Tag Archives: presence tools

Social Engineering, Part XIV

image

Further to my earlier piece about the scamming potential of Web 2.0, here are a couple more examples of why social engineering is a bigger problem than it might appear.

First off, governments and organisations are not as careful with your information as you might expect them to. There are plenty of examples of CD-ROMs and laptops going missing, but often even that doesn’t need to happen. Some governments openly publish such information on the Internet. Indonesia’s minsitry of education, for example, has published the names, addresses, age, date of birth, school and education number of 36 million Indonesian students in easily downloadable XLS format.

Who might use such information? The mind boggles at the possibilities. But one hint might be found in this Straits Times article from neighboring Singapore, which reports a growing wave of faux kidnappings: Gangs phone someone with enough information about their loved one—child, spouse, or whatever—to convince them they’ve been kidnapped and the mark must pay the ransom immediately. In the past six months employees at one bank alone have foiled 14 such attempts—merely by alerting the victims trying to withdraw large amounts of money that they’re being conned.

In the first half of this year, according to the newspaper, 21 people have been scammed out of S$322,000 ($216,000) in this way. Such scams rely on having access to just the kind of information contained in the ministry of education’s database: Knowing kids’ names, their class, their home address, their school chums—all would be invaluable in doing a scam like this. Or any other number of scams.

The point is that we need to think beyond the narrow confines of single channels of data. Scammers don’t: They use a combination of techniques to build up enough information about their mark to be able to either impersonate them or convince them of something. In the above case, it’s that they have kidnapped a relative. In this (still ongoing) Hong Kong-based scam, it’s that they are their bank.

I’m not suggesting Web 2.0 is going to breed a different kind of scam, it’s just going to breed a new kind of opportunity. Social engineering relies on gathering just the sort of data that social networking and presence tools base themselves on.

The Scam Potential of Presence Messages

image

David Weinberger as ever hits nail upon head with dose of humor, but his point to me opens the gates to all sorts of thoughts, some of them Web 2.0ish:

Often, on the back of a ‘Do Not Disturb’ sign is a ‘Make Up My Room Now’ message of some sort. But, now matter how they phrase it, isn’t it the same as an “I’m Out, So This Would Be a Good to Rob Me, Especially If You Are Squeamish about Violence” sign?

My question is this: When will Web 2.0 presence tools start to create the same informational hazard? Whether it’s twitter, saying you’ve nipped out for coffee, or dopplr, saying you’re planning an overseas trip, at what point do scammers decide this information is useful to them? Or are they already doing so? I’ve long considered automatic Outlook away messages to be dangerous, but I wonder at what point do the scamsters start to pick up on the usefulness of this presence, or rather absence messages.

P.S. I’m off out for a coffee.

Joho the Blog » The opposite of Do Not Disturb

Photo credit: ores2k

The Revolution That Keeps, Well, Revolving

It’s interesting to watch how quickly our Web 2.0 tools are changing, changing us, changing the way we communicate, and being changed by us. And how each step feels like a revolution, and yet, usually, isn’t.

The latest thing is Twitter 2.0, as I would call it. Nothing has actually changed in the software, but the way people are using it has. What was originally a presence and status tool has become a communication, networking, information delivery and spamming tool. And it’s creating its own unique problems–which probably aren’t that unique, if you stand back from them–and now, its own rules.

Shel Israel, co-author of Naked Conversations, is the first I’ve noticed who is trying to wrestle with the new realities.

He starts out:

I’m a passionate about Twitter.  I spend more time in on it than in any other social media venue.  Twitter has been good to me.  It is the source of leads for my text and video blogs, not to mention several very nice consulting and speaking offers.

This has created what Shel calls “the most up close and personal of social media”. Shel uses Twitter as a place to communicate with fellow twitterers and meet new people within a “small neighborhood, one where it’s safe to speak out, where strangers are scrutinized by locals this all happens at a certain easygoing pace.”

But then he goes on to talk about the “new wave of adopters coming in”. I suspect we’ve all noticed this: legions of “followers” who add your twitter feed (“tweets”) to their list. The worry is that now the conversation Shel was having with his small neighborhood is being listened to by a legion of outsiders who may or may not be anonymous.

Twitter, it should be pointed out, allows various options: You can be private, or you can allow anyone to follow your tweets, or you can vet who follows you. If someone follows you, it kind of behoves you to check out their tweets, if not to actually follow them, then at least to get a sense about whether the person following you is the sort of person you want to have following you.

Shel has come up with what he calls his “Twitter Follow Policy:”

  • If I do not know who you are, or what you look like, or where you are coming from I will not follow you.
  • With very few exceptions, I will not follow brands, candidates, causes or company names. I wish to talk with humans, not brand icons, neither surveys nor bots. If you are a real person & you are passionate about your work, then I embrace you. If you are a Direct Marketer using Twitter to push you brand into my forehead, I will block you.
  • Even if you are a real person, I may not follow you. I need to see that you are talking either about topics or people I care about.
  • If you disagree with me, do it under your own name and I will respect you. If you personally insult me, I will block you. If you are consistently unpleasant or just boring, I will unfollow or block you.
  • With extremely rare exception, I will not follow anonymous Tweeters.

Wise stuff. But as some of the commenters on his blog post point out, people use Twitter for different reasons. Not everyone follows Shel (or to a much more modest extent, me) because they want a conversation with me. I don’t follow others for the conversation, necessarily. Many people don’t want to be followed, just like many people read blogs but don’t necessarily blog.

The problem here is that Twitter is a great tool that has already broken out of the constraints of its creators’ imagination. But now it’s created uses that may conflict with each other and create fresh problems, such as those experienced by Shel who see the informal networks with fuzzy but distinct ‘village limits’ undermined by outsiders who don’t know the ‘rules.’

I applaud the new lease of life that Twitter has been given with this new kind of usage. In some ways it is a striking counterbalance to what I believe is the failure of Facebook to evolve beyond the huge surge of a few months back; I’ve noticed that usage in my little world have fallen off quite dramatically since the beginning of the year. Facebook will eventually become a sort of ‘profile cemetry’ unless these users are convinced it represents more than a novelty ‘old friend discovery’ tool.

Twitter has stepped into the gap left here by the declining appeal, and lack of direct communication that presence tools offer (Jaiku et al) and the walled-garden, asynchronoous web page to web page/email world of Facebook. Twitter, via delivery mechanisms like Google Talk, have colonised a space that is “instant messaging with social characteristics.”

Shel’s approach is a smart one. Though I wonder how many of these kinds of policies we’ll have to come up with as the landscape continues to evolve.

Global Neighbourhoods: My Twitter Follow Policy

Twittering in the Forest

I was a bit rude about Twitter in my last WSJ column (subscription only, I’m afraid), about the Web 2.0 satire Useless Account:

I can’t have an online conversation these days, for example, without someone telling me to use Twitter, a fabulously popular way to broadcast your current activity (and I mean current, as in “ear cleansing while waiting for YouTube to load”) to anyone interested, via your blog or cellphone. (Yes, I have signed up. No, I don’t use it much. Frankly, I don’t know what I’m doing most of the time, so the idea I’d actually be in a position to tell anyone else is unlikely. But how long will I hold out from using it? Probably not long.)

Of course, I’m probably on the wrong side of history here. Scoble et al love it. He has 469 followers (in case you have better things to do with your time, Twitter allows you to ‘follow’ other people’s twitterings, to basically see everything they write in their twitter account.

In fact, the ‘follower’ moniker is somewhat apt — Web 2.0 has become very religious, what with all these A list bloggers and product evangelists. People follow Scoble in the way they might have followed some mystic. (Of course I’m jealous! I’m not being followed by anyone except that mangy cat from the warung and some weird person who thinks I’m writing this blog for him.)

Anyway, Twitter probably tells us more than we’d like to know about this particular slice of Internet history. Robert says:

Anyway, I find I keep coming back to Twitter. It’s an interesting way to keep in touch with the lives of your friends, or followers, as it were.

It’s not as if this is not a bad idea. I’m into the idea of presence — being able to broadcast your availability so that those trying to reach you can fit their schedules into yours — and vice versa. Set your Skype note to “in a meeting and about to rush for a plane” and friends will know that you probably don’t want to yack on the phone about Britney Spears’ new hairdo. But Twitter probably takes this a bit too far — instead of it being a tool to fight distraction, as presence tools are — it becomes a tool of distraction, where one obsessively updates, and monitors others’ updates, to the exclusion of all else.

I prefer the assessment of Shawn Oster who suggests that in fact Twitter is about people feeling

they’re being heard. Everyone wants to feel unique and to feel like they matter, that they’re being noticed. Blogs are a great way to do that but now that there is more pressure to make your blog actually mean something instead of just an online diary people are looking for an easier way to still be digitally heard.

Probably truer than we’d like to admit. We’re firing these little messages out into space, and by building around us a network of friends and followers we’re feeling connected and noticed. Nothing wrong with that, but it’s a reflection of what constant communication is doing to us: we don’t feel ‘validated’ unless what we’re doing is somehow observed and noted by others. The old tree falling in the forest thing, I guess: If no one heard it fall, did it make a sound? If no one knew we went out for milk and newspapers, did we?

I’m off to buy milk and newspapers and will report as much to my 1.5 followers on Twitter.

Technorati tags: , , , ,