To share or not to share: The Security Risks of Social Networking

Posted on by
Reply

If you are not using Facebook, Twitter, YouTube, Linked In, or any of the social networks that are currently monopolizing the interest of web users, please stop reading. Well, given the fact that many of them are included in the Top 20 list of the most visited websites I presume that you are still here.

There are numerous reasons for people to join such a network including: keeping up with old friends, sharing music, photos and videos, finding job opportunities, starting up a small business, promoting it, connecting to causes and many others. To deliver such services, social networks contain and distribute huge amounts of sensitive information. This fact raises many security threats that involve scam artists, stalkers, identity thieves and companies that gather information to gain marketing advantages. Even if it is impossible to escape all the social network-related risks that exist, there are a few steps that you can take to reduce them.

First of all you have to be skeptical about the information you share. Some people share too much while their information can be shared more widely than they wished if they don’t set the network’s privacy controls. Before you share something, you have to be discreet and wary. Specifically, never type anything that would expose you to unwanted persons and remember that people on the Internet are not always who they seem to be. Also, you have to keep in mind that there are social networks that do not guarantee the security of the information shared through a profile, a group etc. For instance, as of May 7, 2010, Facebook’s privacy policy mentioned that it could not guarantee that only authorized persons will view a user’s information. The social network-related security flaws that come to light very often exhibit the above fact.

Most social networks employ some sort of application system where a developer is able to write code and develop third-party applications, which are executed within the social network and have access to content that is only available to the network’s provider (for example the public information of a user). Such applications include quizzes, games to play with other users, polls and others. Apart from the public information of a user, a third-party application may access some private information even if the user is not aware that this is happening. Actually, such an application may also gain access to the personal information of a user’s contacts even if those contacts have not granted any explicit permission to the application. Also, this kind of applications may contain malware designed to attack your computer or maliciously use your data. In addition, scammers can also utilize such applications in order to waste your time and resources. So when you are about to use a new application that was suggested to you remember to always think twice.

A malicious user does not have to develop an application to harm you. A simple personal message could be enough to form a phishing-like attack. Hence, you don’t have to click on everything that is sent to you. Especially on all these shortened URL’s that are popping up everywhere and are commonly accepted as links to relevant and valuable information despite their “disguise”.

Advertisers can be very interested in using the data that social networks collect (i.e. exploring the “favorite movies” section of millions of user profiles could be vital for a film studio). Such data can be used as a basis for behavioral targeting. But currently there are no limits on the ways advertisers can gather and use this kind of data. As a result, there are several concerns regarding this kind of advertising since user privacy attracts little consideration. For example, there are third-party applications that transmit specific information to companies without notifying users.

Social network security has attracted the interest of researchers and practitioners many times. If you want to learn more about this field you can check this white paper by Brad Dinerman called “Social networking and security risks”. Furthermore, you can have a look on how a person’s mishandlings in the social network context, can pose a security threat to her university and college network in “Who’s really in your top 8: network security in the age of social networking” by Robert Gibson. Finally, if you want to learn more about the security and privacy in social networks and how they can be ensured, you can refer to “Security and privacy in online social networks: A survey”, which is a very good survey by Novak et al.

The changing nature of (ubiquitous) computing

Posted on by
Reply

I seem lately to be having recurring conversations on the same theme: the changing nature of computing and the movement from desktop to mobile/ubiquitous computing (aside: what is ubicomp? You could start with this defining video from 1991). Humorous anecdotes about children interacting with technology often come up in these conversations (or vague recollections of YouTube videos—anecdotes 2.0). Kids futilely trying to pinch-zoom their parents’ magazines, as in the video below; or throwing their parents’ smartphone around without a concept of its cost or—relative to, say, the family computer—the novelty of its interaction. Novel technology for the parents, mundane for the child.

New generations live and breath—not adopt—new technology, giving them a fundamentally different perspective

I think, like social change, much of technological change comes through new generations that grow up with realities their parents had to adopt—computers, the Internet, social media. Wonderful clichés like, “back in my day, we had to know how to read a map!” betray fundamentally different views of the world that are symptomatic of technological shift. When kids are so used to a technology being there that they can’t conceive of its absence—the 2-year-old pinch-zooming a magazine in vain—that is when a new generation of people, whose underlying worldview is not shaped by old ideas but built on a foundation of new technology, develop solutions that are truly native to that technological landscape.

So, what does this have to do with ubicomp? Ubiquitous computing is a thing—separate from other instantiations of interactive computing—only insofar as it isn’t ubiquitous. Once it underlies, as it increasingly does, so much of how we interact with technology on a day-to-day basis, it becomes less meaningful to say one does work in ubiquitous computing apart from other areas of human–computer interaction (HCI).

For example, my own interest in pervasive health sensing and feedback (i.e. mobile, or in-home, or ubiquitous health tech) did not arise from my interests in ubiquitous computing as an area—I had none. It arose, broadly, from my interest in human–computer interaction and a particular application area. It happens that many of the problems and questions I am interested in draw on ubicomp solutions, and are appropriate for a ubicomp audience, but if (for example) my research takes me into web-based or desktop-based solutions I will follow my way there. I suspect many other people ostensibly in ubicomp today feel similarly. Ten or twenty years out from now, when the kids that today are frustratedly pinch-zooming magazines have become researchers and app developers, it won’t occur to them that building interactive systems doesn’t involve ubicomp, since in their technological landscape the two will be the same.

Ubicomp becoming ubiquitous?

As the computing everyone uses moves off the desktop, more and more questions in human–computer interaction involve ubiquitous computing technology, such as smartphones, even if only as a platform. Does that research then become ubicomp work? Or will the notion of ubicomp become so embedded in much of the rest of HCI that this distinction is meaningless? Like most things there is a grey area here, but as ubicomp becomes integral to much of HCI it might be useful to ask if we need to rethink the boundaries of these concepts. I suspect the coming generation of pinch-zoomers will have difficulty seeing the difference.

DIS 2012 Highlights

Posted on by
Reply

Here’s a few of my own highlights from DIS 2012 sessions that I attended…

At the seams: DIYbio and Opportunities for HCI (Stacey Kuzentesov, Alex S. Taylor, Tim Regan, Nicolas Villar, Eric Paulos): Fascinating look at issues facing the DIY Biology including community, materials management, ethics, etc.  Some good examples about how interaction design might have a role in supporting the DIY Biology community.

How Learning Works in Design Education: Educating for Creative Awareness Through Formative Reflexivity (Katheryn Richard, Haakon Faste).  How traditional principles of good education break down when applied to creative design education.

Reflective Design Documentation (Peter Dalsgaard, Kim Halskov).  System for design documentation, this time thinking about how this could be useful to researchers who do research through design.  Very thoughtful, particularly during the Q&A.

Framing, Aligning, Paradoxing, Abstracting, and Directing: How Design Mood Boards Work (Andrés Lucero). Mood Board 101: what are the benefits to using them, what can interaction design borrow from this practice that’s common in industrial design, fashion design, textiles, etc.

Understanding Participation and Opportunities for Design from an Online Postcard Sending Community. (Ryan Kelly, Daniel Gooch). Nifty short paper about the life and times of http://www.postcrossing.com/

Exquisite Corpse 2.0: Qualitative Analysis of a Community-based Fiction Project (Peter Likarish, Jon Winet).  Nifty short paper about crowdsourcing a novel line-by-line over twitter, looking at how the narrative is being constructed and managed in a lightweight, distributed medium.

Experiences: A year in the Life of an Interactive Desk. (John Hardy).  One computer science researcher’s reflection on spending a year living and working on an interactive desk. Brought up lots of longitudinal issues that realistically must be considered if interactive work environments are going to be supported in the long run.

… Oh, and, if you’re still curious about that “cool bit of electronics” that came with the conference nametag, it turns out it’s part of Tom Bartindale‘s to-be-published research project at Newcastle University’s Culture Lab. The board has an IR transmitter that  is picked up by the cameras at the conference that are recording talks and interviews with authors.  This metadata of ‘who’s on camera?’ allows videographers to search through stacks of footage and find clips with particular subjects.

Reporting from DIS 2012

Posted on by
1

I’ll be blogging this week (June 12-15) from DIS 2012 in Newcastle, UK.  This year’s DIS conference is actually part of a two-week conference series that also includes Pervasive 2012 and the International Symposium of Wearable Computers (ISWC 2012).

When I arrived I was very pleasantly surprised that my registration “bag” included:

  •  My badge/nametag.
  • A cool bit of electronics (more on this later).
  • A conference program, which fit into my plastic name badge.  The reverse side has a map, for easy reference.
  • A USB key with conference proceedings.
  • The ubiquitous conference bag … which is actually an Onya Bag that fits into a tiny stuff sack and attaches to a keychain.
  • A lanyard, to which everything is attached.

I tend to a) recycle 90% of the flyers that come in conference bags within 10 minutes; b) continually forget my conference program; and c) begrudgingly lug former conference bags to the grocery store.  Thank you, DIS 2012 organizing committee, for thoughtfully designing registration and being well-organized.

You may still be wondering about that QR code and cool bit of electronics near the bottom of my name tag.  Registration let me know that it’s being used to identify me automatically in video taken at the conference, and that it works with interactive coffee tables in the main lobby area.  I’ll do a bit more investigating on how this works and will report back soon!

Dear HCI, Thank you. Love, Mechanical Engineering

Posted on by
Reply

My entire academic background – BS, MS, PhD –  is in Mechanical Engineering.  However, in addition to conferences hosted by the American Society of Mechanical Engineering, I also attend the suite of ACM’s Human-Computer Interaction (HCI) Conferences. So, why should Mechanical Engineering care about HCI?

First, product design includes interfaces.  ‘Product design’ refers to the blend of mechanical engineering and industrial design. Design is the ‘outward facing’ side of Mechanical Engineering; product designers conceptualize, design, and implement many of the physical products you interact with on a daily basis.  In the cafe that I’m currently writing from, a design engineer was involved in everything from the teacup, the teapot, the table, the chair, and the laptop I’m writing on… and all the packaging that each of those products arrived in.   These traditional products still have interfaces – examples from Don Norman’s infamous “Design of Everyday Things” address how people physically interact with ‘non-smart’ products and devices such as teapots, doorknobs, or rotary telephones.  Today’s product designers are asked to not only design the physical product, but also weigh in on how the user should interact with smart products.

Second, design research in mechanical engineering can learn from findings from interaction design.  Early-stage phases of new product development – particularly user research and concept generation– are agnostic to whether or not the final ‘product’ is a physical product, software, a physical or digital service, or an architectural space.  As a result, many of the same design theory principles coming out of the interaction design community are broadly applicable to other design domains, including product design or new product development, within some level of translation.

Finally, engineers deserve well-designed technology. Engineers are people too – and, while computer scientists frequently design new programming environments for themselves, mechanical engineers and new product developers are not always the subject of thoughtful, human-centered technology design. Taking an HCI perspective to understand how engineers and designers are users of software opens up the possibility for better-designed tools in the future (I’m looking at you, CAD!).

… so why should HCI care about Mechanical Engineering?

It’s sometimes easy to get lost in cognition, perception, algorithms, and pixels.  However, when mechanical engineers check their gut, they see the physical interface between humans and computers.  You’ll see plenty of relevant contributions from Mechanical Engineering in the areas of ergonomics, haptic feedback, or tangible interfaces. But more broadly, mechanical engineers offer the reminder that humans (and computers) still primarily exist in a physical world.