Tag Archives: privacy

Social Media Safety Part 1: Foursquare

Posted on by

With the ever growing number of social media services and users, it’s more important than ever for you to be aware of and take steps to protect you and your family’s safety. Many people don’t know the information they put out into the digital universe. If they did, they might be shocked. With stories popping up all the time about how bad people use this information to take advantage of good people, its more important than ever to understand the risks inherent in social media use and how to avoid them. This series is certainly NOT comprehensive. There are way too many social media services out there but, in general, if you know these facts and follow my advice, you’ll be much safer when using social media.

Let’s start with foursquare.

Do not check-in at home. For the love of God, people. You do not need to hand out a map to the world of where you live. Your real friends will already know. Luckily, foursquare realized the inherent risks of home “check-ins” and instituted changes to their system last September to help with this. They created a location category titled “home”. This is what it does:

  • “Only the person who created the ‘home’ and their friends can see the address on the venue page.
  • Similarly, on the venue page, only those same people can see the map pin. Everyone else will see a map randomly centered somewhere near the address, with the zoom pulled out a bit.
  • And don’t worry about the link getting sent around, or if you share it on Facebook or Twitter. The same rules apply!”

This was a good start but consider this. One of the criteria of the above changes is that it is centered around the person who created the home venue, not the actual person living there. So, even if you do not use foursquare, the possibility exists that your friends may have created, and checked into, your home on foursquare which would then mean that everyone they are friends with (and only those people ) on foursquare can see it and that’s assuming it was actually changed into the category “home”. If it has NOT been changed to that category, everyone can see it… and I do mean everyone.

Even if you do not use foursquare, you should check to see if your house is listed. If so, you can create an account and notify foursquare that the venue is your home. Once processed, it will only appear to your foursquare friends. If you don’t have any, nobody else will see it.

People that know me know that I am a very active social media user. I have over 2,000 friends on Facebook, many of whom I don’t actually know in real-life, and approximately the same amount of people following me on Twitter. On foursquare, however, I only have 83, every one of which I know. Remember, foursquare documents where you are and when you are there – or are NOT there.

This same rule applies to your children’s school, day care or any other place you frequent on a regular basis, including your place of employment. While it’s all nice and fun to promote your company, if it’s a place you work locally and visit regularly, all you’re doing is establishing a time-record that someone could use for nefarious purposes. If you’re checking in to your child’s school or day care, you could be jeopardizing their safety.

Another general rule if you’re going to check-in to a business (especially for females) is to check-in WHEN YOU LEAVE, not when you arrive. You never know who’s watching, and waiting, for the right person to check-in. While maybe only your friends can see your check-in in a foursquare stream, ANYONE AT THE VENUE, can see your check-in. In other words, say there is a particularly unsavory character at a bar. If you pull up the venue on foursquare, it will show you not only how many other people are “checked-in” but WHO THEY ARE.

Do you travel? Same perils. Except in this case, all you’re doing is telling everyone that your FAMILY is home alone.

Don’t forget that you are also given the option of sharing those check-ins via Twitter and Facebook, which can increase the danger exponentially.

I hope this helped you understand a little better the perils of foursquare and how you can use it better, or not at all.

Stay tuned for part 2 of this series coming soon.

Related articles:

Please Rob Me” by Dan Fletcher, Time magazine

Foursquare’s Stalker Problem” by Lisa Riordan Seville, The Daily Beast

Girls Around Me App Confirms That Foursquare is a Terrible Idea for Women” by Amy Tennery, The Jane Dough

4 Ways Foursquare Can Make You A Victim Of Dangerous Crimes” by Millionaire Hoy, Yahoo! Voices

Ford Says Consumer Privacy Is Impractical

Posted on by

In a Yahoo! exclusive article published today, it was reported that Ford has initiated a lawsuit against 13 individual eBay sellers who they accuse of selling fake or counterfeit Ford parts. I’m not arguing the merits of Ford’s lawsuit as it is certainly within their rights to protect their trademarks and copyrights as well as take steps to protect dealer’s profits in the part business but rather to question the bigger issue encompassed by this: an individual’s right to privacy.

The subpoenas for the  lawsuits were granted by the court for Ford to obtain the seller’s identities and information. What is unusual about this is not that they requested it, but what they asked for after that request was granted.

As reported in the article, most ISPs and websites have policies in place that notify users when the company gives out their information for any reason except for that involving criminal activity and which is requested by law enforcement agencies.

In this case, Ford not only requested the user’s information but also asked for their bank account information (which was denied) then went a step further and asked for the court to prohibit eBay and Paypal (an eBay company) from notifying the targeted users that their information was requested and given out.

This move flies in the face of all privacy issues. With the public outcry against the recent legislation effectively designed to skirt privacy issues accompanied by Ford’s strong pro-consumer brand and social media presence, you’d think they would want to steer clear of any controversy in regards to consumer privacy.

“Much of the debate in recent months over online privacy has been spurred by bills in Congress, such as the Stop Online Piracy Act and a new bill, the Cyber Intelligence Sharing and Protection Act, which passed the U.S. House in April. CISPA would let companies and law enforcement agencies broadly share users’ personal information to fight potential threats — including accusations of copyright violations and counterfeit goods — without penalty, trumping any company policy.” writes Justin Hyde in the Yahoo! article.

The reason reported by Ford for this request was:

Ford respectfully suggests this procedure is impractical and would serve to undermine the rationale for the subpoenas. The procedure would impose a substantial burden on [eBay and PayPal] to prepare, serve and enforce subpoenas and would serve to “tip-off” or warn the Doe defendants of Ford’s investigation. Under the procedure as written, the Does would have notice that Ford was seeking their identities and thus ample time to destroy evidence, the counterfeit and infringing goods, and flee to avoid service all before Ford would be entitled to receive their true identities.”

I understand why they asked the court to do this but just because it’s a good reason doesn’t mean it should outweigh the right to privacy that all citizens enjoy. This is a civil matter, not a criminal one.

Now that one court has issued what I feel is an invasion of privacy, what’s to stop other judges from following suit. I can think of plenty of GOOD reasons for a judge to do this but that doesn’t mean they SHOULD. Where does an ISP or website draw a “line in the sand”? Despite Facebook’s own internal privacy issues, they have, and are still, fighting other companies from requiring or being allowed to access their user’s information and accounts including employer’s requesting pre-employment access, schools requiring students to reveal their Facebook walls to administrators and more.

Being an eBay user for over 14 years and a Paypal user for about 12, I would hope that they would challenge and fight for their user’s right to privacy. It’ll be interesting to see how this plays out and whether any of the companies involved will take a stand for their users.

While Ford may feel that their lawsuit against 13 people succeeding is more important than our rights to privacy, I just find that.. well.. impractical.

Who Is Tapping YOUR DMS?

Posted on by

There is a lot of controversy in the automotive industry regarding which vendors are pulling data (customer or transactional) from a dealer’s DMS and then re-selling it to vendors like TrueCar and others. (I guarantee you that TrueCar is not the only vendor that’s using your data against you, FYI)

[Note: For non-automotive industry readers: DMS stands for Data Management System and is what contains all customer, financial, vehicle and transactional data (ie. all that information on the credit application you filled out when you bought that car). There are dealer vendors (website companies, 3rd party services like TrueCar.com, Edmunds.com, Cars.com, etc.) that are given access to this information for various reasons.]

Consumer privacy laws and red flag compliance keep getting stricter and stricter when it comes to customer personal information and how it needs to be protected. This is all well and good but I’d argue that most consumers don’t care about their personal information. They may say they do but actions speak louder than words.

An industry acquaintance shared a website yesterday that assists people in seeing, and cleaning up, which apps and websites are accessing your various social media accounts. (You can find it at http://mypermissions.org/ )

As I played around with it, there wasn’t much in there that surprised me but I’m also very diligent about which apps I allow to access my information and I periodically monitor them to remove permissions for apps or websites I no longer use. Even though I do that, there were a few in there that I was surprised to see. I guarantee you that a normal consumer has way more apps and websites accessing their personal information than I do – games, iPhone apps, websites with social media log-ins, plug-ins etc. Most require (or ask) to access your personal information to use their service. How convenient is it to use Facebook Connect? It’s super-easy but, every time you do, you are giving yet another website or app permission to access your personal information – essentially trading your information for convenience and/or the ability to utilize that particular website.

As I thought about this collection of different social media sites – Facebook, Twitter, G+, LinkedIn, etc. – it started to feel more and more to me like this was MY OWN PERSONAL DMS.

These accounts – singly and collectively – contain more personal information about me than any other source including the government.

Those social networks are free to use, but are they really? In one sense, they do exactly what your vendors are doing to your dealership’s DMS – selling your personal information for profit. Most consumers know this on some level and have chosen to allow that access in exchange for their information on some level. Sure, there are times when a consumer outcry occurs -  say when Facebook changes a privacy setting – but those quickly go away mostly because the consumer modifies the permissions again (ie. who can see your posts or other activity on Facebook).

So consumers do care about protecting their information, posts, etc. from people on an individual level, what they’re not shielding themselves from or thinking about is what companies are getting their personal data (either from the sites themselves or from outside apps and websites that they’ve allowed access) and what those companies are doing with it.

So, while we’re in an uproar about what vendors are getting access to customer data and what they are doing with it, keep in mind that you also have your own personal DMS and, just like you should care who has access to your customer’s information, you should care about who has access to your own.