Sign up to our newsletter
The latest security news direct to your inbox
This is an impressive looking certificate isn’t it? You might think it means something significant, but then you might be wrong. How hard is it to pass the Internet and Child Safety Advocate certification test? Ask Hanna, a 9 year old (10 this weekend) girl who I met with her father at a local coffee shop. Hanna did not have access to the KidZafe training materials, but with her father’s permission I gave Hanna the certification test under the same conditions that “Kidzafe” gives the test. Hanna had 20 minutes to answer 8 out of 10 questions correctly and could immediately retake the test if she failed. Like me, Hanna did not achieve the 80% passing grade the first time through, but the second time she aced the test with a perfect 100% score. The only thing between 9 year old Hanna and “Certified Internet and Child Safety Advocate” is $149 and the legal right to enter into a contract. Yes, in about 12 minutes Hanna demonstrated the knowledge and understanding of the core competencies required to share the Keeping Kids Safe: An Internet and Mobile Safety Workshop™ program. Perhaps what is more troubling is that is the only thing a child predator or violent sex offender needs to become a “Certified Internet and Child Safety Advocate” is $149 and the ability to pass a test that takes a 9 year old about 12 minutes to successfully complete without ever seeing the certification coursework.
So, if the test is that easy to pass, what is the point of it? The point of it is to help Zamzuu sales people to trick parents, teachers, guidance counselors, librarians, preachers, and others into hosting meetings designed to generate sales leads. The certificate is a marketing brochure used to make a person appear to have a much higher level of expertise than the certification actually represents. The fact is that during the Kidzafe training, Tim Woda, one of the product owners and creators states that they are not trying to make the sales people experts.
Here’s how the pitch goes. A Zamzuu sales person contacts schools, churches, libraries and other organizations and indicates that as a local resident, Internet business owner and Certified Internet and Child Safety Advocate they would like to volunteer to present a free Internet and Mobile Safety Workshop. What these sales people don’t disclose is that this “workshop” is “a 45 minute interview” for business partners, customers, and referrals. The sales person, during the course of the workshop indicates they know of tools to help parents and asks parents to provide contact information. The whole workshop is an elaborate ruse to get leads to generate sales, recruit more sales people and obtain more referrals.
I must thank Nilda G. Thomas for tipping me off to this story. Nilda sent a comment to the ESET threat blog indicating that she is a Certified Internet and Child Safety Advocate and offered to be interviewed for the blog. That sounded pretty nice to me, but I don’t want to interview someone for the blog if they aren’t qualified to speak on the subject. I wondered what is a “Certified Internet and Child Safety Advocate”, who certifies them, and what does the certification mean? I sent Nilda an email and asked her “Can you provide me with some information about what organization certifies Internet Child Safety advocates?”
The response I received back avoided answering my question. Nilda told me that “If your followers are interested in becoming certified they will need to become an Internet Broker and can get licensed through me.” Nilda is not the “organization that certifies these alleged “advocates”. I thought that maybe Nilda didn’t understand the question, so I posed it differently. Nilda replied that “The certification covers protecting kids online from predators, bullies and sexting and how to protect their privacy and reputation on Facebook, MySpace, Twitter and on select mobile phones. The certification also trains you on how to conduct Internet and Mobile Safety Workshops. Wodabiz is the creator of our real-time child safety monitoring product KidZafe providing parents with alerts on who their child is frequently texting, communicating with on social media sites, and inappropriate language…of which I sell through my website”.
The certification training materials do provide some lightweight online child safety information, but the certification is not by any means an indicator of any significant knowledge or understanding of online child safety, much the less Internet safety. Much of the training information is statistics that are misused to create fear. For example, a statistic is quoted that 20% of kids have been sexually solicited online. The presenter goes on to state that “most of us never heard from our kids that they were sexually solicited online.” Do you see the twist? Most kids, 4 out of 5, have NEVER been sexually solicited online, yet to make parents believe that most kids have been the presenter states that “most of us never heard from our kids that they were sexually solicited online.” Of course not, because most of your kids were never sexually solicited online according to the statistics used. This is an example of creating fear, uncertainty, and doubt to create a need for the product that is to be sold. This statistic is further shattered by Larry Magid in slides 29-33 of his presentation at http://www.safekids.com/mommy.ppt. The speaker notes of slide 33 reveal that the real number was 1% and not 20%. This kind of insight is not useful to sell parental monitoring software, hype is far more effective.
In another example the statistic used is that 63% of teens said that they had been asked to meet offline by someone they hadn’t met before. This statistic is useful in understanding how society is interacting today, but it does not reveal a risk factor. There is no follow up about what percent of the meetings were in public places with parents or other trusted authority figures. There is no additional information provided about how often those meetings result in harm or if they ever result in a higher rate of harm than meeting someone at a school event, movie theater, or other physical venue where people encounter strangers on a daily basis. The idea is to raise fear, uncertainty and doubt in order to create the perception of need for the product to be sold.
In researching Kidzafe the more I learned the more distasteful the organization became to me. Tim Woda, allegedly a “nationally renowned Internet & Child Safety Advocate” (apparently he certified himself) with Hanna Masters appears to demonstrate how to deceive and lie while setting up and giving presentations. At the end of the prescribed workshop that the sales people trained are to present, they are encouraged to stress that they are volunteering and it isn’t their “day job” in order to foster the incorrect belief that it wasn’t a sales meeting. The fact is that the presenter is there doing business. The goal of the workshop is to make sales, recruit sales people and get referrals to do more of the same. In the product and sales training there is a place where Woda says NOT to ask the host to photocopy the handouts for the presentation. In the role playing he tells the pretend hostess that he went to the library on his lunch break to make photocopies of the handouts. When the hostess responds that she could have done that for him, Woda responds “well, too little too late, I didn’t think to ask…” What? “I didn’t think to ask?” The slide that is displayed as Woda goes through this exchange with Masters says “Don’t ask the host to photocopy your Parent Packs. Save your “ask” for something important!” Is that not encouraging the sales people to lie? Then Woda goes on to ask the hostess for a letter of reference for not making the photocopies. Is that not disgustingly manipulative? I suppose I should not be too surprised. KidZafe is sold by Zamzuu and Zamzuu is a subsidiary of YTB, Inc. In 2009 YTB settled a lawsuit with the state of California in which it was alleged that YTB was an unlawful endless chain scheme (pyramid scheme), and engaged in other deceptive and illegal practices. Part of the settlement included the payment of $400,000 in civil penalties though the total cost of the settlement for YTB was $1,000,000. In April of 2011 it was announced that YTB agreed to pay $150,000 as part of its settlement with the State of Illinois.
I’ve already mentioned the deception used to trick parents, teacher, preachers, and others into setting up workshops, but I’d like to show you another example. At http://www.examiner.com/family-issues-in-san-diego/internet-safety Vangie Akridge writes about Internet safety and includes an invitation to attend a “free workshop”. According to Vangie’s Facebook profile she is a Zamzuu Business Owner/Broker. If this “free workshop” was one of those thinly disguised KidZafe sales meetings that would be a violation of common journalistic integrity as Vangie does not disclose her financial interest in the workshop.
The domain “KidZafe.com” appears to have been registered on July 6 2010. Another site, www.kidzSafe.org was registered on October 1, 2007 and is a non-profit, charitable organization that helps teach parents and educators about child safety. The site www.kidsafe.com was registered on October 31, 2000 and addresses many areas of child safety as well. At www.kidsafe.me Woda refers to his product as “Kidsafe”. It certainly appears like typo squatting and/or an attempt to trick people into thinking they are someone who they are not, but there is more that leads me to this conclusion. On the Kidzafe webpage at the bottom there is a logo that reads “Parental Intelligence powered by FamilyConnect™. The logo is not linked, which often, but not always, is a sign of someone trying to hide something. A search for “FamilyConnect” turns up www.familyconnect.org, a website for parents of children with visual impairments. It appears that KidZafe is trying to ride on the reputation of FamilyConnect as well.
Although Kidzafe claims that they partner “with some of the nation’s leading privacy and cyber safety experts and child safety advocates”, none that I checked with had heard of them or partnered with them and a message to the Internet Crimes Against Children mailing list asking if anyone had heard of KidZafe yielded no results.
So, what is the service these people are trying to sell? Kidzafe is a parental monitoring service, or spyware, depending upon your point of view. The way it works is that you provide your child’s Myspace, Facebook, and/or Twitter account credentials to Kidzafe and then they monitor EVERYTHING your child does. If they spot certain words they inform the parents. It goes a lot deeper than that and they have a mobile app for Blackberry and Android phones that also monitors all text messages.
A while back, the Taser company came out with a mobile phone monitoring service that was just as spy-happy as the KidZafe program. In writing about this product it is stated that Dr. Patti Agatston, a licensed professional counselor with the Prevention/Intervention Center of the Cobb County School District in Georgia, thinks that technology like this “would probably do more harm than good” for most kids. “The only place I can see this is with kids who are already exhibiting dangerous behavior, such as kids who are in gangs,” she said. “In general, I don’t see this as an appropriate solution for the risky behaviors that are generating headlines because it’s still a relatively small percentage of kids who are engaging in those activities.
“Kids need to have some type of privacy, it’s developmentally appropriate as kids get older,” said Agatston. She added that “part of my fear is that this type of technology appeals to the type of parents who are already being too controlling in their children’s lives.” With these families, “kids will want to have nothing to do with their parents once they leave the home.”
A study by the Berkman Center for Internet and Society at Harvard University concludes that Minors are not equally at risk online. Those who are most at risk often engage in risky
behaviors and have difficulties in other parts of their lives. The psychosocial makeup of
and family dynamics surrounding particular minors are better predictors of risk than the use
of specific media or technologies.
So, the product being sold is likely to be of limited benefit and may more frequently cause significant and long term harm. All the same, if you are the type of parent who feels that extreme monitoring is warranted that is not my call to make, however I would caution you not to use this product. Given the deceptive nature in which I believe the product is presented and marketed I think it is wrong to hand over your child’s communications to such a company. The fact is that Kidzafe, if not Zamzuu and YTB, have access to your child’s entire profile and every post, and private message. Based on the information you have seen, does it sound reasonable to you to give your child’s information to such people. Note, and product that claims to be powered by “Parental Intelligence”, “FamilyConnect™” or “Uknow™” is likely to be placing your child’s information into the hands of a company owned at least in part by Tim Woda. Everything I have seen tells me that giving him your child’s communications is not a good idea.
To summarize this all, there is an army of sales people armed with highly misleading certifications, who appear to be encouraged to lie to and deceive parents, PTA officials, school officials and church clergy in order to hold sales meetings that are euphemistically referred to as free workshops in order to sell a service that some experts claim would do more harm than good to address a problem that is significantly exaggerated.
Director of Technical Education
Cyber Threat Analysis Center
ESET North America
PS. For a partial listing of the components of Internet and child safety that the certification course does not cover, read on…
Firewalls – No
Wireless routers – No
Public Wifi – No
Computer viruses – No
Rogue antivirus/security software – No
Other malware – No
Phishing – No
Identity theft protection/response – No
Strong Passwords, Password reset questions, Changing Passwords – No
Configuring privacy settings for Facebook/Myspace/Twitter – No
Updating operating systems, security software, any software – No
Securing mobile devices – No
Encryption of data – No
Use of Https protocol – No
Intrusion detection/prevention software – No
Child Safety Education?
Drowning prevention – No
Traffic safety – No
Date rape – No
“Knowing my rules for safety” from the National Center for Missing & Exploited Children – No
Eating disorders – No
Health and Nutrition – No
Exercise – No
Family fire escape plan – No
Being approached in person by strangers – No
Author ESET Research, ESET