On 10/26, infosecurity reported on a suggestion from the head of security for one of Europe’s largest public services networks: lie. Lie to Facebook. Lie to Twitter. Lie to all social sites. According to the article, Andy Smith of the Cabinet Office suggested that users should “only provide their true personal details to trusted websites – such as government sites where they must and large commercial websites where they should.” The concern is that cybercriminals would be able to aggregate your personal information across a number of social networking accounts, allowing them to social engineer. Even if you don’t give Facebook everything, a determined hacker could piece together enough disparate information to make an effective phising email.
The article cited a few who disagreed with Smith, with one person advocating to just fix security vulnerabilities on Facebook rather than counseling people to provide false information. I don’t know if it’s that simple. The issue is how to reconcile privacy and anonymity with security. We want to know our bank account won’t be emptied, but we also want to know our browsing habits won’t be monitored and we want to maintain our anonymity. How do we do that? NSTIC is a start.
Leave a Reply