1. Introduction
2. Foursquare
3. Facebook updated 5/6/2010
4. Twitter – coming soon.

Since writing this Facebook has re-envisioned how they handle your personal information. The EFF is always quick to respond to changes like this in areas of user privacy. If you are interested in learning more about how these changes effect your Facebook settings please visit the EFF resources: Facebooks Eroding Privacy Policy, How-to Opt Out of Instant Personalization of your Webs, Facebook Jargon Translator and 6 Things You Need to Know About the “Connections” Feature.

…and now back to our regularly scheduled blog post on Facebook Privacy

Facebook
Facebook is one complicated beast of privacy settings. I wouldn’t go so far as to say that Facebook almost makes it difficult to navigate the privacy settings. It’s their business to share information. So if you lock all that down, what good does that do them? There are five (yes, count them, five) different sections for privacy controls on Facebook: Profile Information, Contact Information, Applications and Websites, Search and Block List. I avidly curate these as Facebook has been known to implement and change things without letting people know.

To get started go to: Account > Privacy Settings.

1. Profile Information Panel

Only Me Visibility:
There are two things I only allow “only me” to see and these are “About me” and “Birthday”. Birthday is your date-of-birth and you should never share this! Getting a little timely e-birthday card is just not worth the risks of sharing this information.

Creating Lists:
The best way to manage your privacy is by creating friend lists. Using “lists” you can both “friend” your boss or your mom, but not let them see certain aspects of your profile. To do this fire up: Account > Edit Friends. Then start working your way through your friends adding them to lists which you can create on the fly. I tend to work with pairs of lists. For example I have “Relatives” and I compliment that with “Relatives_censored”. I may not want Uncle Bob, the minister, to know I was out last night getting completely ossified. However, I don’t mind my sister knowing what I was up-to last night. This way I get the benefits of categorizing my friends, yet I add a dual level for privacy uses.

After your create lists you can then place everyone into your newly created category lists. Now you can keep those pictures of you Xeroxing your butt away from your boss, yet allowing him to be a part of your “online” life by adding him to the “work_censored” list. Everyone I currently work with goes into the “work_censored” list by default, unless they are extra uber special and I don’t mind them hearing if I want to complain about a bad day at work.

Friends of Friends Visibility:
I stick with the “friends of friends” for my lowest level of security. Never do I choose “everyone” or “friends and networks”. These settings apply to: my “Interests, Activities, and Favorites” (I don’t see any harm in someone knowing that I am a huge ELO fan), “Religious and Political Views”, “Relationship Status” (maybe someone wants to do some data-mining on single people and our interests) and “Education and work” (I do lots of professional development so I try to be accessible to folks in that way and maybe an alum wants to contact me about something)

2. Contact Information Panel
Let’s be safe here, you don’t want to corral a privacy setting off only to divulge the location of another entry point to that same information elsewhere. This one is different than “Personal Information” as it works off of your “network” settings (Rutgers, NYC, x Job etc.) not your “friends” lists. Confusing? Yes!

Friends and Networks Visibility:
Information that is visible to my friends and networks are my IM screen name, mobile phone, other phones, and my website (it’s a work related blog). I would however not allow folks in your work network to see your blog, if it’s not work related. Once they know where your blog is you can’t really take that away by just changing your privacy preferences in Facebook.

Friends of Friends Visibility:
My most security lax section is “friends of friends”. I allow those people to both “add me as a friend” and “send me a message”. I do have some lost friends out there so enabling people to at least ask for my friendship allows me to filter them based on my own standards, rather then shutting them out completely.

3. Application Settings Panel

This is where you should use the most caution. I use very few applications as those are vulnerability points for malevolent parties to compromise your carefully guarded profile security. I also don’t ever, under any circumstances, answer those “questionnaires” that people send around. You can learn more about being aware of vulnerabilities like this by watching this witty presentation entitled “Social Zombies, Your Friends Want to Eat Your Brains” given by Tom Eston and Kevin Johnson at Defcon 17 in 2009. You should also always be on guard for things that look “official”, but are not (Countermeasures Blog).

What you share:
This field is just an informative section on what you are agreeing to when you allow applications to access your Facebook content.

What your friends can share about you through applications and websites:
I make sure every single one of these boxes is unchecked. I don’t want my friends sharing anything with anyone without my consent. From the disclaimer:

“When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card.”

It sounds so sweet doesn’t it? However, why would you want some greeting card company knowing your date-of-birth? Remember don’t deny access to one aspect of your profile just to hand it over in another.

4. Blocked Applications:
I block all that, Farmville and Mobwars crap. It’s just a bad idea. Anytime a friend sends me an invite to an application I immediately block that application. I even “hide” my friends feeds from those applications on my main page.

Ignore Application Invites:
If you have a friend that is constantly joining apps, you can add them to this list here and they will never ask you to “cultivate their crops” ever again.

Activity on Applications and Games Dashboards
Currently my settings are to only friends as I have used “I Like” in the past to share music.

Search Panel

Facebook Search Results:
I only allow friends and networks to search for me on Facebook. I hope that by doing this I block some unwanted attention.

Public Search Results:
This means your personal stuff that you’ve shared with “Everyone” can end up on Google. Just do yourself a favor and uncheck the box that says “Allow”. I don’t want a search engine crawling my profile, if I have some control.

5. Block List:
This one is easy. If you annoy me you go on the block list, included in this are nosey relatives and anyone else I deem unacceptable. Use the power of this to rid yourself of any troublesome element in your online life.

That about does it for Facebook of course there is so much more, but this should give you a very good starting point for locking-down your online life.

Keep Reading: Twitter and Privacy >>>

More about Facebook privacy here: 10 Privacy Settings Every Facebook user Should Know

1. Introduction
2. Foursquare
3. Facebook updated 5/6/2010
4. Twitter – coming soon.

Foursquare
Let me start by saying since this application relates to my personal, physical location, I am a bit more careful about who I share that information with.

• First, I only friend people I actually know, so letting them see my phone number and email is both helpful and beneficial.
• Second, I do check the “see the links to my Twitter and Facebook”. However, I only have my twitter feed linked as that’s something the “people” can see (not just the friends I specify). I keep my Twitter as anoynomus as practical, but my Facebook account has everything about me. If I want to keep some information private on Foursquare it would do me no service to instead just give my would-be stalker my Facebook profile.
• Next, “Who’s here” list. I shuffle back and forth on this one. My logic is, why not show it? More than likely the person who’s seeing that is physically (yes, it’s very easy to just check in from anywhere too) at the same event as me, so the benefits of meeting other people outweigh my need for privacy here.
• Note my Twitter settings. I don’t broadcast my Foursquare activity out, although I might decide one day to send out “mayor” and “badge” information. This is because “[o]n Twitter, anyone can follow you without your permission (assuming you have an unlocked account).” – Bruno Trani dot info. So I don’t want to lock-down info in my Foursquare account just to turn-around and broadcast it to the whole world on Twitter.

A picture can say a thousand words…

Keep Reading: Facebook and Privacy

Keeping your life private, while still enjoying the benefits of social media, is a delicate balance. You don’t want to say too much and “over share” or say too little and not get the benefits of the application. However, very few people really understand how to control their online presence. There has been lots of discussion about how to control/privatize your online presence (here, here and even here).

Security Education:
Regardless of all the information available out there in the blogosphere, I still end up educating my friends and family about privacy whenever the subject comes up. Remember, people like us read those blogs not people like them. They are sometimes blissfully unaware of the volume of information available online about them, how easy it is to get at it, and the consequences. Haven’t you ever Googled yourself? That’s what EVERYONE sees and with a little digging they can compile a complete picture about you, where you work, live etc. However, don’t get paranoid, just keep reading…

Desire to join the pack:
Despite some of the security we sacrifice many of us enjoy participating in these online communities. There are those of us that know too much and those of us that know too little about online security. I became more acutely aware of this divide when I posted to a Defcon forum about developing some foursquare “badges” to tie into the con. At first, the reception was not so great to the idea of the con having integration with Foursquare, even though I knew many tech/hack folks who feverishly used foursquare. Thankfully, one poster came to my rescue and summed it up best,

“If you’re going to take a position against location awareness (Foursquare or otherwise) simply on the basis of trying to keep your whereabouts hidden from “the man” or “bad guys”, well, you better also turn off your cellphone, stop posting to Internet forums about what you’re up to, stop spending money, stop leaving the house, and essentially stop participating in society…you’re just hopping on the ‘me too’ train to Poorly-Informed station in Paranoidtown”.

This poster is essentially my hero, he addressed the concerns articulately and with humor, I only wish I could have said it as well myself.

Security know-how for the masses:
The problem is the Defcon bunch knows the consequences and would be knowledgeable enough to lock-down their online information (or not participate at all in social media), but there is the other “blissfully unaware” group that needs to know. So that leaves us with the need/want to participate in these online universes, yet stay safe and private. So here is a run-down of how I setup some of my social media apps (Facebook, Foursquare and Twitter) and the logic behind my settings. I feel it provides me with the best of both worlds, sharing just enough and yet taking into account everything I’ve ever learned at Defcon and HOPE (thanks guys). If you’ve got one I haven’t covered here, I’m happy to help you out. Note: I’ve ended up dividing them into a series as the Facebook privacy settings alone require more explanation.

Keep Reading: Foursquare and privacy>>>

So what’s a librarian to make of all this? Well believe it or not, there is some common ground between the hacker community and us information science professionals. Chief among these are copyright (especially now with all the digitization occurring in libraries), The Freedom of Information Act (FOIA), censorship, the Digital Millennium Copyright Act (DCMA) and the ever popular Wikipedia. There are more parallels between library science and hackers than you would ever think possible. We have similar concerns such as: accessibility of information, the sharing of information, collaboration and community outreach.

Hackers get a bad rap. I always had a soft-spot for them, even the nasty ones, as they show great ability to think outside the box and open up previously closed discussions on security and our rights. At the con there were no phones stolen, no re-wiring of the hotel elevators, no malicious hacking, or anything of the like. At the end of the 3-day con I was not surprised to hear this, from the session I had attended and the people I met, I learned a lot about hackers and their community. Hacking from a positive prospective brings attention to topics that definitely need more discussion, RFIDs and electronic voting for instance. Their act of exposing security flaws becomes shared knowledge within the community. They bring to light the shortcomings of processes and systems we depend upon, making way for improvements. Today, many hackers have jobs where they keep our precious data safe by testing systems, exposing vulnerabilities, looking for back-doors and ways to compromise the system, resulting in systems that keep our data safe.

So what can the hacker world bring to the library community? One thing that came clear to me during my attendance at the con was that hackers love to share their knowledge of technology with others. Hackers create community spaces fittingly called “Hacker-spaces” and lots of cities across the world have them, you just may not know it. Visit Hackerspaces.org to find one near you. Many of the attendees to the session I attended on “hacker-spaces” brought up questions such as “I run a hacker-space, how can I get more involved with the community?”. “How can we sell ourselves to schools and institutions as safe places for kids to learn about technology?”. Technology presented the wrong way can be boring, for instance “…so now open your Excel spreadsheet” to quote from one of the talks. However, if you present it properly it can be much more interesting. If libraries or schools are looking to spice up their community learning programs, they could do no better than to get into contact with some of the folks running “hacker-spaces” in their communities and set up an exciting series of technology talks.

There are some very cool projects that speakers at the conference are working on that are great resources for librarians. Take for example Virgil Griffiths “Wikiscanner”. In non-technical short, this tool lists anonymous Wikipedia entries and shows you who’s editing them, what corporations are involved and their page edit histories. Check out some of the great stuff this tool has uncovered and read Virgil’s FAQ. In his talk Virgil also discussed other interesting Wikipedia centric projects such as: Coloring text by Trustworthiness by the UCSC wikilab. In which “The reputation of authors is computed from content evolution: authors who provide lasting contributions gain reputation, while authors whose contributions are reverted in short order lose reputation. Thus, the reputation system provides an incentive towards constructive behavior.” The other fun project is “YouTomb” co-developed by brainaics from Harvard and MIT as part of the MIT Free Culture student organization. In short it “tracks videos taken down from YouTube for alleged copyright violation” creating patterns of information that can be used to gauge current copyright practices and trends.

What can librarians do for hackers? We have lots of knowledge that we could share including, our research abilities, our knowledge of government and corporate organizational processes and our ability to organize information. Lots of projects involved the gathering and recording of data and/or data-mining. Who knows metadata standards and controlled vocabularies better than librarians?

So if you’re a forward thinking librarian or digital archivist out there, support the hacker community and spread the word about its projects. The library and information science community needs to know about great tools like the “Wikiscanner” and “YouTomb” and many others on the horizon and one of the best ways of doing that is to become more involved in the hacker community. I’m not encouraging random “friending” of hackers, but rather encouraging information science professionals to start paying attention to the hacker community especially its projects and conferences. Hackers and their curiosity of all things mechanical, social, technological brings important issues into the public venue and we as librarians are often on the same fightin’ side. They know where the lines are drawn, because they take chances walking really, really close and some times even stepping over them. I take their approach that you can learn much more by breaking something open than you can by just sitting there and watching it work. This thinking “outside the box”, initiates creativity, change and results in a better, safer, more informative world for us all.

To read a more journalistic review of the H.O.P.E conference, here’s a recent Cnet article “HOPE Conference Highlights Everyday Hacking”.

Cnet or rather Elinor Mills, was nice enough to take my picture watching the coffin go by, at the conference as well.

Here are some fantastic shots of the con from alice_zero.