Many parents are rightfully concerned about their kid’s participation in social networks. There are a number of areas to be concerned with. Who are the kids talking to? Is there a pedophile stalking them? Parents might worry about the friends their kids are making online and what kind of people, even their kid's own age, they are associating with. Some parents will be concerned about how much time their kids are spending online versus out in the sun and developing interpersonal skills in person. There are resources available to help parents learn how to be more effective in providing guidance to their children when using social networking sites however, these are not the parenting skills I am talking about.
I have a friend who is meticulous about having as small an internet footprint as possible. My friend is 23 years old and is not in the computer security field. My friend is a regular person who happens to value her privacy more than most people her age and wants to control what information about her is public and what is not. My friend is a private person who shares what she wishes to share with people she wishes to share with. Respecting her privacy, I will not share her name.
In today’s world, many parents are not affording their children the choice that my friend and millions of other people have. Many parents are posting a lot of information about their children, in some cases on almost a daily basis. I do believe that these parents have every great intention in the world and are simply very, very proud of their child. I applaud their pride and encourage them to share that pride with their children, but if you are such a parent, are you really being fair to your child? Will your child have the same choice that my friend has when it comes to controlling the information about them on the Internet? If you didn’t see my blog https://www.welivesecurity.com/2011/03/25/facebook-retains-right-to-exploit-minors you might want to read that to see one way in which innocent looking data sharing can be abused.
I suspect that many parents are not considering how the information they post now may be used in the future. The cute little picture or story you tell about your kid may be the item that kids in the 5th grade will use to mock your child in class. The picture you think is cute today may be an embarrassment in the future.
To some extent how public this information becomes depends upon what your privacy settings are and who you choose as friends. To use Facebook as an example, you may be very careful about who you choose as friends, but may have friends who are not very discerning about who they accept friend requests from. If you share your wall with “Friends and friends of friends” then you have lost control of who has access to your data.
If you use apps on Facebook, and are not extremely careful then you may be sharing all of your data with the world. Even if you are careful, if you use apps on Facebook you may open your account to malicious hacking. In late 2009 a company called RockYou was hacked. RockYou makes some very, very popular applications for social networking sites. The hack resulted in the compromise of user names and passwords. RockYou had not encrypted the passwords so about 32 million people’s passwords were disclosed. RockYou claimed to have fixed the problems, but a quick check today of their popular “Zoo World” game shows that you have to switch from https to http to use the game. In other words, RockYou still can’t spell encryption, much the less use the technology. What this means to you is that if you use Facebook Apps you may well compromise your account.
The information posted on the internet does not go away. Eric Schmidt, the CEO of Google has predicted that in the future young people will have to change their names to escape their cyber-past. As a parent, you probably can’t prevent your child from making some mistakes that may result in them wanting to change their name, but not all kids will make such mistakes. As a parent, do you want to be the one who made the mistake that lead your child to feel the need to change their name? A name change is a big deal. It means those years down the road, the rekindling of meaningful relationships will not be an option. There is a lot more to it than that, but it is not an action that comes without significant ramifications.
As a parent, you can teach your children to respect the privacy of others by being an example and respecting theirs. I am not saying that you should never post anything about your child, but do be aware of how much you are posting and recognize that your child is not you and as they become adults they may have entirely different desires with respect to how much of their lives are an open book.
So, what can you do as a proud parent who wants to share, but wants to protect as well? You might consider two different Facebook accounts. Use one account for sharing YOUR information with anyone you want to and however you want to. For the account that you document your child’s life with, lock down your privacy settings. Only share information with friends, not with friends of friends or everyone. Do not use a profile picture of your child and preferably not of a human at all. Invite ONLY your family members and very closest friends to be Facebook friends on this account. If you choose to use your child’s name for the profile, be prepared to relinquish ALL control of the account when your child is old enough to have their own account... it’s only fair. Do not install ANY apps on that profile. Apps are an invitation for information disclosure. With each post, ask yourself the following questions. 1) Will my child potentially one day ask me why I was so rude or inconsiderate as to share this information with the people I shared it with? 2) Do you friends and family really want to know that little Jane went through a whole case a diapers today due to the flu? Finally, use a very, very, very good password. You are forcing your child to trust you with their information, it is your duty to be a responsible steward of that information.
Randy Abrams
Director of Technical Education
Cyber Threat Analysis Center
ESET North America
