Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Data Privacy Etiquette: It's Not Just For Kids
Newest First  |  Oldest First  |  Threaded View
Stratustician
Stratustician,
User Rank: Moderator
9/30/2014 | 2:36:59 PM
Re: Child Lock
I think the problem is that for mass-adopted sites like FB, there is always going to be a higher preference for younger users to use more commonly used social interaction sites. While there are great sites for kids, it's in their nature to want to be part of the larger conversation, which sadly means that you can't monitor or restrict the types of interactions they will have. That's why you see many video games with the warning that online play will vary from the maturity levels assigned to local play. Sadly I don't expect this to change, so it's really up to parents to explain why certain networks can and can't be used for specific age groups and make sure that regular conversations are had to make sure that if kids want access to something that might not be deemed age appropriate, they understand why.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 10:56:54 AM
Re: Child Lock
Good point. I think even FB has age-gates, but I've seen some youngsters on there who are clearly underage. I'm susprised that there isn't an effective way to create a secure gateway, outside of the mechanizations you describe. That is definitely a hassle.
Robert McDougal
Robert McDougal,
User Rank: Ninja
9/19/2014 | 10:51:17 AM
Re: Child Lock
Net Nanny is a fabulous product!  I have used it with my children as well.  Also, I had good luck with Untangle and Astaro.

However, the problem I have run into with all of these services is just like @RyanSepe stated none of them protect children from age gates.  I don't mind my kids looking at most video game content online, such as Club Penguin and the like, but I don't want them looking at games like Grand Theft Auto.  Games like GTA often put "age gates" on their sites to keep children out but you can easily bypass it by giving a fake birthdate.

I have gotten around this issue by blocking the category "Gaming", which blocks all games.  Then I proceed to whitelist all the games that are appropriate for my children.  This is alot of work and something most parents either won't bother with or don't know how.  
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:59:21 AM
Re: Child Lock
There are programs out there like Net Nanny that monitor kids social activity. I used it with my now 24-year-old daughter -- when there wasn't any social web to speak of-- and it was effective to a point about managing where she could surf and when. It's won lots of industry awards over the years. But its still up to parents to set the ground rules.  And I suspect some clever hacker-in-training could  probably find a work around. 
Robert McDougal
Robert McDougal,
User Rank: Ninja
9/18/2014 | 4:10:29 PM
Re: Child Lock
The only thing I can think of that would help in this situation is something like an internet driver's license.  Something like the proposed Federal goverment Real ID

Not saying I personally like that idea, but it could possibly solve this issue.
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
9/18/2014 | 10:12:08 AM
Re: Privacy "Policy"
Also, in the real world when people are talking about you, the conversation is typically one to a few at at time. The amplication in social media is much much greater. Not to mention the problems with criminals trying to grab your PII. 
LysaMyers
LysaMyers,
User Rank: Author
9/17/2014 | 5:05:58 PM
Re: Privacy "Policy"
It's similar, in "meatspace", to us not having control over whether someone else discusses us with 3rd parties. But most people have a better sense of what's appropriate behavior there (we all have that one friend who doesn't seem to grasp the concept of personal space or privacy, am I right?). Many people don't seem to grok the equivalent situation when it's online.
LysaMyers
LysaMyers,
User Rank: Author
9/17/2014 | 5:01:25 PM
Re: Child Lock
That's a very good question - I hope someone out there has suggestions to offer!
RyanSepe
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:10:29 PM
Child Lock
I would like to speak to this comment in the article: "The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own"

I wish this could be more true. To say this is completely based on the rules of the house is idealistic because in the age of the internet there are so many methods outside of the home for a child to create an account. Unfortunately, the age gate request during account creation is not precisely the most valid method of determining a persons age especially when that person can choose to make it whatever they desire because they want to access certain services. There needs to be a more specified method of acquiring this information properly. Does anyone have any suggestions to this shortcoming?
RyanSepe
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:03:21 PM
Privacy "Policy"
This is defintely a good place to start. Similar to the creation of policies these "privacy values" establish a baseline of what is and what is not ok.

Unfortuantely, you have very little control about how others are choosing to dictate their own policies. Even if your privacy settings are honed, other users can ghost tag (coining this term for being tagged without having that tag link to your page), and people will know who said post/comment/picture belongs to. I am unsure if there is one, but there needs to be a vetting/revocation process for this scenario. Otherwise the "control" we really have is very small.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1142
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.
CVE-2023-1143
PUBLISHED: 2023-03-27
In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.
CVE-2023-1144
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.
CVE-2023-1145
PUBLISHED: 2023-03-27
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.
CVE-2023-1655
PUBLISHED: 2023-03-27
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.