Before you panic too much, Evil is a great implementation showing the lack of privacy controls most people place when posting information, such as phone numbers, into their stream.  Evil simply scans Faceook, blocks half the number for security and shows them at random on a webpage with an avatar of the person as well.

The site owner also does a great job explaining how it works, how anyone could do it, no tricks involved and what parts of the Facebook API he uses to make it all happen.  While phone numbers can easily be changed by anyone in today;s world for security, it is amazing how much information is now tied to it and shows when doing searches in Google sometimes.

So go into the new privacy settings and beware what sharing selection is made when you make a post on Facebook.  If you have doubts, simply send it via a private message instead.

You should be aware that their attempt is to make more of the information you have uploaded and continue to upload more public.  Meaning such things as pictures, profile information and wall posts available to the public stream.  You do have the ability to restrict this and should take the time to make the effort.

If you have been concerned with how much information is available about yourself online, this should raise that to new heights.  For Facebook to take the stance that they can make sweeping changes to publicize what was personal has many people deleting their accounts.

I could have seen Facebook implementing a feature request where you have to log in and select what items you wish to be public, and I mean area by area.  Not in large category scale.  Some would claim that would be a time consuming process and overhead they did not want to absorb.  I counter with the fact that you have already established security guidelines and expectations that apparently can be changed on a whim based on what advertisers wish and your expected growth.

Facebook is trying to become the phone book of the Internet.  Are you unlisted?

Although there is no universally accepted definition of cyberstalking, the term is used in this report to refer to the use of the Internet, e-mail, or other electronic communications devices to stalk another person. Stalking generally involves harassing or threatening behavior that an individual engages in repeatedly, such as following a person, appearing at a person’s home or place of business, making harassing phone calls, leaving written messages or objects, or vandalizing a person’s property

Pretty close to how we would define it now, with more emphasis on the tools and ways of contact.  The report refers to creating anonymous mailboxes somewhere on the Internet through an ISP.  How things have changed.  Now you have a presence all over social networking sites with tons of personal information shared in different levels depending on their defaults and your work at setting preferences.

I believe that this study/document needs a definite update to account for the explosion of sites that every age group is now participating.  We need stronger rules and laws that govern peoples actions in cyberstalking to add controls over the new features being offered.  The section on cybercrime is being updated regularly.  Shouldn’t the section on cyberstalking follow suit?

Facebook soon responded that yes, the user profiles are private, but the Notes section for the users was public.  A possible combination you can establish in Privacy settings.

This is one of the reasons we push you to watch the videos we are producing on how to properly set and check your privacy settings in Facebook to block unwanted content from being publicly available.

Most would not place or consider very personal information in Notes from everyone we have friended in Facebook.  But even simple information being placed there could be cached and found later through the search engines as you apply for jobs and school.  Referencing and joking about sexual content, racism or off topic jokes could be frowned upon and cost you something in the future.

Visit all of your settings and give them a check.

One of the common ploys now is to pretend that the person they are imitating is out of the country, or state depending on the scenario, and asking you to wire emergency money.  Sophos, the security company, noted this recently in an alert.

I know you say to yourself, well why would I send them anything.  I know it isn’t them.  Really I do.  Think carefully about the scenario itself.  A hacker with access to the social networks of the person in question (normally they use the same password everywhere) will be able to provide incredible amounts of personal data that they could use to try and convince you.

Imagine they break into your email or Facebook account and start asking friends for help.  Soon they send an email or Facebook note to back it up.  Why would the friend suddenly doubt it?  They know about your pictures, emails, communications and possibly even chats.  Odds are you would help.

So what can you do on both sides?  A secure password is a great place to start.  The rules are simple, so stop making life easy.  You can remember a random alphanumeric string of at least 8 characters.  I am sure you can.

If you get one of these emails, be diligent in asking all the right questions.  Did you even know your friend was out of town?  Do you know where they were headed? (don’t send money to Germany when they are in South America).  can they verify anything at all that you would know that wouldn’t be on the networks themselves?

Scary thing is, you are finding it hard to find items you haven’t placed on the networks aren’t you?

Apparently some apps were pulling your credentials and starting to spam your contacts with phishing sites.  Trend Micro are reported to have uncovered them and reported back to Facebook who pulled them.  Be on the lookout for some of the following:

So far, six malicious applications have been identified: "Stream", "Posts", "Your Photos", "Birthday Invitations", "Inbox (1)," "Inbox (2)"

So this goes beyond the simple matter of what information your produce but into the matter of friends trusting the links you produce and protecting that reputation.  If you start spamming contacts or sending harmful information, they soon distrust your data and many remove you as contacts.

Peek at the links before clicking and pay special attention to the applications you are loading.  For the younger audience, this screenshot from Trend Micro shows where to start looking.

Let me focus on that issue for a moment.  While this is a major step by a social network of this size, who validates the birth year for anyone on any social network?  How many of you actually use your real birth year?  Yes, I am talking to you.  You know you do not.  Even the Attorney General of Connecticut, Roy Blumenthal, states he knows there is fake names/birthdays in this NY Times article:

Mr. Blumenthal said in a statement. “For every one of them, there may be hundreds of others using false names and ages.”

One of the facets of the online social networks is not the fear of using them.  It should be the responsibility of the person to secure their information that they intend to share.

It is admirable that the attorney generals of states are taking this stance, even working with Facebook now, but what about the ones that have alternate names or have not been caught?  That goes back to you, the public using the sites.  I get a lot of feedback from readers saying the sites should do more.  I agree and hope that we make a difference.  But it all has to start with the parents and your own ability to protect your information.

So make a visit to your kids friend list and even your own.  Take a new visit to the privacy section and see what you are sharing.  I am often surprised.  Then again I am not.

Earlier this week I noticed that one of my friends had made their Facebook profile photos no longer visible. I wasn’t sure if this was because they had put me on a restricted friend list or if they had simply removed their profile photos. I awkwardly asked my friend why I had been blocked from viewing his photos and he said that he blocked everybody so his boss wouldn’t see his less professional photographs. Unfortunately my friend didn’t understand the power of Facebook’s custom privacy settings.

Within a day or two, that same friend had been tagged in another photo which ultimately made it to my news feed.

I ran through this same scenario with our teenager daughter who decided it was time to have a Facebook account.  While you may protect your own photos from being seen, if someone tags (ie: says it is you when posting a photo) and we share the same common friend, then I will see the picture.  Point blank, no hiding it.

Where does this fit in SocialStalking?  Imagine this scenario a couple of ways.

1. Your boss happens to watch Facebook, or even a prospective employer.  They don’t see anything wrong with what you post and have checked you out quite often.  Then you attend a party when you were to be at work.  Or worse yet get caught in a compromising position during a picture.  That other person posts the pic and tags you.  Soon that picture you would have never posted ends up in a stream to be seen.  Your privacy features do not control that by default.
2. You are a young adult out at parties drinking before legal age.  You would never tell your parents this, but like a smart parent they watch your friends on Facebook also to get an idea of how your friends behave.  The friend posts a photo of you, tagged,  in a group of drinking teenagers.  This, of course, shows in the picture stream your parent see.

The example list goes on to include pictures of you somewhere you were never intended to be.  Inside of Facebook you should visit Settings – Privacy Settings  – News Feeds and Wall to control what you allow to be placed across the streams.

However, the current privacy settings in Facebook DO NOT ALLOW YOU TO CONTROL THIS.  So if you are caught in a photo and get tagged, the best you can do is remove that friend.  However, it is to late by then

P.S. I found a good safety refresher right here by Joi and another from Jun 08 right here

Facebook does not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to register. If you are under 13, please do not attempt to register for Facebook or send any information about yourself to us, including your name, address, telephone number, or email address. No one under age 13 may provide any personal information to or on Facebook

A local NBC affilliate in South Carolina did an excellent story on how easy it is to discover information on young adults that place information.  You can view the story in streaming video from here.  We watched this video intently since we had this same concern recently with our own kids of this age.

Here is what we found in a quick run through of our own kid’s schools.  We did a Facebook search by school, just for kids that listed themselves graduating in 2008.  Immediately I had 461 results to start viewing.  Clicking on a young lady on the first page, I found where she was going to college and then a huge number of her friends.  Taking her name over to some other person search engines (we will cover that ina the next few days) we uncovered articles she had appeared in through the school newspaper (that gets published to yet another site on the Internet) and finally her parents names.  This in turn gives us her home address and more.  All this from the first randomly selected person.

Why the 4 minutes of time spent?  Kids are beginning to share huge amounts of personal information with no long term regard for personal privacy. safety and as odd as it sounds, school and job futures.  There are numerous privacy controls built into Facbook that can be configured, but none of these can overcome the lack of teaching how to limit what you share.  To whom you share is simply a natural progression of the learning.

There are many school admission programs beginning to search the social networks for information on the applicants to guage how they are perceived and looking for images, stories and other matter that could sway their acceptance into the school programs.

The video above shows how news anchors did this same type of quick work to actually show up at kids houses based on what information they provided in social networks.  I thank Wayne Sutton for sending the links over.

In general, kids and even adults new to social networking, walk into these networks without any previous understanding of how the information is shared and who can see it from both authenticated (users with accounts) and public eyes. Let’s begin at the basics.

Once a user creates and account and fills out their information, other users on the same social network are generally able to access a fair amount of the information.  Without notification to you they are looking at it.  Some of the networks offer a more granular control mechanism, yet the defaults go against it.  The idea of being in the social network is to share information.  So why would they hide everything?  In other networks the basic information is displayed and the rest is only available after the person becomes your “friend” on the network. The lesson here is to learn how the network controls information once you register and what is shared automatically.  Some social networks are very clear in this ares while others have no indication.

The other side of this is the publicly shared profile information.  Many of the networks let you search and find people based on numerous attributes.  You can then access the information after you create an account, but by then you have found the person.  The user is caught between oversharing and not being properly informed.  So how does this relate to the article?

The article treats this as a simple ability to contact an ISP or network to blacklist the person.  Social networking goes far beyond this with the inherent ability to recreate account after account, even as you continually ignore the friend requests.  They also lightly glaze over the fact that the line between an on-line social network, location services and in person stalking are beginning to blur.

The goal is training kids and newcomers to social networks how to properly fill out profiles, using vague information if a field is required and being very cautious when accepting any friend requests.  Even those that could be perpurtrating as someone you know.  We will cover that in an upcoming article.