Antisocial media: Lack of safeguards is killing the experience

Say it with me, everyone: Facebook sucks.

I don't mean that in a literal sense, of course. But the growing number of obviously hacked status updates and phishing-like scams coming from folks we all thought were our friends has me wondering if Facebook is having more than a little trouble keeping a lid on the kinds of nasties that have already ruined e-mail, Usenet, and while we're at it, the Web in general.

Face it, folks, the Internet is a cesspool of sleaziness that makes my city's down-on-its-luck downtown core look luxuriously palatial -- and safe -- by comparison. When a full quarter of the status updates I receive in any given day look questionable enough for me to take the time to respond to the sender that I think his/her account has been hacked, it's a sign that Facebook's got a serious security issue, and things only seem to be getting worse.

Facebook saves face

I don't want to pick on Facebook too much. They've had a tough year, after all, with users in a number of countries taking them to task for their Byzantine privacy and copyright policies. Here at home, Canada's Privacy Commissioner just finished a months-long investigation that resulted in Facebook implementing significant changes to its privacy management processes and documentation. I realize it's a big job, and the developers and lawyers who made these changes and rolled them out globally probably need a vacation. Whether they get to take it is another story.

Facebook, unfortunately, isn't alone. Twitter has also fallen victim, with shady links that were obviously sent by a malicious bot or similarly questionable, non-human source now becoming regular fare. An unprintable reply from a complete stranger, for example, would have routed me to an X-rated Web site had I been stupid enough to follow it. Some are a bit more subtle, but no more successful: This morning's direct message from a friend ("hi. I found you on here http://reallyhinkylookinglink.com") caused my antenna to go up because:

• He's my friend and we both already know quite easily how to find each other online;
• He used to teach with me. I know for a fact that he uses both upper- and lower-case letters when he writes; and,
• He loves his sleep. He wouldn't be sending Twitter DMs at 3 a.m.

Like spam before it, I have no doubt that some of these come-ons may be sophisticated enough -- or merely sufficiently normal-looking -- to fool a few gullible recipients. Which, in the end is why such garbage continues to exist. Even if the take rate is 0.0001%, that's enough to keep the cretins who pump this stuff out still in the game.

We thought closed meant safe

But social media platforms like Facebook and Twitter aren't e-mail. Perhaps I'm more than a little naïve, but I'd like to think that because they're large-scale applications delivered by one provider, said provider would have more control over what goes on than, say, an e-mail service forced to work in a wider context. If e-mail is the Wild West with relatively few rules and no one in a position of absolutely control, Facebook at least has some sort of sheriff who dictates -- and hopefully enforces -- something akin to law and order.

Like I said, I'm probably being naïve, but Facebook and Twitter both more or less own their respective playgrounds while Microsoft's Hotmail does not. I'd like to think that that subtle difference should be enough to at least keep a lid on the influx of sewage. Then again, I guess I'd like to think a lot of things...but that doesn't mean any of them will come true.

The problem with social media tools lies in the fact that they are social to begin with. Unlike e-mail or earlier forms of online messaging and interaction, which generally set few limits on who we could reach out to, most social media applications challenge us to build communities of friends. We choose who to let in and who to exclude, and that very process lulls us into a fairly false sense of security. For we believe that once we've vetted our so-called online friends that we're all able to let our guard down because the playground itself is safe. I already let my friend into my house, the feeling goes, so nothing bad can happen from here on out.

Which is terribly wrong, of course, because as much as we'd like to believe that our friends, colleagues or acquaintances would never deliberately harm us, they can do immeasurable damage when they are compromised by their own innocence and/or ignorance. We see it every day in real life: folks too ignorant to understand the risks of H1N1 going to work because they don't want to let their team down, or well-meaning friends bringing nut-laced treats to a peanut-free home. We let these people in because we know and trust them. And in doing so, we expose them to our soft underbelly because we figure there's no need to apply the same kind of protective thinking that applies when we're around strangers.

Paranoia goes social

It's that kind of mindset that makes us that much more vulnerable to social media-borne attacks than those delivered through more conventional channels like e-mail. We've all been conditioned to reject the obvious spam (misspelled subject lines, Nigerian princes, cheap meds and all) but a link from a Facebook friend still doesn't raise the same level of alarm, if at all.

It should, of course. And until more of us become as jaded and cynical when we're Facebooking and Twittering as we do when we're e-mailing and IM-ing, these services will continue to be increasingly popular targets of choice for hackers and criminals. And while that's happening, we need to figure out better ways to convince ourselves -- and more importantly, the connections around us -- that just because it's social doesn't necessarily mean it's safe.

I'll apologize for opening with such strong language. I don't really think that Facebook sucks. But that could change very quickly unless the company, along with Twitter and any other major social media competitor, gets as serious about security as it already has about privacy.

Carmi Levy is a Canadian-based independent technology analyst and journalist still trying to live down his past life leading help desks and managing projects for large financial services organizations. He comments extensively in a wide range of media, and works closely with clients to help them leverage technology and social media tools and processes to drive their business. Join Carmi on Facebook today!