– Kevin Prince is chief technology officer of Perimeter E-Security. The views expressed are his own. –
Social Networks have grown out of control. Literally. Today, neither users nor social networking companies can control the monsters they have created. Think Jurassic Park: where John Hammond wanted to build something no one else had ever done, a fun theme park combined with a zoo of cloned dinosaurs. He built what he thought would be adequate security, but in reality, didn’t understand nearly enough about the environment he was trying to control. People naturally trusted that proper security was in place and that they would of course be safe. Quickly things spiral out of control, and nearly everyone gets eaten by the end of the movie.
The creators of social networking sites — yes all of them — are just like John Hammond. Their unique ideas caught on in such a viral way that just keeping up with the bandwidth, processing power, storage, development, and everything else required to keep the system online is an amazingly complex, never-ending task. For most of these sites, security is – and has always been – an afterthought. Some of them try, but it’s a bit like closing the amusement park gates after the Tyrannosaurus has bolted.
The users of social networking sites also contribute to the problem. Most are absolutely reckless when it comes to behavior on the sites. A while ago, I ran a social networking experiment on Facebook. I created a new user profile based on a free Google mail account. I chose the name Rebecca Johnson, made her 26, and used a profile picture of a three-year-old girl in a dress that I snagged from a department store website. No other information was in the profile. I wanted to see what would happen when I invited random strangers to be friends with this fictitious person.
Lucky for me, Facebook presents you with people it thinks you might know. Due to a lack of information in my profile, Facebook presented me with people of all ages that live in my county (obviously they were looking at my IP address and correlating that with my city). I of course knew none of these people but went ahead and invited them and others. In all, I invited 250 totally random people to be my friends. The only criteria I used: they had to have profile pictures. My logic: if you don’t have a profile picture, you’re probably not a serious or frequent user. Here’s a timetable of what happened next.