Xue, Eric - COSMOS - UC Davis

Xue 1Eric XueMatthew Bishop, Karl Levitt, Sean Peisert, Jeff RoweUC Davis COSMOS Cluster 44 August 2012Facebook PrivacyToday, individuals are expressing themselves through many different forms, one beingonline social networking websites. About a third of the world’s population is involved in somesystem of online social networking sites. In other words, half of the total internet users in theworld are also on MySpace, Facebook, Twitter, along with many other websites that havebecome popular in recent years. The need to constantly be aware of what others are doing isoverwhelming, as well as the need to display oneself to others. Now, studies have shown that notonly young people, but also an increasing number of adults over the age of 40 are beginning tojoin the social networking movement (Brandtzæg 1006). A vast amount of people, no matter theirage or location in the world, are connected through social media today. However, the question isnot how these online interactions impact the bonds between real-life relationships but rather howsecure these social networking websites are. Are these sites allowing acquaintances, or even totalstrangers, to gain information that should only be shared with family and friends? And by‘friends,’ I mean people met through face-to-face exchanges, not a buddy met online. It isalarming that near-strangers could have easy access to important personal information, such asyour email, phone number, or date of birth, without actually being your ‘friend’ on Facebook,depending on how strict your privacy settings are. Many people have voiced similarapprehensions, yet they continue to share content over the internet (1006). Unfortunately, a

Xue 2roadblock has been reached concerning privacy in social networking sites. Enacting strictprivacy would ultimately be a double-edged sword, hurting the ability to share information,which is Facebook’s original intended purpose (1006).What is social software? A general definition would be any of the tools used for onlinecommunication (Warr 593). One of these tools is the wiki, the most well-known beingWikipeadia, in fact “as of September 2007 it boasted 8.2 million articles in 253 languages” and is“one of the 10 most visited websites on the web (593). Many different anonymous authorscontribute to articles, and while some of these authors may not be credible, the sheer number ofpeople that review the articles is overwhelming, and any errors are likely to be removed (593).Blogs, in which people can post opinions, headlines, or updates, are also used quite frequently. Apodcast is digital file ready for playback, able for use on personal computers or mobile devices,hence the word ‘podcast’ which is a shortened combination of the two words “iPod” and“Broadcast” (Warr 593). Another way to define social software is a virtual community that livesoff of user input and relies on a “collective intelligence,” much like the way Wikipedia takes theopinions of thousands of authors to ensure the accuracy of its articles (594). In addition, some areused for specific purposes and information. For example, Facebook would be used forcommunication in general, but Amazon would be oriented towards people looking to buy andsell. Virtual worlds such as massively multiplayer online role playing games can also beconsidered as social media (Warr 596). Some of these games mimic real life, while others takeon a more fantasy-like twist. A good example of social software is one MMORPG that I haveplayed: Runescape. The user represents an avatar in a 3D landscape, and can control the avatar’slocation in the virtual world using the mouse by clicking on the desire destination. The arrow

Xue 3keys adjust the user’s viewpoint, which by default is looking down on the avatar from above, likesome kind of divine entity. The landscape itself varies, with many of the terrains that exist onplanet Earth, such as urban areas, deserts, forests, volcanoes, and oceans. The character’s outerappearances, garments, and name can all be customized to fit the user’s preference. Eachcharacter has an ‘inventory,’ in which items can be collected, or used and further space isavailable for storage in the game’s online banking system. In addition, the game has its very ownonline currency, and players are allowed to exchange real-life dollars for in-game gold, whichthen can further be exchanged for items. Players interact with each other to fulfill commoninterests, and basically, the game is able to support its own economy in which players can barterwith fellow players. Each avatar has its own ‘level’, which can be increased by either engagingin combat with non-player computers, or training a specific skill in the game.Skills are generally divided into two subcategories: Combat skills and passive skills.Runescape is a competitive environment and avatars with greater ‘combat skills’ have anadvantage when pitted against allow avatars or one of the many non-player monsters that residein the virtual world. ‘Passive skills’ generally reflect a user’s personal interests. For example,there are many pastimes inside the game such as fishing, crafting, and woodcutting. In additionto having skills, players are able to communicate with each other, and even make ‘friends’ whoare available to contact from anywhere in the world of Runescape and appear as a different coloron the mini-map. Every player has a list of tasks, or quests, to fulfill and upon completion,players are often rewarded with either rare items or in-game currency. There is no clear objectiveto the game, whether a player can embark on a quest for rare items, stacks of gold, or a rankingon the leaderboards is entirely up to them, similar to the way there is no sole purpose or goal in

Xue 4life. Ultimately, MMORPGs such as Runescape are social tools designed to allow users tointeract and communicate with others. With all these different forms of social software, attackershave a wide variety of approaches to exploit vulnerabilities in the system.To believe that all people are entirely ignorant of the dangers of social networking siteswould be false. Yet, despite knowing these consequences, users are drawn to these websites morethan ever. So, what exactly is the appeal of social networking sites? Warr claims that there areseveral reasons that make the internet in general appealing: “Search, Linking, Authoring,Tagging, Extensions, and Signals” (592). Searching is defined as the ability to locate informationby simply typing phrases or keywords. Using Facebook as an example, it is possible to locatepeople or pages, using the search bar on the home page. Linking is defined as jumping from onesite to another with a click of the mouse. By clicking on someone’s name on Facebook, thewebsite redirects you to their profile where their personal information and interests are stored.From there, one is able to view pages they are interested in. Authoring is the ability to write andpost one’s own stuff and share with others to appreciate. Facebook users are able use the “sharewhat’s on your mind” box from the home page, to share a statement for all friends on Facebookto see. In addition, it is possible to create one’s own page, create a description, and share it forothers to ‘like’ it. Tagging is defined as the ability to label something and by doing so addpersonal meaning to it. Extensions improve upon current systems/applications, to keep up withusers’ ever-changing demands. For example, Facebook profiles were updated from the old styleto the new ‘Timeline.’ The new profile shows all photos, status updates, and posts from otherpeople ever since the person joined Facebook. Signals are a way of alerting the user of newmaterial is available for viewing. Facebook uses a system of ‘notifications,’ a box in the top left

Xue 5corner of the home page, that turns red when fresh material is available. In addition, the numberof notifications is also displayed. Together, “the acronym SLATES” explain why people are soimmersed in these social networking sites (592).Technology is constantly being re-innovated to be speedier, while also being simpler anduser friendly. Facebook does exactly that, combining multiple elements of the web to beappealing to users. In addition, it is common for people today to own a personal computer withinternet access. With the invention of smartphones, mobility is taken to a completely new level.Social networking no longer has to stay at home when users are away at school or work, and itcan follow them wherever else they may go.It is tough to keep an objective perspective because I am a Facebook user myself. A fewof my ‘friends’ on Facebook are connected with 1000 or more people, some of whom theypossibly have never talked to or even seen before. Most people tend to engage in “seeking outand adding people whom the user has met in the course of their lives” (Brandtzæg 1006). Inaddition the general consensus, according to Brandtzæg, seems to be that users will accept afriend request from “anyone they know and do not actively dislike” (1006). I myself have around400 hundred friends on Facebook, and sometimes I find that there is too much information toabsorb at once and that it is hard to filter all the useless information and keep the useful bits.However, Facebook’s news feed is not the only reason users like it. Some of the benefitsusing Facebook are: being able to talk to friends, have group Q and A, and work on large projectsthat require multiple people. It is much less of a hassle to send an instant message rather thanflipping through a 1000+ page textbook. But obviously, most people will use Facebook forpurposes other than work. There are many tantalizing ways to distract a person from their work,

Xue 6keeping them engrossed for hours. It helps us connect with the people that we see and hang outwith every day. A lot can be learned from simply viewing a user’s profile: personal information,who their friends are, what’s on their mind, and what they have been up to (vacation photos,etc.). Instant messaging also plays a huge part on Facebook. For example, if you want to catchup on a friend you have not seen in a long time, it is much easier to send them a chat, rather thancalling them over the phone. Also, when behind a computer monitor, people can avoid some ofthe mishaps that occur during a real-life conversation, such as not having ample time to think ofa clever response, speech mistakes, shyness, etc. In fact, many people say things over chat thatthey are unlikely to say in real life. In addition, if one prefers actual conversations, Facebook hasvideo chat, too. Not only can friends hear the sound of each other’s voices, but also see eachother’s faces. Essentially, the rules that apply in an actual conversation also apply, because youcan see them, hear them, and notice body language and other gestures.In addition, there are many games that require access to your information and profile.While a few are malicious, the majority will only let others see that you are playing, and invitethem to join you in playing. The game needs access to your Facebook wall and posts from timeto time. It most often allows only a certain amount of ‘energy’ which can be thought of as a formof in-game currency. Energy is spent to perform actions, and when executed properly theseactions yield more energy as a reward to complete the cycle. While this drudgery does not seemappealing, people like the aspect that other people can see them playing, and play the game aswell. Another aspect of gaming on social networking websites is that difficulty has an inverserelationship with the number of other players. Therefore, a person who invites many friends toplay with them will have an easier time than a person who takes on the challenge by him/herself.

Xue 7While some users like to get lots of requests to play games, other users may find it annoying ordislike the fact that other people can see exactly what they are doing at a given moment. Thisbrings up the issue of privacy up again. Now, we are capable of understanding why people arewilling to devote time to social networking at the expense of their privacy.There are several ways for intruders to breach users’ privacy. They can spam throughinstant messaging, either with repeated harassing advertisements or messages from unknownsources (Warr 598). Spammers can also launch an attack on mobile telephones. While thesemalicious attacks are often troublesome and hard to distinguish from legitimate messages,bogging down a user with thousands of requests does not cause severe harm other than slowingthem down. Another way that security can be compromised is the unwanted spread ofinformation , which can be the result of malicious intent or by accident. Warr cites oneinformation leak in which a worker at Microsoft posted an upgrade on his blog to WindowsMobile on his blog, when according to Microsoft was not intended to be publicized until twoweeks later. The important information was leaked, and the worker’s management must havebeen fairly angry. The point is, whether because of carelessness or foolery, a user’s computersystem and personal information can be damaged. For this reason, many companies have bannedthe use of blogs and instant messaging (598).A personal example of a phishing attack, an attempt to impersonate a trusted organizationor acquaintance, is the one time my Chinese teacher sent me a suspicious-looking email throughGoogle Mail saying that she was “on vacation in Europe and had been mugged of her money andbelongings, without any way to return to the United States.” She explained an elaborate tale ofhow she put all the money she had with her in a suitcase, and how the suitcase had been stolen.

Xue 8Further down message was actually a pitiful cry for help. She asked for a money donation andthose who wanted to help her could do so via a link she provided. The person claimed to be myChinese teacher, and the email was sent from the email address other students and I knew. Thetruth was, Mrs. Zhang did frequently go on vacation, so everything seemed to be in place. Itseemed legitimate. Fortunately, not knowing the authenticity of the email, I asked a few goodfriends if they knew anything about the mysterious email. Eventually, a few students managed tocontant Mrs. Zhang through her other email address, and by that time word spread around thatthe plea was a scam. However, had I fallen for the trick, the embedded link could have directedme to a harmful website to install viruses on my computer to turn it into a bot to performmalicious programs or steal my personal information. Or, if the call for help was fake but the linkwas in fact legitimate, I would have sent my money to the scammer. There is no solid preventionfor these kind of attacks, because they are supposedly from a source that is familiar and trusted. Isaved my system from whatever lurked in the link by being careful, questioning the validity ofthe emails in my inbox.How can we protect our systems from current attacks, and what will future attacks looklike? I do not think that big corporations and ordinary people will ever be able to completelyguard themselves from attackers in a one hundred percent foolproof, solve-all method. However,some companies, such as Dell, are searching for solutions. Dell recently created a website called‘IdeaStorm,’ which was a blog on which users could submit complaints and ideas, and then otherusers could rate the ideas (Warr 601). This new innovative way of getting consumer input has itsdrawbacks, however. The disadvantage is that people’s complaints of Dell’s products are easilyseen, and potential attackers could utilize the malfunctions as ways to infiltrate Dell computers

Xue 9Regardless, consumers will always have something to complain about and the drawbacks willnot be significant (Warr 601). One method of protecting privacy would to be to stop using socialnetworking websites altogether, whether it is at home or at the workplace. However, Warr claimsthat “blanket bans” will be ineffective, and big corporations should at the very least have “sometrust in the people they choose to employ (601). It is hard to create a perfect balance, so thatemployees are not restricted from using everything on the internet but still can avoid majordistractions from their work.Ultimately, the impact that social media has on the human race is huge, no matter wherepeople are. As sociability increases, the need for privacy decreases, suggesting that the two havean inverse relationship. (Brandtzæg 1006). Many teenagers will create an identity by interactingwith many others, while some teenagers will create an identity by enforcing close relationships.Livingstone suggests that there is a fine balance between the opportunities that one is givenversus the risks that come along with it (408). When people are eager to display their identity to“a wide circle of contacts, not all of whom are close friends or sometimes even remembered”through social networking websites such as Facebook, they also unknowingly open themselvesup to complete strangers, whether or not those strangers have malicious intent (Livingstone 408).Often, people’s privacy settings do not accurately reflect their closeness to the people they areshowing information to. Using social software, people can publish and locate information muchmore effectively and at astounding speeds, forever changing the way individuals interact witheach other. (Warr 602). The way hackers will try to infiltrate user’s computers has changeddrastically, too. While new patches are made, new vulnerabilities are being exposed. The racebetween attackers and defenders is a struggle that will remain unsolved for years to come.

Xue 10Works CitedWarr, Wendy A. “Social software: fun and games, or business tools?” Journal of InformationScience. 13 June 2008. Web. 30 July 2012.Brandtzaeg, P.B, M Luders, and J.H Skjetne. "Too Many Facebook "friends"? Content Sharingand Sociability Versus the Need for Privacy in Social Network Sites."InternationalJournal of Human-Computer Interaction. 26 (2010): 1006-1030. Print.Livingstone, Sonia. “Taking risky opportunities in youthful content creation: teenagers' use ofsocial networking sites for intimacy, privacy and self-expression.” New Media & Society.19 May 2008. Web. 30 July 2012.Runescape. Jagex. Web. 4 August 2012.