Apparently, there are a few HR departments out there (including a few state agencies) which are asking employees and employment applicants to provide the passwords to their social networking profiles on Facebook or other social networks. The reason given is that this is both an inexpensive way to do a background check on a potential hiree, and a way to keep tabs on current employees' communication.
The public outcry about this focuses on employee privacy. It is a privacy violation, but that's not the biggest problem. The main issue here that any human resources manager who would think it's a good idea to log in to employees' or potential employees' private social networking files - then keep a log of those passwords - is setting his or her company up for a massive lawsuit and/or public relations disaster.
As Cindy Krischer Goodman points out on The Work/Life Balancing Act, by accessing private data employees might not normally share with an employer, the employer can make itself vulnerable to discrimination lawsuits.
On a more practical level, if someone's profile is hacked - even if it's by a phishing scammer - that person is going to automatically suspect anyone who has the password to his or her profile. Would you want your human resources office to be constantly on the defensive against accusations of hacking into people's Facebook accounts, for example, and spamming their entire contacts list (a common occurrence on the popular social networks)? Of course not.
For those who have not been in the corporate workforce in a while, no, employers do not typically want your passwords. Generally, there are policies that prohibit sharing of any passwords - even the ones used internally for company-owned software programs. No respectable employer who understands social media would require you to give your password to any of your private accounts.
Meanwhile, if you are asked by your employer or a potential employer to provide your password to any of your private (not company-related) profiles, what can you do? Here are some options.
1) If this is a potential employer, consider whether or not you actually want to work for someone who would require this from you? Maybe this is a good time to just say, "no" and walk away.
2) If you really need the job (or need to keep the job), consider setting up dummy profiles just for this purpose, and give those passwords to the employer. If you do this, make your "real" profiles visible only to your close friends and family while you are working there.
Ars Technica has confirmed what a lot of us have suspected for a long time, that Facebook photos may never be truly "deleted" from Facebook's servers. That's the bad news.
The good news is that unless you're famous enough (or infamous) enough that people are actually linking to your Facebook photos from their e-mail or other places on the web, it is unlikely that anyone will see those "deleted" photos. It's also good news that as of this time, they can't be searched by your name. Finally, you may be relieved to know that this primarily applies to photos on Facebook - not comments or posts on Facebook.
So, how would the photos be found? By the image file (ending in .jpg) that is associated with that photo. You can find the link to the image file for just about any photo on the web by right-clicking on the photo, then selecting "properties," or "image properties," as your browser allows. Although it's a little more tedious, you can also find the link by clicking "view" at the top of your browser, then "source," then scrolling through to find the image file you're looking for.
With that image file address, it is possible to view images that may have been deleted from the site they were originally posted on - until the images are finally deleted from the server. Apparently, Facebook is not highly motivated to purge these old deleted files at this time (and why would they? Remember who their paying customers are).
Bottom line? This is a good time for a reminder not to post ANYTHING on the web you wouldn't want everyone in the world to see - including your family, friends, and potential customers or clients. Even if you have second thoughts and delete the content, you never know what that stuff could come back to haunt you.
A company called BeenVerified.com has been running commercials lately on my favorite TV station, encouraging everyone, especially single women and mothers, to use its service to do what it calls "background checks" on potential dates. The service is also available for employers and potential clients, but it is mostly marketed to women who are trying to protect themselves and their children.
So I checked it out, and began a "background check" on myself - not to the pointof giving them my credit card, but I did enter my name to see if it came up. What I found was the same erroneous information that has been on Google and 123People.com for years. My options for payment were to pay for a one-time search (with my credit card), or to get a week free (after I set up a payment arrangement using my credit card). Before I gave them my credit card, I checked to see if there were complaints about the company online, and there were numerous ones about people trying to get the monthly billing stopped, and having difficulty doing that. And there were also a lot of complaints about this company "spamming" people. It is hard to know if these complaints were an accurate representation of the business itself, or simply a few disgruntled folks making a lot of noise. Had I decided to go ahead with the background check on myself, I would probably have opted for the one-time charge of less than $2.
The more important question, however, is whether or not this type of a "background check" is actually going to turn up the kind of information you need. In my case, for example, there are a lot of people with my name in my area. You would need to know me well enough to know who my relatives are in order to select the right record, and if you know someone's family, you probably already know more than this type of a background check is going to turn up, anyway. And this is assuming the person you are checking has given you their correct legal name. Many people use pseudonyms online for security and privacy reasons - this may or may not indicate that they are hiding a nefarious past.
Another thing to keep in mind is that although a background check might turn up court records, it isn't going to reveal past activities, personality traits, or character flaws in a person which did not result in a criminal conviction. Plenty of people who are either dangerous or just plain "jerks" have clean criminal backgrounds.
Bottom line? Everything that is old is new again, and some things never change. Always be careful about meeting strangers anywhere, and if you must, be sure to do it in a public place. For personal relationships, take your time getting to know someone in a variety of situations, and make sure you know who they are and have a good idea of who their family and friends are before you put yourself in a position of being "alone" together. Common sense will never be replaced by technology.
In case you haven't heard, there is a battle raging between the recording companies which make gazillions of dollars from music and media they didn't create and internet web companies that make gazillions of dollars from publishing said music and media they also didn't create. A couple of pieces of legislation are pending in the U.S. legislature, called SOPA and PIPA (read more on Consumer Reports).
You may be able to tell from my tone that I'm not on either side of this particular battle. Again, this is a good time to remind the readers that Tim and the team at WebRev let me post here on their blog, but my opinions are mine, and don't necessarily reflect any "official" stance of WebRevelation or its owners. Now, back to our regularly scheduled blog post.
About the time this post goes live, Wikipedia is planning to "go dark," which is a very dramatic, clandestine-sounding way of staging a boycott to protest anti-piracy laws. As you may know, Wikipedia publishes user-created content, and gets around current piracy laws because of "fair use" legislation. Since they don't make money on their content, and they don't rely on ad revenue to stay afloat, they can afford to do this, but most websites can't. Google, which doesn't make money from its content, but does rely heavily on advertising revenue, and decided to just post a protest on its home page.
Critics of the proposed legislation are concerned that free speech will be inhibited. Actually, the most dangerous part of the legislation, which would have allowed the U.S. government to force web hosting companies to block access to websites determined to be pirating content has been killed. But, as it is said, power corrupts, and absolute power corrupts absolutely. Once the government begins to legislate what can and cannot be published on the web, sites which rely on user-generated content will eventually go by the wayside. They'll never be able to effectively police their content and still allow users to publish at will. This will be a sad day.
However, as I mentioned before in regard to Facebook's irresponsibility with its immense, relatively non-legislated power, with much freedom, comes much responsibility. It's illegal to steal other people's creations and sell them for profit. We could insist that our U.S. Government simply enforce existing copyright law, but unfortunately the result of that is that those seeking to pirate the work of American artists simply set up shop overseas, where American law is difficult to enforce. With so many influential Americans insisting their government protect their rights, too, it's only a matter of time before the government has not choice but to get involved, and that time has apparently come.
It will be interesting to see what happens, and who will "win." I do have a couple of predictions. First, the rhetoric will get a lot crazier before everyone calms down. Secondly, some of the companies who are making such a big deal about being "against" invasive government action will be the first to use whatever legislation is eventually enacted as an excuse to further invade their users' privacy to glean information that will be helpful to their advertisers (I'm looking at you, Google).
Regular readers will remember we wrote about a group of hackers ironically named "Anonymous," who were reported to have been planning an attack on the social media giant, Facebook, on Guy Fawkes Day. It turns out that the threat came from another group of hackers that no one had ever heard of - not the famous anonymous group. As it turns out, the well-known anonymous group was targeting a Mexican drug cartel, but even that turned out to be "de nada."
Well, instead of attacking murderous thugs, the group has turned its attention to using the public. This decision is likely to reduce their chances of being individually tortured and beheaded by thugs in Mexico, but increase the chances of causing enough of a public outcry to get the U.S. government to finally shut them down.
Victims of the attack are having unauthorized charges to their accounts paid to various charities such as the Red Cross, Care, and Save the Children. The charities are not involved in the attack, obviously, and the companies that have had their data user bases hacked are apparently not in danger at the company level. The victims are individual customers, who many not realize they have had unauthorized charges for a while, unless it these charges cause their cards balances to go over-the-limit, resulting in extra fees.
So, what can you do to protect yourself? For the next couple of months, vigilantly (even more than usual) check your credit card statements for any charges you may not have authorized (particularly to charities you do not normally donate to), and report any suspicious activity to the bank administering the card. Most credit card issuers will allow customers to dispute transactions resulting from what they believe to be fraud without affecting their credit or the remaining balance.
It has been said time and time again that with much freedom comes much responsibility. This week's settlement between the social media giant, Facebook, and the U.S. Federal Trade Commission illustrates this point clearly.
In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn't warn users that this change was coming, or get their approval in advance.
Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need.
Facebook told users they could restrict sharing of data to limited audiences – for example with "Friends Only." In fact, selecting "Friends Only" did not prevent their information from being shared with third-party applications their friends used.
Facebook claimed it had a "Verified Apps" program it used to certify the security of certain apps. It didn't.
Facebook promised users that it would not share their personal information with advertisers. It did.
Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.
Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn't.
Because of it's repeated careless and outright abuses of the privacy of its users internationally, Facebook has now been forced into an agreement with the FTC, which includes that it must (according to the same presser): "...get consumers' approval before it changes the way it shares their data, and requires that it obtain periodic assessments of its privacy practices by independent, third-party auditors for the next 20 years."
Did you catch that last part? TWENTY YEARS! Do know how long that is in technology years? Most people didn't know what the "internet" was 20 years ago. In another 20 years, most people may not remember what Facebook is, but the FTC will stil be monitoring their activity. What's worse is that a new precedent has been set which ALLOWS the FTC to monitor the databases and activity of social networks.
Facebook has enjoyed an enormous amount of success. Unfortunately, the irresponsible actions and incessant immaturity of its staff has probably destroyed the state of relative freedom that allowed it to achieve this success, and would allow others to achieve similar levels of success. Yes, with much freedom comes much responsibility, and unfortunately, Facebook has abused that freedom, and we have all lost that freedom.
On the plus side, it may be easier to protect your information on Facebook in the future, because most of the changes will now be opt-in. Be careful, however. Facebook's business model has not changed, and it is unlikely that it will. It works for the (paying) advertisers, not for those who use its services for free, and it is likely that it will come up with more sophisticated ways of mining its data in a way that will continue to be useful to its paying customers.
