All of these things come with levels of risk. The “double whammy” that I see is the active content combined with the expanded domain of trust. There’s a cross-site scripting launch pad in that combination if ever there were one.
When I’ve written about browser security (as in this comparison of IE vs. Safari vs. Firefox), I’ve advocated browser plug-ins like NoScript to give the user a level of control over active content. The problem is that it only provides a partial solution on social networking sites.
For example, if I tell my NoScript to allow scripts to run from Facebook, I’m allowing all Javascript coming at me from facebook.com to run. As I said, that may or may not be actual Facebook content.
NoScript either trusts a domain or it doesn’t. Clearly, it’s not granular enough for all issues.
So, what can we do to protect ourselves? Here are a few tips to consider:
They’re far from obsolete!
Easier said than done, but at a minimum, I suggest only accepting friend connections from people you directly know. Of course, they’ll come with varying levels of technology “cluelessness,” but it’s still not a good idea to be friends with anyone who figures out how to send a request to you.
If you have the ability to decide what apps you run and allow within your social network’s site, be choosy. Do you really need every cutesy app that comes along?
Wait for a couple days to see what people (and the media) say about an app before deciding to dive in. If the app has problems, often it’s the early adopters who will find them.
Turn up the privacy controls: Pretty much all the social networking sites allow you to tune your own privacy controls. Turn those up to “high.” Only allow people in your ring of accepted friends to view your information.
When friends send you links to sites, apps, etc., don’t just click on them. Hover your mouse over the link, look at it in its entirety, see what data is going to be passed to it, and then decide. You might even cut-and-paste the URL into another browser and go there separately.
To the extent possible and feasible, don’t run other Web apps while you’re on your social networking site. Shut down your browser completely, re-start it, do your social networking for the day, and then log out. There’s good and valid reasons for this that I’ll cover in a future column, but for now, trust me on this.
So that should arm you with a few tips to consider. There’s still risk involved with using these sites, and there always will be. You need to decide for yourself if the risks are worth whatever value you perceive in using the sites.
As for me, I sure wouldn’t give up my Facebook account without a fight.
Comment and Contribute
Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeed
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.
