It is interesting to see how we perceive our privacy on the Internet. When we see a third party publish personal information about us on the Internet without our permission, we tend to feel violated in our privacy. However, when we publish the same information on our LinkedIn, Facebook, Twitter, … profiles ourselves, we seem to have forgotten all about our privacy.
Take Twitter for example. If someone else would publish where you were and what you were doing on a website, you would definitely feel violated in your privacy but when you do it yourself most of us don’t seem to think twice and even allow everyone one to follow our twitter feed.
The other way around is a valid paradox as well. I know of companies who wanted to block access to LinkedIn and Facebook to prevent information leakage but soon after realized that these websites were used as a business tool by their users and managers to manage their professional network or to prospect potential customers.
Pdp from hacker think tank GNUCITIZEN also warned about some of the dangers of social networks. (and now runs his own social network … 
)
I am not saying here that these social networks are a bad thing but I think that users of those networks will need to keep in mind what information they want to ‘leak’ about themselves on those networks. Once more it boils down to user awareness and how to handle this technology.
Since it is ‘Lazy Sunday’ today, instead of background reading on the subject, some background videos:
- Privacy and Social Networks
- Facebook Killed the Private Life
- Does what happens in the Facebook stay in the Facebook? (for the really paranoid among us)
May 18th, 2008 - 11:14 pm
Information can be used for good or for bad purposes. When it’s your personal information, it all amounts to who controls it. When a company receives your private information, it’s protected by law and they need your permission. Disclosing this information without your consent makes you loose that control.
Publishing private information on social networks is up to you, you have more control over WHAT to publish and WHEN. It’s a totally other matter then a third party publishing it, because you didn’t decide to. It’s all about CONTROL and CHOICE.
My LinkedIN only disclosed most information to my contacts. The public profile is a lot shorter and skips over the details. My twitter only discloses information only to those I accept. It’s my CHOICE who sees my tweeters.
But I do agree that a lot of people don’t take these steps and the default settings of those sites is allow all. User awareness is an option, but who is going to tell them? Educate your peers (blogging is a start). I know that 90% employers check the received CVs against the user’s LinkedIN page for inconsistencies. Even if it is because you failed to keep that page up to date, it makes you look bad. Ye be warned.
May 19th, 2008 - 8:52 am
Hi Benny,
That is exactly the point I wanted to make. The default settings should be the ‘most private’ so users are assisted in thinking about what information to release to the general public.
As for employers who background check their potential hires on the Internet. I must admit that I too google every name before I interview them to see what info comes back. This sometimes gives insight in how involved a potential candidate already is in the online infosec community (indicates a sense of passion for the profession). However, this is not the decisive factor, interviewing someone face to face is still the most valuable part of our selection process.
Cheers,
Tom
May 27th, 2008 - 1:34 pm
The difference lies within the concept of data ownership. I am the sole owner of my personal information, so I can choose to publish this (openly). Yet you do not have the permission to do so, unless I would provide you a specific permission of trust to do so. However such a permission of trust is not exchangeable. It’s not because I trust you with a certain part of information, that you are allowed to publish this (just because you trust the other party).