Will Knott

When you teach a man to be phished, he learns not to be alone. This is what happens on a lot of social networking sites. It was also the subject of a breakout session at the WebCamp Social Network Portability part of BlogTalk 2008 in Cork suggested by Stephanie Booth. Be warned, there will be name dropping ahead.

The entire genesis of the subject was the realisation by Leisa Reichelt that the way that social networking sites ask you for your e-mail account details and password are similar to phishing attempts to get your banking or credit card details. In short, they are asking for hightly sensitive details which it seems that people are a little too happy to hand over. In short they are encouraging irresponsible behaviour, and encouraging identity theft.

Is there responsible solution to this, Aral Balkan suggested that the solution may lie with an open source approach. Namely that a third party check the code used to collect the details in question and ensure its security. The main problem with this approach is that while you can endure that the data is collected correctly, there is no guarantee that the company collecting the details will be responsible with the collected details. Gabriela Avram explained her dealings, and problems with Shelfari. Or if a site collects 1,000 e-mail addresses there is no guarantee that it won’t spam them.

The root of the problem is that if you hand over your username and password, they (whoever “they” are) can interact with your account as you. A guest account may be a solution.

Oddly enough it appears that this type of solution exists. oAuth is an open protocol which allows a subset of data to be made available is a guest account type methodology. Or you can try out the “let me take a look at your e-mail addresses” type action by letting only 2 or 3 addresses be seen by the other site. And then you can see if the site abuses those addresses.

But this way, the new site does not get the password for the other site. So if any action takes place, it is not the site performing any actions as you. So its a little more secure.

And more to the point, you aren’t training users to be phished.

But if you would like to send me your bank or credit card details; feel free to e-mail them to me.

take care,
Will

The first week of March is, well busy.

It all starts on March When the The Irish Blog Awards ceremony take place. Seats are somewhat limited so remember to register for the Irish Blog Awards It costs only ten Euros a head and all cash taken at the door goes to three deserving charities – Brainwave, St. Francis Hospice and the Multiple Sclerosis Society of Ireland. Preceding this are quite a few meetings and groupings. Make them if you can.

March 2nd. Very early on March 2nd we have WebCamp – Social Network Portability this time in Cork. I’m trying to figure out logistics and if a bus should be hired, but I suspect that its all aboard the first train from Dublin to Cork for an awful lot of tired bloggers and blog awards party people.

also on March 2nd (this time at a mercifully later hour) Alexia is organising a bloggers dinner in Cork. Should be fun, even if Dear Waters isn’t there.

Then on March 3rd and 4th the international BlogTalk 2008 Conference takes the floor again in Cork

Then after a small breather, on March 8th Creative Camp starts in Kilkenny.

Its going to be busy…

See you there?
Will Knott

tags : Irish Blog Week, March 2008, Irish Blog Awards, Dublin, WebCamp, Cork, Social Network Portability, bloggers dinner, BlogTalk 2008, Creative Camp, Kilkenny