research_assignment


 * Safety on Social Networking Websites**


 * Rebecca**: Physical Safety
 * Noly:** Phishing (fraud)
 * Steve: ** Online Bullying
 * Allen**: Privacy Settings

Since its original conception the internet has undergone various evolutions. These evolutions changed the way people viewed, utilized and participated with the technology and each other. Initializing with "Web 1.0", the basis of the internet was connecting different documents using hyperlinks. However, it was eventually understood that the internet had much more potential. "Web 2.0" began with the dream to create a more collaborative web (Lytras and Pables, 58). Also known as the "social web", the more user-centered internet saw the birth of social networking websites. Social networking websites are applications that allow people to create profiles and connect with others (Lytras and Pables, 58). Boyd and Ellison characterize social networking websites as "web based services" that maintain three distinct features: 1) allow users to create a public, or semi-public profile 2) allow users to create a list of members that they connect with and 3) view their list as well as the lists belonging to other members (Lytras and Pables, 58).

SixDegrees was the first social networking website created in 1997 (Lytras and Pables, 59). Since then, many websites have been created, some seeing great success and some seeing tremendous failure. Some of these websites include, but are not limited to: Facebook, Twitter, Myspace, MSN Live and Youtube. Each of these social networking websites have played a role in the creation of user's digital identities. The benefits of social networking websites may seem endless: people have the ability to create new relationships, businesses can utilize them to extend their bands and gain clientele, they can be utilized for information, education, leisure, etc. However, what happens when these social networking websites effect our safety? That is where the problems commence.

There has been a tremendous amount of controversy in recent news regarding the amount of privacy, or lack thereof, provided on social networking websites. Concerns grew about which third party spectators can view our posts on twitter, our photos on Facebook, or the relationships we have. However, the lack of safety on social networking websites is so much deeper and more dangerous than that. The issue of safety on social networking websites can be understood and analyzed through numerous different issues. The three we will be focusing on are the user's physical safety in their real environment, phishing, and online bullying. The ability to alter privacy settings on various social networking websites will also be discussed.

Due to the growing popularity of social networking websites the line between our real world and our virtual worlds is becoming less and less defined. We now utilize these online environments to do things that would normally only be done in our physical surroundings: keeping in touch with our friends and forging new relationships, for example. However, this blurring line has forced our online relations to harm us in our real life. Online social networking websites such as Twitter, Facebook and Four Square, as well as many others, allow users to post maps of where they are located, check in to certain areas, and update their statuses. Users are becoming more open with the amount of information they share online. This opens up numerous dangerous possibilities for acts such as stalking or robbery. I recently conducted a survey to find out how people utilize social networking websites. The most notable concern I had was the type of information users felt comfortable sharing online. The results of the study can be found in Appendix A.

A small number of people have realized this trend of people placing too much information online. "Please Rob Me", although the website is currently under construction (as of Feb, 2011), creates a continuous feed of online check ins. The website's title, however, illustrates the potential danger there is to posting intimate details online. The following, for example, is a screen shot taken from the website:

As people use social networking websites such as Facebook (including Facebook places), Twitter and Four Square to provide information about their location they bring their online identities into the real world. The aforementioned study illustrates that 61% of users will post their daily plans online, 53% will post instant photos of their surroundings, 38% will post their current location and 15% will accompany their location with a detailed map. This allows strangers to access to intimate details that were once considered confidential. You would not tell a stranger on the street you're home alone, so why tell the world?



As the above study shows, people are much more comfortable posting personal information about themselves online that at one point was considered confidential. 82% of users include their first and last names, 91% include their city/town, 73% include their school and 88% include photos. As people make this information available they also expose themselves to a second kind of threat: phishing. Phishing is an online threat in which people acquire sensitive information such as usernames, passwords and credit card information about another person. By willingly placing large amounts of confidential information on sites such as ‘Facebook’ and ‘My Space’, users typically involving tweens ranging from age twelve onwards leave themselves susceptible to fraud. Alternatively, personal information collected can be sold on the internet.



The research - as it pertains to ‘phishing’ required the use of statistical data taken from Statistics Canada in addition to stakeholders who make it their primary occupation to fight internet scams and fraud. These organizations or private companies know and understand the dynamic trends witnessed in web 2.0. Semantic Corporation has established a comprehensive source of internet threat data by providing a ‘Symantec Global Internet Security Threat Report’. With a combination of 240,000 sensors in over 200 countries and territories, they’ve been able to monitor attack activities with the help of third party data sources (Symantec Global Internet Security threat Report, 2009). These resources give Symantec’s analysts unparalleled sources of data with which to identify, analyze, and provide informed commentary on emerging trends in attacks, malicious code activity, phishing, and spam. The Microsoft Safety & Security Center also provides a thorough breakdown of computer security, digital privacy, and online safety ( [|www.microsoft.com/security/online-privacy/social-networking.aspx] ). Furthermore, anti-phishing websites sponsored by unbiased organization such as the Anti-Phishing group of Indiana University as well as leading computer science experts. Dr. Markus Jakobsson, remains as the top contributor to the understanding of phishing and crime ware and has focussed his efforts on human aspects of security and mobile security ( [|www.markus-jakobsson.com] ).

According to Symantec’s ‘internet Security Threat Report’, Social-networking websites have become a target for online fraud (Symantec Corp, 2009). Social networks have become a favourite method of attack for ‘phishers’ as they seek for new and easier means to reach unsuspecting victims. Phishers take hold of the social networker’s credentials by way of an email originated attack. The emails within the social network direct victims to an external site that ‘phish’ for information and consequently mimic the social network’s login process. The profiles can then be used to email friends within the social network. The innovation stems from the fact that the exploitation is social instead of the technical aspect. The way to look at phishing attacks is that it’s a direct attack on one’s emotions than on one’s technological defences (Jakobsson, 2007). Known as social engineering, phishers exploit the trust users have with one another to manipulate potential victims into sharing personal information rather than using previous methods of ‘cracking’. Ultimately, the purpose of phishing is to entice the recipients of emails to divulge personal information that they would typically not reveal, as they unsuspectingly fall into the sender’s trap. It is through methods of trickery and or deception for purposes of gathering information to commit fraud and consequently gain computer system access which can be used for monetary gain. While ‘phishing’ itself is not new, the use of ‘social engineering’ allows for the psychological manipulation of victims. Criminals can steal Facebook login passwords, steal the user’s identity, and consequently change the content of the page to make unsuspecting ‘friends’ think ‘they’ were in trouble. The pretext is later ensued by sending mass e-mails to friends of victims asking them for help. Hence, the repercussion of the crimes spread through the rungs of the social network. As a precursor to using any social media tool, one should assume all information could be made public and should take necessary precautions to keep private or personal information from being shared publicly. Furthermore, it should be stressed that it’s small pieces of information we often share or don’t think about that can be pieced together to create a full profile of an individual. Users should be aware of what they divulge online and how they divulge it. Based on statistics Canada Report, internet users aged 16 and over are concerned about internet privacy (Stats Canada). Furthermore, a general social survey indicated that problems associated with security on the Internet – namely personal information made public and hacking comprise of 45% of issues which is closely tied to phishing and related activities.  These findings can be reviewed in **Appendix B**.

Online bullying or "Cyber bullying" is a very common issue that seems to have been overlooked in the past decade. Like real bullying, Cyber bullying involves communication online in which a person "bullies" another through use of threats, stalking, any sort of harassment through instant messaging, text messaging or through social networking sites such as "Myspace" or "Facebook". The burst in popularity in social networking has unfortunetly opened up several more opportunities to have more cases in Cyber bullying. It would seem as though cyber bullying is a dead end due to the fact that it is difficult to catch the culprit. Because of this there is not a very strong movement against cyber bullying, it has become something that has been understood to avoid by teaching others how to identify it. Prevention includes guarding your information, making sure you never share passwords is also very important. If you end up in contact with online harassment you must block and ignore the sender's messages, it is never a good idea to reply to the messages. The reason Cyber bullying is a scary concept is because the bullies do not have limits, they are able to say and do things that they would not do or try in the "real world". The fact that the bullies can remain anonymous through fake names or accounts is the reason why this type of bullying is can be potentially more dangerous, the bully is free from constraints in their behaviour. Another form of Cyber bullying is publishing any sort of defamatory material about somebody on the internet is very difficult to prevent, once posted it becomes live and is out in the open. Social networking sites have a difficult time preventing this and the best that they can do is allow people to report spam or fight against posting things that are unethical or wrong. The internet has its own form of control. It lives and breathes due to the human race using it every day at every moment. It has its own life and therefore has flaws and security just like the world we live in.

=News Examples =

Tweeting to Get Robbed?

 Users of the popular social networking website, Twitter, send status updates which may include daily activities, interesting links, or replies to their followers. However, these seemingly innocent tidbits of information have caused adverse effects in some cases. In May 2009, Israel Hyman (Twitter ID: @izzyvideo) took a vacation and tweeted about it (Van Grove, 2009). He returned to a burglarized house. By sharing news related to location, Hyman provided his followers and those browsing his public Twitter profile with the knowledge that he was not going to be home. Consequently, revealing such trivial information allowed predators to conclude that Hyman would not be home and thus loot him at the best time possible.  A similar case is that of Keri McMullen who updated her Facebook status to over 600 Facebook ‘friends’, before leaving to a concert in Indiana (Cluley, 2010). She returned to a house missing over $10 000 of goods. Thus, it is vital to be cautious when posting information online for anyone to see. Facebook status updates are considered relatively more secure than location-based services like Twitter, Foursquare, and Gowalla which provide live updates. Nevertheless caution should be exercised over all information posted online.

An Accomplice to Stalking?  Geo-tagging technology may be appealing and exciting but the risks that come with using such applications over social networking sites are frightening. With the rise of social networking websites and applications, it is increasingly easy to track an individual down, see what they are doing, and who they are with. It may seem comical to actually use such information to stalk someone but if a predator wished to do so, the tools are all in place. For instance, Michelle Greer, Director of Partner Marketing for the Rackspace Cloud noted that whenever she would Tweet about an event, a certain stalker would follow her at all times and scare her (Perez, 2010). Even creepier, is the story of Harriet Jacobs, who discovered that Google’s social network, Buzz, revealed her location when she would post comments (Perez, 2010). Jacobs posts were seen by her abusive ex-husband who socially stalked her until she realized Buzz was leaking information she considered private.

One of the easiest and most widely available fixes for the issue of safety on social networking websites is privacy. Unfortunately, studies show that the more successful social networking websites will hide their privacy policies to avoid losing potential members (“ Social networks hide privacy policies to stay popular” ). Joseph Bonneau did a study of the privacy policies on 29 social networking websites and found that only 7 made their policies prominent when users first signed up (“ Social networks hide privacy policies to stay popular” ). Despite this, the privacy policies and settings on various websites have changed due to recent controversy. Take Facebook, for example. Facebook allows users to chose between three distinct groups of individuals whom to allow access to your account. Most people enjoy having only their friends only access their page. Each friend list can have specific privacy policies attached. This can be broken down into friends, family, and professional. This is especially good for corporate instances where different groups of people are located all around the world. Another interesting feature is the ability to remove yourself from search results. Literally making yourself invisible to the world. By default Facebook makes it visible to those searching names in whatever network you may be part of. In conjunction with this, Facebook pages appear on Google when searched through said engine. This option can also be removed. The main feature people are attracted to on Facebook is the photo album. Here people can post pictures of themselves with their friends, in which they are 'tagged their name appearing depicting who they are in the picture. This allows for easy face recognition should people be in the same place at the same time ever again. The tag option be can also be removed.

In the survey we conducted we found the following results interesting:



**Communication Strategy** All users of social networking websites as susceptible to any of the above online threats. However, we feel that targeting users ages 12-34 would be most useful as they make up the two largest groups on most social networking websites, as can be seen in Bob Hazlett's presentation entitled "Social Networking Statistics and Trends". seen here When creating an effective communication strategy to get a message out to the target audience, there are numerous different options. We could create a poster, an essay etc. However, we also believe the best way to get out message out there would be to utilize exactly where the issue comes from: social networking websites. We propose creating an informative account on twitter, Facebook and Youtube and posting tips and information regarding safety on social networking websites that user might not be aware of. This creates an interesting way for users to access the message in an environment they enjoy and feel comfortable in.

__** Works Cited **__

Cluley, Graham. (2010). Woman’s Facebook status invites a burglar. Naked Security. March 29 2010. Online at: < []>.

Hazlett, Bob. "Social Networking Statistics And Trends." // Upload & Share PowerPoint Presentations and Documents //. June 2008. Web. 20 Feb. 2011.

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt; line-height: 12.9pt; margin: 0cm;">Indiana School of Informatics. Stop Phishing.com (2006). Web.

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt; line-height: 12.9pt; margin: 0cm;">Jakobsson, M., Myers, S. (2007). Phishing and Countermeasures: Understanding the Increasing Problem Of Electronic Identity Theft. Hoboken, NJ: Wiley.

Lytas, Miltiadis D., and Patricia De Pables. // Social Web Evolution: Integrating Semantic Applications and Web 2.0 Technologies //. Information Science Reference, 2009. PDF

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt; line-height: 12.9pt; margin: 0cm;">Mark Monitor Inc. (2010). Data Sheet: Anti-Fraud Solutions. Web.

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt; line-height: 12.9pt; margin: 0cm;">Osborne, Darren (2008, Apr 9). Phishers Attack Social Networking Generation. Silicon.com. Web.

<span style="color: black; font-family: Georgia,serif; font-size: 11.5pt;">Perez, Sarah. (2010). Location-Based social networks: delightful, dangerous or somewhere in between? ReadWriteWeb. March 31 2010. Online at: < [] <span style="color: black; font-family: Georgia,serif; font-size: 11.5pt;">>.

"Social Networks Hide Privacy Policies to Stay Popular." // The New Scientist // 203.2719 (2009): 4. Web. 20 Feb. 2011.

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt; line-height: 12.9pt; margin: 0cm;">Statistics Canada. Canadian Internet Use Survey. (2010, May 10). (Table 358-0128). Web.

<span style="color: black; font-family: Calibri,sans-serif; font-size: 11pt;">Symantec Corporation (2010). //<span style="font-family: Calibri,sans-serif;">Symantec Internet Security Threat Report – Trends for 2009 // <span style="font-family: Calibri,sans-serif; font-size: 15px;">. Web.

<span style="color: black; font-family: Georgia,serif; font-size: 11.5pt;">Van Grove, Jennifer. (2009) Twitter Your Way to Getting Robbed. Mashable. June 1 2009. Online at: < [] >.