who want to obtain credit fraudulently. Plus, parents (and their children) don't check their chldren's credit reports for fraud.

What should you do? Parents should ensure that their teenager children learn how to spot phishing attacks -- attempts by identity criminals to trick teens into revealing their sensitive personal information.

The Federal Deposit Insurance Corporation (FDIC) advises teens:

"Even if you're too young to have a checking account or credit card, a criminal who learns your name, address and Social Security number may be able to obtain a new credit card using your name to make purchases. One of the most important things you can do to protect against identity theft is to be very suspicious of requests for your name, Social Security number, passwords or bank or credit card information that come to you in an e-mail or an Internet advertisement, no matter how legitimate they may seem."Teens are very comfortable using e-mail and the Internet, but they need to be aware that criminals can be hiding at the other end of the computer screen," said Michael Benardo, manager of the FDIC's financial crimes section. These types of fraudulent requests can also come by phone, text message or in the mail."

To that I would add: don't give out your health care coverage information or account number. Some identity theft includes medical identity theft.

To summarize, teens must learn how to recognize phishing websites, phishing email messages, and phishing posts at social networking sites. You have probably seen the $1,000 gift card scam circulating within Facebook. If it sounds too good to be true, it usually is.

To learn more, try these blog posts:

• High School Seniors Need Help WIth Money Management
• 7 Things You Should Stop Doing On Facebook
• Warning College Students About Identity Theft
• College Offers Cyber Training For New and Current Students
• Identity Theft Prevent Tips For College Graduates
• How To Find A Job While Safeguarding Your Sensitive Personal Data

College Offers Cyber Training For New & Current Students

As an information architecture professional, I have participated in website redesign projects for several colleges and universities. It's always a pleasure to make a college's or university's website easier to use and to navigate for the school's target audiences.

I was pleased to read about an upcoming event in October at Colin College in Texas titled, "Being a Cyber Smart Student- What You Do Now Can Affect You Later." It would be hard to find a truer title for this event. The event description:"

"Technology is a way of life for today's teens; however, what was cute in high school can have serious and long-term consequences in college and the real world. Dallas-Fort Worth Metroplex attorney, Lynn Rossi Scott, will discuss the pitfalls for college students, including copyright violations, identity theft, social networking, child pornography, cyberbullying, shaming, and sexting."

Hopefully, more colleges and universities will draw upon nearby privacy experts to offer similar training sessions to both current students and high school students. The identity theft risks are great, and both college students and high school students need the training. Learn more about tips for college graduates to avoid identity theft and fraud.

High School Seniors Need Help With Money Management

I recently wrote about identity theft tips for college graduates. It seems that things are worse with high school seniors.

According to a recent survey by Capital One Financial Corporation, high school seniors benefit greatly from financial education both in the home and at school. Either one alone is not quite enough. The survey found that those seniors with financial education both at home and at school felt significantly more confident about their personal finance skills and knowledge.

The survey also found that nearly half (45 percent) of all high school seniors surveyed said they are unsure or unprepared to manage their own banking and personal finances. Compare that to this: of the students who had a personal finance class 75 percent said they felt prepared to manage their finances. Another 66 percent rated themselves "highly" or "very" knowledgeable about personal finance, compared to only 30 percent for high school students who didn't have a financial education course.

If this is how high school students without a financial education course rated their confidence, the percentage must be similar for those who haven't learned about identity theft and fraud.

Parents Involvement Matters

The survey also found:

• 20 percent of high school students said that they "frequently" discuss money management and personal finance issues with their parents
• 45 percent said they "sometimes" discuss money management and personal finance with their parents
• 34 percent said they never discuss money with their parents, or only when necessary
• Of students that reported frequent discussions, 71 percent rated themselves as "highly" or "very" knowledgeable about personal finance, and 81 percent feel prepared to manage their own finances

Having a Job Helps

The survey also found that having a job during high school helps prepare high school students to manage their money and finances. Of the high school student who already had a job, 72 percent said that their job experience prepared them in some way.

To help parents and young adults, Capital One partnered with Search Institute to create a free multimedia financial literacy program at www.bankit.com. The program helps parents and teens learn practical skills together and avoid common mistakes.

Facebook Newbie? Read This First

[Editor's Note: I am happy to introduce guest author R. Michelle Green, the Principal for her company, Client Solutions. I met Michelle in T'ai Chi Ch'uan class. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Here's her take on Facebook.com including some tips even experienced Facebook users may not know.]

By R. Michelle Green

Two of my friends just joined Facebook. Just.

If you are in their company, here are some things you should know.

When people first friend you, you think "Wow, he thought of me! Sure, I'll friend that guy from third grade!" Then a month later you're like, "Why did I do that? I have nothing to say to him." What if it’s a one-night stand from college? The first boss you ever had? It's flattering at first, maybe even interesting for a month or two. Then you realize that one of them is flooding your news feed with their obsession with lolcats. So think before you click.

If you have authority over others who friend you, you may want to decide in advance on a friending policy. For example, I know a college administrator who only friends students after they have graduated. Thinking it through in advance can save some embarrassment later.

Some of your friends may friend your friends just because s/he’s your friend (whoa – that made me dizzy). Unless I am sure it’s someone I know, I don’t friend profiles without a picture. Even so, one friend had to put a warning on her page to beware of an impostor. The impostor's Facebook page used my friend's pictures and particulars. Facebook's Help Center was unresponsive. The impostor is no longer visible but we never knew for sure if Facebook took down their account, or if the impostor simply tired of the game.

If you like, you can always de-friend someone. They will not receive a notification from Facebook, but if they have just two friends, they will notice that you are no longer on their friends list. (That may matter to you.) If they have 100 friends, they'll never notice.

Think about where and how you reply to people. If you write it on their Facebook wall, or comment to a status post, people you may never meet may read it as a notification or part of their news feed (never meet that is, until they become your boss or something). About 50% of the time, I choose to reply with specific messages, and rarely use the write-on-the-wall feature.

Another caution: sending someone a message lets them look at your profile for a little while, even if they are not your friend. So, if someone you don't know or can't verify somehow contacts you, ignoring the message is your best bet. Here's a scary article showing you the lengths some will go to hack your Facebook account.

Be careful of stuff sent to you, even by people you respect (their Facebook account may have been hacked). The koobface virus, the crush me virus, and marketing things like the free $500 Whole Foods card scam come to mind. A tech savvy friend fell for the Whole Foods card scam, and the program sent info requests pushing the same deal to all his friends under his name.

If someone can hack (or guess) your password just from looking at your profile (see note about sending messages, above), bad guys may hijack your Facebook account, block key people (e.g., spouse, kids), and then send friends desperate messages without your knowledge (“help I’ve been mugged overseas, send money!”). Things like this have led me to construct my longest online password for use on Facebook; one I don’t use anywhere else.

Review your privacy settings. The "Friends of Friends" setting sounds alright, but in practice is problematic. Two of my friends are performers – they have over 250 friends each, some of whom are also performers. You do the math.

You can set varying privacy limits by building lists of friends. For example, set up an immediate family list and give them special access. I’m up to 8 lists at this point. Check periodically to see if your profile looks the way you want it to by others within each list (there's a mechanism for that on your Facebook Settings page).

There are a lot of cool games and time wasters on Facebook. I read them, but I won’t participate. I may be too conservative -- I have never played Scrabulous for example (huge hit, Scrabble knock off). I won't give Facebook access to my other e-mail address books (even if I used them, I wouldn't). I won't even sign up for people to send me birthday wishes. These applications permit developers to look at your profile information and often that of your friends. (Reading Facebook's Terms of Use and Privacy can be very scary.) I don’t give marketers data for free if I can help it. The ACLU has created a great app that lets you see what your profile looks like to a Facebook developer.

To learn more, read these online articles:

• 5 Easy Steps to Stay Safe (and Private!) on Facebook
• What Can Strangers Learn About You Online?

So that's as armed as I think I can get you. Go forth and friend.

---

© 2010. R. Michelle Green. Reprinted with permission.

Warning College Students About Identity Theft

It was good to read this article in the New York Post:

"ID theft is on the rise on university campuses as thieves take advantage of open dorm doors, the careless habits of students and plenty of laptops to steal ID from and use to gain access to the assets of not only the students, but also their parents. Parents should be aware that "criminals look at universities because not only are students the path of least resistance, but universities are lax in their security," said Robert Siciliano, an identity-theft expert. "Twenty percent of students do not acknowledge that it's a problem. They are just irresponsible and making all of their parent's personal information vulnerable.

What the consequences can be:

"This past summer, a 22-year-old male at the Southern University in Louisiana experienced ID theft due to carelessness in the dorm room and is now faced with explaining to his parents why their credit card has a $2,400 balance."

Hopefully, parents will pay attention and warn their college-age children to keep sensitive papers and records under lock and key.

Michael Jackson: A Life of Great Creativity & Very Human Challenges

[Editor's Note: today's blog post is by guest author William Seebeck. During the 1980's, Bill and I worked together at Lexis-Nexis in Dayton, Ohio. Bill has a wealth of experience in online systems, banking, publishing, and public relations. Bill also blogs at Seebeck's View.]

By Bill Seebeck

I can still remember watching 40 years ago as Michael Jackson and his brothers went on the stage of the Ed Sullivan show, with Diana Ross, who discovered them, sitting in the audience.

What startled me that night was how Michael took the microphone, as if he had been doing it for a thousand years and with a voice that from the moment you heard it, knew it was special, began singing and dancing about the stage. He stopped you. You had to watch. You instantly fell in love with him and for quite some time afterward, he became known as "Little Michael Jackson".

Well, Michael Jackson and his brothers became famous overnight and they never looked back, everything was before them and we, the audiences throughout the world, were the beneficiaries of his amazing creativity.

I was in college when Michael first hit the scene and only saw him once in person, it was during the 1993 Super Bowl in Pasadena, California where he was the half-time show. Watching the video again today of that performance reminded me of his extraordinary gifts as one of the most exciting entertainers of all time.

We will always listen to Michael's music. We will also remember the songs he wrote for the world, including Black or White, Heal the World and We Are The World, the last, a song written for African relief and performed as a group by just about every major talent in the music business at the time.

Unless you have traveled the world, it is hard to appreciate the enormous impact American music has had on so many cultures. I remember sitting in a Fuddrucker's restaurant in Jeddah Saudi Arabia 10 years ago and watched as a group of Saudi high school boys entered the restaurant dressed not in their traditional garb but in cargo pants, Abercrombie & Fitch t-shirts, LA Laker hats worn backward and listening to the most popular radio station in the Kingdom back then -- U.S. Armed Forces radio. What were they listening to? Yes, American music and they all knew Michael Jackson.

However, the type of overnight success that fell upon Michael was both a great joy and a great burden. In our times, when you gain "your 15 minutes in the sun" as Andy Warhol used to say, your life is taken from you by the public. You're watched and followed twenty-four hours a day and someone always wants something from you for themselves. Now sometimes what they want is legitimate, yet more times than not, it is not. It feels at times that they are sucking the very marrow out of you and one of the things that you lose is the ability to trust others. It is a difficult life. You try very hard to create a life that you can trust, withdrawing into a type of cocoon. That space becomes your safety zone, the place you can always run to and survive the latest hurt or betrayal. That space became where Michael, despite all of his world fame, lived. It is no surprise then that this is where he was tempted by his demons, the same ones that tempt each of us in our lives of non-perfection.

So today, I remember Michael Jackson, the boy I first saw and heard, the man we all came to experience, the incredible entertainer that graced our lives and with whom he shared his truly extraordinary God given gifts. We are forever grateful.

May God's peace be upon you Michael.

Copyright 2009 WBSeebeck. Reprinted with permission.

The Risks of Disclosing Your Birthday on Facebook And Other Social Networking Sites

Here in Boston, Channel 7 television news broadcast an interesting identity-theft report which I believe all consumers of popular social networking sites -- like Facebook, MySpace, Twitter -- should be aware of:

"When you're connecting online - and filling out your profile - experts say you could be leaving yourself vulnerable. The trouble can start with something as simple as your birthday... It seems harmless putting your birth date in your profile - but with that one bit of info we found identity thieves can actually get a copy of your birth certificate - a key document. And it's not hard to do."

The news broadcast showed how the reporters were able to get a valid copy of consumers' birth certificates. Some states, like Massachusetts, have lax procedures for distributing birth certificates. The bottom line: your complete birthday (e.g., March 12, 1984) is one of the valuable pieces of sensitive personal data which identity thieves can (and do) use. Here's how consumers can protect their identity information:

"Experts say, to keep safe - Never list your birthday publicly. Online - you should only become "friends" with people you know. And make sure your profile page is set to "private" or "friends only."

Should consumers display a partial birthday (e.g., March 12)? I've noticed that some Facebook users display a partial birthday. I don't disclose my birthday at all. Why? It still seems risky to display a partial birthday, because a determined identity thief can pretty easily deduce your birth year from your high school (or college) graduation.

It's important for consumers to practice safe identity-protection habits when using social media sites. Interested consumers can view the video or read the transcript at the Channel 7 site. Want to learn more? Read this prior post about birth dates.

Consumers Should Know The Price They Pay When Using Google Services

At the ZDNet Education blog, Christopher Dawson wrote a very interesting post about the "price" consumers pay for using services from Google. Most know that all Google services are free. By "price," Dawson means:

"There is no such thing as a free lunch; obviously I need to give Google something for all of the super cool tools it gives me to use in my personal, professional, and academic lives. This isn’t news to me and it isn’t news to my users (who I encourage to use Google’s tools). It isn’t news to them because I make it abundantly clear what it costs to use Google’s services."

One of my coworkers, Doug, absolutely loves anything Google. I understand the enthusiasm people like Doug have for Google, since the company has introduced several services many consumers find attractive: calendar, maps, e-mail, search, Google Earth, RSS feed reader, web site analytics, web browser -- I have no idea exactly how many different Google services Doug uses. I just know it's a lot. He frequently talks about how great they are. And, I happily remind Doug what he has given up and continues to give up: a fair amount of personal data.

I'm glad that Dawson included this topic in his Education blog. It's important for consumers to evaluate at every web site they visit how much sensitive personal data they are asked to disclose. It's important for consumers to make an explicit, conscious decision: if the free service is worth the personal data they must disclose.

Why? Wherever a consumer's personal data is stored or collected, that represents a place where it can be hacked, lost, or stolen -- and then abused by identity thieves.

My impression is that few students, in both high school or college, pause to consider how much sensitive personal data they disclose online, until it's too late (e.g., it's stolen). An even smaller number pause to consider if the free service is worth the personal data disclosed.

I wonder if this decision making is taught in schools. Few students, or adults, think about how much personal information they give up in return for free Internet-based services.

Don't get me wrong. I use several services from Google, and I am a fairly satisfied Google Analytics customer. But there are some Google services I avoid, like Gmail, for privacy reasons. Michael Krigsman summed up the situation well in his ZDNet IT Project Failures blog , in a post titled, "Google is NOT Your Friend:"

"Whether or not they realize it, all Google users engage in an implicit business deal with the company. Those amazing, so-called free, tools come at the cost of your privacy. Google hoards your data for use anytime, anywhere its voracious heart desires. The clever company is always thinking up new ways to slice and dice your personal data in service of its corporate profit."

In my opinion, a wise and informed consumer constantly evaluates the retailers and web sites he/she does business with, regarding both data security and the sensitive personal data requested. A smart and informed consumer reads the Privacy Policy at each web site before registering or purchasing at that site. Smart consumers monitor the retail stores and web sites they shop at, and avoid companies that suffer from multiple data breaches.

Consumers should adopt Google's motto of "Do no evil." That is, when it comes to managing your sensitive personal data, consumers should take care not to do any evil: shop anywhere or do anything that jeopardizes their sensitive personal data.