Wednesday, October 28, 2009

Looking for online community: Social networking platforms

I thought that it was necessary to give further clarification to
explain my reluctance about social networking website (SNS) as
described in the Elluminate meeting. I had no time to read the blog entry beforehand and was caught unprepared for the topic, as it probably came across.
I am sure that Social Networking Platforms , which I will call
SNP in this post, can be a wonderful tool to interact with otherpeople and communities. However I think this is a risky environment.
Are the rewards really worth the risks?
There are several aspects to the problem:
1. your public profile can be used, with other elements of publicly available information for the purpose of ID theft.  You could minimise you profile, but SNPs have been hacked in the past and data stolen.
2. The gadgets made available in these site can be used by hackers to steel your data and/or  take over your account. I remember reading on the BCS website the testimony of a journalist who had a lot of damage done to his reputation after this happened to him. The company running the SNP was extremely unresponsive and he had to take legal action.
3. There has been cases of computers infected with malware (trojan- keyloggers) when their owner were visiting SNP and looking at other profiles. This is not specific to SNPs and can happen any number of ways (rogue email attachment and infected/hacked web sites being the main causes).
4. As for email, social engineering can be used to extract information from you, which can put you in situation 1 or 2. Never trust anyone you do not know on line. If you know them, check they are really who they pretend to be...
If you feel that you have to use a SNP I would advise you not to enter real details into them, check the site track record for security (Google), and at the very minimum have a computer with a good antivirus and firewall up-to-date. This would not protect against zero day attacks, only against known problems.

You can find further info on:
I have found Young People and Social Networking Services interesting, but think that the security part of it lack depth. Does it surprise you?
I have reluctantly joined the Online Facilitators network on
So we could use SNP, but it comes with a health warning. I would be uncomfortable  to ask young adults/teenagers to use this as a learning tool. If I had to use SNP, I would start by a compulsory session and test on how to minimise the risks associated with them.
I am more comfortable with a closed environment where you can control the membership of the group and moderate the content.

Course miniconference: I have been left high and dry with no speaker, and no ideas. Help!


  1. Very intersting points you have high lighted Herve, I agree with you with the ID theft issues. Social Networking can be very interesting at teh same time people need to be aware of these issues as well.


  2. I think the concept of online security is a good one that you may wish to follow of online sites & tools is an important issue to consider if you're going to be an online facilitator.

    As for the comment about having a closed environment & moderating content, how does that fit with the role of facilitator?

  3. Here's a fun video talking about the issues of security:

    And here is a great summary about using social networking sites:

  4. Herve- I haven't given much thought yet to all the links here, but my first thoughts are that you are well on the way to making this the topic of your mini-conference presentation on the pitfalls of social networking :-). Could you get someone to talk on this topic? You have provided a great overview already- do you arrange an online debate about it perhaps???

  5. I think it would be important to have two views - the concerned view & and the not so concerned view. For instance, I believe that if you lock yourself away because of these concerns, you hugely reduce your opportunities for networking and I cannot see how you can truly facilitate in a locked away environment. Having said that, it certainly pays to be sensible - I like the guidelines that Krishan has developed:

  6. The people I know who could talk on the topic are not available at the moment. I am pursuing other leads, but I am being passed on from an email box to another. I am a recent arrival in NZ and haven't got a huge network of contact here. As I am also very busy at work at the moment, I am considering withdrawing from the course.

  7. Noooooo don't withdraw! :(

    Give me ring (03 4773014) or drop me an email and lets discuss some options for you.

  8. Hi Herve,
    do re-think about withdrawal,you have so many interesting ideas.Enjoy reading your course blogs.Its just finding a guest speaker i guess.& getting started i guess :-)

    Regarding information security,this is already a major issue and guess most of it also comes from ignorance or no knowledge of its impplications or threats to your personal informations being too public.
    It seems lack of security awareness is cited as the 2nd biggest threat.
    I myself get carried away and sign up for deals/free stuff although i try to be careful but who knows who they share their data with.

    Good luck with course

  9. I am interested in your security comments Herve. Do you think people are more vulnerable to security issues in social networking because they feel so comfortable there? I hear a recent intrusion on Facebook was that someone sent people an email asking for their password, and then used it to post random stuff on their facebook page. Like a single guy suddenly posting about baby clothes. But why do people give away their passwords so easily. Maybe they need to do a cybersecurity 101 course. Kids are definitely vulnerable to this sort of thing and social networking is so attractive to them. My daughter only discovered the land line last week when she used up all her texts for the month!

  10. Rosanne,

    trust is the aggravating factor. The SNetworking sites carry a strong trust component. Messages compelling you to click on a link or download a file that would infect your PC appear to come from someone you trust. It could be that the person you trust had his/her ID borrowed, or the person who you got to know and trust has been gaining your confidence over a few weeks/months before launching the attack.

    This is more dangerous than a spam attack where the source of the email is unfamiliaror suspicious. Mind you, I have seem very convincing dodgy emails recently.
    But infecting your PC with malware is just one aspect of the problem.

  11. And that's why you have to make sure you use descent malware/spyware screening :)

  12. Sarah,

    All malware and spyware are not immediately detected by the screening software. It takes time to detect that a new threat has appeared then counteract them with a solution. This frequently takes a few days, not a few hours. The attacks taking place during that time are called zero-day attacks. When the detection tools are put in place -that is is the anti virus/malware patches are downloaded regularly-, you need to run a scan on your machine to detect them. When did you last run a full AV scan on your PC? ;-)
    Some type of infection stop the PCs to download the latest security patch or the latest anti virus definition. How often do you check the date of your latest AV definition? ;-)
    Some type of infection cannot be removed without reformatting the hard drive and reinstalling the operating system.

  13. Interesting article that complains about Facebook and it's use for educational networking: