SafeKids.com

Powerpoint slide by Larry Magid (photographer unknown)

When it comes to privacy and security, I’m reminded of folks who drive to the airport without their seat belt on and then worry about the plane crashing.

Planes do crash on very rare occasions but not nearly as often as cars. And when driving, there are things you can do to increase your safety, whereas when flying, there’s not much you can do to protect yourself  but we do rely on the airline industry and government regulators to do all they can to protect us.

Likewise, when we’re online, there are things we can control and things we can’t. For example, we can control the passwords we use and what we say in social media. But sometimes we’re victims of other people’s carelessness or malice, such as when a service or a retailer gets hacked or a government employee loses a briefcase containing a laptop with people’s unencrypted personal information.

And then there are those other privacy breaches that result from deliberate policies of service providers and advertising networks to harvest user information for a variety of purposes, ranging from targeting advertising to conducting market research.

Still, there are things that individuals, companies, the tech industry and government can do to increase privacy and security.

We’re not in complete control

When it comes to trying to protect ourselves from companies and agencies being hacked or losing data, we’re pretty much like passengers on a plane. We have to trust that the organizations we’re dealing with are doing all they can but there’s not a lot we can do. Obviously it makes sense to only provide personal information to trusted organizations. But when hacking victims include the likes of Sony Network, Target, Wal-Mart and universities, there isn’t a lot we can do. I was reminded of this several years ago when my son got a letter from UCLA saying that the database containing his admission application had been hacked, and I was reminded again last week when I got an email from Twitter saying it had been hacked and data from 250,000 accounts — including those of journalists like me — may have been compromised. Government played a role in at least informing us of those breaches. California was one of the first states to require companies to disclose data breaches to anyone who might be affected.

Things we can do

While we can’t prevent such attacks, we can protect ourselves to a degree. One precaution is to use strong passwords and make sure we don’t use the same password for each of our accounts. I know that’s hard, but there are ways to make it easier. One option is to use a password safe like RoboForm or Lastpass that will remember and enter passwords for you. They will even generate random passwords that are very hard to crack. Another option is to use the first letter of each word in a phrase that you can remember but others can’t guess, and to include numbers and symbols.

By now you’ve heard plenty of warnings about being careful what you post on Facebook, Twitter and other social networks. But based on what I’ve discovered since I started using Facebook’s graph search, a lot of people aren’t heeding those warnings. Graph search, which is being rolled out gradually to Facebook users, enables people to search for information or pictures, including things people post to “public” and things that they make available to “friends” or friends of friends. Friends of friends can be a lot of people, when you consider that the average Facebook user has 245 friends. If each of those friends also has 245 friends, an extended network could easily exceed 6,000 people.And it’s not just regular folks who can access that information — it’s easy pickings for employers, college admissions offices and even law enforcement and government agencies seeking information about you.

Digital footprints

In my searches, I’ve found all sorts of things people might want to reconsider. I’ve also found a few things I posted and long forgot about that I decided to delete or make more private (you can change privacy settings for any post or photo at any time). Facebook’s online privacy setting, which lets you choose the audience for each post, can help but it’s a double-edged sword. Whatever setting you select remains in affect until you change it, which means that if you post something to the “public,” the next item you post will also be public unless you remember to change it.

Still another issue are those marketing related privacy invasions like tracking cookies or online profiles. Some people are bothered by them and others accept them as the price we pay for all these great free services. I recently researched a trip to Argentina and keep seeing ads for trips to that country. It’s a little creepy but at least there’s a chance some of them might be relevant.

Google’s Doubleclick and other ad networks that serve these ads swear that they’re not collecting personal information. But even though I believe there’s not a printed list anywhere with my name and the word Argentina, it’s clear to me that there are servers out there that know something about my recent travel. Whether these ads are fair game continues to be fodder for regulators in the United States and elsewhere. In the mean time, browser makers are developing ways that you can opt out if they really bother you.

Role of government and industry

The tech industry can play a role by creating transparency and simple to use features to allow users to opt-out of anything that makes them uncomfortable, including tracking cookies and profiling. Government can play a role by helping to educate the public, by protecting its own infrastructure and by assuring that companies disclose any potential privacy or security threats and adhere to their stated policies.  It can also set a good example by applying good privacy practices and due process before trying to access citizen’s personal information  While it’s true that over-regulation or dumb laws can stifle innovation and sometimes cause unintended consequences, it’s also true that ignoring the problem or assuming that the marketplace can solve all problems is equally irresponsible.

Privacy risks largely within your control

• Responding to social engineering
• Talking on cell phone in public
• Failing to shred paper documents
• Saying the wrong things on social media
• Posting inappropriate photographs
• Clicking on shortened links
• Donating to a political campaign and having that made public
• Being photographed in compromising situations
• Entering contests
• Failing to log out when accessing service on public computer
• Banking or shopping on unsecured Wi-Fi networks
• Not understanding the disclosures or privacy settings of services and apps
• Failing to password protect phone or computer or encrypt files
• Using weak passwords & same passwords on multiple sites
• Failing to password protect devices

Privacy risks largely out of your control

• Government subpoenas & warrants
• Good companies becoming evil
• Individuals affected by a data breach outside their control
• Insurance companies that know too much
• The lending industry – ever look who’s looking at your credit report?
• Aggregation: Weaving information from different sources to create a profile
• Being spied on when travelling, especially in totalitarian countries
• Publicly available data such as home address and taxes you’re paying
• Privacy Laws and policies that do more harm than good

A new study, Coming and Going On Facebook,  from the Pew Internet & American Life Project found that 61% of Facebook users have taken a “voluntary break” from the service for several weeks or more, and 20% of the online adults who don’t use Facebook said they did once but quit.

The study also found that 67% of American adults are Facebook users compared to 20% who use Linked-In and 16% that use Twitter.

Reasons

When you look at the reasons, concerns about privacy/security/ads/spam came out pretty low at only 4%.  The biggest reason (21%) was “too busy/didn’t have time for it,” followed by “just wasn’t interested/ Just didn’t  like it” and “Waste of time/ Content was not relevant  which both came in at 10%.   “Too much drama/gossip/negative/conflict” came in at 9%.

Another surprise, at least to me, was that “didn’t like posting all the time /didn’t want to share” came in last at 1%.

Reasons for taking a Facebook break (Source: Pew Internet & American Life Project)

Although still not widely recognized in the US, Safer Internet Day is neverthess “official” – at least as far the Department of Homeland Security (DHS) is concerned. Though marked by Net users in schools, nonprofit organizations and governments in a growing number of countries since 2004, it was recognized by the US government last November, when Secretary of Homeland Security Janet Napolitano joined European Commission Vice President Neelie Kroes in signing a Joint Declaration in London, “committing to make the Internet a safer and better place for children,” according to the EC’s press release

More at ConnectSafely.org including interviews with Safer Internet Day officials in Europe and the UK.

by Larry Magid

Vine is a fun new iPhone app from Twitter that has lots of people shooting and sharing very short videos.

Although it’s too early to know if this app will catch on with teens and tweens, my guess is that a lot of young people will find it appealing. Some people have called it “Instagram for video” because like Instagram (which lots of kids love), it’s easy to use and lets you immediately share what you’ve captured.

All you have to do to take a short video is press a camera icon at the top of the screen and then hold your finger on the screen while you shoot. You can remove your finger, re-aim the camera and press again to resume shooting.  When you’re done you’re given the chance to share the video on Vine (it can be viewed on the web or other Vine users’ phones) and share it on Twitter and Facebook.

Parents — I know what you’re thinking. This is one more ways for kids to get themselves in trouble by taking videos that perhaps they shouldn’t be taking and sharing. But, while Vine may be new, there are plenty of other smart phone apps that allow users to shoot still or video as well as easy ways to share it so — even though this is a new app — it’s by no means a new issue for parents to talk with their kids about.

As with any imaging app, kids need to know that they are accountable for what the post.  Yes, Vine can be used for sexting and kids need to know that there are potential legal consequences to posting or even possessing nude images of people under 18, even if it’s of themselves.  As with anything else, kids need to think before they post videos taken with Vine.  ConnectSafely.org has Tips to Prevent Sexting where we advise parents to “Talk with your kids about sexting in a relaxed setting” and “express how you feel in a conversational, non-confrontational way.”

Kids (and adults too) should also be aware of privacy implications of these videos for themselves and others. Be aware of what’s in the background of your shots and –regardless of what they are wearing — be sure to get permission from other people before including them in videos.

Here’s one of my first Vines, shot as I was taking our dog Yuri for a walk. By default the audio is off but you can turn it on by clicking the speaker in the right corner (though not much to listen to on this shot).

vine.co/v/b5pDVA3Hr6L

— Larry Magid (@larrymagid) January 25, 2013

By Larry Magid

A recent story from the Gilroy Dispatch gives me concern about the unintended consequences of our recent campaigns to stop bullying. The report, which lacks specific details, quotes police officials referring to the children involved as “suspects”and “victims.” It reads more like a crime blotter than a serious discussion about how to encourage youth (and adults too) to treat each other respectfully

I don’t have enough details to know whether law enforcement intervention was necessary in this case.  There certainly are situations where police do need to be involved. But I worry whether our well meaning desire to combat bullying could lead to an even bigger problem by branding children who misbehave as criminals instead of using other methods to create a more civil and compassionate environment for our children.

To be fair, most of the recently enacted state bullying laws don’t necessarily criminalize what we typically consider to be bullying. In an email, Cyberbullying Research Center co-director Justin Patchin said that “most simply mandate that schools have a policy” and “none say schools ‘must’ suspend for bullying.” He added that “it is up to the school administrator to determine what school-based discipline is appropriate and if the police do get involved they will decide whether the facts of the case warrant an arrest for a criminal offense. The applicable criminal laws really haven’t changed in most states.”

Nancy Willard, director of Embrace Civility in the Digital Age and author of several books on cyberbullying agrees that there are some “instances of egregious cyberbullying that should be viewed as a criminal offense,” but said that while’s it’s important to hold those who cause harm accountable, “punitive responses to these kinds of situations, either suspensions or criminal action, should be discouraged.” She encourages a “full investigation to accurately assess the underlying factors, leading to a restoration that will allow all of the students involved to move past this situation to remain welcomed and successful members of the school community.”

School-to-prison pipeline

There is no direct evidence that being suspended for bullying increases a child’s odds of getting into the criminal justice system but there have been studies to suggest that harsh school discipline can lead youth into what some federal officials are calling the “school-to-prison pipeline.”

The U.S. Department of Education and the Justice Department, in 2011, launched the Supportive School Discipline Initiative “to reduce the use of disciplinary practices such as suspension and expulsion, which place children at higher risk of poor academic achievement and dropout, illegal behavior, and entry into the justice system.”  Secretary of Education Arne Duncan expressed concern about “rising rates and disparities in discipline in our nation’s schools” and pointed to a study that found that found that when a student was suspended or expelled “the odds increase dramatically that they will repeat a grade, drop out, or become involved in the juvenile justice system.”

Patti Agatston, a trainer and consultant to the Olweus Bullying Prevention Program and co-author of Cyber Bullying: Bullying in the Digital Age said that “most law enforcement personnel would rather address bullying and cyber bullying through prevention and education.” She feels that “giving a criminal record to a child at a young age will likely do more harm than good for the perpetrator” and said that “there are more supportive and effective ways to help the targeted individual without involving the criminal justice system.”

Bullying on the decline

I am also concerned about the general sense that bullying is a growing problem.  While it is a problem — regardless of how often it happens — the actual incidences of bullying are going down, not up, according to researchers at the University of New Hampshire’s Crimes Against Children Research Center (CRCC).

A recent paper by CRCC’s director David Finklehor looked at several studies and found “substantial declines in face‐to‐face bullying and peer related victimizations at school from the 1990s to recent years.” The annual National Crime Victimization Survey, according to Finkelhor, “shows that between 1992 and 2010 for youth 12‐18 school related violent victimizations declined 74%  and school related thefts declined 82%.

The 2011 Health and Risk Behaviors of Massachusetts Youth report, based on a survey of 8,925 students in 137 Massachusetts secondary schools showed a significant decrease in reported “bullying at school” between 2003 and 2011.

Percentage of  Massachusetts secondary students reporting that they had been bullied in school.  (source: Massachusetts Youth Risk Survey)

The Center’s on Youth Internet Safety Survey (YISS) did show that cyberbuling rates increased from 6% in 2000 to 9% in 2005 to 11% in 2010, but that is also the period when millions of children started going online. Prior to the advent of online communications, the cyberbullying rate was zero.  ” The increase in online harassment,” wrote  Finkelhor, “is probably best seen simply as growth in the usage of electronic media for all kinds of socialization including its negative forms.”

Facebook CEO Mark Zuckerberg explaining new search feature (Photo: Larry Magid)

As he opened Tuesday’s press conference, Facebook CEO Mark Zuckerberg proudly announced that this was the first product announcement from Facebook’s sprawling new campus in Menlo Park, California. He then wasted no time talking about the company’s new “Graph search” product.  Graph search, which is initially being rolled out to a small test group of Facebook users who apply will enable you to search  your own social graph — content from your friends, friends of friends and things others post publicly – that lets users to dig deeply into Facebook’s vast content of information that users post.

Zuckerberg shows an example of searching for “TV shows my friends like.” (Photo: Larry Magid)

The search feature will help users locate  some of those 240 billion photos from more than a billion Facebook users but, as I discuss later, only those posts and images they already have access to based on the privacy settings associated with each post.

The new service will appear as a search bar at the top of each page. As you start typing in your search query, you immediately start seeing results based on what you’ve already typed. If you were to to type “Restaurants in New York that friends of friends in New York like,” you would get only those eating establishments favored by that group.

You can also use it to find people who share your interests. If I were to visit Seattle with my bicycle  I might very well want to search for “People who like Cycling and live in Seattle, Washington,” which would show me links to pages of people who meet that criteria but only if they have allowed me (depending on how they set privacy for that post) know that they live in Seattle and share my passion for cycling.

Amazing implications

The new service has some pretty amazing implications. It’s like your own personal “big data” source but instead of drawing on a world of information — like Google — you draw on information from your own “social graph.” Facebook also has a deal with Bing that returns web search results if you can’t find results based on your social graph. Of course, like any powerful tool, there are also privacy implications, which is why it’s a good idea to scroll down to review some of the ways you can protect your privacy.

Example people search based on interest and location (Screen shot from Facebook blog)

I asked Mark Zuckerberg whether any content that is not currently discoverable could be unearthed via the new search tool and he gave me an emphatic “no.”  Search will respect the privacy policies you already have in place so if you limit the audience of a post to friends only, than only your friends will be able to find it in search. If you limit it friends of friends than only people in that group will be able to find it. But if you post it as “public,” than anyone can find it via the new search tool. Privacy settings are even more granular. You can limit any post to a subset of friends or even “only me.”

Zuckerberg did point out, however, that hiding content from your timeline does not keep it from being found via search. You could, for example, hide an unflattering photograph of yourself from your timeline but if someone else posted that picture and tagged you in it, it could be found and displayed if people search for photos of you.  To that end, Facebook plans to launch an educational campaign urging users to use the service’s activity log feature to review everything they’ve posted and who can access it. You can also go back and delete a picture or a post or change the audience.  And once you have access to the new search tool, you can also use it to search for pictures of yourself. To unearth those photos that you already hate, you can search for “pictures of me that I’ve hidden from my timeline.”

For specific parental advice on Facebook’s new search feature see A parent’s-eye-view of Facebook new ‘Graph’ search by my ConnectSafely.org co-director, Anne Collier.

Can’t hide through obscurity

What’s important to know about Facebook search and search in general is that obscurity is no longer a way to guarantee privacy. Things that used to be hard to find are now easier to dig up, which is why everyone needs to think about what they post and who they share it with. That’s always been true on Facebook and the Internet in general but as companies like Facebook and Google develop better ways to search, it’s truer than ever because things are now a lot easier to find.

Privacy tools

If you go to your Facebook timeline, you’ll find a link for Activity log, which lists everything that you’ve ever posted on the service as well as every post and picture where you’re tagged.  Now –before search becomes widespread — is a good time to review what you’ve posted to make sure you’re comfortable with it being there, with who it’s share with and with how it’s tagged. You can remove tags and delete or change the audience for anything you’ve posted and using Facbook’s social reporting tool, you can request others to take down images or posts that you find objectionable.

You can click on Activity Log from your timeline to review, delete or change the audience for anything you’ve ever posted.

If you find pictures or posts by others, you can use Facebook’s social reporting tool to request that person take it down and automatically untag yourself.

If your’e tagged in a picture posted by someone else you can remove that tag and request the photo be taken down.

For more on Facebook privacy, select Privacy from the Facebook help menu and — for parents — see A Parents Guide to Facebook from ConnectSafely.org.

Disclosure: I’m co-director of ConnectSafely.org, a non-profit Internet safety organization that receives financial support from Facebook.

In a follow up to a 2011 study, the Federal Trade Commission found that “little or no progress has been made” on disclosure of information gathering since the first report was issued.

Read more on CNET News

by Larry Magid

Several years ago, my site SafeKids.com, developed a Family Contract for Online Safety and every few months I make sure it’s up-to-date.  The idea of a contract, or series of pledges, is to get everyone in the family on board as to what it means to use today’s technologies safely and smartly. This includes understanding privacy, security and maintaining your reputation as well as some basic pointers about making sure you stay safe online.

There are now separate pledges for kids, teens and parents. The teens and kids pledges are different because one size doesn’t fit all. Rules or policies suitable for a 5 year-old don’t apply to 15 year-olds.

Young kids

With very young kids, it’s important to focus on issues like “I will not give out personal information such as my address, telephone number,” etc and it’s also a good idea to remind very young kids to “never send a person my picture or anything else without first checking with my parents” and to “check with my parents before downloading or installing software or doing anything that could possibly hurt our computer or jeopardize my family’s privacy.” Here’s the Kids Contract for Online Safety.

Different for teens

The teen pledge is very different because teens are very different from young kids. It starts out with “I will be respectful to myself and others. I won’t bully and won’t tolerate bullying by others” and concludes with “I will help create a culture of respect and tolerance at my school and among my peers.” ConnectSafely.org has lots of advice for teens and parents of teens, including A Parents Guide to Facebook, that I co-wrote with Anne Collier.

Parents need to agree to not overreact

The parents pledge starts with “I will get to know the services and Web sites my child uses. If  I don’t know how to use them, I’ll get my child to show me how” and includes “I will not overreact if my child tells me about a problem he or she is having on the Internet. Instead, we’ll work together to try to solve the problem and prevent it from happening again.” Parents also pledge to “not to use a PC or the Internet as an electronic babysitter.”

Contracts to accompany technology gifts

A Platform for Good, which is a project of the Family Online Safety Institute, has recently published several online safety cards to company kid’s technology gifts. There are separate cards for tablets, gaming systems, cell phones, and computers.

Conversations matters more than tips, rules and contracts

These contracts and cards are really conversation starters. Sure, you can sign them and post them by your PC or in a prominent place in the house, but the actual text of the contracts is far less important than the conversations you have with your kids. Talk with them frequently about how they are using technology to enhance their lives and ask them to talk with you about privacy and other issues. Considering asking their advice on how you can use the technology better and more safely. Your kids may know a lot more than you think they do and you may be a lot more patient and understanding than they give you credit for. Tips, rules and contracts are useful tools but they are not a substitute for  two-way communication.

Chart shows that younger children are more likely to friend their parents (Source: Facebook)

Researchers at Facebook took a look at friending patterns within families and discovered that teens — especially young teens — are more likely to friend their parents than the other way around.

Facebook found that over 65% of friendships between 13-year-olds and their parents are initiated by the child. But as the child gets older, the curve starts to shift. Only about 40% of parent/child friendships are initiated by the child when the child is in their early to mid-twenties. And I’m using the term “child” here to mean offspring. For some reason the percentage of  child-initiated friend requests start to ramp up, reaching 50%, by the mid-40′s.

Why do children friend parents?

Facebook didn’t ask or speculate why younger children are more likely to friend their parents, but I have a theory. Internet safety experts, including my colleagues and myself at ConnectSafely.org, recommend that parents ask their young teens to friend them and some parents require that as a condition for allowing their child to use Facebook. And, while Facebook requires that the user be at least 13, it is no secret that millions of children lie about their age to get on during their pre-teens and research has shown that in many cases the parent helps their pre-teen sign-up for the service.  It could be that those parents are especially likely to be sure that they’ve been added as friends. For the record, I would like to see Facebook admit children under 13, with additional safeguards.

Nature of family conversations

Facebook also examined who posts on who’s timeline and what they say to each other. It turns out that daughters post on their parents timeline at about the same frequency as parents post on theirs but sons are more likely to receive post from parents than initiate posts.

Daughters more likely to post to parents wall than are sons (Source: Facebook)

Parents are proud and kids are gracious

As I would have expected, parents often post things that show that they are proud of their kids, but it may come as a surprise to learn that kids generally appreciate those post.  Having said that, I urge parents to think carefully and check in with your kids before starting to post on their wall. It’s usually not an issue with adult kids but for teens and pre-teens, too much public parental interaction can be a bit embarrassing. As your children what they prefer and respect their wishes.  Also, consider using Facebook’s custom privacy tools to limit those posts to just them or perhaps them plus other family members.

Lots of love

Check out the graphics below to see typical words posted by children (including adult children) on their parents’ timelines.

Kids are nice to moms on Facebook (Source: Facebook)

Dads get plenty of love from sons and daughters (Source: Facebook)

Disclosure: I’m co-director of ConnectSafely.org, a non-profit Internet safety organization that receives financial support from Facebook.

Amazon has just fired another shot in its battle to convince families to buy its Kindle Fire tablet (starting at $159). The company just announced Kindle FreeTime Unlimited, which it describes as an “all-you-can-eat content service built from the ground up just for kids.” The service requires a Kindle Fire device (it doesn’t work on iPads and Android tablets) and prices start at $2.99 a month per child for families that already subscribe to Amazon’s $79 a year Amazon Prime service (that also includes free 2-day shipping and access to free videos). A family membership is $6.99 a month for Prime members. Non-prime subscribers pay $4.99 per child or $9.99 for a family membership. Owners of the newest Kindle Fire and Kindle Fire HD get one month of FreeTime Unlimited for free

The new service is aimed at children from 3 to 8.

Kids will be able to watch videos, play games, use apps and read books from content partners including Andrews McMeel Publishing, Chronicle Books, DC Comics, Disney, HIT Entertainment, Houghton Mifflin Harcourt, Marvel, Nickelodeon, PBS, Rainbow and Sesame Workshop.

Amazon said that children wil be able to explore content on their own and “pick for themselves what to read, watch or play next.” Characters will include Elmo, Dora, Thomas & Friends, Cinderella, Buzz Lightyear, Lightning McQueen and Curious George.

Amazon has disabled any in-app purchases so parents don’t have to worry about their kids running up a bill.

Amazon said that it’s working with Common Sense Media, a non-profit organization that provides independent ratings of books, movies, television, apps, games, websites, and music.