Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Data Privacy Etiquette: It's Not Just For Kids
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
9/30/2014 | 2:36:59 PM
Re: Child Lock
I think the problem is that for mass-adopted sites like FB, there is always going to be a higher preference for younger users to use more commonly used social interaction sites. While there are great sites for kids, it's in their nature to want to be part of the larger conversation, which sadly means that you can't monitor or restrict the types of interactions they will have. That's why you see many video games with the warning that online play will vary from the maturity levels assigned to local play. Sadly I don't expect this to change, so it's really up to parents to explain why certain networks can and can't be used for specific age groups and make sure that regular conversations are had to make sure that if kids want access to something that might not be deemed age appropriate, they understand why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 10:56:54 AM
Re: Child Lock
Good point. I think even FB has age-gates, but I've seen some youngsters on there who are clearly underage. I'm susprised that there isn't an effective way to create a secure gateway, outside of the mechanizations you describe. That is definitely a hassle.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/19/2014 | 10:51:17 AM
Re: Child Lock
Net Nanny is a fabulous product!  I have used it with my children as well.  Also, I had good luck with Untangle and Astaro.

However, the problem I have run into with all of these services is just like @RyanSepe stated none of them protect children from age gates.  I don't mind my kids looking at most video game content online, such as Club Penguin and the like, but I don't want them looking at games like Grand Theft Auto.  Games like GTA often put "age gates" on their sites to keep children out but you can easily bypass it by giving a fake birthdate.

I have gotten around this issue by blocking the category "Gaming", which blocks all games.  Then I proceed to whitelist all the games that are appropriate for my children.  This is alot of work and something most parents either won't bother with or don't know how.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:59:21 AM
Re: Child Lock
There are programs out there like Net Nanny that monitor kids social activity. I used it with my now 24-year-old daughter -- when there wasn't any social web to speak of-- and it was effective to a point about managing where she could surf and when. It's won lots of industry awards over the years. But its still up to parents to set the ground rules.  And I suspect some clever hacker-in-training could  probably find a work around. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 4:10:29 PM
Re: Child Lock
The only thing I can think of that would help in this situation is something like an internet driver's license.  Something like the proposed Federal goverment Real ID

Not saying I personally like that idea, but it could possibly solve this issue.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/18/2014 | 10:12:08 AM
Re: Privacy "Policy"
Also, in the real world when people are talking about you, the conversation is typically one to a few at at time. The amplication in social media is much much greater. Not to mention the problems with criminals trying to grab your PII. 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:05:58 PM
Re: Privacy "Policy"
It's similar, in "meatspace", to us not having control over whether someone else discusses us with 3rd parties. But most people have a better sense of what's appropriate behavior there (we all have that one friend who doesn't seem to grasp the concept of personal space or privacy, am I right?). Many people don't seem to grok the equivalent situation when it's online.
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:01:25 PM
Re: Child Lock
That's a very good question - I hope someone out there has suggestions to offer!
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:10:29 PM
Child Lock
I would like to speak to this comment in the article: "The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own"

I wish this could be more true. To say this is completely based on the rules of the house is idealistic because in the age of the internet there are so many methods outside of the home for a child to create an account. Unfortunately, the age gate request during account creation is not precisely the most valid method of determining a persons age especially when that person can choose to make it whatever they desire because they want to access certain services. There needs to be a more specified method of acquiring this information properly. Does anyone have any suggestions to this shortcoming?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:03:21 PM
Privacy "Policy"
This is defintely a good place to start. Similar to the creation of policies these "privacy values" establish a baseline of what is and what is not ok.

Unfortuantely, you have very little control about how others are choosing to dictate their own policies. Even if your privacy settings are honed, other users can ghost tag (coining this term for being tagged without having that tag link to your page), and people will know who said post/comment/picture belongs to. I am unsure if there is one, but there needs to be a vetting/revocation process for this scenario. Otherwise the "control" we really have is very small.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4020
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23654
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
CVE-2021-43785
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
CVE-2021-43776
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
CVE-2021-41243
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...