Happy Holidays from The DeLongs

Personal Data "Leakage" - Give Attrition.org & PogoWasRight.org props

If you've been following the "trend" of personal data information "leakage" or loss, then you'll want to read this latest commentary from Attrition.org on the subject.

Yesterday, the Cyber Security Industry Alliance (CSIA) put out a press release stating that "to date, 100 million Americans -- more than one-third of the population of the United States -- have had their personal information compromised, according to the Privacy Rights Clearinghouse."

The CSIA, it should be noted, is an industry consortium of companies that sell information security products and services of all kinds. One could say they have a vested interested in bringing anything construed as violating said security to the attention of the public so they can sell more product.

That being said, I've had some peripheral involvement in the Attrition.org/PogoWasRight.org DataLoss mailing list and their Data Loss Database - Open Source (DLDOS). Being one of the former curators of the Attrition.org defacement mirror and a long-time contributor to Errata, it seems only natural now that I'm full time in the industry to play a part.

I have also had the opportunity to interact with Beth Givens from the PRC and she has been the type of person Attrition.org loves - she takes every bit of criticism and tries to fix her mistakes as well as continually come back to us to make sure she's doing things right.

Back in the days of the Defacement Mirror, we would constantly have various companies and organizations using stats from the page in their press releases, reports and interviews, many times sans attribution of where they gathered their data. Since it was a second full-time job for the three of us or so working on the mirror, we took great umbrage at that and made an effort to point that out to every journalist who quoted our information without sourcing us. Looks like we may have to do that again.

Another pet peeve was that the people defacing Web sites would be referred to as "hackers" that have "hacked a Web site". Sorry but designing an HTML page and feeding it to a program that automatically exploits a vulnerability and replaces the main page of the Web site with your revised HTML is far from "hacking". It's criminal mischief by a delinquent or petty criminal - trespassing.

Gradually we noticed a shift in the language of some journalists though many will always go with the hype to sell more ad dollars. Yet we're still seeing the same sort of semantic missteps by the media with regard to data loss - journalists are saying that "the data of 800,000 people/Americans" instead of 800,000 records have been lost. I for one highly doubt that when there's a breach that these companies go in and correlated data as well as distinguish the data from those in other countries.

Just....figure it out folks. It's not that hard.

Finally, the CSIA touts in their release (and other journalists follow), that we've reached the 100 million mark for the leakage of personal data records. WRONG. The Privacy Rights Clearinghouse started recording in 2005 and both Attrition.org and PRC have done *some* limited research for the past few years. But this has been going on far longer. I'm sure we hit 100M records at least a year ago if not more.

Dissent from PogoWasRight.org also has their take.

Ho Ho Pumpkins

Fire & Earth, Zombies & Tech

The group that publishes the Boston Herald is on top of the fires in Everett and Waltham I got called in about on Monday night. Last night was quiet, thankfully though I noticed there was a 2-alarm in Dorchester when I got into the office.

On another note, I'm not sure if I've ever recommended or shouted my love for "Avatar: The Last Airbender" on here but I continue to be impressed by the show's mix of martial art with the four elements. The first time I saw it I started rejuvinating my interest in taking a martial art. Despite my rather large size, I am surprisingly nimble on my feet - not sure how that's possible. At first, I was really interested in the flowing nature of waterbending, based on the Ku form of Tai Chi (video). But as the show went on, I became increasingly fascinated with Earthbending, though it's "represented" in the Avatar's foursome by a small, stubborn blind girl named Toph. Most earthbending on the show (video) is related to Hung Gar Kung Fu but Toph's is more like Southern Praying Mantis style of Hakka. I don't have the first inkling of how I'd seek out Kung Fu teachers in the New England area who teach this style. I suppose I should start with the basics.

I had a "Shaun of the Dead" moment this morning when I got off the train. Everyone was bobbing back and forth, up and down with the rhythm of their feet shuffling towards the exits of North Station cramped by the renovations. The song "Figment" from the opening credits of the soundtrack popped in my head and I began to whistle it as we continued to shuffle.

My "work" continues on the Social Networking front. I've rediscovered my account on Wink.com and have been using it to catalog all of my profiles at various sites. I'm at 29 thus far though I'm sure there's more out there. I've also emailed some sort of support/feedback request to every site requesting and suggesting the feature that allows me to connect to my Yahoo or Plaxo contact list, pull down my connections and check, (based on phone, email, and name), who already has an account. I hate sending out invites to that 500+ list of HS friends, professional contacts, current friends and family etc. It seems frivolous but when some of these services have over a million members, it seems only natural I must know a few people on them - so tell me who.

Melinda Roberts, Community Manager over at TrustedOpinions wrote back to say she's going to spend this next quartner implementing my ideas. I asked half-heartedly if she'd give me a shout-out for that because I'm pretty sure no one who reads this cares for my Social Network ranting and lo and behold! Thanks, Melinda.

This seems like such a no-brainer and so many sites already allow this theough APIs with Plaxo and Yahoo! Address book as well as GMail, Hotmail and the like. I'm trying to find ways to cross-post this blog to all of my other profiles though it's slowgoing. So far it goes to Facebook and Yahoo! 360. I haven't spent the time to see how I can get MySpace, VOX and others to display these feeds prominantly. I did add a Twitter badge to MySpace and BrainStream proper...though the service still doesn't let me mass-search for friends so I'm just talking to 3 peers in the tech space and a friend from college.

I want Yahoo! 360 to open up their "blast" item via an API so Twitter can post directly to it.

Fire Season - Please be Careful

This spring and summer, I barely had any cards to activate for the Red Cross. Last night I had 3 from two different fires - one in Framingham and another in Everett. Please be extra careful and safe this holiday season. Fire does not discriminate.

Social Network Friend Aggregation

I posted something about this over on Ask.Mefi but I had absolutely no takers - I was pretty surprised.

I was playing around with one of my social network accounts, (believe it or not I can't remember which at this point), and noticed I could "import" contacts and see who from my contact list was already a member. I could also "export" existing friends as a CSV file. So, I went around to all my old accounts - LinkedIn, MySpace, Orkut, etc. and downloaded the contacts into my address aggregator of choice, culled duplicates and exported to a CSV.

Then I went around to all the social networks I had accounts on to try and import said addresses and see who already had an account. Facebook worked, was able to add a few more contacts to LinkedIn and even the newer Trusted Opinion. MySpace's is not working and I got a note back from their Tech Support stating such.

I made a huge gaff with YouTube. It said "import your contact list" so I did - thinking that it would THEN let me choose to send invites or, hopefully, show who I already knew that had accounts. Well, it auto-invited all 500+ contacts without giving me any sort of second step. Awful!

I've been pretty tired after work this week so I may have missed it but I've been surprised that there isn't a way to do this with Friendster, Flickr and even LiveJournal. I'd like to see more integrated features like this in Amazon, Last.fm and TV.com as well. It would be cool to allow additional sites like MetaFilter and IMDB to do this but they don't really have a "friend" setup. I was also very surprised to see that PeopleAggregator didn't let me do this - Marc Canter, what's up?!?

All this came about when I started using Twitter this week. Many of you know I'm the first to signup on nearly any Social Network just to see if they've hit that magic combination. Well, magic for me anyway. I have been bummed that to add any more friends to Twitter that I'd have to manually go through every email address and see who of my friends had an account. Dodgeball is another phone-based social service I'd have to do this with.

Here's the magic combo -

1. Allow people to choose to be publicly findable or not

2. Allow people to import their contact list from Plaxo, Yahoo! CSV, Outlook CSV, GMail, Hotmail etc to see who from their list ALREADYhas an account on said social network.

3. In addition to checking names and email addresses, based on the privacy settings of that user, check phone numbers (especially for mobile SNs like Twitter and Dodgeball), Web site URLs and IM nicknames.

4. Allow that person to then choose whether they want to invite friends NOT already on the network.

5. Offer to "alert" the user anytime someone matching their contact info shows up on that network.

6. Allow people to export their contacts in various CSV formats.

7. While I'm at it, allow me to take IM nicknames people have and auto-add them to my own YIM, AIM, GTalk, LJTalk, Skype, MSN, Jabber and ICQ accounts.

Here's what Social Networks are STILL missing IMNSHO:

1. Ability to choose a category to put your contact in. Flickr has very basic categories like Friends and Family. Orkut goes a little further and probably has most of the relationships in the RDF relationship schema. Facebook has a strange but somewhat standard set, as does PeopleAggregator.

2. What about allowing people to create their own groups ala LiveJournal and Orkut and then control which groups/types get to see what? Relationships + Trust.

Add a little encryption to ensure the trust is truly there and people wouldn't be so hesitant to join social networks. People would put much more of their info online if they knew they could control and define who got to see what.

That is the pipe dream...but first just allow me to see who that I know is already a part of these networks. Then we can begin to build our networks much faster.