During the last year, we’ve all enjoyed the rise of social media and social networking, with many of us now happily Twittering, Facebooking, Beboing, StudiVZing, MySpacing, Cyworlding, Mixiing, QQing or whatever takes your fancy.
In fact, the numbers are quite incredible. Considering most of these sites had virtually no users in 2006, the fact that they now have about 230 million registered users with MySpace, 75 million with Facebook, and about 250 million for the rest, you have an awful lot of socially networked people.
In a press release from Comscore in January, the figures speak for themselves:
"The number of worldwide visitors to social networking sites has grown 34 percent in the past year to 530 million, representing approximately 2 out of every 3 Internet users. MySpace and Facebook are in a tight battle for the global leadership position, each attracting more than 100 million visitors per month."
Two out of every three internet users are socially networking online.
That’s a lot of people.
And Comscore’s figures do not include what I consider to be the planet’s biggest social network, QQ. QQ is a Chinese network run by Tencent, a mobile network carrier. Maybe that’s why they are left out of Comscore’s figures, because they are mobile based, but QQ has 300 million users.
In fact, if you add in all the mobile network social capabilities, such as Twitter, you have over a billion people networking socially through electronic media.
That’s 1 in 5 people on the planet.
That’s a helluva lot of people.
But what concerns me, as regular readers of my blog will know, is how careful or careless these people are, when using these networked worlds in managing their identity.
I’ll take Facebook as the example here, as that’s the one I’m familiar with, but I’m sure most other social media applications are the same.
First, there’s the connecting with complete strangers. This is best illustrated by a study by the internet security firm Sophos.
Sophos ran a joke last year on Facebook, and were surprised to find that most people accepted them as a friendly connection, even though people did not know who was reaching out to them. If they checked out the stranger's profile, it just had a picture of a plastic frog on it, and yet they still accepted this stranger's connection.
This just reflects basic human nature. We want to be popular so if someone wants to be our friend, oh, yes please!
Second, is the ability to easily see everyone’s profiles if you know how. The simplest thing to do is to join a network, such as London, and then look around. You can read a lot of people’s profiles and they don’t even know it because, when they joined the London network, they forgot to set their profile on the London Network to 'private'. Result: everyone in London can see your profile whenever they want.
That can have some serious implications, as demonstrated by Crystal Palace teenage footballer, Ashley-Paul Robinson.
Ashley-Paul had his first full team game for Crystal Palace in April and is a promising star for the future. However, he posted details of his forthcoming try-out for Fulham, an archrival football team, on his Facebook profile without realising that, because he was part of the London network, 2.7 million people could read it. One of the people who read this news was the Crystal Palace team manager, Neil Warnock, who has told Ashley-Paul he is a Faceberk and that his Crystal Palace future ended last week.
Finally, I’ve found a new quirk in Facebook. If you annotate on a friend’s photograph, then you are allowing all of your friend’s to see your friend's photo album.
This can best be illustrated by the example of my friend John, who knows Jane. I don't know Jane and have no conection with her. However, John decides to write a note on Jane's photo saying, "Nice piccie". Because John makes that comment, I can now see all of Jane's photograph album and all of the comments in that album. Even though I don't know Jane.
The average Facebook user has 164 friends. So, in practice, this means that I can potentially see the details of my 164 friends x their 164 friends, who I do not know. That's over 25,000 people who are now exposed to me through the network. Not just exposed as individuals, but their lives, friends, habits and social world.
The bottom-line is that through Facebook, I potentially have access to millions of people’s profiles, lives, friends, boyfriends, girlfriends, brothers, sisters, fathers, daughters, mothers, sons … their birth dates, home town, place they live now, where they work, their mobile telephone numbers, email addresses, habits and thoughts.
And if I know how to do this in Facebook, I am sure that I could find similar exposures in MySpace, Bebo, Badoo, QQ and more.
For the true friends I have out there who I enjoy networking with, this is fantastic. For the hundreds of strangers I now have access to through the network, this is dangerous.
In fact, it’s so dangerous that I believe yes, a billion people can be wrong. A billion people, 1 in 5 people on this planet, may be giving away their identities and more in the name of social fun.
So what does this mean for banks?
Well, banks really need to start raising this issue, in the same way as phishing and spam. This would mean placing signs everywhere on bank internet and mobile services, saying something like:
“If your identity is compromised and we find this is a result of your usage of social networking sites such as Facebook or MySpace, you will be liable for any losses incurred. You may not realise but your identity can be traced through these internet sites if people can access your profile. Your profile can be accessed by all of those you are connected with and, quite often, their connections. Equally, anyone on a network, such as the London network, maybe able to see your profile. That equates to almost 3 million people who can see your birthday, email address, friends and family, and anything else you place on these social media. Therefore, we recommend you do the following best practices …”
and so on.
But there is more to this than just identity theft issues. In fact, for a bank, there is far more concern about what these sites could mean for social engineering fraud and theft.
For example, I regularly find details of tellers and customer service representatives for various banks. I can even target the banks I want to have a go at, by name.
Each of these banks’ have staff socially networking online and, even though I have never met any of them, they give me all of the information I need about their lifestyles and contact details. I just wonder what would happen if I went down to their local bar and said I had their brother or sister, mother or father, son or daughter, held at home at gunpoint unless they help me rob the bank.
I don't have their family or friends at gunpoint ... I just know their names and details. Just as I knew where they drank, when and how often.
It's all on their profile.
Just a thought.
Comments