Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Data Privacy Etiquette: It's Not Just For Kids
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
9/30/2014 | 2:36:59 PM
Re: Child Lock
I think the problem is that for mass-adopted sites like FB, there is always going to be a higher preference for younger users to use more commonly used social interaction sites. While there are great sites for kids, it's in their nature to want to be part of the larger conversation, which sadly means that you can't monitor or restrict the types of interactions they will have. That's why you see many video games with the warning that online play will vary from the maturity levels assigned to local play. Sadly I don't expect this to change, so it's really up to parents to explain why certain networks can and can't be used for specific age groups and make sure that regular conversations are had to make sure that if kids want access to something that might not be deemed age appropriate, they understand why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 10:56:54 AM
Re: Child Lock
Good point. I think even FB has age-gates, but I've seen some youngsters on there who are clearly underage. I'm susprised that there isn't an effective way to create a secure gateway, outside of the mechanizations you describe. That is definitely a hassle.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/19/2014 | 10:51:17 AM
Re: Child Lock
Net Nanny is a fabulous product!  I have used it with my children as well.  Also, I had good luck with Untangle and Astaro.

However, the problem I have run into with all of these services is just like @RyanSepe stated none of them protect children from age gates.  I don't mind my kids looking at most video game content online, such as Club Penguin and the like, but I don't want them looking at games like Grand Theft Auto.  Games like GTA often put "age gates" on their sites to keep children out but you can easily bypass it by giving a fake birthdate.

I have gotten around this issue by blocking the category "Gaming", which blocks all games.  Then I proceed to whitelist all the games that are appropriate for my children.  This is alot of work and something most parents either won't bother with or don't know how.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:59:21 AM
Re: Child Lock
There are programs out there like Net Nanny that monitor kids social activity. I used it with my now 24-year-old daughter -- when there wasn't any social web to speak of-- and it was effective to a point about managing where she could surf and when. It's won lots of industry awards over the years. But its still up to parents to set the ground rules.  And I suspect some clever hacker-in-training could  probably find a work around. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 4:10:29 PM
Re: Child Lock
The only thing I can think of that would help in this situation is something like an internet driver's license.  Something like the proposed Federal goverment Real ID

Not saying I personally like that idea, but it could possibly solve this issue.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/18/2014 | 10:12:08 AM
Re: Privacy "Policy"
Also, in the real world when people are talking about you, the conversation is typically one to a few at at time. The amplication in social media is much much greater. Not to mention the problems with criminals trying to grab your PII. 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:05:58 PM
Re: Privacy "Policy"
It's similar, in "meatspace", to us not having control over whether someone else discusses us with 3rd parties. But most people have a better sense of what's appropriate behavior there (we all have that one friend who doesn't seem to grasp the concept of personal space or privacy, am I right?). Many people don't seem to grok the equivalent situation when it's online.
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:01:25 PM
Re: Child Lock
That's a very good question - I hope someone out there has suggestions to offer!
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:10:29 PM
Child Lock
I would like to speak to this comment in the article: "The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own"

I wish this could be more true. To say this is completely based on the rules of the house is idealistic because in the age of the internet there are so many methods outside of the home for a child to create an account. Unfortunately, the age gate request during account creation is not precisely the most valid method of determining a persons age especially when that person can choose to make it whatever they desire because they want to access certain services. There needs to be a more specified method of acquiring this information properly. Does anyone have any suggestions to this shortcoming?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:03:21 PM
Privacy "Policy"
This is defintely a good place to start. Similar to the creation of policies these "privacy values" establish a baseline of what is and what is not ok.

Unfortuantely, you have very little control about how others are choosing to dictate their own policies. Even if your privacy settings are honed, other users can ghost tag (coining this term for being tagged without having that tag link to your page), and people will know who said post/comment/picture belongs to. I am unsure if there is one, but there needs to be a vetting/revocation process for this scenario. Otherwise the "control" we really have is very small.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-0652
PUBLISHED: 2021-10-22
In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...
CVE-2021-0702
PUBLISHED: 2021-10-22
In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: An...
CVE-2021-0703
PUBLISHED: 2021-10-22
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Pr...
CVE-2021-0705
PUBLISHED: 2021-10-22
In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User intera...
CVE-2021-0706
PUBLISHED: 2021-10-22
In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersi...