Skip to content →

Security & Privacy on Personal Mashups

It is not new that there is an explosion of services around the web that can play a role in a user-based mashup. I won't count them all, because this will change after this note has been written. If you don't know what I'm talking about, just have a look to the Services connected by ShareThis or Ping.fm.

Many of these services will raise their own privacy questions/concerns. But, anyway, your questions may fall into these two categories:

  1. How this Service Provider will manage my data.
  2. Which are the Risks I'm facing on my use (publishing/sharing/…) of this service.

The Service Provider

Here you will have to remember that even though a Service doesn't cost money, it doesn't mean that it is free. The trade might be your data, and here we need to recall that “data” is not only the object of the Service, but also the hole context.

For example, in an e-mail service: the object is the Message and the context your Address Book, your Relationships Network taken from your conversations, the Time-Line, your Connection Calendar, your Activity Rate, Frequency, your Read Habits, Focus and Interests, etc.

If the Service Provider is one of the Big Players/Leaders and has a wider position on different services that we consume, this context is potentially richer and powerful. On such scenarios, cross-context analysis is technically possible, not only on your individual dimension, but also on a social one.

We also should remember that any Service Provider can change its Policies, Terms and Conditions or be acquired by someone else. Stay tuned and take care of your interests.

It is also important to note that your Service Provider may reside on a foreign State or Country. This means two things: that your local regulations may not be applicable and that if you run into troubles you will have to deal with an international legal context.

Last but not least, you might face the need to ask your Service Provider to delete all your data. In such a situation, you need to remember that:

  1. as said before, your local regulations may not be applicable and you may have to deal with an international legal context.
  2. even in the case of a successful request, you need to face the fact that your data has been legally copied by other Users or Third Party Services: feed aggregators, search engines, other Social Media Services, etc. As you may think, getting rid of these copies it is very difficult and, sometimes, impossible in practice.

If you agree with this context, it's fine. We run into risks every day in order to live our lives. The only point here is to have real consciousness and awareness of  what we do. Just because is cute, cool, funny and free we can be tempted to forget about the real price and the associated issues. “Free” is a very strong and powerful word.

Our own Activity

Social Networking is powerful and shows up great potential and opportunities. But used incorrectly might harm your future position. This is a hole chapter that pretty much depends on each particular Service. Anyway, certain general rules might help:

  • Once is written is out of your control, so think it twice before submitting something.
  • Once is submitted it might be there for ages, so think it twice before submitting something.
  • Politeness and respectful attitudes always are helpful.
  • Low activity profile might be advisable. Social Networks are a good Contact and Relation tools, but social activity is not only the one that you hold, publicly or not, on Social Media. Real Life also exists.

Considering the activity maintained by children and teenagers is specially delicate. I'm not an expert on this field, and of course, I can be wrong. My current intuitions tell me that, over all, more important than fear it is to consider this Social Media world like any other aspect in live: parental control, education in responsibility, in values and a little bit of common sense.

In any case, this is, obviously, something we all have to care of. In fact, looking at the peace of changes, education might be the best way to handle unknown situations that we all will face for sure.

What else?

Unfortunately, there is much more on this game. As I said before, there is an explosion of these services around the web. For each of these services, the issues commented before apply and you will have to put your attention on the interaction between them.

In fact, once you enter this amazing world, sooner or later you will feel the need to connect them in any way creating your “Personal Mashup”.

To me, it  is particularly frightening when you start sharing your Identity to connect them all. Whenever you introduce your User name and Password you are Delegating and Trusting your Identity details to a Third Party that lives in The Cloud 24 hours a day. The risks one face here are potentially huge: ¿What if your Identity get's stolen or misused?

In my opinion, a Federated Identity should be the core of any Personal Mashup: OpenID, Windows Live ID, Google Account, OAuth, Windows CardSpace, etc. Choose whatever you like. Unfortunately this is not a choice on many of these Web 2.0 Services and you will have to deal with Users and Passwords.

In any case, it is always a good practice to consider some general guidelines:

  • Avoid Delegating your Identity. Use a Federated Identity Provider or Choose a client-side desktop/mobile tool instead of a Web Service to create your Mashup. There is plenty of free software to do it: twhirl, TweetDeck, PockeTwit, Windows Live Mail, RSSBandit, etc.
  • Verify the procedure to Cancel your Service Account.
  • Read carefully the Privacy Policy of the Service.
  • Read carefully the Terms and Conditions of the Service.
  • Select a reduce number of services to control your Digital Exposure.
  • Maintain your Service Accounts and Close the ones you don't use.
  • Use secure passwords. Secure means: long, complex and changed regularly.
  • Use a Password Manager to make your life easier. KeePass is a good one, but you can use whatever you like.

Conclusion

As it has been said before, Social Networking is powerful and shows up great potential and opportunities. But used incorrectly might be dangerous and/or harm your future position. Of course, we run into risks every day in order to live our lives. It is our responsibility to have real consciousness and awareness of  what we do.

Security & Privacy on Personal Mashups by Carlos Veira Lorenzo is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Published in Garbage Collector ;-) Security Technology Virtual World