copyright 2013 1 roger clarke xamax consultancy, canberra visiting professor in computer science,...
Post on 26-Mar-2015
214 Views
Preview:
TRANSCRIPT
Copyright2013
1
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau
17. Januar 2013
http://www.rogerclarke.com/EC/eCIS {.html, .ppt}
eConsumer InsecurityFive Headlines – Sensationalist But
True
Copyright2013
2
What Do eConsumers Do?
• Inter-Personal CommsEmail, Chat/IM
• Content Discoveryand Access
• Reading
• Content PublicationWeb-Sites, Blogs, Personal Galleries, Music, Video
• Doc Prep
• File-Sharing with Friends, Colleagues
• Personal DatabasesAccounting, Investments, Hobbies, Family Trees
Copyright2013
3
Consumer Computing
Email clients, usingsmtp/pop/imap
Personal Web-Sites
Dedicated Devices
Office on the Desktop
FTP-server and -client
[Books]
Webmail, usinghttp / https
Flickr, Picasa, 3rd Party Blogs
iTunes
Zoho, Google Docs
Dropbox
eBooks, Rented
Functions Applications ==>> Services 1975-2000 2000-Email
Personal Galleries
Personal Music
Doc Prep
File-Sharing
Readinghttp://www.rogerclarke.com/EC/CCC.html
Copyright2013
4
A Participant-Oriented Classification of Social Media
Interaction
Broadcast
Collaborationor
Sharing
few1
many1
1 1
Content
Indicator
Gaming
many1
OR(Closed)
(Open)
(Semi-Open or Open)
Email / Chat-IM / Skype
Web-Pages'Walled-garden' 'wall-
postings'YouTube
Wikis
Dis/Approval'Like', '+1'
Second Life
http://www.rogerclarke.com/DV/SMTD.html
Copyright2013
5
eConsumer Wants – 1 of 4The Basic Needs• Does it do what I want it to do? [Fit]• Will it be there when I want it? [Availability,
Reliability]
http://www.rogerclarke.com/EC/CCC.html
Copyright2013
6
eConsumer Wants – 2 of 4The Basic Needs• Does it do what I want it to do? [Fit]• Will it be there when I want it? [Availability, Reliability]
The Basic Protections• How do I keep going if it stays fallen over for a long time?
[Service Interruptions]• Will you respond helpfully and quickly enough when I ask for help?
[Customer Service]• Will you lose my data, or muck it up? [Data Integrity]• Do I get my data back if you fall over or withdraw the service? [Survival]• Can I move my data to another supplier? [Lateral Compatibility]• Who can I complain to if I get dudded, and will they actually help me?
[Consumer Protection]
http://www.rogerclarke.com/EC/CCC.html
Copyright2013
7
eConsumer Wants – 3 of 4More Advanced Needs• Will it keep doing what it does now? [Service Integrity]• Will it stay up-to-date? [Future Fit]• Will it fall over too often? [Robustness]• Will it come back quickly after it falls over? [Resilience]• Is my service protected against you, them and the gods? [Service
Security]• If bits of it are broken, will you fix it without breaking it some
more? [Maintainability]• Can I fiddle with it a bit if I need to? [Flexibility]• Can I move my data to an upgraded version? [Forward
Compatibility]• How long will old versions keep working for me?
[Backward Compatibility]• Am I breaking the law if I use the service? [Legal Compliance]
http://www.rogerclarke.com/EC/CCC.html
Copyright2013
8
eConsumer Wants – 4 of 4More Advanced Protections• Am I going to get gouged? [Cost]• Can only appropriate people get in and do things?
[Authentication and Authorisation]• Can I get access to all data that you hold about me?
[Subject Access]• Is my data protected against you, them and the gods?
[Data Security]• Is my privacy protected against you, them and the gods?
[Privacy Controls]• If I terminate our relationship, will my data be irretrievably
deleted? [Fully Effective Withdrawal]• What happens to my data if I die? [Archival /
Memorialisation]
http://www.rogerclarke.com/EC/CCC.html
Copyright2013
9
Headline 1:
Software on consumer devices becomes datedand local data is often not recoverable, but ...
eConsumer services are a very bad deal
Copyright2013
10
The Terms of Service
• eConsumers can usually only know what Terms apply to an earlier transaction if they mirrored the Terms at the time
• The Terms applicable to the next transaction may not be the same as they were for previous transactions
• The Terms applicable to transactions and to the eConsumer’s data are entirely under the provider's control
• eConsumers can place no reliance on what they may have previously read or heard about the Terms
Copyright2013
11
Second-Party Risk-Exposure Summary of Results
• 3 – the Terms provide the ISP with no right to use the data (iinet, Internode, Yahoo!)
• 2 – use is authorised, but ... only in a manner directly related to the contract (Infinite, Zoho)
• 1 – use is limited to 'access' - although what that limitation means is unclear (Dropbox)
• 1 – use is authorised "to provide the service" - which can be readily interpreted as being the service as a whole not just the service provided to that user (MS Live)
•• 2 – the ISP has very substantial rights (Google, LinkedIn)
http://www.rogerclarke.com/EC/IU-SPE-1012.html
Copyright2013
12
In-Depth• No responsibility to provide the service,
or to do so reliably, or to sustain data stored in it• Subscribers must disclose physical location, even if
irrelevant• No internal complaints process• No rights to restitution, no liability for identity fraud• LinkedIn gains rights to customers' data that are almost
equivalent to the rights of the customers themselves• Unilateral changes to the Privacy Statement, without
notice• Storage in the USA under lax privacy laws• No undertakings to control staff behaviour• Enforced 'permission' to disclose personal data, "to
assist government enforcement agencies", without legal authority
• Inadequate subject access and correction rightshttp://www.rogerclarke.com/EC/LinkedIn-1012.html
QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.
Copyright2013
13
The Cloudy Future of Consumer Computing
• Inaccessibility and Lack of Clarity of Terms• Service Malfunctions• Loss of Data• Provider Exploitation of Personal Data• Largely unfettered scope for changes to the Terms• Supra-Jurisdictionality and Use of Regulatory
Havens• Seriously Inadequate Consumer Protections
• Dominance of US marketing morés• Pro-corporate / anti-consumer US regulators• Meekness of regulators in other countries• Lack of Organised Consumer Resistance
http://www.rogerclarke.com/EC/CCC.html
http://www.rogerclarke.com/EC/CCEF-CO.html
Copyright2013
14
Headline 2:
Mobile devices are irretrievably insecure
Copyright2013
15
MalContent
• How Much Illegal Porn ison Your Personal DeVices?
http://www.rogerclarke.com/II/OffIm0511.html
Copyright2013
16
MalContent
• How Much Illegal Porn ison Your Personal DeVices?
• Unexpected Email-Attachments and Microsoft Email-Emedded Files
• Unexpected Downloads over the Web
• Unwitting Downloads over P2P• Malware, Unauthorised Users, ...
http://www.rogerclarke.com/II/OffIm0511.html
Copyright2013
17
MalContent
• How Much Illegal Porn ison Your Personal DeVices?
• Unexpected Email-Attachments and Microsoft Email-Emedded Files
• Unexpected Downloads over the Web
• Unwitting Downloads over P2P• Malware, Unauthorised Users, ...
• How can you know?http://www.rogerclarke.com/II/OffIm0511.html
Copyright2013
18
MalBehaviour
• Many categories, includingFlaming, Incitement, 'Trolling', ...
• 'Social Engineering'Enveigling users into harmful actions, incl.• 'Phishing', esp. for authenticators• Download of 'free anti-virus software'
Copyright2013
19
MalwareA Definition to Cope with the
Complexities Software, or a software component or feature,
that(1) is capable of being Invoked on a device;
and(2) on invocation, has an Effect that is:
• Unintended by the person responsible for the device; and
• Potentially Harmful to an interest of that or some other person
http://www.rogerclarke.com/II/RCMal.html
Virus Worm Spyware Backdoor / Trapdoor Remote Admin Tool Rootkit Drive-by-Download
Copyright2013
20
Absolute-Minimum InfoSec Safeguards
Malware Detection and Eradication
http://www.xamax.com.au/EC/ISInfo.pdf
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.QuickTime™ and a
TIFF (LZW) decompressorare needed to see this picture.
Copyright2013
21
Absolute-Minimum InfoSec Safeguards
1. Physical Safeguards2. Access Control3. Malware Detection and
Eradication4. Patching Procedures5. Firewalls6. Incident Management Processes7. Logging8. Backup and Recovery9. Training10.Responsibility
http://www.xamax.com.au/EC/ISInfo.pdf
Copyright2013
22
Absolute-Minimum InfoSec Safeguards
1. Physical Safeguards2. Access Control3. Malware Detection and
Eradication4. Patching Procedures5. Firewalls6. Incident Management Processes7. Logging8. Backup9. Training10.Responsibility
As applicable to consumers as to business and government
Copyright2013
23
Headline 3:
That's not a Password; it's a Passéword
Kennwort wurde schon Bekanntwort
Copyright2013
24
Password Vulnerabilities and ThreatsDirect Acquisition• Visual Observation• Electronic Observation
Keystroke LoggingDiscovery of a Personal Password Database
• Interception• PhishingCompounding Factors• Use of One Password
for Multiple Accounts• Continued Use of a
Compromised Password
Indirect Acquisition• Guessing• 'Brute Force' Guessing• Compromise of the
Password-Reset Process• Compromise of a
Password Stored by a Service-Provider
• Acquisition and Hacking of a Password-Hash File
http://www.rogerclarke.com/II/Passwords.html
Copyright2013
25
Access Control – Threats Safeguards
• What You Knowpassword, 'shared secrets'
• What You Haveone-time password gadget,
a digital signing key• Where You Are
your IP-address, device-ID
• What You Area biometric, e.g. fingerprint
• What You Dotime-signature of password-typing key-strikes
• Who or What You Arereputation, 'vouching'
• Interception Channel Encryption, e.g. SSL/TLS
• Rogue or Compromised Second Party Transmission and Storage of only a password hash
• Compromise of the Client One-Time Passwords, Variable Action Passwords
• Imposter Multi-Factor Use Authentication:
Copyright2013
26
Headline 4:
Mobile devices are irretrievably insecure
Web technologies are designed to be insecure
Copyright2013
27
Server Control of Consumer Devices
• Java Applets• ActiveX 'Controls'• 'Asynchronous JavaScript
and XML' (AJAX)• Drive-by Downloads• HTML5 • Mobile Apps
Copyright2013
28
Drive-By Downloads• A big majority of requests to web-sites result in
Unrequested Content being pushed to the browser from other sites – variously 'strategic partners' and parasites
• Third-Party Tracking Cookies are imposed by the vastmajority of commercial web-sites, and are used by over 200 tracking companies (DoubleClick, et al.)
• Those companies use Additional Spyware to try to circumvent protections (web-bugs, Flash cookies, etc.)
• All of this is in breach of eConsumer consent
• Careful eConsumers use Protections
Copyright2013
29
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright2013
30
HTML
• Support for:• multi-media streaming• open channels as well as sessions• geolocation
• A way to subvert sandboxing• A way to subvert user control,
by inverting the Web from pull to push• A way to access local data and devices
(e.g. cameras, microphones), giving rise to "A Pandora’s box of tracking in the Internet”
http://www.sophos.com/en-us/medialibrary/PDFs/other/sophosHTML5andsecurity.pdf
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.QuickTime™ and a
TIFF (LZW) decompressorare needed to see this picture.
Copyright2013
31
Mobile Apps
• Will Google and Apple protect eConsumers against other parties?
• Who will protect eConsumers against Google and Apple?
• Retrofitting of Mobile OS to the DesktopMac OSX iOS Android / bluetracks
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright2013
32
Headline 5:
The spy in your pocket leaks your location,
10 times per second, and
to far more organisations than you thought
Copyright2013
33
The Practicability of Location and Tracking
• Cell-Location is intrinsic to wireless network opsMore Precise Location is now mostly available
http://www.rogerclarke.com/DV/YAWYB-CWP.html
Copyright2013
34
The Primary Geolocation Technologies
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
http://www.rogerclarke.com/DV/LTMD.html
Copyright2013
35
The Practicability of Location and Tracking
• Cell-Location is intrinsic to wireless network opsMore Precise Location is now mostly available
• Tracking is feasible, because the handset sends a stream of messages
• Retrospective Tracking is feasible if the series of locations is logged (√), and the log is retained (√)
• Real-Time Tracking is feasible if the data-stream is intense (√) and latency is low (√)
• Predictive Tracking is feasible if the data-stream is intense (√) and latency is low (√)
http://www.rogerclarke.com/DV/YAWYB-CWP.html
Copyright2013
36
Terms of ServiceImposed by ISPs on Consumers
• Substantial Rights to collect, use and disclose personal data, incl. location data
• Unilateral Power:• to change the Terms of Service• to do so without notice• to do so with immediate effect
• No Obligation to delete data, ever
http://www.rogerclarke.com/EC/IU-SPE-1012.html
Copyright2013
37
Rampant Location and Tracking
• Through Pseudo-Consent:• Uncontrolled personal data collection• Uncontrolled personal data use• Uncontrolled personal data disclosure
• US data havens undermine EU protections• Consumer rights and data protection laws
inadequate for the task• Parliaments, Regulators asleep at the wheel
Copyright2013
38
Headline Spare:
Unauthenticated payments are switching card risks from merchants to consumers
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.QuickTime™ and a
TIFF (LZW) decompressorare needed to see this picture.
Copyright2013
39
Headline Bonus:
Social media services have only one business model,
and it's based on personal data exploitation
and behaviour manipulation
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.QuickTime™ and aTIFF (LZW) decompressorare needed to see this picture.QuickTime™ and a
TIFF (LZW) decompressorare needed to see this picture.
Copyright2013
40
Copyright2013
41
Some Implications
Copyright2013
42
Naive Advice from 1998'Apply Consumer-Friendly
Principles'• Information
• Choice
• Consent• 'opt-in' the norm• 'opt-out' with stringent
justification
• Fair Conditions
• Recourse
http://www.rogerclarke.com/DV/DirectMkting.html#Princ
Copyright2013
43
Consumer-Oriented Social Media Features
Interoperability, Portability
• Content, Messages
Consent, which means:• Informed• Freely-Given• Granular not Bundled• Settings Management• Conservative Defaults
Trustworthy Terms
Identity Protections• Protected Pseudonyms• Multiple Identities• Caveats, Social Norms
and Reputations
Non-User Protections• Content• Social Networks
Location Protections
http://www.rogerclarke.com/II/COSMO-1211.html
Copyright2013
44
Some Possible Measures
• IT Security Risk Assessment (SRA)done by someone, from the eConsumer Perspective
• IT Security Risk Management Planning (SRMP)done by someone, from the eConsumer Perspective
• Designed-In Security Safeguards• Practicable and Economic• Default and with Minimal Usability Trade-Off• Documented, with Tutorials
Copyright2013
45
Ways to Get There
• Depend on the proactive and productive prosumer?
• Impose liability for designed-in insecurity?• Impose liability for serious security errors?
• Develop eConsumer Protection Law?http://www.rogerclarke.com/EC/ICEC06.html#TNT
• Impose Minimum Privacy Undertakings?http://www.rogerclarke.com/DV/PST.html
• Impose Standards on eConsumer Services?http://www.rogerclarke.com/EC/CCC.html#CRR
Copyright2013
46
BYOD Issues• Hosting Organisation Perspective
• Need for Network Protection• Need for Device Challenge and Testing• Need for Minimum Security Standards• Need to provide Device-Cleansing Advice
• eConsumer Perspective• Transparency of the Organisation’s
Actions• Auto-Reporting of Sensitive Information• Exclusion from Services / Participation
Copyright2013
47
Will Consumers Be Precluded From Owning General-Purpose Computing
Devices?
Many powerful groups will discover that they want it
• Copyright-Dependent Corporations• Government Censors• The Moral Minority, who want governments to extend
censorship to whatever content the moral minority thinks the majority shouldn't have access to
• (Dominant) Computing Device Providers (iOS, Android)• Law Enforcement & National Security Agencies
(LEANs)• 'Fraud Experts'• Employers and other Organisations permitting BYOD
Copyright2013
48
eConsumer InsecurityFive Headlines – Sensationalist But True
Agenda• eConsumers• 5 Headlines
• eConsumer services are a very bad deal• Mobile devices are irretrievably insecure• Passwords are Passé; Kennwort heisst
Bekannt• Web technologies are designed to be insecure• Mobiles leak location, very often, far and
wide• Some Implications
Copyright2013
49
Roger ClarkeXamax Consultancy, Canberra
Visiting Professor in Computer Science, ANUand in Cyberspace Law & Policy, UNSW
Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau
17. Januar 2013
http://www.rogerclarke.com/EC/eCIS {.html, .ppt}
eConsumer InsecurityFive Headlines – Sensationalist But
True
Copyright2013
50
Copyright2013
51
eConsumer Differentiation
• Education, Income, Wealth• Infrastructure Availability• Technical Capability
• Opportunity-Awareness• Leadership / Followership• Risk-Awareness, Risk-
Aversion
• Age / 'Generation'
Copyright2013
52
The Generations of eConsumers
Indicative Indicative Generation Birth-Years Age in 2010Silent / Seniors 1910-45 65-100Baby Boomers – Early 1945-55 55-65Baby Boomers – Late 1955-65 45-55Generation X 1965-80 30-45Generation Y 1980-95 15-30The iGeneration 1995- 0-15
Copyright2013
53
The Generations of eConsumers
Baby Boomers (45-65)Handshake/phone, PCs came late, had to adapt to mobile phonesWork is Life, the team discusses / the boss decides, process-oriented
GenXs (30-45)Grew up with PCs, email and mobile phones, hence multi-taskersWork to Have More Life, expect payback from work, product-oriented
GenYs (15-30)Grew up with IM/chat, texting and video-games, strong multi-taskersLife-Work Balance, expect fulfilment from work, highly interactive
iGens (to 15)Growing up with texting, multi-media social networking, networked games, multi-channel immersion / inherent multi-tasking?Life before Work, even more hedonistic, highly (e-)interactive
Copyright2013
54
ActiveX 'Controls'• There is no ‘sandbox’. Access is given not just to
the browser but to the entire workstation• The designer thereby gains enormous power
over remote workstations• An ActiveX ‘control’ can be ‘authenticated’, but
that doesn’t assure that it will not be harmful• ActiveX security problems are far worse than
Java:“The embedding of ActiveX into the Internet Explorer web browser created a combination of functions that has led to an explosion of computer virus, trojans and spyware infections” (An over-ridden Wikipedia entry for ActiveX)
Copyright2013
55
A ‘Lightweight Alternative’ – AJAX
• 'Asynchronous JavaScript and XML'• A Successor to the vague ‘Dynamic HTML’• Applies well-established tools:
(X)HTML/CSS -> XML, JavaScript/ECMAScript • Utilises the XMLHttpRequest Method of HTTP
in particular to enable partial-window-refresh• Involves an 'Ajax engine' within the
browser, which intercepts and processes user-requests and server-responses
http://www.rogerclarke.com/EC/Web2C.html#AltT
Copyright2013
56
Headline Spare:
Unauthenticated payments are switching card risks from merchants to consumers
Copyright2013
57
Contactless Chips
• RFID / NFC chip embedded in card
• Wireless operation, up to 5cm from a terminal
• Visa Paywave and MasterCard PayPass
• Up to $100 (cf. original $25)
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
QuickTime™ and aTIFF (LZW) decompressor
are needed to see this picture.
Copyright2013
58
Contactless Chip-Cards as Payment Devices
• RFID / NFC chip embedded in card
• Wireless operation, up to 5cm from a terminal
• Visa Paywave and MasterCard PayPass
• Up to $100 and $35 resp. (cf. original $25)
• Presence of chip in card is not human-visible, butLogo / Brand may be visible
• No choice whether it's activated• Operation of chip in card
is not human-apparent• No action required when within
5cm range, i.e. automatic payment
• No receipt is increasingly the norm
• Used as Cr-Card:Unauthenticated auto-lending
• Used as Dr-Card:PIN-less charge to bank account
Copyright2013
59
• Authentication – None? / A Non-Secret? (but Yes, for Transactions >$100 Only)
• Act of Consent – None? / Unclear? / Clear?If the card is within 5cm of a device, whether seen or not
• Notification – None? / Audio? / Display?If 'None', then enables surreptitious payment extraction
• Receipt / Voucher – None? / Option? / Y?
Safeguards
Copyright2013
60
Mobile Payments can be
• Faster• More Intuitive• More Convenient• Less of an Obstacle
Copyright2013
61
Mobile Payments can be• Faster• More Intuitive• More Convenient• Less of an Obstacle
For the Thief Too
Copyright2013
62
Risk Analysis Summary
• A lost, stolen or borrowed card can be used by anyone,for multiple transactions up to $100 at a time, without any form of authentication, against the credit or debit account the card it linked to
• The facility is in every card,the choice is merely to have a card or to not have one, and there is no 'Off' switch
• Many Parliaments and Consumer Protection Agencies have done absolutely nothing about it
http://www.rogerclarke.com/EC/CPS-12.html
Copyright2013
63
Risk Management Possibilities• Reconcile your Statements. But:
• Statements are now very long indeed• Statements are increasingly online, not sent, and
charged for • The time available for challenges is limited (60 days?)• Many transactions will not match against a receipt• Many business names are not recognisable
• Query unrecognised transactions. But:• The consumer has no evidence, much detail, and is
uncertain• Only a minority of unreconciled entries will be fraudulent• Effort, time and fees are incurred for each challenge• Processes are designed to be inconvenient and slow (60
days?)• Card-issuers can refuse to reimburse
Copyright2013
64
Headline Bonus:
Social media services have only one business model,
and it's based on personal data exploitation
and behaviour manipulation
Copyright2013
65
A Participant-Oriented Classification of Social Media
Interaction
Broadcast
Collaborationor
Sharing
few1
many1
1 1
Content
Indicator
Gaming
many1
OR(Closed)
(Open)
(Semi-Open or Open)
Email / Chat-IM / Skype
Web-Pages'Walled-garden' 'wall-
postings'YouTube
Wikis
Dis/Approval'Like', '+1'
Second Life
http://www.rogerclarke.com/DV/SMTD.html
Copyright2013
66
Currently-Available Social Media Genres
1-with-1/Few INTERACTION Tools• networked text email (asynchronous)• networked text chat / IM (synchronous)• SMS / texting from mobile phones• email-attachments, any format (asynch)• voice:
• over Internet (VoIP, Skype) (synch)• tele-conferencing (VoIP, Skype) (synch)• videophone (Skype Video) (synch)• video-conferencing (Skype Video)
(synch)
1-to-Many BROADCAST Tools• bulletin boards systems (BBS)• Usenet / netnews • email lists• web-pages• indexes (Lycos, Altavista, Google, Bing)• blogs (WordPress, Blogspot)• micro-blogs (Twitter, Tumblr)• glogs – wearable wireless webcams,
cyborg-logs, retro-nymed as 'graphical blogs'
• 'content communities', e.g. for images (deviantArt, Flickr and Picasa), for videos (YouTube), for slide-sets (Slideshare)
• closed / 'walled-garden' 'wall-postings' within SNS
(Plaxo, MySpace, LinkedIn, Xing, Reddit, Facebook, Google+)
1-with-Many SHARING Tools• Content Collaboration
• wikis (Wikipedia)• social news sites (Slashdot, Newsvine)• online office apps (Zoho, Google Docs, MS Live)
• Indicator-Sharing• 'social bookmarking' (Delicious)• dis/approvals (Digg's dig & bury, Reddit's up &
down, StumbleUpon's thumbs-up & thumbs-down,
Facebook's Like button, Google+'s +1 button)• Multi-Player Networked Gaming
• text-based MUDDs• social gaming sites (Friendster)• Massively Multiplayer Online Games (MMOGs),
esp. Role-Playing Games (MMORPGs), e.g. World of Warcraft
• online virtual worlds (Second Life)
http://www.rogerclarke.com/DV/SMTD.html
Copyright2013
67
Social Media’s Business Model• 'There must be a way to monetise this somehow'• 'You will find something interesting here'
is a self-fulfilling prophecy, because people can be enticed to contribute 'something interesting'
• Contributors, and the people who come after them, can be enticed to click on targeted advertisements
• Targeting is based on:• profile-data that users supply about themselves• content that they have donated• their online behaviour while using the service• their online behaviour more generally• data that other people contribute about the user
Copyright2013
68
Privacy Risks in Social Media• Second-Party Risk Exposure (Service-
Provider)• Content relating to Oneself• Content relating to Others• Social Networks including Oneself and Others
• Third-Party Risk Exposure• Openness that was Unanticipated • Openness through Breach of Original Terms• The Service-Provider's ‘Strategic Partners’• 'Syndication', to any player• Government Agency Demand Powers• Interception and Hacking
Copyright2013
69
A Catalogue of Social Media Privacy Concerns
Source: Reviews of Media Reports 2005-11
1 Privacy-Abusive Data Collection
2 Privacy-Abusive Service-Provider Rights
3 Privacy-Abusive Functionality and User Interfaces
4 Privacy-Abusive Data Exploitation
http://www.rogerclarke.com/DV/SMTD.html
Copyright2013
70
A Catalogue of Social Media Privacy Concerns
1 Privacy-Abusive Data CollectionDemands for User Data• identity data• profile data• contacts data, including users' address-
books:• their contact-points (some sensitive)• comments about them (ditto)• by implication, their social networks
Collection of User Data • about users' locations over time• about users' online behaviour, even when
not transacting with the particular service• from third parties, without notice to the
user and/or without user consent
2 Privacy-Abusive Service-Provider RightsTerms of Service Features• substantial self-declared, non-negotiable rights
for the service-provider, including:• to exploit users' data for their own purposes• to disclose users' data to other organisations• to retain users' data permanently,
even if the person terminates their account• to change Terms of Service:
• unilaterally• without advance notice to users; and/or• without any notice to users
Exercise of Self-Declared Service-Provider Rights• in ways harmful to users' interests• in order to renege on previous undertakingsAvoidance of Consumer Protection and Privacy
Laws• location of storage and processing in data havens• location of contract-jurisdiction distant from users• ignoring of regulatory and oversight agencies• acceptance of nuisance-value fines and nominal
undertakings
Copyright2013
71
A Catalogue of Social Media Privacy Concerns
3 Privacy-Abusive Functionality and User InterfacesPrivacy-Related Settings• non-conservative default settings
• inadequate granularity
• complex and unhelpful user interfaces
• changes to the effects of settings, without advance notice, without any notice and/or without consent
'Real Names' Policies• denial of multiple identities
• denial of anonymity
• denial of pseudonymity
• enforced publication of 'real name', associated profile data
Functionality and User Interface• inadequate documentation and reliance on interpolation
• frequent changes; and/or without advance notice to users, without any notice to users and/or without user consent
User Access to Their Data• lack of clarity about whether, and how, data can be
accessed
• lack of, even denial of, the right of subject access
User Deletion of Their Data• lack of clarity about whether, and how, data can be deleted
• lack of, and even denial of, the user’s right to delete
4 Privacy-Abusive Data ExploitationExposure of User Data to Third Parties• wide exposure, in violation of previous Terms,
of:• users' profile-data (e.g. address, mobile-
phone)• users' postings• users' advertising and purchasing
behaviour• users' explicit social networks• users' inferred social networks,
e.g. from messaging-traffic• changes to the scope of exposure:
• without advance notice to users• without any notice to users; and/or • without user consent
• access by government agencies without demonstrated legal authority
Exposure of Data about Other People• upload of users' address-books, including:
• their contact-points• comments about them• by implication, their social networks
• exploitation of non-users' interactions with users
Copyright2013
72
A Catalogue of Social Media Privacy Concerns
3 Privacy-Abusive Functionality'Real Names' Policies• Denial of multiple identities• Denial of anonymity• Denial of pseudonymity• Enforced publication of 'real
name', and associated profile data
Copyright2013
73
A Catalogue of Social Media Privacy Concerns
4 Privacy-Abusive Data ExploitationExposure of Data about Other People• Upload of users' address-books, including:
• their contact-points• comments about them• by implication, their social networks
• Exploitation of non-users' interactions with users
• Disclosure of non-users' social networks
Copyright2013
74
Social Media Privacy Disasters
• Plaxo, 2004http://www.rogerclarke.com/DV/ContactPITs.html
• Twitterhttp://tweepi.com/blog/2011/07/10-must-know-twitter-privacy-tips/
• Facebook, 2004-http://www.rogerclarke.com/DV/PrivCorp.html#FB
• Google Gmail, Orkut, Buzz, Google+http://www.rogerclarke.com/DV/PrivCorp.html#Goo04
• http://www.rogerclarke.com/DV/PrivCorp.html#Goo10http://www.rogerclarke.com/DV/PrivCorp.html#Goo12
• Instagramhttp://www.rogerclarke.com/DV/PrivCorp.html#Instagram
top related