Guarding against hacker attacks

Screen Shot 2013-09-02 at 10.36.14 AMThe recent hacker attacks against The New York Times and Twitter are a reminder that the Internet has become a battleground for global conflict with businesses and consumers as collateral damage. It doesn’t matter whether the “Syrian Electronic Army,” which took credit for the attacks, has anything against those organizations. If its goal is to have maximum impact and get lots of attention, than going after a major media company or a highly popular social networking platform is certainly an effective tactic.

No one died in these attacks and, for the most part, there is little risk of loss of life from hack attacks as long as they’re are aimed at websites or social networks. But the millions of people who depend on those services for news, information or, in some cases, their livelihoods were impacted. And it brings up worries about possible cyberattacks on our physical infrastructure, such as power or water treatment plants, hospitals, transportation systems and emergency services as well as possible disruption of banking and financial services. Security researchers have even demonstrated how it’s possible for attackers to break into home security systems or — worse — attack implanted medical devices such as pacemakers and insulin pumps, so its not out of the realm of possibility for cyberattacks to be deadly.

Shrinking world

It also reminds us about how our world continues to shrink. Like anyone who keeps up with the news, I’m of course aware of the fighting in Syria. But Damascus is nearly 7,400 miles from where I live, and as concerned as I am about the tragic loss of life in that country, the chemical weapons, bullets and bombs in Syria don’t affect me directly. Yet, the inability to access The New York Times or Twitter — however inconsequential as that might be compared to the loss of life and property suffered by people in Syria — is still something that impacts us directly. And that’s precisely why a party to that conflict might want to go after these highly visible targets that are used by millions of people around the world.

The motivation for going after The New York Times is pretty obvious. It’s not only a very popular website, but also a symbolic target as “the paper of record” here in the United States. An attack on that or any other major news outlet is certain to be noticed not only by those who can’t access that site, but by other news organizations as well as policymakers.

Twitter is not only popular, but has become an important breaking news source for millions of people and an essential megaphone for politicians, governments, influential pundits, businesses and news organizations. In some ways, it’s like those old Associated Press and United Press International terminals in newsrooms where bells would go off when a major story broke. But instead of just reaching journalists, Twitter reaches millions of people directly and instantaneously.

When AP’s Twitter account was hacked in April with a fake report on President Barack Obama being injured in explosions at the White House, the reaction was swift and profound, including an immediate 100 point drop in the Dow Jones industrial average, which quickly recovered after it was revealed to be a hack and a hoax. No one was physically harmed by that attack, but for people and institutions that sold stocks on the news and bought them back later at a higher price, the financial damage was real.

The day after the Times was attacked, a friend who works for one of the major Internet security companies said that the attack on news organizations reminded her of the early days of her industry, when computer security companies like McAfee, Symantec and Trend Micro were mostly combating computer viruses designed to disrupt and get attention. Today, she reminded me, most online attacks are financial crimes designed to steal people’s money or identity. To be most effective, those attacks are stealthy and quiet to attract as little attention as possible. The attacks on the news organizations and Twitter were just the opposite.

The take-away from all this is that media companies, social networking services and everyone else need to do all they can to shore up security.

I’m sure that the IT staff at The New York Times and other large site operators are huddling to figure out what they can do to prevent future attacks and I know that Twitter has recently beefed up its security by offering users the choice of employing two-factor authentication that makes it a lot harder for unauthorized people to sign-in to their accounts.

What you can do

The rest of us can do our part by making sure our passwords are secure and by being careful about falling for phishing attacks and other schemes to trick us into revealing our login credentials and personal information. None of that will eliminate risk, which is part of every aspect of life. But, like wearing seat belts and driving carefully, exercising caution with our use of technology will reduce chances of something bad happening.

This post adapted from Larry’s San Jose Mercury News column

Posted in Security\ | Comments Off

Choosing the right anti-bullying program

Guest post by
Hemanshu Nigam

Opinions expressed in guest posts are those of the author and not necessarily

Hemanshu Nigam (Photo Credit:

Hemanshu Nigam (Photo Credit:

With millions of students returning to schools across the country over the coming weeks, dedicated educators and concerned parents must work together to find a solution to bullying in order to establish safe learning environments for all students.

According to the 2011 nationwide youth risk behavior survey conducted by the Centers for Disease Control and Prevention, 20 percent of high school students reported being bullied on school property over the course of one 12-month period. Sadly, the presence of a school-based bullying prevention program is not enough to protect the nation’s students. With the research examining anti-bullying programs showing mixed results, discerning parents and schools must continue to work in unison to face growing concerns about digital and school-based bullying. By comparing the characteristics of effective and ineffective programs, anti-bullying advocates may take the first step in conquering an age-old problem prospering in U.S. schools.

Characteristics of ineffective bullying prevention programs:

    • School systems that designate harassment and relentless teasing as “normal” childhood behavior foster a climate where negative peer relationships thrive. Ineffective programs leave room for interpretation when it comes to “girls being girls” and “boys being boys.”
    • One of the most dangerous deficiencies in current anti-bullying practice places the responsibility on victims to advocate for their needs and stand up for themselves against bullies. By encouraging victims to talk back to bullies, educators, and even parents, indirectly assign blame to victims, as though deficits in their own social prowess cause bullying. In addition, this type of focus may actually place victims in harm’s way.
    • Ineffective bullying prevention programs only focus on case-by-case incidents of bullying. In order to address the reasons behind bullying, schools must create a school culture based on acceptance and tolerance. In addition, many bullying incidents will not be observed by school staff. A scary prospect, but the inability to “be everywhere” and “see everything” limits options for intervening in all bullying situations.
    • Educators must stand firm and remain consistent when it comes to anti-bullying policies. When an entire staff, facility managers, secretaries and para-professionals included, fail to unite against school bullying, students find acceptable places to harm other students physically and emotionally.

Characteristics of effective bullying prevention programs:

    • Effective anti-bullying programs target the entire school climate rather than just specific peer interactions. These programs not only work to teach students how to communicate appropriately and demonstrate positive social leadership, they redesign school hallways and classrooms to create materials and spaces focused on community and acceptance. Programs such as Steps to Respect, as well as the less bully-specific Positive Behavioral Interventions and Supports (PBIS), are designed to attack school climates where individuals are victimized and negative behavior flourishes.
    • An effective program employs supports and strategies at each level within the building — from individual students and classrooms to anti-bullying teams that combine educators and students. Olweus, one of the most trusted school-based bully prevention programs, addresses bullying systemically by focusing on school, classroom, individual and community level components.

One of the most important, and often underrepresented, pieces of the anti-bullying puzzle focuses on school and home partnerships. Eliminating bullying requires parents and educators to remain firm on negative peer interactions, and more communication must occur to include parents in school planning and responses to bullying events.

No one-size-fits-all approach exists to bullying prevention. What is clear, however, is that schools must do more to foster an environment of tolerance and respect for children. Analyzing existing supports and addressing challenges with up-to-date strategies represents just one phase of the long and difficult battle for the safety of the nation’s students.

For more information on the devastating impacts of digital harassment, see also Textual Harassment Another Form of Bullying

 Hemanshu (Hemu) Nigam is the founder of SSP Blue, the leading advisory firm for online safety, security, and privacy challenges facing corporations and governments. A veteran of online security, he brings over 20 years of experience in private industry, government, and law enforcement. From 2006 to 2010, Hemu was Chief Security Officer for News Corporation’s numerous online properties, responsible for protecting the personal information of over 200 million users around the world


Posted in Bullying | Comments Off

Kids engaging in ‘distracted walking’

Source: Safe Kids Worldwide

Source: Safe Kids Worldwide

You’ve heard about distracted driving but what about distracted walking?  Research from SafeKids Worldwide* found that one in five high school students and one in eight middle schoolers were crossing the street while talking or texting on a cell phone. The study also found that 39% of teens were wearing headphones while crossing the street and that girls were 1.2 times more likely than boys to be distracted while walking.

Teens are especially vulnerable.  The organization said that more than half (51%) of pedestrian fatalities occur in teens ages 15-19.

Source: Safe Kids Worldwide

Source: Safe Kids Worldwide

Safe Kids Worldwide recommends that parents talk with their kids, especially teens, about the danger of distraction and the “importance of putting devices down when crossing the street.” They say you should start the discussion as soon as your kid first gets a device and that they should be aware of others who might be distracted and speak up.  And, as with all safety advice, “set a good example.” Don’t let your kids see you using your devices while you should be paying attention. And for that matter, don’t walk or drive distracted even if your kids aren’t watching.

*Safe Kids Worldwide, who’s web address is, is not affiliated with my website,


Posted in Child safety | Comments Off

‘The Kids Are (mostly) All Right’ when it comes to privacy and bullying

Screen Shot 2013-08-23 at 10.27.36 PM

“Telephone Hour” from Bye Bye Birdie, circa 1963

The question of “what’s the matter with kids today?” has  probably been with us for millenniums, but it was certainly the top of mind in 1963 when the lyrics for the song “Kids” from the movie “Bye Bye Birdie” asked that question and concluded, “why can’t they be like we were, perfect in every way?”

That movie also featured another song, called “Telephone Hour,” that depicted teens gossiping about each other’s love lives, including at least a couple of minor digs that some might consider to be an early form of cyberbullying.

If the movie were shot today, “Telephone Hour” would likely be replaced with a song that showed kids texting and using Facebook and smartphone apps, including Instagram, Snapchat and maybe, where kids can ask questions that sometimes elicit mean answers. But the theme wouldn’t change. Adults would still be worrying about today’s generation of youth.

Well, to invoke the title of a much more recent movie, I for the most part think that “The Kids Are All Right.”

Listen to Larry’s 1-minute CBS News segment with a little music from Bye Bye Birdie

I’m basing this conclusion on results of a number of surveys, including a recent one on teens and privacy from the Pew Research Center and Harvard’s Berkman Center, as well as a paper published earlier this year by David Finkelhor of the Crimes Against Children Research Center.

Privacy survey

Over the past couple of weeks, Pew and Berkman have released the results of a survey that found that 70 percent of teens have reached out for advice on how to manage their online privacy. And this may come as a surprise — they are almost as likely to turn to a parent for advice (41 percent) as to a friend or peer (42 percent).

The survey also found that most teens know a thing or two about privacy and that many “draw on their own wits, observations and knowledge to manage their privacy online and on social media,” by experimenting with menus and settings on social networking sites and apps.

“Of teens who use Facebook, 60 percent say their profile is private, 25 percent say its partially private and 14 percent say its public. The rest ‘don’t know.’ So 85 percent of teens have a private or partly private profile,” said the study’s co-author Amanda Lenhart.

The survey found that 82 percent of U.S. teens have a mobile phone and/or a tablet and that 71 percent of these teens have downloaded an app. More than half of them (51 percent) have avoided certain apps due to privacy concerns, while 26 percent of those teens have uninstalled an app “because they found out it was collecting personal information that they didn’t wish to share.”

Bullying and cyberbullying

And what about bullying and cyberbullying? I keep seeing articles about an “epidemic” of bullying and cyberbullying as if the numbers have skyrocketed. But as Finkelhor pointed out in his paper, physical bullying and “peer victimization” actually declined over the past several years.

A youth risk survey conducted in Massachusetts showed a 22 percent decline in bullying on school property between 2003 and 2011. Nationally, school-related violent victimizations among 12 to 18-year-olds declined by 74 percent between 1992 and 2010

Cyberbullying or, being “harassed online,” did go up from 6 percent of online teens in 2000 to 11 percent in 2010, but that’s still far below many estimates I’ve seen and far from epidemic proportions. According to Finkelhor, “the increase in online harassment is probably best seen simply as growth in the usage of electronic media for all kinds of socialization including its negative forms.” In other words, kids are spending a lot more time online and increased social interaction brings about more opportunity for negative interactions.

Just how many kids cyberbullied others or have been cyberbullied depends on your definition of the term. In their paper, “Cyberbullying myths and realities,” authors Russell A. Sabella, Justin W. Patchin and Sameer Hinduja point out that “some researchers use very broad definitions of the problem that include every possible experience with any form of online aggression. Others focus only on specific types of harm, such as humiliation or threats to one’s physical safety.”

Their paper points out that, depending on the study, the number of youths who admit to having cyberbullied others ranges from about 4 percent to 20 percent. But even if you take the high-end of that range, that means that 80 percent of kids haven’t cyberbullied others. That’s important to keep in mind and it’s important for adults to not perpetuate the myth that bullying and cyberbullying are common and therefore “normal,” because what’s normal is often thought of as being OK and it’s important to remind young people that bullying is neither normal nor OK.

So, going back to that “Bye Bye Birdie” song, it’s fair to say that today’s young people are not “perfect in every way.” But based on recent studies, the majority of them treat each other reasonably well and seem to be a bit more privacy conscious than some adults give them credit for.

Disclosure: Larry Magid is co-director of, a nonprofit Internet safety organization that receives funding from Facebook

Posted in Bullying, Child safety | Comments Off

How LinkedIn Plans to Protect Privacy Of Teens On Its Service

LinkedIn's safety center now has advice for families

LinkedIn’s safety center now has advice for families

LinkedIn, the professional network with about 238 million members will soon welcome teens, 14 and up.  Until now, the service was only open to people 18 and older. The company is launching what it’s calling University Pages. About 200 universities have already signed-up, according to a LinkedIn blog post, including New York University, University of California San Diego, Fundação Getúlio Vargas, University of Michigan, Villanova,Rochester Institute of Technology and University of Illinois.

Why it makes sense

If you think about it, teens are engaged in careers too — the business of preparing for the rest of their lives. Many are college-bound and can benefit from the same type of networking as adult professionals. They need to learn about prospective schools not just from the college admissions offices but from alumni, current students at the school and other high-school students struggling with some of their same issues. And, like the rest of us, they need to do everything they can to enhance and promote their professional skills which, for high school students, involves putting together their own resume of sorts, including documenting not only their academic prowess but their life achievements.

Not just for college-bound

Although LinkedIn is emphasizing its college and university partnerships, the service is open to all teens, including those who plan to pursue other options including the workforce and the military. Networking isn’t just for college-bound or college educated folks. There are plenty of other opportunities for young people outside of formal education.

Privacy and safety

But adding teens to the mix also means that LinkedIn staff needed to think about some of the same issues that other social networks grapple with including how to protect teens privacy, how to protect them from being bothered or harassed by others and how to make sure the teens use the service safely and respectfully.

“For us it was learning more about how teens operate on social networks in understanding what others before us have encountered to insure a safe environment for teens on LinkedIn,: said Sara Harrington A privacy page — the company’s senior legal director for Intellectual property.

As a disclosure and to bring home this point, several months ago LinkedIn contacted, the non-profit Internet safety organization where I serve as co-director to get our advice on how to help assure that teens have a safe and positive experience. LinkedIn also made a financial contribution to ConnectSafely (other major supporters include Facebook, Google, Trend Micro and Yahoo).  Based on the advice from us, other experts and their own staff, LinkedIn is launching the service with special privacy protection for teens as well as a Safety Center that now includes a Family Center with advice for teens, parents, educators and law enforcement.

Privacy settings for teens are different than for adults:

  • Teens’ birth year will be hidden. After they turn 18, they will be given the  option to display that information.
  • Teens’ profiles will automatically be prevented from  appearing in public search engines such as Google and Bing.
  • Teens’ Profile photo will only be visible only to their “1st-degree” connections (people they connect with directly).
  • Teens’ professional headline won’t be shown, to protect their privacy in search results.
  • Teens’ profile will default to first name, last name initial, and general region, instead of their full name and city for all languages using Latin script — e.g., English, French, Dutch, etc.)
  • Teens will not receive promotional or informational “InMail messages” from LinkedIn’s marketing and hiring partners.
  • Teens; data will not be shared with 3rd-party applications, even if they :choose to install 3rd-party applications.
  • Teens won’t see ads from LinkedIn when looking at other websites.
  • LinkedIn says that it won’t collect information about teens when they are looking at other websites that partner with LinkedIn.

As with all privacy policies, the devil is in the details and we’ll see how well the company adheres to its promises. Also, regardless of what the company tries to do, there is always the risk that people will misuse its service either by harming others or by harming or embarrassing themselves.  Parents are advised to talk with their kids about how they plan to use LinkedIn and check-in with kids on a regular basis.

Different set of norms

And, in case it isn’t already obvious, teens on LinkedIn need to remember that this is a professional network, which means it has a different set of norms and expectations than social networks. Based on what I see from my own activity on LinkedIn, it appears that most adults understand that. My guess is that the vast majority of teens on LinkedIn will too.

Posted in Child safety | Comments Off

A much-needed national debate about privacy is now underway

This post is adapted from one that appeared in the San Jose Mercury News
This post is adapted from one that appeared in the San Jose Mercury News

It’s been quite a couple of weeks for the national debate on privacy. 

At a press conference earlier this month, President Barack Obama implied that he’ll back the development of technologies to help people protect themselves from the very government he currently heads. But that same week, two secure email systems were shut down by their owners, reportedly because of concern about government snooping. Meanwhile, Google filed a court motion asserting that people have “no legitimate expectation of privacy” when voluntarily turning information over to a third party like Google’s Gmail service.

President Obama said that “As technology develops further, technology itself may provide us some additional safeguards.” He added that “maybe we can embed technologies in there that prevent the snooping, regardless of what government wants to do.”

Yet despite the president’s call for future technologies to protect our privacy, two existing products that do just that were shut down because of potential government snooping. Without providing details, the CEO of Lavabit wrote on his blog, “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly 10 years of hard work by shutting down.”

And the owners of another encrypted email service, Silent Mail, apparently shut down their service to avoid having to turn over communications to government agencies. “We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now,” they blogged. “We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.”

Obama’s contradictions

It seems odd to me that just as President Obama promises some “future” fix, the people who are running companies providing a current fix feel that they can’t fully assure that their customers’ privacy is protected from the very government who’s leader is trying to reassure us that the government isn’t snooping on everyone and that he’s in favor of tools to protect us against our own government.

The other irony is that the only reason Obama was addressing the issue and calling for a review of secret surveillance programs is because National Security Agency leaker Edward Snowden forced his hand by revealing details about the way the government can track phone calls and electronic messages. Yet Snowden remains a wanted fugitive in Russia.

When asked by a reporter, Obama said, “I don’t think Mr. Snowden was a patriot.” He added that Snowden is charged with three felonies and that “If in fact he believes that what he did was right, then, like every American citizen, he can come here, appear before the court with a lawyer and make his case.”

While I don’t expect Obama to be issuing Snowden any medals, or even dropping all the charges against him, I do wish there was a way Snowden could return to the United States without fear of having to spend the rest of his life in prison. Whatever one thinks of Snowden, one thing is clear: He jump-started an important national conversation that forced the most powerful man in the world to admit that we need to reconsider the way we gather intelligence.

Which brings me back to Google’s admission that you can’t expect privacy from its email service.

One reason a lot of people use Gmail is because it archives their mail, potentially forever. By giving users a lot of free storage space (and charging a modest fee for those of us who go over that allotment), Google is encouraging people to hang on to their mail rather than delete it. The advantage is that your email — which is part of the transcript of your life — is available for you to review any time in the future.

I often refer to my Gmail archives if I’m trying to recall a conversation I had months or even years ago, or if I need to find an old airline receipt when I’m doing my taxes. But as long as your email is on Google’s servers — or Yahoo’s or Microsoft’s or anyone else’s — it’s accessible to anyone able to gain access, whether by legal means or by hacking.

Not only do we have to worry about the current government, but we also have to worry about unknown future regimes. I’m old enough to remember the massive surveillance efforts in the 1960s by FBI director J. Edgar Hoover. And I remember my parents’ friends talking about the wholesale invasion of privacy resulting from U.S. Sen. Joseph McCarthy’s witch-hunts into the lives of entertainers, government workers and others accused of being Communists or Communist Party sympathizers, if only by association.

Today, in a world where everything is stored on servers — including the names of your Facebook friends — I worry about some future McCarthy questioning people’s patriotism just because they may have once had a suspicious Facebook friend or Gmail conversation or had conducted a questionable search. This is, indeed, a very important conversation.


This post is adapted from one that appeared in the San Jose Mercury News

Posted in Child safety, privacy | Comments Off

Bullying and suicide: Let’s not jump to conclusions

Guest post by
Justin W. Patchin

Dr. Justin W. Patchin, Co-Director of the Cyberbullying Research Center

Dr. Justin W. Patchin, Co-Director of the Cyberbullying Research Center

Many are now familiar with the tragic case of Hannah Smith, the 14-year-old from Leicestershire, England, who hanged herself on August 2nd after reportedly being harassed online for months. Cruel messages received principally on the social media site are being cited by her father and others as a primary cause of the suicide, though rarely is it that simple. Even though our research has shown that experience with bullying (whether online or off, and whether as a target or perpetrator) is associated with an elevated risk of depression and suicidal thoughts, this is far from proving that bullying causes suicide.

Peer harassment is just one of many factors that contribute to increased risk of suicide. As we concluded in our paper “…it is unlikely that experience with cyberbullying by itself leads to youth suicide. Rather, it tends to exacerbate instability and hopelessness in the minds of adolescents already struggling with stressful life circumstances.”  After her death, Hannah’s father found a note that read: “As I sit here day by day I wonder if it’s going to get better. I want to die, I want to be free. I can’t live like this any more. I’m not happy.” Hopeless indeed.

The tragedy has taken an even darker turn as there is now emerging evidence that the hurtful messages sent to Hannah may have actually been sent by Hannah herself. Upon investigating the suicide, officials noted that 98% of the messages sent to Hannah came from the same IP address as the computer she was using.

While the investigation is ongoing and there is so much that we still don’t know about what led to Hannah’s death, it is worth noting that “self-cyberbullying” is not a new phenomenon. danah boyd, social media guru (and new mom!), wrote about “digital self-harm” back in 2010, focusing on behaviors observed on the now defunct, a social media site that operated a lot like (with the public answering of questions sometimes posed by anonymous people). “There are teens out there who are self-harassing by ‘anonymously’ writing mean questions to themselves and then publicly answering them,” danah wrote. And last year, Massachusetts Aggression Reduction Center researcher and Psychology professor Elizabeth Englander found that up to 10% of college freshmen admitted that they had “falsely posted a cruel remark against themselves, or cyberbullied themselves, during high school.”

Those who harm themselves physically (usually by cutting, carving, or burning) are hurting and desperately searching for relief from some perceived insurmountable shortcoming. It is often a coping mechanism to distract from pain in other areas of their lives. They feel as though they have no other options and resort to a last ditch effort to bring some sense of normalcy or routine to their life. If left to fester, self-harm can eventually result in the ultimate harm to oneself—suicide—though usually the two behaviors are distinct.

And even though some might assume that those who choose digital forms of self-harm are at a reduced risk of physical self-harm or suicide (suggesting perhaps that these youth don’t actually really want to hurt themselves), Hannah’s case certainly casts doubt on that hypothesis. Desperation and despair can lead people to do things that may seem completely irrational to the rest of us.  But to them, it appears to be their only option.

To be sure, much more work needs to be done to explore this hidden side of cyberbullying. We don’t know how much self-cyberbullying is really going on and whether the causes are comparable to other forms of self-harm. As danah aptly points out, however, irrespective of who the perpetrator is, targets of cyberbullying need help. “Teens who are the victims of bullying – whether by a stranger, a peer, or themselves – are often in need of support, love, validation, and, most of all, healthy attention.” If you would like help with thoughts of suicide, please contact the Suicide Prevention Hotline at: 1-800-273-TALK. In the U.K. you can call The Samaritans at 08457 90 90 90.

Dr. Justin Patchin is a Co-director of the Cyberbullying Research Center and Professor of Criminal Justice in the Department of Political Science at the University of Wisconsin-Eau Claire. 

Additional resources for youth in crisis from

Posted in Blogroll, Bullying, Child safety, Teens Safety | Tagged , , | Comments Off

Survey Finds Teens Know And Care About Online Privacy

pewContrary to popular mythology, a survey from the Pew Research Center and Harvard’s Berkman Center found that “American teenagers ages 12 to 17 care about their privacy.”

The study, Where Teens Seek Online Privacy Advice, involved a representative sample of 802 teens and 802 parents of teens as well as focus groups involving 156 teens.

About control

Even though young people do tend to share a lot online, “they also take steps to manage what can be seen and who can access it,” according to the report. In other words, it’s about control.

The study also found that 70% of teens have reached out for advice on how to manage their online privacy and, perhaps to the surprise of some adults,  parents and peers are about equal when it comes to who they’re likely to reach out to for help.

  • 42% have asked a friend or peer for advice on managing their privacy online
  • 41% have asked a parent
  • 37% have asked a sibling or cousin
  • 13% have gone to a website for advice
  • 9% have asked a teacher
  • 3% have gone to some other person or resource

Yet, in focus groups, the researchers found that many teens “draw on their own wits, observations and knowledge to manage their privacy online and on social media.” They figure out the settings on their own by looking through menus and settings on social networking services and apps.

Private Facebook profiles

Most teens not only know how to use Facebook privacy settings, but configure their profiles as either fully or partially private.  Of those who have sought out advice on privacy, 61% post to friends only while 24% are “partially private.” And even those who don’t get privacy advice from others are mostly careful about what they share with the world with 56% sharing to friends only and 24% partially private.

fb stats

Differences by age and gender

As one might hope and expect, younger teens (12-13) are more likely to seek privacy advice than older teens but the difference isn’t dramatic with 77% of young teens having sought advice vs. 67% of older teens.  And, again as  you might expect, younger teens are more likely to seek advice from parents (58% vs. 33%) compared to older teens. Girls (77%) are slightly more likely to ask for advice than boys (66%).


The study’s focus groups f0und that teens indicate a “high level of self-reliance” when it comes to managing their privacy settings. One 13 year old boy said “The [privacy settings] are straightforward. And I think they [Facebook] change them a lot. And they sort of reset or something. So you just have to constantly, you know, update  them.”  As the co-author of  A Parents Guide to Facebook, which we’ve revised several times over the last few years, I can testify that he is absolutely correct (and yes, our guide is a bit out of date)

And, whether it’s true or not, some teens seem to feel that parents and teachers are a bit clueless when it comes to technology and the Internet. “Parents, they don’t know how computers work, said one 16 year-old. “ My dad does, but he doesn’t know how the Internet works…. And teachers, not really. I remember in my old school… We’d  had a couple classes about Internet safety, but that was about it. I haven’t asked teachers specific questions about it.”

What this all means

To me, the survey is partially reassuring because it shows that teens do perceive themselves to be in control when it comes to their own privacy.  They feel that they understand how to set privacy controls and they have a sense that they know how to manage who gets access to their information.

Having said that, I think it’s important to point out that there are aspects to privacy that teens may not be fully aware of that weren’t addressed in this survey including third party tracking cookies and the role of advertising networks as well as how apps and social networks are collecting data from users including (in some cases) location data as well as friends and contacts.

Of course that’s probably true of adults as well.

Disclosure:  receives financial support from Facebook and other Internet companies.

Posted in Child safety, privacy | Tagged | Comments Off

Ways to help reduce the chances of being spied on by the NSA or anyone else

President Obama addresses government snooping during White House press conference (Credit: White House YouTube feed)

President Obama addresses government snooping during White House press conference (Credit: White House YouTube feed)

We live in a world where people rightfully worry about whether their electronic communications are being tracked by the government, by companies or by criminals.  Recent revelations by NSA whistleblower Edward Snowden have certainly demonstrated that the government has the capability of knowing who you’re calling and how long you’re speaking.  Other leaks indicate the possibility of government spying on email and social network activity.  And, of course, there is also widespread tracking of our web activity by marketing companies to help them better target advertising based on who you are and what you’re interested in.

Tools you can use

At his press conference last Friday, President Obama suggested that there could be future technologies to protect people against government snooping, but there are some technologies in place now that can help. “As technology develops further,” he said, “technology itself may provide us some additional safeguards.” He suggested that “maybe we can embed technologies in there that prevent the snooping regardless of what government wants to do. I mean, there may be some technological fixes that provide another layer of assurance.”

While it may not be possible to completely eliminate any potential snooping (other than abandoning technology completely), there are things you can do to minimize the chances of anyone — in or outside government — from knowing what you’re up to.

Tor enables anonymous communications

Tor enables anonymous communications

One tool is Tor, a free service that is described as “virtual tunnels that allows people and groups to improve their privacy and security on the Internet” by providing “the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy.”

Tor makes it possible to avoid being tracked by web sites use and to use email, chat and other services anonymously.  It also allows users to access services that may be blocked by their Internet service provider (in some countries by government order).

A new iPhone, Android, Windows and Blackberry app called Seecrypt“allows you to make and receive unlimited, secure voice calls and text messages between Seecrypt Mobile-enabled devices, anywhere in the world.”

Most web browsers have a private or “incognito” mode that assures that your browsing session isn’t recorded on your own computer, though they can’t guarantee against the government accessing data about you stored on online servers. There are also browser extensions such as Abine’s Do Not TrackAVG’s Do Not Track and Ghostery that can help prevent tracking.

When it comes to online chatting  Timothy Lee blogged for the Washington Post blog, about a “chat extension called OTR – for “off the record”- (that) offers ‘end-to-end’ encryption” that can prevent eaves dropping.”

Lee also recommends ways to protect phone calls including Silent Circle  that “is believed to be impervious to wiretapping, even by the NSA,” or a secure Android app called RedPhone that says it “provides end-to-end encryption for your calls, securing your conversations so that nobody can listen in.”

Secret services shutting down

Some of the services that allow for secure communications have shut down recently, reportedly because of government pressure. On August 9th, Silent Circle shut down its secure email service, according to a company blog post and a few days before that Lavabit, a secure email system reportedly used by Snowden shut down. Lavabit’s owner Ladar Levison blogged, “ I wish that I could legally share with you the events that led to my decision.” He told Forbes’ Kashmir Hill,  that he’s taking a break from email, adding “If you knew what I know about email, you might not use it either.”

This post first appeared on

Posted in Child safety | Comments Off

Two factor authentication is a trade-off between security and convenience

This post is adapted from one that appeared in the San Jose Mercury News

There is often a trade-off between security and convenience. For example, many houses have two locks — a regular door lock and a bolt lock. If you use both of them you have a bit of extra security but it will take you slightly longer to enter your house.

The same is true with the locks that protect our online accounts. It would be really easy to access our Twitter, Facebook, Gmail and even our online bank accounts with a simple password like “password,” but that would be practically like leaving your front door unlocked. On the other hand, there are lots of ways to make it more secure, but those methods typically come with varying degrees of inconvenience.

In May, Twitter started offering users an optional way to make it harder for intruders to break into their account but it also makes it a bit harder for you to sign-on. It’s called “two-factor” authentication and — initially — was similar to methods used by Facebook and Google.

Two-factor authentication is a bit like an ATM card — you have a physical card and a secret personal identification number (PIN). Used together, they let you take money out of your bank account. Without the card, the PIN is useless and vice versa.

Better have a working cell phone handy

There are a variety of ways to implement two-factor authentication but the ones used by Twitter, Google and Facebook all require that you have your mobile phone handy and it better be working and in range. The system introduced by Twitter in May sends you a text message with a special one-time-only code when you try to log on.

That process not only adds an extra — and possibly time consuming — step when you log on, but requires you have your phone with you and that the battery is not dead.

Google’s optional two-factor authentication also sends you a text message but you can configure it to ask for the code only if you’re logging on from different machine than you usually use. If your phone is unavailable or not working, another option is to use a long and complicated backup code that you’re almost certain not to remember.

Facebook calls its system “Login Approvals.” It, too, requires you have your phone with you if you’re using a different machine or browser than usual, and it, too, has an optional (10 digit) backup code to use if you’re phone isn’t available.

Twitter simplifies two factor authentication but it still requires working phone

Twitter simplifies two factor authentication but it  requires a working smartphone

Twitter makes it somewhat easier

Twitter last week introduced a new version of its smartphone app designed to make two-factor authentication a bit easier. It now uses “push messaging and in-application approvals,” so you no longer need to provide a phone number or rely on a text message. Once you activate it, every time you try to log on to Twitter you get a message saying “we’ve sent a login verification request to your phone.” You then have to launch the Twitter app on your phone and click on a relatively obscure message. Like the text message solution, it requires your phone to be in reach, charged-up and in-range.

When I turned on the new settings, I didn’t have any trouble getting into my account. But Los Angeles Times reporter Paresh Dave experienced a flaw in the system that caused him to write, “Twitter effectively locked me out.” A Twitter spokesperson told me on Wednesday that that was a bug their engineers were working to fix.

While the new Twitter system may be a bit easier to use than the older text message method (which is still available), it remains a bit of a hassle. The biggest problem, of course, is if your phone isn’t working. That backup code solution that Twitter, Facebook and Google use will get you in but only if you can remember it or find it. It’s unlikely most people will remember that random string of digits, so if you ever do find yourself with a dead or missing phone, you had better have that code handy. One solution, I suppose, is to write it on a piece of paper and keep it in your wallet, but that brings up yet another security issue if your wallet was ever lost or stolen. If you go that route, don’t write the name of the service next to the code.

Another option is to contact Twitter’s support team, which, according to a Twitter spokesperson, has ways to authenticate you and get you back in. But it’s not going to happen instantaneously.

As problematic as these phone solutions are, they’re easier and cheaper than many other forms of authentication, such as having to carry around a separate device that generates a random key every time you log in. Biometric methods, such as retinal scans, finger print readers or even face or voice recognition have their strengths and weaknesses as well.

More work needed

I applaud these companies for finding ways to improve security, but I sure hope they keep working to find better and less obtrusive ways to let us — and only us — into our accounts without having to make us jump through too many hoops.


Posted in Child safety | Comments Off