I’m interested to see where the discussion will go. There is overlap with last week’s topic of privacy and openness, especially where topics of hacking and identity theft are concerned.
I don’t want to rehash trodden ground, but I was intrigued by Alec Couros’ troubles with Facebook and identity misappropriation. He’s had problems with people borrowing his image or name or both for scammy purposes, but recently Facebook decided that he himself was not authentic, in spite of the volume of data he had provided them over the years. There are services that use things like Facebook, Twitter or Google+ for login identification. In essence, Facebook becomes a virtual ID card. What are the implications of outsourcing ID verification to commercial entities? Especially in light of the terms and conditions of our relationships with them? In real life we use government, which we supposedly control, for ID cards. What can happen when we turn to commercial providers for that?
As I was looking for an image to go with this post, I found this info graphic by Fred Cavazza on Flickr:
It might be a little outdated (2006), but maybe that says something about the shifting nature of digital identity. It’s an interesting way of breaking the topic down, and of showing its breadth.
How Apple and Amazon Security Flaws Led to My Epic Hacking
by Mat Honan
Source link: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/all/
author: Mat Honan
Mat was hacked and his “entire digital life was destroyed” in less time than most people spend checking FaceBook each day. A hacker:
- Deleted his Google account
- Used his Twitter account to “broadcast racist and homophobic messages”
- Erased all the data on his iPhone, iPad, and MacBook.
You may be asking yourself how this happened? The answer is very scary! Mat had all his accounts “daisy-chained” together, which many online companies take advantage of (sign-in with FaceBook or Google+, login with FaceBook to find your friends, use Pay-Pal for checkout). This idea of a Universal Login makes the security of the web much more transparent to the user. It’s great up until it breaks and then it’s devastating as Mat found out. Mat found out from Apple that they gave the hackers access to his iCloud account using the last 4-digits of a credit card number that Amazon displays when you login. Mat points out the following:
“The very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
At the time of the hack, Apple only requires a billing address and the last four digits of a credit card number to allow someone, hopefully you but not necessarily, to reset your password to iCloud. Mat made contact with the hacker and agreed not to press charges for information on the hack. The hacker stated he found Mat’s email address on his personal webpage. Using Google’s account recovery page they found his Apple .me email address. This was the golden ticket. The hacker, who goes by Phobia, stated that “You honesty can get into any email associated with apple”. The hacker did a whois search to find Mat’s billing address. The last 4-digits of the credit card number was harder to get but not impossible. Basically, you dupe Amazon into letting you create new sign-in credentials by using Amazon phone support to add a new credit card, which you later use to verify the account in order add a new email address. From here you can send a password reset email to the new email address the hacker owns to get into your Amazon account thus gaining access to the credit card information.
Personal Brand: Your Digital Identity
by Fairfield University’s Aloysuis Kelly
Source link: http://www.fairfield.edu/media/fairfielduniversitywebsite/documents/student/cpc_digital_identity.pdf
author: Aloysius P. Kelly
Fairfield University discusses the importance of taking control of your identity online. In fact, they claim that you have a personal responsibility to maintain your digital identity and your identity in real life. They claim you can “elicit” similar feelings a brand logo like Starbucks or Google does with your own digital identity. Four key areas of branding for individual are:
- Your attire
- Your Professional Resume
- Your presence i.e. “the way you carry yourself”
- Your Digital Identity
The first recommendation to having a good digital identity is to conduct thorough online searches to find out what kind of information is already available. It’s important if you find unflattering information to take steps to control or remove the material if possible. According to Repplar, employers reject candidates 68% of the time because of undesirable online presence. Second, create a professional brand online by creating a Google+ profile and a LinkedIn profile. These two sites are made for managing your professional image online. LinkedIn, according to Fairfield, is “an interactive business card”. It’s also important to include a LinkedIn summary statement that is “concise, specific and type free”. Pay attention to the last one! For example:
“I am a junior Marketing major at Fairfield University with a minor in Communication and English. My professional experiences lie in marketing, Project Management, Public Speaking, and Public Relations. I have had the opportunity to intern at Gain Communications where I honed my consumer marketing expertise and skills.”
Finally, it’s also important to collect recommendations from every one of your experiences, which will help “paint a well rounded image of yourself”.
Digital Identity for College Students
by Sheri Lehman (March 2013)
Source link: http://blogs.chapman.edu/smc/2013/03/07/digital-identity-for-college-students/
author: Sheri Lehman
Sheri discusses the concept of branding your digital image or “second self”online via the use of various internet technologies. First, find a place to post your “elevator pitch”, which is a short sales pitch describing you as a person. It should include “who you are, what you do, your interests, and your strengths and contributions”. Sheri calls this your “brand statement”. Second, you should make use of social media tools. She discusses the importance of choosing the right platform to express yourself because each one is unique. Third, you must not lie! Finally, Sheri breaks down the concept that every internet site, regardless if it’s a personal blog to a yellow pages site requires social networking to thrive. You have to find a way to drive traffic of your intended audience to your site or brand image platform (maybe your using Facebook or Pinterest). She suggest finding important people within your industry or joining various groups or discussions on the likes of Facebook, LinkedIn, Twitter and such. Don’t forget that your digital identity must be managed in similar way to a business like Coca-Cola or Google: constant evaluation and growing.
Publisher: The Economist
This article discusses the digital ID system currently being implemented in Estonia. The digital identity is now an Estonian birthright coupled with their health insurance. The digital ID comes in the form of a small ID card used in electronic banking and ecommerce, health care, public transportation, email encryption and even voting.
The cards themselves only contain the minimum amount of private data necessary for identification. Lost cards can be terminated before the sensitive information is compromised. Estonians are also given a PIN code coupled with their ID to aid in identity verification.
This article cites the reasons the digital ID has failed in other countries being the governments careless keeping of sensitive data. Similarly, the Estonians had prior framework for a government that did promote a surveillance society, evoking trust from their citizens which is opposite to that of most countries. Estonia is currently working with other countries in the European Union so that other member states can interact with their different digital ID’s.
The Estonian digital identity has helped the economy to flourish from home businesses. The specific ID’s make ecommerce safer and less vulnerable to fraud, something too common to home businesses before the system was implemented.
“Soon, multiple satellite citizenship may even become the norm,” the author predicts. The author of the article concludes by arguing the main point is that a government or digital identity is no longer reliant upon location. This is only moving society closer to the concept of a universal identity but it also highlights the flaws of a virtual universe that is divorced from location.
Author: Sean Sposito
Published by American Banker, author Sean Sposito wrote an article titled “Digitally ID’ing Customers: An Inexact Science” explaining the current conflict between digital identities and an economy attempting to adapt. This article specifically addresses a digitally identity consisting of what information users supply as a consumer. The example given was of a bank consumer connecting to business partners on social media, unknowingly providing information to their bank, becoming a part of their digital identity. Consumers digital identity can refer to passwords, user identities, or even web cookies.
“We are creating digital identities to benefit banks,” says Nelsen. “Static passwords need to be replaced. We are working on EMV chip cards, one-time passwords and app-based security technology,” said Mark Nelsen, Visa’s head of rick and authentication of products.” Donna Turner of Bank of American however argues that consumers expect a completely virtual banking experience, something the bank industry isn’t equipped for. Turner states that transferring sensitive data required for banking requires “accountability, responsibility, and liability” of unprotected data.
Balancing the brand risk and financial risk of transitioning to virtual banking will not be simple but there is ample demand, which can drive a movement. Sposito ultimately argues the process of aggregating the information that comprises a digital identity makes the prospect of a completely virtual economy nearly impossible.
Author: Eric Holm
Presented at the International Conference on Digital Society in 2014, this paper by Eric Holm explores the relationship between social networking and identity crime. Holm begins by highlighting the positive aspects of social media such as creating new relationships, connecting with estranged relatives, and exploring new interest. He also highlights the increase in identity related cyber crimes as a result of the growth of social networking.
A digital identity refers to the information one chooses to share about themselves online, in this case specifically, social networks. Holm states that social networks are the main platform for sharing any and all information. He explains the obvious draws of social networking and why users are more likely to share their information under the guise of “privacy”. Common information such as location, name, and age don’t seem all that personal, but it’s enough for someone to steal your identity – something cyber thieves are very aware of.
Due to their increased presence on social media, and perhaps their naivety, teens fifteen to eighteen are 43% more likely to fall victim to an identity crime. Holm suggest users ages fifteen to eighteen are also more attractive to cyber thieves because their more likely to have an income than say a twelve year old. Monetary gain is often the driving force behind identity crimes. Younger children are more likely to have their identity stolen so thieves can commit fraud. Children and teens are often aware they shouldn’t tell individuals their address, but often sharing information when prompted to “create a profile” seems second nature. Children and teens are also sometimes unaware of what information is sensitive and should never be shared.
Holm explains it can be difficult to prosecute cyber criminals for crimes committed using information obtained through social networks. Firstly, the “Right to Privacy” creates a legal gray area considering the user shared the information pulbic even if it was attained without consent. Secondly, it can be hard to attain evidence against cyber criminals operating through social networks because of the rapid transfers of data, essentially destroying evidence. Thirdly, the Internet is universal; meaning anyone anywhere could be looking at your information. It isn’t easy for governments to cooperate in a timely manner, if at all.
Holm suggests the solution lies with the user. He explains it’s important for users to be aware of what information is sensitive and where they share information if they choose to. Similarly it is important for parents to monitor the content their children share and teach why it’s important to protect your digital identity.