Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Data Privacy Etiquette: It's Not Just For Kids
Newest First  |  Oldest First  |  Threaded View
Stratustician
50%
50%
Stratustician,
User Rank: Moderator
9/30/2014 | 2:36:59 PM
Re: Child Lock
I think the problem is that for mass-adopted sites like FB, there is always going to be a higher preference for younger users to use more commonly used social interaction sites. While there are great sites for kids, it's in their nature to want to be part of the larger conversation, which sadly means that you can't monitor or restrict the types of interactions they will have. That's why you see many video games with the warning that online play will vary from the maturity levels assigned to local play. Sadly I don't expect this to change, so it's really up to parents to explain why certain networks can and can't be used for specific age groups and make sure that regular conversations are had to make sure that if kids want access to something that might not be deemed age appropriate, they understand why.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 10:56:54 AM
Re: Child Lock
Good point. I think even FB has age-gates, but I've seen some youngsters on there who are clearly underage. I'm susprised that there isn't an effective way to create a secure gateway, outside of the mechanizations you describe. That is definitely a hassle.
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/19/2014 | 10:51:17 AM
Re: Child Lock
Net Nanny is a fabulous product!  I have used it with my children as well.  Also, I had good luck with Untangle and Astaro.

However, the problem I have run into with all of these services is just like @RyanSepe stated none of them protect children from age gates.  I don't mind my kids looking at most video game content online, such as Club Penguin and the like, but I don't want them looking at games like Grand Theft Auto.  Games like GTA often put "age gates" on their sites to keep children out but you can easily bypass it by giving a fake birthdate.

I have gotten around this issue by blocking the category "Gaming", which blocks all games.  Then I proceed to whitelist all the games that are appropriate for my children.  This is alot of work and something most parents either won't bother with or don't know how.  
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/19/2014 | 9:59:21 AM
Re: Child Lock
There are programs out there like Net Nanny that monitor kids social activity. I used it with my now 24-year-old daughter -- when there wasn't any social web to speak of-- and it was effective to a point about managing where she could surf and when. It's won lots of industry awards over the years. But its still up to parents to set the ground rules.  And I suspect some clever hacker-in-training could  probably find a work around. 
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
9/18/2014 | 4:10:29 PM
Re: Child Lock
The only thing I can think of that would help in this situation is something like an internet driver's license.  Something like the proposed Federal goverment Real ID

Not saying I personally like that idea, but it could possibly solve this issue.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
9/18/2014 | 10:12:08 AM
Re: Privacy "Policy"
Also, in the real world when people are talking about you, the conversation is typically one to a few at at time. The amplication in social media is much much greater. Not to mention the problems with criminals trying to grab your PII. 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:05:58 PM
Re: Privacy "Policy"
It's similar, in "meatspace", to us not having control over whether someone else discusses us with 3rd parties. But most people have a better sense of what's appropriate behavior there (we all have that one friend who doesn't seem to grasp the concept of personal space or privacy, am I right?). Many people don't seem to grok the equivalent situation when it's online.
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
9/17/2014 | 5:01:25 PM
Re: Child Lock
That's a very good question - I hope someone out there has suggestions to offer!
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:10:29 PM
Child Lock
I would like to speak to this comment in the article: "The privacy of children is seemingly the easiest to protect, as they generally are not allowed to create accounts on their own"

I wish this could be more true. To say this is completely based on the rules of the house is idealistic because in the age of the internet there are so many methods outside of the home for a child to create an account. Unfortunately, the age gate request during account creation is not precisely the most valid method of determining a persons age especially when that person can choose to make it whatever they desire because they want to access certain services. There needs to be a more specified method of acquiring this information properly. Does anyone have any suggestions to this shortcoming?
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
9/17/2014 | 4:03:21 PM
Privacy "Policy"
This is defintely a good place to start. Similar to the creation of policies these "privacy values" establish a baseline of what is and what is not ok.

Unfortuantely, you have very little control about how others are choosing to dictate their own policies. Even if your privacy settings are honed, other users can ghost tag (coining this term for being tagged without having that tag link to your page), and people will know who said post/comment/picture belongs to. I am unsure if there is one, but there needs to be a vetting/revocation process for this scenario. Otherwise the "control" we really have is very small.


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This gives a new meaning to blind leading the blind.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27479
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
CVE-2021-27483
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
CVE-2021-27485
PUBLISHED: 2021-06-16
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
CVE-2021-31159
PUBLISHED: 2021-06-16
Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732.
CVE-2021-31857
PUBLISHED: 2021-06-16
In Zoho ManageEngine Password Manager Pro before 11.1 build 11104, attackers are able to retrieve credentials via a browser extension for non-website resource types.