Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

9/17/2014
11:00 AM
Lysa Myers
Lysa Myers
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Data Privacy Etiquette: It's Not Just For Kids

Children are the innocent victims of the worst effects of social media. That's why it's vital for adults to establish privacy values that are safe for them -- and the rest of us.

I’m sure we’ve all had that awkward moment: A friend or family member posts an update and tags you or includes you in a photo, and suddenly you’re wishing you could turn back time to stop the post before it ever happened. Maybe it’s because you were playing hooky from some work or social obligation, maybe it’s because you were having a bad hair day, or maybe simply because the post seems to imply something unflattering. One thing is certain: It’s well past time for a “Miss Manners” guide to online etiquette, particularly when it comes to online privacy.

A lot of attention has been focused on data privacy and children, as this generation of kids is a unique group. Everyone under the age of 18 has grown up in a world where the Internet was available to the general public. And most kids now entering their teens have grown up in households that have had computers connected to the Internet. These kids are natural test subjects for the effects of that sort of interconnectedness, especially as the technology is too new to have well-established mores. And as Generation X (people born in the 1960s and ’70s) are young enough to be frequent users of this technology and yet old enough to be parents of teenagers, many seem to be concerned about what this effect will be.

Image courtesy of Flickr.com
Image courtesy of Flickr.com

While kids may be the most innocent victims of any ill effects of misuse of social media, they are certainly not the only people who are negatively affected. We’ve all read stories about social media posts used to convict, fire, falsely accuse, or stalk adults. We’ve probably even had our own, hopefully lesser, version of this sort of drama too. As more new users join in the social sharing extravaganza, the more the lack of “privacy etiquette” is likely to affect each of us.

A recent article in the Montgomery Advertiser posts statistics from a 2011 survey done by the University of Michigan Institute for Social Research as part of the Longitudinal Study of American Youth. It stated that 66 percent of Gen X parents reported that they post photos of their children online, and 56 percent say they have shared news about a child’s accomplishment online. An earlier article also about this study stated that nearly a quarter of Gen X adults expressed a high-level of concern about online privacy, while 40 percent reported a low-level of concern.

The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own. If children have the most to lose by the lack of protection, and yet only a third of parents are abstaining from sharing about their kids, what hope do the rest of us have?

Friends, family, and partners
I think it’s fair to say that most social media oversharers don’t do so out of malicious intent, but out of enthusiasm. So what do you do about these faux pas, when your loved ones are overflowing with the urge to show you off? The first step would be, when the option is available, enable tag review in your settings. But this scenario is far from perfect, as the tag still appears, whether or not it appears in your own timeline. So we all need to have discussions with our friends, family, and partners about our privacy values.

Admittedly “privacy values” sounds odd and touchy-feely, but until privacy mores are something that we can blindly assume will be upheld, it is an entirely legitimate thing to discuss with your loved ones. In fact, apparently now “social media agreements” are becoming a thing, as part of formal prenuptial agreements. This allows partners to write repercussions into their marital contract, for when a breach of social media etiquette (as defined by the couple) has occurred.

So what might you discuss with a loved one, in regards to when it’s OK to tag someone on social media? Here are a few suggestions based on social media faux pas I’ve seen:

  • Is it OK if I post photos or location-tags with you during standard workdays?
  • Is it OK if I post photos of you without having you view the photo first?
  • Is it OK if I mention (with or without tag) you in a status update without running the verbiage by you first?
  • Is it OK if I share information about where you live? (for example, pictures or mentions of your neighborhood)
  • When is it OK if I mention you’re away from home? (for example, wait until your vacation is over before location-tagging you)
  • Is it OK if I post photos of your children?
  • Is it OK if I mention your children in status updates?

Are there more questions that you would add? Let’s chat about them in the comments.

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
9/30/2014 | 2:36:59 PM
Re: Child Lock
I think the problem is that for mass-adopted sites like FB, there is always going to be a higher preference for younger users to use more commonly used social interaction sites. While there are great sites for kids, it's in their nature to want to be part of the larger conversation, which sadly means that you can't monitor or restrict the types of interactions they will have. That's why you see many video games with the warning that online play will vary from the maturity levels assigned to local play. Sadly I don't expect this to change, so it's really up to parents to explain why certain networks can and can't be used for specific age groups and make sure that regular conversations are had to make sure that if kids want access to something that might not be deemed age appropriate, they understand why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 10:56:54 AM
Re: Child Lock
Good point. I think even FB has age-gates, but I've seen some youngsters on there who are clearly underage. I'm susprised that there isn't an effective way to create a secure gateway, outside of the mechanizations you describe. That is definitely a hassle.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/19/2014 | 10:51:17 AM
Re: Child Lock
Net Nanny is a fabulous product!  I have used it with my children as well.  Also, I had good luck with Untangle and Astaro.

However, the problem I have run into with all of these services is just like @RyanSepe stated none of them protect children from age gates.  I don't mind my kids looking at most video game content online, such as Club Penguin and the like, but I don't want them looking at games like Grand Theft Auto.  Games like GTA often put "age gates" on their sites to keep children out but you can easily bypass it by giving a fake birthdate.

I have gotten around this issue by blocking the category "Gaming", which blocks all games.  Then I proceed to whitelist all the games that are appropriate for my children.  This is alot of work and something most parents either won't bother with or don't know how.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:59:21 AM
Re: Child Lock
There are programs out there like Net Nanny that monitor kids social activity. I used it with my now 24-year-old daughter -- when there wasn't any social web to speak of-- and it was effective to a point about managing where she could surf and when. It's won lots of industry awards over the years. But its still up to parents to set the ground rules.  And I suspect some clever hacker-in-training could  probably find a work around. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 4:10:29 PM
Re: Child Lock
The only thing I can think of that would help in this situation is something like an internet driver's license.  Something like the proposed Federal goverment Real ID

Not saying I personally like that idea, but it could possibly solve this issue.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/18/2014 | 10:12:08 AM
Re: Privacy "Policy"
Also, in the real world when people are talking about you, the conversation is typically one to a few at at time. The amplication in social media is much much greater. Not to mention the problems with criminals trying to grab your PII. 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:05:58 PM
Re: Privacy "Policy"
It's similar, in "meatspace", to us not having control over whether someone else discusses us with 3rd parties. But most people have a better sense of what's appropriate behavior there (we all have that one friend who doesn't seem to grasp the concept of personal space or privacy, am I right?). Many people don't seem to grok the equivalent situation when it's online.
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:01:25 PM
Re: Child Lock
That's a very good question - I hope someone out there has suggestions to offer!
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:10:29 PM
Child Lock
I would like to speak to this comment in the article: "The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own"

I wish this could be more true. To say this is completely based on the rules of the house is idealistic because in the age of the internet there are so many methods outside of the home for a child to create an account. Unfortunately, the age gate request during account creation is not precisely the most valid method of determining a persons age especially when that person can choose to make it whatever they desire because they want to access certain services. There needs to be a more specified method of acquiring this information properly. Does anyone have any suggestions to this shortcoming?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:03:21 PM
Privacy "Policy"
This is defintely a good place to start. Similar to the creation of policies these "privacy values" establish a baseline of what is and what is not ok.

Unfortuantely, you have very little control about how others are choosing to dictate their own policies. Even if your privacy settings are honed, other users can ghost tag (coining this term for being tagged without having that tag link to your page), and people will know who said post/comment/picture belongs to. I am unsure if there is one, but there needs to be a vetting/revocation process for this scenario. Otherwise the "control" we really have is very small.
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.
CVE-2019-17611
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php tableprefix parameter.