terriko: (Default)
Apparently Twittinesis, which I'd been using to export tweets to my macro-microblog, is dead. Actually, it has been for over a month, but I've been busy and didn't bother to sort it out 'till today.

I've switched to using Loudtwitter (which was dead and is now resurrected?) and I think I have it working now. I have a feeling I'll be looking for another solution for archiving tweets soon, though. Suggestions appreciated, but I won't be able to follow up on any of them for a while!
terriko: (Default)
Crossposted from Web Insecurity. Please comment there if you want to comment!

privacyI think twitter may have among the simplest privacy settings of any social network. Your choices are either everything you post is public, or everything you post is private.

But simple does not mean that things will stay private. Just like everything on the internet, the minute you post something someone else might choose to share it. Some researchers have actually studied how often people retweet private content on Twitter.

Something I haven't seen studied, however, is how private information can leak out through twitter lists.

Twitter allows you to make lists of people who you'd like to have grouped together. For example, I have a list of technical women who I follow. These are women in technology who I've met in person or interacted with extensively online, and I really made it for my own personal use but since it's a public list others can (and do) follow it. Presumably they're looking for more cool women to expand their social networks.

Twitter allows you to see what lists a person has been added to, and this is where it gets interesting. Let's take a look at the lists of which I am a member and see what we can learn about me.

Here's a few things you can get a glance:

Wait... what? Despite the fact that I explicitly chose to say a more generic "Canada" in my profile information, my current city can be determined by the fact that it shows up in several of the lists I'm on. There's of course no way to be sure that any of this is true, but when more than one person lists me as being in Ottawa it seems fairly reasonable to guess.

I'm not personally concerned (obviously, since I'm talking about all this information in a public blog post!) but some folk are much more private than I am.

So what are your options if you want to hide this information? Well, if I don't like the lists I'm on, I can... uh... There's no apparent way to leave a twitter list. I suspect one could block the list curator, but the people revealing your location are most likely to be actual real life friends: people you wouldn't want to block. So you'd have to resort to asking nicely, but that's assuming you even notice: while you can get notifications of new followers, you do not get notified when you're added to a list. I've been asked about exactly two of the lists I've been put on (thanks @ghc!) so obviously it's not the social norm to ask (I certainly have never asked anyone I've listed!)

A quick check says I can usually get the current (and sometimes some former) cities for many of my friends, as well as information related to their occupations, interests, and events they've attended. For most of these people, I know this isn't information they consider private either. But it's obviously possible that this could be a problem... I wonder how many people it affects in a negative way?

Maybe this is a potential little workshop paper if I have time to analyse a whole bunch of twitter lists. Anyone want to lend me a student who's interested in social media privacy?

Edit: A note for those concerned about not being that privacy-violating friend. You can make twitter lists private if you want (it's just not the default), so just do that for the lists you think are sensitive and you're good to go!
terriko: (Default)
I never knew it was possible to feel both so energized and so exhausted from a single day conference. TEDx was amazing, and I've got about a billion ideas firing in my head about teaching, communicating, passion, music, and great ideas. But I can barely look at a light without wincing, so although I feel guilty for missing the after party, I think I'm going to grab a light late dinner then curl up in bed early tonight.

Here's something unusual about the conference to get your brains going while mine sleeps, though. We were asked not only to turn off all our beeping devices during the lectures, but also asked specifically not to tweet about the event until a break happened.

As an attendee, I loved the visual quiet of not having people constantly opening phones around me. It helped me be that much more engaged in the talks. I actually like turning off my phone, and I had just watched Renny Gleeson's talk on antisocial phone tricks, so this rule seemed like a pretty neat idea. (PS - watch that video, it's 3 minutes of cell phone behavioural hilarity.)

However, while I'm willing to give up tweeting during a conference, I also know that tweets from my friends are a large part of the way that I engage with conferences I'm not attending. Knowing this, I guess, there was a designated tweeter who put stuff on the TEDxOttawa twitter stream but... well, go take a look at it. I'm too tired to articulate why, but I look at those tweets and feel like some of the magic, the passion, the enthusiasm just isn't shining through there. And if you look at the tweets using the #TEDxOttawa hashtag now you'll note that they're all like "woo, it was awesome, thanks!" which is nice, but again not particularly engaging to outsiders.

So while I actually liked putting away my cell phone, I'm also bit sad that I couldn't bring a piece of TEDxOttawa to my friends and followers while I was there, and I feel like TEDxOttawa missed out on a lot of potential buzz they could have gotten from excited attendees.

If you were organizing a conference, would you suggest this to attendees? Would you like this policy if it had been imposed upon you as an attendee?

And I'll leave you with one more thought: Ironically, one of the talks was about learning, and the presenter specifically suggested that we'd remember more of TEDxOttawa if we wrote about it. If only we could have tweeted! ;)
terriko: (Default)
A couple of my friends have gotten hit with stuff that's hijacking their accounts as a way to send spam to Facebook. The latest one sent something about www,ArticleBooks,cn which looks like a standard scam (although if I were you, I wouldn't load that -- I'm just putting it here in case someone searches for it).

As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.

So here's a few more reasonable tips that might keep you and your friends spam-free:

1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.

2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.

3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.

4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.

5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.

6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!
Page generated Sep. 26th, 2017 12:51 pm
Powered by Dreamwidth Studios