Common Sense Media’s “Protect Our Privacy – Protect Our Kids” campaign
Common Sense Media on Friday announced the results of a survey showing that “92 percent of parents are concerned that kids share too much information online, and 85 percent of parents say they’re more concerned about online privacy than they were five years ago.”
Along with releasing the survey results, the San Francisco-based non-profit organization is also launching a “campaign” with six main goals:
1) “Do Not Track Kids.”
2) The industry standard for all kids’ privacy should be opt-in.
3) Privacy statements should be clear and simple.
4) Parents, teachers, and kids need to be educated about protecting privacy.
5) Industry must innovate to protect kids and families.
6) Government needs to update privacy policies for the 21st century.
Putting the Data Into Context
While I applaud Common Sense Media for taking on this important issue and have no quibbles with their goals, I think it’s important to put the survey results into context.
The poll, which was taken in August of this year, reflects parents’ opinions, concerns and worries, but not necessarily their knowledge about the tools that do exist to protect their children’s privacy online. In the month prior to the poll there were lots of media stories about privacy. The survey was conducted shortly after the Wall Street Journal‘s series on tracking cookies which showed that many web sites (not necessarily social networking sites) place cookies on people’s computers to obtain non-personally identifiable information about them for marketing purposes and to tailor content.
Like any opinion poll, the one conducted by Common Sense Media reflects opinions, but opinions aren’t always based on an accurate understanding of facts.
That’s not to diminish the importance of opinion — we all need to take public perceptions seriously, but it is also important that we look at the way youth use social media to better understand if and how their privacy is being violated. For the most part, young people are not posting information that will jeopardize their safety and, increasingly, young people are limiting what they post because the word is out that what you say online can come back to haunt you later. That’s not to say that we don’t have more work to do to get young people to understand how to protect their privacy and pressure industry to do all it can, but the situation isn’t as dire as some people think it is.
Also, with due respect for my fellow moms and dads, as a recent New York Times article by Lisa Belkin points out, parents, as a group, often miscalculate what actually puts children in danger. As I pointed out in a previous column, one study found that parents are more concerned about Internet safety than drunk drivers, despite overwhelming evidence to the contrary. Thousands of people are killed each year as a result of drunk driving accidents involving teenagers compared to an extremely low risk of physical danger associated with Internet use.
The good news is that the leading social networking sites, including Facebook, have lots of privacy tools that young people can use to limit who can see their information. While not all are turned on by default, all are easily accessible via a link from the user’s Facebook Home page and Profile page. In addition, there are some additional privacy defaults for children both for general posts and when it comes to disclosing their location.
Extra Protection for Minors
On the surface it appears that minors have the same privacy default setting as adults but Facebook’s definition of “everyone” is different for minors than it is for adults. I suspect that very few parents are aware of this distinction, but Facebook does offer minors a significant level of additional protection. Perhaps they need to make this clearer.
To quote Facebook’s help section, the “Everyone” setting works differently for minors than it does for adults. When minors set information like photos or status updates to be visible to “Everyone,” that information is actually only visible to their friends, friends of friends, and people in any verified school or work networks they have joined. The only exceptions are for “Search for me on Facebook” and “Send me friend requests.”
Facebook also has additional protections for minors who use their “Places” location service.
Tracking Cookies
The tracking cookies issue is a lot more complex, and Common Sense Media is wise to raise the issue. But the issue of cookies goes way beyond social networking sites. They are used by many sites, including sites operated by major media companies. In many cases, their purpose is totally benign such as storing a user’s log-in information so they don’t have to enter it each time. Other sites use cookies to anonymously track activity within the site so as to better target content and ads while others place cookies on PCs that track behavior across sites. I join with Common Sense Media in encouraging people to better understand the use of cookies, to pressure companies to be totally transparent about how they are used and to give users the ability to turn them off.
Other Findings
The survey, which was conducted by Zogby, had some other interesting findings.
- 75% of parents said they would “rate the job that social networks are doing to protect children’s online privacy as negative”
- 68% said they’re “not at all confident in search engines keeping their private information safe and secure.”
- 71% of parents say they’re “not confident in social networking sites keeping their private information safe and secure.”
- 79% of teens think their friends share too much about themselves online which, in a way, is a good thing because it means that the vast majority of teens are thinking about privacy.
Teen Privacy Awareness is More “Normal” Than Some Imagine
This is not the first Common Sense Media survey on teens and privacy. A 2009 study (PDF) of teens that found that “28% of teens share personal information that you would normally not share in public.” That is a relatively high figure but if you turn it around, that means that 72% of teens don’t share such information. And since that poll was taken, there has been a lot more discussion about online privacy. I’m not suggesting we be happy with the 2009 results, but it’s important to note that most teens do limit what they post. And even that 28% figure doesn’t delve into how much and what kind of information they might not have shared or what the negative consequences might have been.
It’s important to be accurate when reporting teen behavior because what teens consider to be “normal “sometimes influences their behavior as in “if must be OK because everyone else is doing it.” There is a lot of research that shows that accurately reporting positive social norms encourages positive behavior. Just as with bullying, sexting, teen smoking and other forms of negative behavior, we need to send the message that the norm is not to disclose too much information but to think before you post.
It’s a bit out of date, but a 2007 study by the Pew Internet & American Life Project found that the “majority of teens actively manage their online profiles to keep the information they believe is most sensitive away from the unwanted gaze of strangers, parents and other adults.” That Pew survey found that only “3% of online teens and 5% of profile-owning teens disclose their full names, photos of themselves and the town where they live in publicly-viewable profiles.”
Although it deals with adults rather than minors, a 2010 Pew study found that young adults (18-29) are more likely to have changed their privacy settings than adults between 55 and 64 (71% vs 55%). Some of the young adults in this study are still in their teens. I’d love to see follow-up research on the privacy habits of 13 to 18 year-olds.
“There Ought to be a Law”
In the 2010 Common Sense Media study, 88% of parents say they would support a law that requires online search engines and social networking services to get users’ permission before they use personal information to market products.
I’m not exactly sure what that really means. Before Congress could pass such a law it would need to consider what constitutes “permission” (technically, the typically obtuse terms of service that people agree to typically do extract that permission though I strongly agree with Common Sense Media that these terms should be written in plain English) and it would have to define “personal information.” If they’re talking about advertising that is based on demographics like age or approximate location, then Congress better also review advertising policies for TV, magazines and other media which almost always aim advertisements at specific groups, including children. Saturday morning TV and other children’s programs have aimed ads directly towards kids. True, TV is one-way but assuming sites are not tracking specific individuals, targeting ads towards a demographic is hardly a new practice.
As with any new laws, I urge Congress to think about the negative unintended consequences. While I also have very serious concerns about tracking cookies and inundating children with advertising, I worry that over-regulation could destroy the market for free services like Facebook, Google and the thousands of great advertiser-supported editorial sites..
Need for Education , Transparency and ‘Teachable Moments’
I completely agree with Common Sense Media’s call for more education. Parents, youth, educators, media and policy makers need to understand the facts behind Internet privacy and the way we can individually protect our privacy. We also need more transparency. Sites should not be allowed to hide legalese but should disclose all of their advertising and privacy practices up-front and in clear language. Also, there needs to be “just in time” disclosure and “teachable moments” where privacy tips pop-up at the point where people are about to disclose personal information.
Like Common Sense Media, I look forward to a national dialog on theses issues, but I urge that such dialog be based on facts, not myths or misperceptions.
Other Views
For other views on this issue, see Kara Swisher’s From the Department of the Obvious and my ConnectSafely.og co-director Anne Collier’s NetFamilyNews blog post Youth Privacy Study: Should We be Focusing on Parents Views
Disclosure: Larry Magid is co-director of ConnecSafely.org which receives financial support from several Internet companies including Facebook, MySpace, Yahoo, Google and AOL.
This video shows how to use Facebook’s more advanced granular controls. It’s a sequel to the introductory video, “Facebook’s Simplified Privacy Controls.”
http://www.safekids.com/
Common Sense Media Press Release: 3 out of 4 Parents Say Social Networks Aren’t Protecting Kids Privacy
Friday, October 8th, 2010
This is a Common Sense Media’s Press Release, not editorial coverage. Click here for Larry Magid’s analysis
NATIONAL POLL: THREE OUT OF FOUR PARENTS SAY SOCIAL NETWORKS AREN’T PROTECTING KIDS’ ONLINE PRIVACY
Common Sense Media Calls for Industry: “Do Not Track Kids”; Help Parents Protect Kids’ Privacy; No Geolocation without Parental Opt-In
Washington, DC – Common Sense Media, the national nonprofit organization dedicated to helping kids and families thrive in a world of media and technology, today released the results of a nationwide poll of parents and teens revealing that three out of four parents say that social networks aren’t doing a good job of protecting kids’ online privacy. The poll finds that 92 percent of parents are concerned that kids share too much information online, and 85 percent of parents say they’re more concerned about online privacy than they were five years ago. The Zogby International poll also finds that 91 percent of parents think that search engines and social networking sites should not be able to share kids’ physical location with other companies until parents give authorization.
“The poll results present a clear divide between the industry’s view of privacy and the opinion of parents and kids. American families are deeply worried about how their personal information is being used by technology and online companies, yet the companies appear to be keeping their heads deep in the sand,” said James Steyer, CEO and founder of Common Sense Media. “We are all responsible for addressing this enormous challenge: The industry has to listen to what parents are saying, openly acknowledge the problem and accept an “opt-in” policy for kids. Parents and kids have to educate themselves about how to protect their information. Schools should teach all students and their parents about privacy protection. And finally, policymakers have to update privacy policies for the 21st century. For example, we need a ‘Do Not Track Kids’ approach similar to the ‘Do Not Call’ policies that restrict telemarketers.”
At a roundtable discussion today about the parent and teen poll with Federal Trade Commission Chairman Jon Leibowitz, Federal Communications Commission Chairman Julius Genachowski, and Deputy Secretary of Education Anthony Miller, Common Sense Media announced the launch of a comprehensive campaign to help families protect kids’ personal information and reputations online. The Common Sense Privacy Campaign will include the distribution of consumer tips, information, and videos to millions of homes and a new privacy curriculum for teachers and schools around the country. The campaign will challenge technology companies and operators to develop far better policies that make it easier for parents and kids to protect personal information online and will also ensure that parents’ and kids’ voices are being heard in Washington, D.C., through a national awareness and advocacy campaign.
According to a recent study by The Wall Street Journal, 50 of the most popular U.S. websites are placing intrusive tracking technologies on visitors’ computers — in some cases, more than 100 tracking tools at a time. Fifty sites popular with U.S. teens and children placed 4,123 “cookies,” “beacons,” and other tracking technologies on their sites — 30 percent more than similar sites aimed at adults. Tracking technology scans in real time what people are doing on a webpage, then instantly assesses location, income, shopping interests, and even medical conditions. Individuals’ profiles are then bought and sold on stock-market-like exchanges that have sprung up in the past 18 months.
Congress’ primary goal in creating the Children’s Online Privacy Protection Act (COPPA) in 1998 was to help parents control the information that’s collected from and about their children online and to control how that information is used. But today, extraordinary changes in technology and digital media have made it far more difficult for parents and young people to protect their privacy. The Zogby poll finds that more than 60 percent of parents want Congress to update online privacy laws for children and teens, and 70 percent of parents think schools should educate about online privacy.
“Parents want far more education and leadership about online privacy, and they clearly want the industry and the federal government to update privacy policies,” Steyer said. “There are some common sense solutions to these problems, such as ‘opt-in’ policies that require companies to let parents know how information will be used before it’s collected and requiring companies to use short and simple privacy policies instead of confusing and dense policies that take hours to read. The industry should support ‘Do Not Track Kids’ and should provide parents and kids the opportunity to clear their histories with an ‘eraser button.’ Given the extraordinary concerns of parents, Common Sense Media has launched a campaign to educate parents and teachers and push for common sense solutions that will provide parents with the tools they need to protect their kids’ online privacy.”
The Common Sense Privacy Campaign sets forth six main goals:
1) “Do Not Track Kids.”
2) The industry standard for all kids’ privacy should be opt-in.
3) Privacy statements should be clear and simple.
4) Parents, teachers, and kids need to be educated about protecting privacy.
5) Industry must innovate to protect kids and families.
6) Government needs to update privacy policies for the 21st century.
For more information about the campaign, visit www.commonsense.org/privacy.
About the Poll
Zogby International conducted the online poll of parents and teens; 2,100 adults were surveyed between Aug. 13 and Aug. 16, 2010, and 401 teenagers (ages 15-18) were surveyed between Aug. 18 and Aug. 20, 2010. Additional key findings from the poll include:
- Three quarters of parents (75%) say they would rate the job that social networks are doing to protect children’s online privacy as negative. In addition, a majority of parents (68%) say they’re not at all confident in search engines keeping their private information safe and secure, and 71% of parents say they’re not confident in social networking sites keeping their private information safe and secure.
- A vast majority of parents (88%) say they would support a law that required online search engines and social networking services to get users’ permission before they use personal information to market products – a scenario often called allowing users to “opt-in.” A vast majority of teens (85%) say that online search engines and social networking services should be required to get permission before using personal information to market products to them.
- Two-thirds of parents (67%) believe that their personal information is not secure and private online. A majority of teens say they don’t feel their personal information is secure and private online or they’re not sure if it is, while 44% say they think such information is secure.
- Nearly all parents say they would take more time to read terms and conditions for websites if they were shorter and written in clear language. A vast majority of teens (85%) say they would take more time to read the terms and conditions for websites and other online services if they were shorter and written in clear language.
- The vast majority of respondents say that search engines and online social networking sites should not be able to share their physical location with other companies before they have given specific authorization, while a strong majority of teens (81%) say the same.
- Most parents (70%) say they think schools should play a role in educating students about protecting their privacy online. A majority of both adults and parents say they think Congress should update laws that relate to online privacy and security for children and teens.
- 85% of parents say they’re more concerned about online privacy than they were five years ago, and 69% of parents believe online privacy is a shared responsibility of individuals and online companies.
- 79% of teens think their friends share too much personal information online.
To view the poll in its entirety and to learn more about the Common Sense Media privacy campaign, contact Marisa Connolly at 415-553-6703 or mconnolly@commonsensemedia.org.
About Common Sense Media
Common Sense Media is dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in a world of media and technology. We exist because our kids are growing up in a culture that profoundly impacts their physical, social, and emotional well-being. We provide families with the advice and media reviews they need in order to make the best choices for their children. Through our education programs and policy efforts, Common Sense Media empowers parents, educators, and young people to become knowledgeable and responsible digital citizens. For more information, go to: www.commonsense.org.
92% of 2 year-olds have an online footprint.
Wednesday, October 6th, 2010
by Larry Magid
This post first appeared on CNET News.com
This baby picture of Larry was taken long before we had to worry about digital footprints (Credit: Larry's parents)
There has been a lot of concern about young people posting too much information about themselves online, but a study commissioned by security company AVG found that 92 percent of U.S. children have some type of online presence by the time they are 2 years old. A third of U.S. mothers posted pictures of newborns, and 34 percent of U.S. moms said they had posted sonograms of their as-yet unborn child.
The study, conducted by Research Now, surveyed 2,200 mothers with young children in the United States, United Kingdom, Germany, France, Italy, Spain, Canada, Australia, New Zealand, and Japan during the week of September 27. American parents, according to the study, are more likely to share baby pictures and information online than parents from other countries in the survey. Seventy-three percent of parents in the United Kingdom, Spain, France, Germany, and Italy said they were willing to share images of their infants.According to the study, the average “digital birth” of children worldwide happens at about six months, with a third of children having photos of them posted online within two weeks of birth.
AVG Chief Executive J.R. Smith acknowledged that “it’s completely understandable why proud parents would want to upload and share images of very young children with friends and families,” but he urged parents to remember that they are “creating a digital history for a human being that will follow him or her for the rest of their life.”
Smith makes a good point. I don’t worry about putting a child in danger simply by sharing his or her photos online, but I do think that it’s important for parents to consider that their babies will someday turn into preteens and teens who might have some issues with their baby pictures floating around the Web. (See Lance Whitney’s Q&A with Smith.) Also, be careful about what types of pictures you post. Photos that may be appropriate for family viewing could be inappropriate, if shared with the general public.
AVG’s research also reinforces the need for parents to think about the privacy settings on their social-networking profiles, including not just Facebook but other sites, such as Flickr, Picasa, and YouTube. All of these sites have privacy settings that can limit who can see what. Facebook allows members to control who has access to photos and other shared media on a post-by-post basis.
Having said that, there is always the possibility that someone with access can copy, store, or forward anything you post.
Tyler Clement's death is a call to action.
Monday, October 4th, 2010
by Larry Magid
This post originally appeared on CNET News.com
18 year-old Tyler Clementi took his own life after his roomate aledgedly live streamed his kissing another man
The recent suicide of Tyler Clementi, which raised the visibility of cyberbullying and digital ethics, is serving as a call to action to end something much deeper than that: cruelty, homophobia, and a distorted sense of entitlement to disclose information about others.
Clementi, an 18-year-old freshman at Rutgers University, jumped off the George Washington Bridge after his roommate, Dharum Ravi, and Rutgers student Molly Wei (both also 18) allegedly used a Webcam to record and live-stream Clementi kissing another male in his dorm room.
What these two students did was wrong for a number of reasons–and it would have been just as wrong, if modern technology hadn’t been employed, or if the victim were heterosexual.
As my ConnectSafely co-director Anne Collier pointed out in a blog post, this story “is not (about) technology, but inhumanity.” CNET’s Greg Sandoval made a similar point that humans, not machines, are responsible for Clementi’s death. But the fact that technology was involved does change the equation somewhat.
“Like so many documented instances of cyberbullying,” said Dr. Patti Agatson, co-author of “Cyber Bullying: Bullying in the Digital Age,” “it is unlikely that [the two youths charged with streaming Clementi's intimate encounter] could have foreseen the horrendous outcome of their actions.”
When it comes to bullying, the Internet can encourage what psychologists call “disinhibition.” As Rider University psychology professor John Suler put it in his free 1996 online book “The Psychology of Cyberspace,” “people say and do things in cyberspace that they wouldn’t ordinarily say or do in the face-to-face world.” It’s somewhat similar to road rage. How many times have you seen someone in a passing 3,000-pound vehicle make a hand gesture that he or she probably wouldn’t have made, if encountering a similarly frustrating situation while walking down a sidewalk?
The Net is the real world
Like it or not, the Net now is the real world for the overwhelming majority of children and adults in the developed world and, increasingly, for the rest of the world. It was real for Tyler Clementi because real people were witnessing an intimate act from his dorm room that he had a right to assume was taking place in private.
Whether it’s an invasion of privacy–or outing, as in this case–or other forms of cyberbullying, such as defamation, impersonation, or just plain being mean, cyberbullies can inflict mental anguish that can be very painful. A cyberattack can reach a vast audience, and it can haunt the victim forever. It can follow children home from school and possibly for the rest of their lives. And it can affect different people in different ways.
Some people can deflect situations better than others. How they react depends on a host of factors the perpetrator often can’t possibly predict. At least in a school yard brawl, a bully can see his or her victim suffer. Online bullies may never know how much suffering they’re inflicting.
We will never know the full story of why Clementi took his own life. Suicide experts say it is rare for one instance to lead someone to such a desperate act. And while suicide remains a statistically rare consequence of cyberbullying, Clementi’s death is one of several recent examples of young bullying victims driven to that tragic end.
Worse for LGBT youth
Long before teens started flocking to the Internet, suicides among lesbian, gay, bisexual, and transgendered youth were too common. The 1989 Secretary’s Task Force on Youth Suicide from the Department of Health and Human Services found that gay youth are two to three times more likely to attempt suicide, according to Iowa State University professor Warren Blumenfeld, who recently conducted a study on cyberbullying of LGBT youth.
Blumenfeld’s survey found that 54 percent of LGBT youth had been victims of cyberbullying in the past 30 days. Forty-five percent of the respondents “reported feeling depressed as a result of being cyberbullied, 38 percent felt embarrassed, and 28 percent felt anxious about attending school. The authors reported that “more than a quarter of LGBT cyberbullying victims (26 percent) had suicidal thoughts.
Tipping point and call to action
I don’t think that there are many who would disagree that it’s time for all of us–young and old–to think more about the implications of our actions on and off the Internet. Cruelty and bigotry of any sort has no place on the Internet, in our schools, in our workplaces, and in our communities or our political discourse, where even our national leaders too often are negative role models.
Every parent needs to talk about bullying and cyberbullying with their children, every school needs to integrate it into their curriculum, and every civic leader–at all levels of society–needs to incorporate civility in their messages and the way they act. It’s not just about lecturing kids about how to treat other kids; it’s the way all of us lead our lives in public and in private.
Being active includes not being a bystander but an interrupter of negative behavior. “In many of these situations, someone knows beforehand or early on when mean material is being posted,” said Nancy Willard of the Center for Safe and Responsible Internet Use. “It’s essential for everyone to take personal responsibility and speak out by saying “hey, it’s not OK.”
Willard recommends that young people learn to work in groups. “If you see something wrong, and you don’t feel safe saying stop, you can find two friends. Then it becomes the power of three speaking out. That’s very powerful.”
Tyler Clementi: A deadly consequence of cyberbullying.
Saturday, October 2nd, 2010
A Guest Editorial
By Warren Blumenfeld
Warren Blumenfeld (Credit: Iowa State University)
Friends described Tyler Clementi as a gentle, kind, and sensitive person who was an accomplished violinist at an early age. Tyler was awarded a music scholarship at the prestigious Rutgers University, and he was looking forward to his four years at Rutgers and to a shining career. On September 22, however, that great potential ended when Tyler took his life by jumping off the George Washington Bridge. He was only 18 years old.
Tyler’s roommate, Dharum Ravi and another Rutgers student Molly Wei, both 18 years of age, face charges of invasion of privacy for allegedly tormenting Tyler by using a webcam to secretly record (and live stream on the internet) Tyler engaging in sexual activities in his room with another male student. Dharum tweeted to the over 150 of his followers: “I saw him making out with a dude.” And then more recently, “Anyone with iChat, I dare you to video chat me between the hours of 9:30 and 12. Yes, it’s happening again!”
While bullying and harassment have long been problems for young people in our nation’s schools at every level, the advent of advanced information and communication technologies have now allowed this abusive and destructive practice to extend to virtually all aspects of a person’s life.
What has come to be called “cyberbullying,” like “face-to-face bullying” (also termed “real life” bullying), involves deliberate and repeated aggressive and hostile behaviors by an individual or group of individuals intended to humiliate, harm, and control another individual or group of individuals of lesser power or social status. Cyberbullying involves information and communication technologies such as Internet web sites, e-mail, chat rooms, mobile phone and pager text messaging, and instant messaging. Cyberbullying has increased exponentially as new technologies are released.
Our study, (PDF) 2010 State of Higher Education for Lesbian, Gay, Bisexual, and Transgender People, for Campus Pride (Rankin, Weber, Blumenfeld, & Frazer) included 5,149 participants (LGBT students, faculty, staff, and administrators) representing over 2,000 campuses in all 50 states. We discovered that LGBT students, faculty, and staff remain at significantly higher risk, compared with their heterosexual and gender conforming counterparts, for harassment on our colleges and universities. Participants attending unwelcoming and “hostile” campuses reported lowered interest in remaining at their current campuses and discouraged future students from attending. They also experienced lower educational outcomes and more negative identity development issues of self esteem, and emotional, mental, and physical health.
The majority of participants discussed the overt acts, as well as the subtle microaggressions (as one participant termed, the “death by a thousand tiny cuts”) creating an uncomfortable and emotionally and physically unsafe environment.
Cyberbullying appeared among the various forms of harassment and intimidation experienced by participants in our study. According to one participant who defines herself as a lesbian, “Mostly people say some offensive things on an anonymous internet forum linked to our campus. There was also an incident recently in which a professor of color here was racially profiled by our Public Safety.”
Participants also warned that a popular (now defunct) website, “Juicycampus.com,” is the worst thing that has EVER happened to our college campuses.” Creators of this website publicize it as “….synonymous with college gossip, and is more popular than…could have ever expected. We’ve expanded to more than 500 campuses across the US, and have more than a million unique visitors coming to the site every month.”
For students; colleges and universities serve as their homes away from home. Faculty, staff, and administrators have chosen colleges and universities as their workplaces to practice their craft. All have a right to live, learn, and work at institutions that not only are welcoming but are also actively working to ensure their emotional and physical safety.
Our comprehensive research has conclusively exposed the inequities, and the possible best practices we propose have shown proven results. Though it is unfortunately too late to prevent Tyler Clementi’s agony and suffering at the hands of his tormentors, we encourage all schools to expand their efforts and to appreciatively raise the discourse in working to secure the safety and the equity for all people, including our LGBTQ students, faculty, staff, and administrators. In this way, colleges and universities may more fully reach their mandate of providing the best quality education and working environment for all members of the campus community.
Report: 95% of email is spam: Threats aimed at facebook & children's searches.
Panda Labs 3rd Quarter 2010 threat report (PDF) found that 95% of all email is spam. It also said that Trojans constituted 55% of all new threats but infections via email are declining in favor of increased attacks via social networking sites including attacks associated with Facebook’s “Like” button.
The Facebook Like button allows developers to use Javacript which can also be used by bad guys who use clickjacking exploits, to trick users into “liking” a page and then automatically recommending it to all their Facebook friends.
There are also increased attacks via Google’s Android phones including scams that cause people to rack up phone bills with dubious services and attacks that disclose users’ geolocation to a third party.
Monsters of a Different Kind
The report also said there were Black Hat SEO attacks aimed at searches for Moshi Monsters, a very popular search term for children interested in “adopting their very own pet monsters.” Trouble is, some kids were encountering monsters of a different kind — ones that put malicious software on their computers. Blackhat SEO is when sites get optimized for search engines using illegitimate techniques such as packing long lists of keywords into a site designed to trick search engines into linking to them even if they have no real content related to that search.
There has also been an increase in worms spreading via USB drives. The report said that “25% of new worms are designed to spread via USB devices.
The “top” spamming country is India followed by Brazil, Russia and Ukraine. The United States is the eighth most spamming country.
Digital citizenship and the rights of the child.
Monday, September 27th, 2010
A lot of people have been talking about “digital citizenship” lately and, of course, I agree that being a good digital citizen includes respecting others and oneself. Clearly that means being nice to people online (and off) and being careful about your own online reputation.
For example, just about any adult in authority will tell kids that they should avoid posting potentially embarrassing information online and avoid plagiarism, meanness and a host of anti-social behaviors like flaming, harassment, denigration, impersonating others, outing, trickery, exclusion and cyberstalking which, according to Nancy Willard of the Center for Safe and Responsible Internet Use, are the key elements of cyberbullying.
Some people are associating “empowerment” with digital citizenship, but empowerment is a pretty vague term. I’ve used it myself and I hear it bandied about frequently but rarely with any definition as to what it means.
Even the definition of digital citizenship is a bit vague. In a recent blog post, my ConnectSafely.org co-director Anne Collier points out that there “still isn’t complete consensus on (the) definition” of digital citizenship, but she did advance the discussion in that post, arguing that “Young people will be safer online when they see that they can make a difference online and when their agency is acknowledged, respected, and guided by the adults in their lives.”
I agree, but I would like to propose yet another topic for the discussion as we explore what is means to be a “digital citizen.”
Being a citizen is also about rights. Strike the word “digital” and we’re left with the word “citizen” which Merriam- Webster online dictionary defines as “ an inhabitant of a city or town; especially : one entitled to the rights and privileges of a freeman.” Yet, when many adults start talking to kids about being good “digital citizens,” they are talking about only half the equation. We’re asking them to be responsible, but we’re not always treating them as “freemen” (and women).
The Rights of the Child and Freedom of Expression
I thought about this when I was at the United Nation’s Internet Governance Forum (IGF) in Vilnius, Lithuania in mid-September. Several panelists at the event talked about the need to protect children from all sorts of dangers, both real and imagined. But, in Europe and much of the world, there is also a subtext when it comes to child protection which is inextricably linked to rights or, as the U.N. puts it “the rights of the child.”
Article 13 of the United Nations Convention on the Rights of the Child (ratified by every country in the world except Somalia and the United States) states “The child shall have the right to freedom of expression; this right shall include freedom to seek, receive and impart information and ideas of all kinds, regardless of frontiers, either orally, in writing or in print, in the form of art, or through any other media of the child’s choice.” Clearly “any other media” includes the Internet which means that, by international law, children have codified rights when it comes to what they can read and what they can say.” And even though the U.S. hasn’t ratified this convention, Americans do have First Amendment rights which, as far as I can tell, apply to everyone, including minors.
Now, admittedly, parents have rights and responsibilities too, including the responsibility to protect children from danger as well as their own indiscretions. I’m not suggesting that the U.N. convention or the U.S. Constitution be interpreted to imply that parents have no rights when it comes to helping determine what sites their kids should be allowed to visit or what content kids are allowed to post online. But I do think that, in engaging in these responsibilities, parents, teachers and other authorities need to be mindful of children’s rights, including their right to express themselves.
Although not always consistent in the way they implement it, Europeans have a different legal framework than Americans when it comes to children’s rights. At a panel on location-based services at the IGF, John Carr of the UK Children’s Charities’ Coalition for Internet Safety pointed out that it is illegal in Britain to use a cell phone or other tracking device to track the location of a child without that child’s permission. And that law applies to everyone, including the child’s own parents.
In a follow up conversation, Carr said that that same principal could also be used to prevent a parent from using software to monitor a child’s Internet use though he quickly pointed out that, in practice, it would depend on such factors as the child’s age, maturity level and risk profile. “Under British law,” he said, “the moment the child is born they are considered an individual when it comes to rights under our privacy laws. In principal, the older and more mature the child is, the less right the parent has to block or monitor access.”
In fact, many British parents and most British schools do use blocking or and monitoring software and not all British parents are respectful of their children’s’ rights. But the principal remains on the books not only in the U.K. but much of the world.
Although not all American adults feel this way, the United States seems to have more respect for the rights of parents, schools and authorities than it does for the rights of children. And this includes control over what children can see and where they can express themselves by limiting access to certain websites including (in the case of schools) social networking sites. And while I fully understand the inclination to protect children from inappropriate content and disclosing too much personal information, adults need to find ways to be protective without being controlling. That’s a tough balance but one worth thinking about as we struggle for ways to parent and educate in the digital age while respecting the rights of young people.
New rules upgrade broadband for schools and libraries.
Sunday, September 26th, 2010
by Larry Magid
This article originally appeared in the San Jose Mercury News
The Federal Communications Commission last week approved new rules for the E-Rate program that will modernize broadband for schools and libraries.
Established by Congress in the Telecommunications Act of 1996, E-Rate taps into the Universal Service Fund, which is paid for by telecommunications subscribers to provide telecommunications and Internet access to schools and libraries. When it was first implemented, many schools were still on dial-up and those that had broadband were typically connecting at relatively show speeds. It was also before anyone (let alone school kids) had smartphones.
Fast-forward to 2010. As Internet service providers and municipalities deploy fiber and other high-speed technologies, it’s now possible to move way beyond what we used to call broadband — speeds that often hovered at or below 1 megabit per second. Now we’re talking about a gigabit, which is a thousand times faster. This faster connectivity makes it possible for schools to employ modern tele-learning tools both to consume and host multimedia content. And in case you think a gigabit or more is overkill, consider that the bandwidth often needs to be shared by multiple classrooms and, in some cases, thousands of students. › Continue reading…
Mark Zuckerberg on Facebook Privacy & Kids on Facebook.
Saturday, September 25th, 2010
On May 26, 2010 Facebook announced sweeping changes to its privacy policies. On that day, SafeKids.com founder Larry Magid sat down with Facebook CEO Mark Zuckerberg to talk about a wide range of subjects, including Facebook privacy and kids on Facebook.
http://www.safekids.com/
One on One with Mark Zuckberg
by Larry Magid
CNET News.com
May 26, 2010
At a Facebook developer’s conference on April 21, he announced some changes to Facebook’s privacy policy, including the “Instant Personalization” program that “connects” Facebook members’ information on some third-party sites, including Yelp and Pandora. He also announced that, going forward, application developers would be able to hang on to user information indefinitely, rather than having to purge the information from their servers daily. The developers in the audience cheered these announcements, but some of Facebook’s critics jeered them, touching off a backlash that has spawned a movement to quit the social network and has prompted several elected officials, including New York Senator Charles Schumer, to encourage the Federal Trade Commission to look into the way Facebook handles personal information.
Based on conversations I’ve had with Facebook employees, the negative reaction to these privacy changes caught many at Facebook by surprise and forced employees and management to re-think the way they handle user information. On Wednesday, the company held a press conference to announce some changes to its privacy policy and settings, including what Zuckerberg referred to in a blog post as “one simple control to set who can see the content you post.”
A few hours after the press conference, I sat down with Zuckerberg at Facebook’s Palo Alto, Calif., offices to talk about how he has reacted to all of the recent concern about privacy, how it affected him personally, and how he responds to critics, including those behind “Quit Facebook Day” this coming Monday (scroll down to listen to podcast).
Zuckerberg referred to the past few weeks as “intense.” He said that feedback from their announcement at F8 “has been really constructive and the main thing we heard is that people want simpler controls over how they share information on Facebook.”
Response to Quit Facebook Day
When asked about the Quit Facebook Day and the Diaspora project, a newly announced open-source alternative to Facebook, he said, “Some people are going to be critical and are going to have feedback, and we want to listen to that feedback. But, overall, it doesn’t seem like a big movement.” He added that, “The same number of people are promoting Facebook to their friends and encouraging them to sign up now as were before all this, and the same number of people are sharing the same number of things as they were before.” He said that “some people have talked about deactivating, but those numbers haven’t changed either.”
Can Facebook make money and not mine user data?
I asked Zuckerberg to respond to the often repeated concern that for Facebook to grow and be valued as a multibillion-dollar company, it needs to do more than just put up ads but monetize through mining users’ information. Can the company meet its financial goals and not do things that get people angry and worry them? “The answer is clearly yes,” he said. “We’ve focused on keeping the advertising on the site very minimal and sparse…We run a lot less ads than a lot of other sites do…The reason why we don’t have to is because the ads work well and we’re making enough money to support ourselves…Over the long term, the best thing we can do is build products that help people share and stay connected with the people they care about.” He said that, “If we do that people will use our products, and if they use our products we make money from advertising.”
Zuckerberg said, “there are all these misperceptions of how our site works.” He said, “There has been this rumor going around that’s completely not true, which is that we give information to advertisers, and we don’t.” He continued, “We don’t sell any information, and we never will.” He added that “the site works because we help you share information; when you do that, you’re more engaged on the site. There are ads on the side of the page, the more you’re sharing…the model just all works out.”
Done making privacy changes
I asked Zuckberberg about “privacy policy change fatigue.” This isn’t the first time Facebook has backtracked from changes in its privacy policies. There was the Beacon program, which was eventually canceled after user complaints, and there was pushback from the privacy policy change announced last December.
Zuckerberg responded that “privacy is a very sensitive issue that a lot of people care about, so, yes, we have to be careful about it.” He said, “We’ve been working on these changes to our privacy system for the last six months, but now we’re done. We’re not go to make changes for a long time.” He said that “the simple control applies not only to stuff you’ve shared in the past but to new products and services that we launch going forward” so that people can “set the level of privacy that they want to have and that will exist for a long time. No more changes.”
In the rest of the interview, we talked about Zuckerberg’s general attitudes toward privacy, including how he says he tries to protect his own information. We also talked about the possibility of children under 13 being allowed on Facebook (it’s not likely to happen, he says), Zuckerberg’s desire to continue to expand internationally, and the fact that Facebook is blocked by a lot of schools.
When I asked him about what he’s excited about going forward, he said it included working with other sites and game developers to make their applications more social.
Experts say Stuxnet worm could be state-sponsored (podcast).
Friday, September 24th, 2010
by Larry Magid
This article first appeared on CNET News.com
Worm goes after power plants, pipelines and other facilities
The Stuxnet computer worm that may have been designed to attack a nuclear facility in Iran could have been state sponsored, according to two security experts with whom I spoke.
“We can tell by the code that it’s very, very complex to the degree that this type of code had to be done, for example, by a state and not, for example, some hacker sitting in his parents basement,” said Symantec security researcher Eric Chien.
Chien added, however, that “there’s nothing in the code that points to the particular author” or “what their motivation is.” (Scroll down to listen to entire Chien interview.)
TrendMicro security researcher Paul Ferguson agrees that Stuxnet was likely state-sponsored. “The amount of technical expertise that went into this doesn’t appear to have been by some random lone individual person because they would have had to have access to these systems to develop this.”
Not necessarily aimed at Iran nuke
Ferguson could not confirm that the target was an Iranian nuclear plant. “That is purely speculation at this point, there have been lots of theories as to what the target was.” He said it could also have been aimed at oil and gas facilities or other installations that use Siemens control systems, which were specifically attacked, he said. (Scroll down to listen to entire Ferguson interview.)
Serious threat
Both Chien and Ferguson said this type of code is a major security concern. “For the broader population, this is definitely a new generation of attack. We’re not talking any more about someone stealing someone’s credit card numbers, what we’re talking about is someone being able to, for example, cause a pipeline to blow up or cause a nuclear centrifuge to go out of control or cause power stations to go down. So we’re not taking about virtual or ‘cyber’ sort of implications here, what we’re talking about are real life implications.”
Ferguson said “it is a big deal because the utility companies, and manufacturing communities and the power companies and gas and oil companies for years have been using closed propriety systems to manage their infrastructure and over the course of the past few years they’ve been making business decisions to use off-the-shelf software like Windows.” He added that now we’re seeing the same threat as with other networks as facilitates are connected to the Internet or allow access to thumb drives. This type of threat, according to Ferguson, is “absolutely new and that’s why a lot of people in the intelligence community, in the Department of Homeland Security and different governments around the world are really kind of spooked by this development. It shows the targeted nature and sophistication of the criminal/espionage aspect to this.”
Podcast interviews with Chien and Ferguson
Click links below to listen to separate podcast interviews with Symantec’s Eric Chien and TrendMicro’s Paul Ferguson.
Symantec’s Eric Chien
TrendMicro’s Paul Ferguson
