Embed Size (px)
Citation preview
Outline of presentation• Brief introduction of Facebook as a social
networking tool
• Research questions
• Methods
• Findings and Results
• Some Experimentation
• Possible Risks and suggested precautions
• Conclusions
Introduction
Facebook?
Research Questions• What is the level of information users display and
why?• The factors that influence choice in accepting
‘friend requests’• What is the level of awareness of the control add-
ons e.g. quizzes, applications, has over users information?
• Are users security-conscious and aware of the potential online threats?
• Does the user understand Facebook security and it’s broader implications
MethodsDummy profiles were created
Methods
Interviews• 9 people were chosen• Age ranged between 19 and 27• Recruited via email and word of mouth• Informal - video and audio recorded
Findings and Results
Interviews findings• Information Display• Tagging• Add-ons: Applications and Quizzes• Accepting Friends• Online Security
Dummy profile findings
Findings and ResultsInformation Display• All nine had their real name, date of birth and email
address visible• Three had their mobile number displayed• Five revealed their general address• Seven displayed their former school they attended• One displayed links to their families Facebook page
Tagging• Only four persons answered correctly when asked who
could view the photo of you being tagged in it• Six participants realized the implications of tagging, three
stated that they didn’t care about the consequences
Findings and ResultsAdd-ons: Applications and Quizzes• 7 out of 9 accepted applications• Of these ‘Application’ users, all were not aware of their
consequences saying:
I just never read the text that appears in the allow pop up box (F-19 and M-19)It is never stated about allowing access to friends information when you hit accept in the pop up dialog box. Surely it should only have access to only your information (M-25)
Findings and Results
Add-ons: Applications and Quizzes• 8 our of 9 accepted applications• Main motivation: are of interest to the user• All those who took part were unaware of the implications• Most interviewees rated quizzes safer than applications
Findings and ResultsAccepting FriendsReasons• 4 participants accepted ‘friend’ request because they know them• 3 participants accepted ‘friend’ request if they had met them at least
once e.g. at a party• 1 participant would accept a ‘friend’ request merely because of
mutual friendships• 1 participant would accept a ‘friend’ request if she liked the look of
the profile picture. Some of the responses to this question included:• F-27: If I was 50/50 about someone I would accept them, have a
look a their profile and if I was satisfied that I didn’t know them I would delete the from my profile.
Findings and Results
Online Security• 3 had strong passwords, 3 had medium strength
passwords and three had weak passwords• 7 believed their password was strong, 2 believed it to be
weak• 2 didn’t know how to change their security settings on
Findings and ResultsWhat impact did the interview have over yourbehavior?
• 6 people said they would hide their Date of Birth• 4 people said they would change their passwords• 1 people said that they would review their friends list• 2 people said that they would not except quizzes and
applications (with the exception of some they liked e.g. Farmville, Mafia Wars)
Findings and ResultsDummy profile findings• Of the 104 ‘friends request that were distributed, 24 a
accepted
Number of users that accepted the ‘friend’ request
Findings and ResultsUsers information that was disclosed to the ‘friend’
Findings and ResultsPeoples responses during the Interviews
• Male users seem to be less shocked by identity theft and possible risks compared with females
• The majority of users have never change their security setting
• Male users show a total indifference to tagging compared with women
• Users level of education and age was irrelevant to their understanding of security on Facebook
Findings and ResultsPeoples responses to accepting ’friend’ requests
• “I saw that she went to UL so thought that I may have known her but couldn't place her”
• “I felt I may have met her somewhere along the line”• “because I recognized the name and thought it was one of the
lads from home”
• “I have a general policy of accepting anybody who bothers to add me as a friend. I figure they must know me and don't want to offend them by declining them”
• “I just added her mostly out of interest and a small bit because the profile picture is easy on the eye”
• “because she was female I wasn't as wary as I would have been if it was a male”
Some ExperimentationHow easy would it be to steal identity and conduct illegal activity using Facebook profile information?
One Facebook users profile was chosen and thefollowing experimentation was carried out usingonly information on her Facebook page
• Access her mobile phone account• Create an Identity Card using her details
Some Experimentation
QuickTime™ and aH.264 decompressor
are needed to see this picture.
Possible Risks and PrecautionsBrian Rutberg
• Account hacked by criminals looking for cash• Used famous “Nigerian” or “419” ploy against him• By a combination of fake posting on his Facebook wall and sending
emails, the hackers were wired $1,200
Mark Neely was another user that was affected by thistype of hacking
Usocial.net - selling of friend bundles – 1000 friends is $177– 5000 friends(Facebooks limit) is $657
Possible Risks and Precautions
• Be very selective with the information that you display on your profile
• Be suspicious of anyone that adds you as a friend• Ensure that you know all thoes that you accept as friends• If a ‘friend’ asks you for money, verify their circumstances
independently, preferable by direct telephone contact or person to person
• Don’t use the same passwords for all your online accounts.
• Have a personal email and a dummy email, using the dummy email for unsecured sites e.g.Facebook.
• Delete your Facebook - or can you?
Conclusions and reflections
• Network site users are too trusting with very little security awareness
• Very little publicity surrounding identity fraud and its implications
• More information needs to be in the public domain in order to increase awareness
• The ability to Hack Facebook is well documented• We as users need to be extremely discerning about what
we allow to be public knowledge, it is not alone Facebook that should be answerable.
ACLU quiz on Facebook
