How Facebook broke down our front door

As companies and individuals exploit the Web’s new frontier – social networking sites – we are creating for ourselves not only new avenues to generate revenue and social capital but also leaks in corporate and personal information. Is there really harm in participating in this brave new connected world, in posting stuff that’s on our mind or tweeting the zeitgeist?

In an environment where shotgun methods to reach out to the market are no longer in vogue, social network sites such as Twitter, Facebook, MySpace, Tagged, Friendster, etc., can provide a more targeted approach for business to get its message across. For the average Joe or Jane, these sites provide for a community to share and, perhaps, “over-share” updates, exchanges and common backgrounds and interests. This virtual melting pot is where privacy and security are sacrificed at the altar of an always-on, wired world.

Open your favorite social network site and it’s difficult to miss that people already surrendered a tremendous amount of personal information online. Creating a person’s profile from online resources is no longer the area of espionage and investigation bureaus. A 12-year- old can put together a dossier on a company CEO in the time it takes to drink a can of soda.

“But I only allow people I know to access my data,” you might say of these networking sites; but nobody really checks these sites’ privacy policies. Facebook has, what the Electronic Frontier Foundation describes as an “eroding privacy policy” that already makes public, by default, certain personal information. This information, in turn, is made available to Facebook’s partners for advertising. Twitter also shares personal identifiable information with its business associates.

Yes, you were careful not to share your information with people you do not know and went through the pain of customizing your privacy settings; but the more popular social network sites already decided to whom your information can be made available. Aside from the friends of friends of friends, search engines, and other internet crawlers, you also share your personal information with Web applications and other sites that are connected to your social network site.

Not only are privacy policies becoming more loose, but security doesn’t seem to be a top priority. Last January 2009 a Twitter administrator’s account was hacked compromising several high-profile accounts including that of US President Barack Obama. Facebook also had a few security slips this year including exposing personal e-mail addresses for 30 minutes last March; and just last May, a bug allowing users to access their friends’ chat sessions and pending friend requests was uncovered.

Most people just shrug off some of the horror stories they read about privacy breaches until they become a statistic. We only hear about high-profile incidents such as the hacking of Sarah Palin’s Gmail account. The attacker simply gathered publicly available information on Ms. Palin and guessed her Google account access. What we don’t read about are the everyday incidents of illegal access to personal online accounts. Information gained from these personal attacks can be used for a broader malicious scheme.

Aside from getting vital personal bits of information from social networking sites, a determined attacker will also know what you, your family and friends look like, thanks to online photo sharing. They will also know what your house layout is, how many dogs you have, the tags of your cars, and even your schedule (Off to Boracay for a week!). Beyond the personal, an attacker can also know that you have proximity card access to your office and that you’re on the 27th floor, who you work for, and what you do; he will even know who sits next to your cubicle (and know what your cubicle actually looks like). Information you provide online can also be used to break into your analog world.

Most security professionals will agree that if you don’t want anybody to know about something, don’t post it online – even on your trusted social networking sites. Chances are, your information will find its way to the public domain.

That’s not to say you should close down your Facebook and Twitter account, unless you really want to; but be aware of the dangers of exposing personal and company information on the Internet and how easy it is to leak out data.

There are many ways to minimize the information we share and continue to be part of a community (your favorite search engine should provide you with some leads in going cold turkey on Facebook ). More importantly, know to whom you should entrust your personal information. The lady or gentleman you met last night at a party hardly qualifies for access to your intimate data.

Security and privacy are at the opposite end of the accessibility spectrum with full open access on the other. As long as we know the risks involved when we post our data online then we should be able to mitigate the possible outcome of being connected. You can also choose to be unplugged from the wired world.

(Ronald Gonzales is a Director for Advisory Services of Manabat Sanagustin & Co., CPAs, a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity.

The views and opinions expressed herein are those of the author and do not necessarily represent the views and opinions of KPMG in the Philippines. For comments or inquiries, please e-mail [email protected] or [email protected])