How Buzz, Facebook, Twitter create 'social insecurity'

Will using Buzz raise your premiums? Welcome to the weird new world of zero privacy

An insurance expert told the Britain's Telegraph newspaper that using location-centric mobile social services like Google Buzz, Twitter, Facebook and Foursquare could raise your home insurance premiums, or even result in the denial of insurance claims.

Wait, what?

A gag Web site launched this week called "Please Rob Me" raised an ugly but obvious truth about location-based mobile social networking: When you tell the public where you are, you're also telling burglars you're not at home. The site originally displayed a real-time stream of Twitter and Foursquare posts that might interest criminals.

Twitter has since pulled the plug, apparently, and now all Please Rob Me posts are from Foursquare. Each post begins with the user's name, followed by "left home and checked in" followed by an exact address of where the person is.

Insurance industry watchers like the one quoted by the Telegraph predict that after customers get burglarized and file claims on stolen property, the insurance companies will probably investigate to see whether the customer broadcast information over social networks in a way that constitutes "negligence." They could also make "social networker" the homeowners insurance equivalent of "chain smoker" in health insurance -- a category of customers who are charged higher premiums.

In my "Inside Google" blog yesterday, I wrote a detailed post titled "How to rob somebody using Google Buzz." My point was that even though Twitter and Foursquare can expose users to crimes, Google Buzz is even more compromising.

In a nutshell, using Google Buzz's mobile location feature, in combination with Google Profiles and other free Internet-based services, crooks can quickly find out who you are, where you are, what you look like, where you live, and when you'll be home. Scam artists can troll for suckers, then grab all the information they need for their scam.

This is bad news for Google in the wake of its already problematic Buzz rollout. When Buzz first hit, users were automatically "followed" to a list of people they e-mailed most often. Unless users were savvy enough to change the privacy settings on Google Profiles, which most Gmail users probably didn't even know existed, their lists of most-frequent contacts was made public. Doctors and lawyers had patients' and clients' identities revealed. Personal contacts were exposed to employers. Mistakes were made. Google apologized and fixed the problem, but not in time to stop a class-action lawsuit.

It's easy to pick on Google, because its services are so popular and because Buzz is so new. But the truth is that Buzz is just one small part of the new "social insecurity." We've innovated our way into a strange new world of privacy compromise and confusion.

Why you can't know how much privacy you have

We now live in a world of online services where privacy is often violated by default.

To understand this and do something about it, you need to be an exceptional person. The average user or consumer can't or won't figure out how to safeguard his privacy.

A minimal safeguarding on personal privacy nowadays requires users to take intelligent action regarding deeply buried, little discussed, often confusing and relatively obscure settings in Facebook, Gmail, Profiles, Twitter and a world of other online social services -- and most of all one's own cell phone.

Are your Facebook photos set up to be public or private? When you post pictures of your kids or spouse on Facebook, are those pictures made available on image search sites? Are creepy weirdos finding those pictures using Google, Bing or Yahoo image search and then reposting them on creepy weirdo Web sites?

When you post using Google's mobile Buzz app, are your tweets going to only the people following you, or the whole world?

Is your cell phone's GPS location feature on or off? If it's on, is any service, company or individual person able to get access to that data?

I'd be willing to bet that more than 90% of users can't answer those questions. But even the most skillful users often can't know how much privacy is being violated.

For example, we know that Google's computers read all of our e-mails every day. Special software scans the words we send and receive so Google can post ads next to the messages related to the conversations. Do Google employees ever read those e-mails, maybe as examples for research or marketing? How would we know if they did? And if we trust Google (and I do think Google is a trustworthy company), is the U.S. government reading your e-mail? How would we know if they did? And if you trust the U.S. government, is the Chinese government reading your e-mails? Hackers? Blackmailers? Your employer? How would we know if they did?

It's not that you don't know who's reading your e-mail. It's that you can't know. You will never know.

As Scott McNealy famously said 11 years ago: "You have zero privacy anyway. Get over it." But it's not that simple anymore. He was talking more about concern over compromised privacy by companies and governments, which could potentially somehow use your private data for purposes you don't approve of. But now, thanks to social services that didn't exist when McNealy uttered his inconvenient truth, the whole privacy issue has exploded.

We still have to worry about governments and companies, but now we must be concerned about employers, criminals and even family members.

Here are five examples of the many weird new ways privacy can be violated.

1. Facebook photo tagging. You're a respectable citizen, a pillar of the community. You're active in the chamber of commerce, and local charity organizations. You're a senior officer in your company, and a church elder. Your kids think you're perfect. Then your old high-school buddy posts a picture of you vomiting shirtless at a debauched punk rave in the 80s with a cigarette in one hand, a bottle of Jack Daniels in the other and a purple mohawk on your head. He tags you, which puts that photo on your Facebook Wall. Now that photo has been shared with your mother, your kids, your boss, your colleagues. Once seen, it can't be unseen. If anyone copied the photo, it's now "out there." Forget about ever running for public office.

2. Google Buzz people harvesting. When you fire up Google Buzz on your iPhone, Android phone or -- soon enough, presumably -- any smartphone, and hit the "Nearby" button, you get a list of posts from strangers listed in order of which is closest. Their usernames can lead to their profiles, which probably enables contact via e-mail (like Craigslist, e-mail addresses can be private, but anyone can still send e-mail through Profiles). What's to stop any business from firing up Buzz every day and harvesting contacts of people who come to the neighborhood?

3. Street View evidence gathering. The chances that you personally will appear on Google Street View round to zero. The chances that a great many people will be exposed on Street View doing something embarrassing round to 100%. Thanks to social sharing, every transgression captured by a Google Street View van will be exposed, broadcast, shared and stored forever on hundreds or thousands or millions of hard disks across the world. If you're one of the lucky few caught doing something unpleasant on Street View, people you know will find out about it. And funny photos are forever.

4. Social group mixing. It's easy to forget who's following you. Facebook users often post compromising information. Somebody might, for example, report the he called in sick to go to the beach -- forgetting that his boss is one of his Facebook friends. Young people might have peers in mind when they post, and forget that mother is lurking. And on social networks like Twitter or Buzz, it's possible that people you know are following you under a pseudonym.

5. Set-it-and-forget-it sharing. New social services come along all the time. We sign up, try them, then forget about them when newer and shinier things come along. For example, Google came out with the Latitude location service a long time ago. Did you try it? If so, did you turn it off? Are you still trackable? The harsh reality is that most of us have no idea if we've left a trail of privacy-compromising services in our wake.

McNealy was right of course. Theoretically we have zero privacy. A motivated and skillful person or organization can always learn things about us that we'd rather keep to ourselves.

It's still a good idea to practice common sense when using the Internet. Don't blather information that could be useful to crooks. Be careful about what you share, and whom you share with. Take care in broadcasting your location, either manually or automatically. But even the most meticulous anti-social-networker can't really achieve true privacy.

The strange new reality of "social insecurity" is this: The best we can do is make the violation of our privacy a little less convenient for those who would exploit us.

Join the CSO newsletter!

Error: Please check your email address.

Tags Foursquaregoogle buzztwitterFacebook

More about FacebookGoogleYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Mike Elgan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts