Tag Archives: security

Gmail: essentiel d’activer la double identification (avec téléphone)

[en] Haven't turned on Google two-factor authorization? Do it now, or you risk being the next Mat Honan.

Pour mes lecteurs plus francophones, dans la série “sécurité internet de base”, il est essentiel d’avoir pour votre e-mail non seulement un bon mot de passe, unique, et que vous ne partagez pas, mais également d’activer l’authentification en deux étapes.

C’est le genre de système qu’utilise votre e-banking depuis des lustres: pour vous connecter, vous devez donner votre mot de passe (=quelque chose que vous savez) et prouver via un code reçu par SMS que vous êtes en possession de votre téléphone mobile (=quelque chose que vous avez). Ainsi, le simple crack de votre mot de passe ne suffit plus à rentrer dans votre boîte e-mail.

Une fois activée la double authentification, Google va générer à votre demande des mots de passe à usage unique pour les services et applications que vous avez besoin de connecter à votre compte Gmail. Par exemple, votre logiciel de chat pour Google Talk, votre client e-mail sur votre ordinateur si vous en utilisez un, ou un réseau social qui voudrait accéder à vos contacts pour vous aider à démarrer.

Pas convaincu encore? Lisez Matt Cutts, patron de l’anti-webspam chez Google, qui vaporise un certain nombre de mythes (oui, si vous perdez votre téléphone, il y a quand même moyen pour vous d’accéder à votre e-mail!). Il a écrit cet article suite au hacking assez dramatique dont a été victime Mat Honan (en gros, perdu toutes ses données dans l’histoire, y compris toutes les photos de la première année de vie de sa fille). Si cette triste histoire ne vous motive pas à prendre un tout petit peu sérieusement la sécurité de votre identité en ligne… je ne peux rien faire pour vous!

Similar Posts:

Posted in Connected Life, Technology | Tagged authentification, e-mail, gmail, mots de passe, passwords, securité, security | Leave a comment

Port de Vidy: dépenser plein de sous pour emmerder le monde

Le Port de Vidy à Lausanne fait super fort avec ses super nouvelles portes sécurisées censées empêcher les visiteurs malvenus de venir finir leurs soirées sur nos bateaux.

Porte sécurisée Port de Vidy 1

Première tentative hier pour moi: la porte bloquant l’accès à l’estacade sur laquelle est amarré le Farrniente est… fermée. Tellement fermée que même le badge ne l’ouvre pas.

On teste les autres estacades: la A ne prend pas notre badge mais elle est ouverte, la B prend notre badge mais… elle est ouverte, la C est fermée et prend notre badge, victoire!, sauf que nous sommes à l’estacade D. Qui est vraiment fermée. (Il y a encore E, F, etc qu’on n’a pas testé. Pas très scientifique.)

Heureusement que c’est un jeu d’enfant d’enjamber par le côté les super portes magnifiquement sécurisées. On a quand même pu faire notre régate, et constater que la porte était également verrouillée pour qui arrive depuis l’estacade.

Porte sécurisée Port de Vidy 2

Dois-je préciser aussi qu’un seul badge est donné par bateau? Très pratique pour les équipages “multi-foyers” où l’on ne sait pas toujours qui arrivera en première pour commencer à préparer le bateau…

Moralité: quelqu’un s’est sûrement fait un joli pactole avec cette histoire qui sert principalement à emmerder les propriétaires de bateaux et leurs équipages et ne risque pas de décourager les visiteurs indésirables. Seuls gagnants sur place: les grèbes huppés, qui peuvent nicher presque en paix.

Grèbe huppé tranquille

Tiens, ça me rappelle que je n’ai toujours pas écrit l’article incendiaire que j’avais dans les doigts concernant le passage de ma porte d’immeuble de l’humble clé au moderne digicode…

Similar Posts:

Posted in My corner of the world, Personal | Tagged argent par les fenêtres, farrniente, grèbes huppés, lausanne, port, rant, securité, security, security theatre, vidy, voile | 4 Comments

Outraged and Furious: First Encounter With a Full-Body Scanner (in the UK)

[fr] Furax: je découvre qu'au Royaume-Uni aussi, il faut passer par un de ces scanners-qui-vous-déshabillent. Et je découvre ça coincée comme un rat dans une cage en verre dont la seule sortie passe par un de ces scanners. Et contrairement aux USA, pas d'autre option: c'est ça ou je ne vole pas.

I am furious and outraged like I have rarely been.

You’ve heard about the full-body scanners they’ve been using in the US, right? And the “enhanced pat-downs” you go through if you opt out of the scanners? Thought that was bad?

I did.

You probably already know — if you know me a bit — that all the security theatre around flying angers me no end. Somebody tries to smuggle explosives on plane in their shoes? Let’s make everyone take off their shoes. Liquid explosives? Great, let’s put restrictions on liquids in carry-on luggage. Explosive underwear? Even better, let’s ask everyone to get naked. You know.

I won’t get into the details of why this is a complete pile of horseshit, others like Bruce Schneier have done it (and are still doing it) way better than me.

Now, if you’ve been flying to or from the US, chances are that you’ve wondered what you thought about them. Do they invade your privacy? your intimacy? are the “enhanced” pat-downs you can choose instead something you’re willing to subject yourself to? are they as safe as we’re told?

And, like us all when we travel and have to jump through hoops, you’ve probably reached some kind of agreement with yourself about the price you were willing to pay (in terms of hassle or loss of freedom or invasion of privacy or possible unproven health risks) to benefit from the comforts of air travel.

Or, maybe, if you don’t have any intention of flying to the US in the near future, you’ve put off that particular decision until you really have to make it.

I know I did.

Actually, I have taken the US off my list of “places I’m going to fly to” — unless I have a very good reason to change my mind.

Yes, because of the bloody scanners.

I’d actually pretty much made up my mind that before going through the “enhanced security theatre”, I would rather get to the US by road, flying first to Canada. Or something like that. But having no immediate plans to go to the US, I didn’t give it that much thought.

Now, back to why I’m writing this in Manchester airport departure lounge, having used up a pack of hankies because I feel so outraged that I don’t know what to do with myself and can’t stop crying. (Writing is helping, though, so now I just look like a mess but I’m not dripping a puddle on the floor anymore.)

I’m on my way back home, having visited my grandparents as I regularly do. I know the security theatre drill: liquids separate, take out the laptop, make sure I don’t pack too many cables, finish my water before going through security, remove extra and potentially beeping clothing before going through the metal detectors, and prepare to be quickly frisked because the darn things are so sensitive that anything can set them off. (Except in Geneva airport, where I can safely go through with clothing that will beep anywhere else.)

Well, not this time.

This time I went through the detector, which beeped, and I ended up trapped like a rat in a glass room — only way out through a full-body scanner.

I wasn’t prepared for this.

I didn’t even know they were used outside the US, or for travelers going to tame places like Switzerland from the UK.

I had no clue I should also have been thinking about whether I wanted to continue going to the UK by air (actually: coming back from the UK), or if I preferred to switch to the Eurostar.

I called out to the guy who was making the people before me go through, expressed my surprise at finding the scanner there, and asked what the other option was. He told me there was no other option, that once I had been selected for search, it was that — or don’t fly.

I exclaimed that I hadn’t had time to think about this, and he told me to “take my time” — but that was before I’d realized they were not giving me any other options.

He quickly called his superior who stepped into the box with me and started telling me it was safe, necessary, would be quickly over, etc. I tried explaining why I didn’t want to go through but we were clearly in a “dialogue de sourds”, and I started getting pretty upset (understand: crying from anger — I tend to do that, it’s really annoying).

I don’t know how long I stayed stuck there (at least 10 minutes I’d say), but it was pretty clear that I had no other option but to go through — unless I wanted to give up on my flight (yeah, sure).

I gave in, told the guy I was furious, refused his offer to give me documentation, picked up my stuff (my shiny new MacBook Air had been lying in an open tray in front of everybody during all that time) and sat down to continue having my meltdown on my own.

So, what went so wrong here?

Clearly, the fact that I discovered the existence of full-body scanners in Manchester Airport while I was trapped like a rat in a glass cage and pretty much forced to go through one.

That put me in the unenviable situation of having only a few minutes to make a difficult “ethical” decision that I’d been putting off because I wasn’t expecting to have to face this kind of situation: do I cave in to security theatre and fly, or do I refuse, and pay the price by not being able to board my flight?

I hadn’t even decided, with the US scenario, if I preferred to go through the scanner or submit to an invasive pat-down.

Also, although the two security staff I interacted with were very kind and polite, it would probably have helped if the guy in the box had actually been able to hear what I had to say and sympathize (maybe that’s too strong a word).

Instead, he insisted on telling me I was wrong, that this was necessary, that it was for my safety, that it wasn’t dangerous and would only take a few seconds, that he could give me all sorts of documentation to explain this to me.

For somebody who has read a lot on the topic of airport security (even if I haven’t written that much about it, except for rants like this one when things get too frustrating), it really didn’t help to have him talk to me as if I was just a scared uninformed passenger. I mean, he even told me that they hadn’t had any problems coming out of Manchester (regarding security), and so that they must be doing something right. I hope all of my readers can spot the flawed logic there. It doesn’t mean anything.

Wishful thinking probably, but I think that faced with somebody who would have said “I agree, all this security is probably overkill, I’m unfortunately as stuck with regulations here as you are, and I’m really sorry you didn’t know about this beforehand” — it would have helped more than pressuring me by saying that if I wanted to fly I had to go through and that I was making a fuss for nothing.

Time to buy some of that scanner-proof underwear, methinks.

Similar Posts:

Posted in News and Politics, Personal | Tagged airport security, anger, full-body scanner, helplessness, manchester, manchester airport, outrage, pat-down, rant, security, security theater, security theatre, testimonial, uk | 10 Comments

Security Fail (Big Time)

[fr] Quand on dit que les questions de sécurité sont le maillon faible... Voici un exemple magnifique en action. Visiblement implémenté par quelqu'un n'ayant à disposition qu'un demi-cerveau.

Sometimes I come across stuff online that makes me really mad. Like this:

Security Question Weak Link

And it gets better (yeah, they tell you this after you’ve tried defining your password, of course):

Oh yeah, ask stupid security questions and be tough on your password criteria

Honestly, what were they thinking?! Answer: they weren’t thinking. This was clearly designed by somebody with half a brain. And approved by somebody with half a brain.

This is the online equivalent of putting three locks on your door and leaving the window wide open just next to it.

Anybody with about 5 minutes to spare can easily find my answer to any of these three “secret questions” (aha!) by digging around a bit online.

This is just plain STUPID.

Similar Posts:

Posted in Social Media and the Web | Tagged fail, password, rant, secret question, security, stupid | 5 Comments

Today: Backup Awareness Day!

[fr] Aujourd'hui, comme le 24 de chaque mois, journée des sauvegardes. Faites les vôtres!

I haven’t done as much as I wanted around Backup Awareness Day yet (and even skipped last month because I was in the mountains at that time), but it will come during the next months.

Backup Awareness Day takes place on the 24th of each month and is the occasion to:

  • do your backups and set up automatic systems to keep your data safe
  • help and encourage others to do so by helping them and blogging about the importance of backups and backup techniques.

If like me you’re having a busy week (busy but good), at least take the time today to:

  • plug in that external hard drive and make sure Time Machine does a backup
  • export your WordPress blog
  • dump your MySQL database
  • if all else fails or is too complicated for you, copy your most precious document folders onto a thumb drive or an external hard drive.

More next month!

Similar Posts:

Posted in My projects, Technology | Tagged backup, backup awareness day, BAD, data, Events, security | 3 Comments

Today is Backup Awareness Day!

[fr] Il y a deux mois, le 24 février, j'ai appuyé sur la mauvais bouton et effacé mon blog. Je ne savais pas de quand datait ma dernière sauvegarde.

Tout est bien qui finit bien pour moi (mais ça n'a pas été sans mal). Du coup, histoire d'encourager ceux qui, comme moi, sont un peu "mous de la sauvegarde", j'ai décrété que le 24 de chaque mois serait "Backup Awareness Day", ou "Journée de sensibilisation à la sauvegarde" (c'est mieux en Anglais, vous trouvez pas?)

Aujourd'hui, donc, on s'arrête un moment pour faire ces sauvegardes dont on aurait dû s'occuper depuis longtemps. On rebranche Time Machine. On va dans WordPress > Outils > Exporter. On fait un dump SQL de sa base de données. On met une copie des fichiers super importants sur lesquels on travaille depuis des semaines et qui n'existent que sur son ordinateur sur une clé USB. On motive ses voisins à faire de même. On écrit un article sur son blog pour rappeler à ses lecteurs de faire des sauvegardes. On met en place des systèmes automatisés, et l'on aide les autres à le faire.

Faire des sauvegardes une fois par mois, ce n'est pas suffisant. Mais c'est mieux que rien. Avec Backup Awareness Day, une fois par mois, prenons le temps de rappeler au monde que c'est important. Participez et taguez vos articles "backupawarenessday"!

Two months ago, on February 24th, I hit the wrong “Drop” button in PhpMyAdmin, resulting in the immediate deletion of the blog you’re reading. I didn’t know when I had last backed it up.

The story ends well, though it cost me (and others) many hours (days, actually) of work to get the whole of Climb to the Stars back online again.

I’ve always been careless about backups. Like many of you, probably. We can afford to be careless because accidents don’t happen very often, and as with Black Swans, we are under the mistaken belief that having been safe in the past will keep us safe in the future. Not so. As I like to repeat, the first time a disaster happens, well, it had never happened till then.

So, I’ve decided to declare the 24th of each month “Backup Awareness Day”. Here’s what it’s about:

  • Back up your files.
  • Back up your website.
  • Blog about the importance of backing up (sharing tips, stories, advice).
  • Tell your friends to back up.
  • Help your friends back up.
  • Put in place automatic backup systems.

Bottom-line: decrease the number of people who never back up, or back up so infrequently they’ll be in a real mess if things go wrong.

Now, perfectionism is the biggest enemy to getting things done. Backup Awareness Day does not mean that you have to do all this. Here are a few ideas to get your started (better a bad backup than no backup at all):

  • If Time Machine (or any other regular backup system you use for your computer) has been telling you it hasn’t done a backup in ages, stop what you’re doing right now and plug it in.
  • If you use WordPress, when was the last time you went to Tools > Export to make a quick backup? It’s not the best way to do it, but in my case, it saved CTTS.
  • Do you use something like Mozy to have a remote backup of your most important files? Time to sign up, maybe.
  • Are you working on important documents that exist only on your computer, which is never backed up? At the minimum, pick up a thumb drive and copy them onto it — or send yourself an e-mail with the files as attachment, if your e-mail is stored outside your computer (Gmail, for example).
  • Do you have an automatic backup set up for your database or website? Set some time aside on Backup Awareness Day to figure out cron.
  • When did you make the last dump of your MySQL database? Head over to PhpMyAdmin, or the command line (it’s mysqldump --opt -u user -p databasename > my-dirty-backup.sql)
  • Do you have the backup thing all figured out? Write a post for your readers with a few tips or tutorials to help them along. (Tag your posts “backupawarenessday” — I thought about “BAD” but that wasn’t really optimal ;-) )

I’m hoping to develop the concept more over the coming months. If you have ideas, get in touch, and take note of Backup Awareness Day for the month of May: Sunday 24th!

(Now stop reading and go do a few backups.)

Similar Posts:

Posted in Wordpress | Tagged accident, backing up, backup, backupawarenessday, black swan, computer, ctts, data, Events, mozy, mysql, security, time machine, website, Wordpress | 13 Comments

Lift09 — Melanie Rieback — RFID and Security

Whitehat hacker.

RFID uses radio waves to identify things. Shows much of a promise for breaking (?) into things. Next low-end of computing.

You have to bring virtual attacks into the physical domain, when it comes to RFID.

Some security problems:

  • Unauthorized tag reading
  • eavesdropping
  • tracking
  • tag cloning
  • denial of service

Wardriving for passports. Skimming credit cards from a distance.

Low-level misuse of improperly formatted RFID tag data.

Three main kinds of RFID Malware:

  • RFID exploits
  • RFID worms
  • RFID viruses

“Is your cat infected with a computer virus?” (pet tagging steph-note: Bagha has one!)

Google trends for RFID: biggest peak just after Melanie published her paper.

2 bio public transportation system was hacked in and 8-week project by students. Amsterdam.

Issues: same company designing and auditing the back-end security of the system. steph-booth: gosh, what do people imagine?

People in charge don’t listen about these issues until they’re demonstrated.

Melanie has worked on a device that does penetration tests and acts as a firewall for RFID.

Can spoof and jam RFID tags.

Listens to the first part of the query trying to figure out what it wants to do, and if it’s something not allowed, it sends out random noise (selective jamming). Filter inbound and outbound queries.

Security: RFID fuzzing.

All the hard work for cloning public transport passes has been done. Just needs to be put together.

The RFID Guardian is being commercialised now (so it’s not just students who are dangerous now).

Companies and governments assume that these attacks are going to stay in labs. They need to wake up. Why put the tools into the hands of the bad guys? The bad guys are going to have the tools any way, it’s time for the good guys to have access (full disclosure). If computer scientists have the right tools they might be able to prevent lots of these attacks. We need an RFID security industry.

The whole project is open source. Hardware and software.

Similar Posts:

Posted in Live Blogging | Tagged hacking, lift09, melanie rieback, rfid, rfid guardian, safety, security, Stuff that doesn't fit, whitehat | Leave a comment

Flickr and Dopplr: the Right Way to Import GMail Contacts

[fr] Il est maintenant possible d'importer des contacts depuis GMail (ou Hotmail) sans devoir divulguer son mot de passe, aussi bien chez Flickr que chez Dopplr. Génial!

A few days ago, I saw this tweet by Matt Biddulph soar by:

Impressed by passwordless import at http://www.flickr.com/impor… – does anyone know if that’s a public yahoo API they use? want!

I immediately went to investigate. You see, I have an interest in social network portability (also called “make holes in my buckets”) — I gave a talk on SPSNs from a user point of view at WebCamp SNP in Cork recently — and I am also concerned that in many cases, implementations in that direction make generous use of the password anti-pattern (ie, asking people for the password to their e-mail). It’s high time for design to encourage responsible behaviour instead. As the discussion at WebCamp shows, we all agree that solutions need to be found.

So, what Matt said sounded sweet, but I had to check for myself. (Oh, and Matt builds Dopplr, in case you weren’t sure who he was.) Let me share with you what I saw. It was nice.

Go to the Flickr contact import page if you want to follow live. First, I clicked on the GMail icon and got this message.

Flickr: Find your friends

I clicked OK.

Flickr and Google

This is a GMail page (note the logged in information upper right), asking me if Flickr can access my Google Contacts, just this one time. I say “yes, sure”.

Flickr: Finding my friends

Flickr goes through my GMail contacts, and presents me with a list:

Flickr: Found your friends

There is of course an “add all” option (don’t use it unless you have very few contacts), and as you can see, next to each contact there is a little drop down which I can use to add them.

Flickr: Contacts

When I’m done adding them, Flickr asks me if I want to send e-mail invites — which I don’t.

Neat, isn’t it?

Well, the best news about this is that Flickr isn’t alone. Dopplr (remember Matt?) does the same thing — and also for Windows Live Hotmail now.

DOPPLR: Passwordless GMail contact import

Note and question mark: I just saw Dopplr announced GMail password-free import back in March, before Matt’s tweet. Did Dopplr do it before Flickr? Then, what was the tweet about? Thoroughly chronologically confused. Anyway, passwordless import of GMail contacts rocks. Thanks, guys.

Update: Thanks for the chronology, Matt (see his comment below). So basically, Matt’s tweet was about the fact that though GMail and Hotmail allows services like Dopplr and Flickr to access contacts without requiring a password, Yahoo doesn’t. Flickr does it from your Yahoo account because they have special access. So, Yahoo, when do we get a public API for that?

Similar Posts:

Posted in Social Media and the Web | Tagged contacts, cork, dopplr, flickr, gmail, import, matt biddulph, security, snp, social networking, social networks, Social Software, twitter, webcampsnp | 15 Comments

Reading the Ofcon Report on Social Networking: Stats, Stranger Danger, Perceived Risk

[fr] Le Daily Mail remet ça aujourd'hui, abasourdi de découvrir que les adolescents rencontrent "offline" des étrangers d'internet. Il va donc falloir que j'écrive le fameux billet auquel j'ai fait allusion dernièrement, mais avant cela, je suis en train de lire le rapport sur lequel se basent ces articles alarmés et bien-pensants.

Ce billet contient quelques commentaires sur la situation en général, ainsi que mes notes de lecture -- citations et commentaires -- du début de ce rapport de l'Ofcon.

I don’t know if I’ll get around to writing about the teen cleavage scare before the story goes completely cold, but in my endeavour to offer a balanced criticism of what’s going on here, I’m currently reading the Ofcon Social Networking Report which was released on April 2 and prompted this new wave of “think of the children” media coverage. The Daily Mail is at it today again, with the stunning and alarming news that teenagers are meeting “strangers” from the internet offline (big surprise). I find it heartening, though, that the five reader comments to this article as of writing are completely sensible in playing down the “dangers” regularly touted by the press and the authorities.

Here are the running notes of my reading of this report. I might as well publish them as I’m reading. Clearly, the report seems way more balanced than the Daily Mail coverage (are we surprised?) which contains lots of figures taken out of context. However, there is still stuff that bothers me — less the actual results of the research (which are facts, so they’re good) than the way some of them are presented and the interpretations a superficial look at them might lead one to make (like, sorry to say, much of the mainstream press).

Here we go.

Social networking sites also have some potential pitfalls to negotiate, such as the unintended consequences of publicly posting sensitive personal information, confusion over privacy settings, and contact with people one doesn’t know.

Ofcon SN Report, page 1

Good start, I think that the issues raise here make sense. However, I would put “contact with people one doesn’t know” in “potential pitfalls”. (More about this lower down.)

Ofcom research shows that just over one fifth (22%) of adult internet users aged 16+ and almost half (49%) of children aged 8-17 who use the internet have set up their own profile on a social networking site. For adults, the likelihood of setting up a profile is highest among 16-24 year olds (54%) and decreases with age.

Ofcon SN Report, page 5

This is to show that SNs are more popular amongst younger age groups. It makes sense to say that half of 8-17 year olds have a profile on SN site to compare it with the 22% of 16+ internet users or the 54% of 16-24 year olds. Bear in mind that these are percentages of internet users — they do not include those who do not go online.

However, saying “OMG one out of two 8-17 year olds has a profile on a SN site” in the context of “being at risk from paedophiles” is really not very interesting. Behaviour of 8 year olds and 17 year olds online cannot be compared at all in that respect. You can imagine a 16 year old voluntarily meeting up to have sex with an older love interest met on the internet. Not an 8 year old. In most statistics, however, both fall into the category of “paedophilia” when the law gets involved.

27% of 8-11 year olds who are aware of social networking sites say that they have a profile on a site

Ofcon SN Report, page 5

I’d like to draw you attention on the fact that this is 27% of 8-11 year olds who are aware of social networking sites.

Unless otherwise stated, this report uses the term ‘children’ to include all young people aged 8-17.

Ofcon SN Report, page 5

I don’t like this at all, because as stated above, particularly when it comes to concerns about safety one cannot simply lump that agegroup into a practical “children”, which plays well with “child abuse”. In the US, cases of “statutory rape” which might very well have been consensual end up inflating the statistics on “children falling victim to sexual predators online”.

Although contact lists on sites talk about ’friends’, social networking sites stretch the traditional meaning of ‘friends’ to mean anyone with whom a user has an online connection. Therefore the term can include people who the user has never actually met or spoken to. Unlike offline (or ‘real world’) friendship, online friendships and connections are also displayed in a public and visible way via friend lists. The public display of friend lists means that users often share their personal details online with people they may not know at all well. These details include religion, political views, sexuality and date of birth that in the offline world a person might only share only with close friends. While communication with known contacts was the most popular social networking activity, 17 % of adults used their profile to communicate with people they do not know. This increases among younger adults.

Ofcon SN Report, page 7

Right. This is problematic too. And it’s not just the report’s fault. The use of “friend” to signify contact contributes to making the whole issue of “online friendship” totally inpenetrable to those who are not immersed in online culture. The use of “know” is also very problematic, as it tends to be understood that you can only “know” somebody offline. Let’s try to clarify.

First, it’s possible to build relationships and friendships (even loves!) online. Just like in pre-internet days you could develop a friendship with a pen-pal, or kindle a nascent romance through letters, you can get to know somebody through text messages, IM, blog postings, presence streams, Skype chats and calls, or even mailing-list and newsgroup postings. I hope that it will soon be obvious to everybody that it is possible to “know” somebody without actually having met them offline.

So, there is a difference between “friends” that “you know” and “SN friends aka contacts” which you might in truth not really know. But you can see how the vocabulary can be misleading here.

I’d like to take the occasion to point out one other thing that bothers me here: the idea that contact with “strangers” or “people one does not know” is a thing worth pointing out. So, OK, 17% of adults in the survey, communicated with people they “didn’t know”. I imagine that this is “didn’t know” in the “offline person”‘s worldview, meaning somebody that had never been met physically (maybe the study gives more details about that). But even if it is “didn’t know” as in “complete stranger” — still, why does it have to be pointed out? Do we have statistics on how many “strangers” we communicate with offline each week?

It seems to me that because this is on the internet, strangers are perceived as a potential threat, in comparison to people we already know. As far as abuse goes, in the huge, overwhelming, undisputed majority of cases, the abuser was known (and even well known) to the victim. Most child sexual abuse is commited by people in the family or very close social circle.

I had hoped that in support of what I’m writing just now, I would be able to state that “stranger danger” was behind us. Sadly, a quick search on Google shows that I’m wrong — it’s still very much present. I did, however, find this column which offers a very critical view of how much danger strangers actually do represent for kids and the harmful effects of “stranger danger”. Another nice find was this Families for Freedom Child Safety Bulletin, by a group who seems to share the same concerns I do over the general scaremongering around children.

Among those who reported talking to people they didn’t know, there were significant variations in age, but those who talked to people they didn’t know were significantly more likely to be aged 16-24 (22% of those with a social networking page or profile) than 25-34 (7% of those with a profile). In our qualitative sample, several people reported using sites in this way to look for romantic interests.

Ofcon SN Report, page 7

Meeting “online people” offline is more common amongst the younger age group, which is honestly not a surprise. At 34, I sometimes feel kind of like a dinosaur when it comes to internet use, in the sense that many of my offline friends (younger than me) would never dream of meeting somebody from “The Internets”. 16-24s are clearly digital natives, and as such, I would expect them to be living in a world where “online” and “offline” are distinctions which do not mean much anymore (as they do not mean much to me and many of the other “online people” of my generation or older).

The majority of comments in our qualitative sample were positive about social networking. A few users did mention negative aspects to social networking, and these included annoyance at others using sites for self-promotion, parties organised online getting out of hand, and online bullying.

Ofcon SN Report, page 7

This is interesting! Real life experience from real people with social networks. Spam, party-crashing and bullying (I’ll have much more to say about this last point later on, but in summary, address the bullying problem at the source and offline, and don’t blame the tool) are mentioned as problems. Unwanted sexual sollicitations or roaming sexual predators do not seem to be part of the online experience of the people interviewed in this study. Strangely, this fits with my experience of the internet, and that of almost everybody I know. (Just like major annoyances in life for most people, thankfully, are not sexual harrassment — though it might be for some, and that really sucks.)

The people who use social networking sites see them as a fun and easy leisure activity. Although the subject of much discussion in the media, in Ofcom’s qualitative research privacy and safety issues on social networking sites did not emerge as ‘top of mind’ for most users. In discussion, and after prompting, some users in the qualitative study did think of some privacy and safety issues, although on the whole they were unconcerned about them. In addition, our qualitative study found that all users, even those who were confident with ICT found the settings on most of the major social networking sites difficult to understand and manipulate.

Ofcon SN Report, page 7-8

This is really interesting too. But how do you understand it? I read: “It’s not that dangerous, actually, if those people use SN sites regularly without being too concerned, and the media are making a lot of fuss for nothing.” (Ask people about what comes to mind about driving a car — one of our regular dangerous activities — and I bet you more people than in that study will come up with safety issues; chances are we’ve all been involved in a car crash at some point, or know somebody who has.) Another way of reading it could be “OMG, even with all the effort the media are putting into raising awareness about these problems, people are still as naive and ignorant! They are in danger!”. What will the media choose to understand?

The study points out the fact that privacy settings are hard to understand and manipulate, and I find this very true. In doubt or ignorance, most people will “not touch” the defaults, which are generally too open. I say “too open” with respect to privacy in the wide sense, not in the “keep us safe from creeps” sense.

This brings me to a comment I left earlier on an article on ComMetrics about what makes campaigns against online pedophiles fail. It’s an interesting article, but as I explain in the comment, I think it misses an important point:

There is a bigger issue here — which I try to explain each time I get a chance, to the point I’m starting to feel hoarse.

Maybe the message is not the right one? The campaign, as well as your article, takes as a starting point that “adults posing as kids” are the threat that chatrooms pose to our children.

Research shows that this is not a widespread risk. It also shows that there is no correlation between handing out personal information online and the risk of falling victim to a sexual predator. Yet our campaigns continue to be built on the false assumptions that not handing out personal information will keep a kid “safe”, and that there is danger in the shape of people lying about their identity, in the first place.

There is a disconnect between the language the campaigns speak and what they advocate (you point that out well in your article, I think), and the experience kids and teenagers have of life online (“they talk to strangers all the time, and nothing bad happens; they meet people from online, and they are exactly who they said they were; hence, all this “safety” information is BS”). But there is also a larger disconnect, which is that the danger these campaigns claim to address is not well understood. Check out the 5th quote in the long article I wrote on the subject at the time of the MySpace PR stunt about deleting “sex offenders’” profiles.

I will blog more about this, but wanted to point this out here first.

Yes, I will blog more about this. I think this post of notes and thoughts is long enough, and it’s time for me to think about sleeping or putting a new bandage on my scraped knee. Before I see you in a few days for the next bout of Ofcon Report reading and commentating, however, I’ll leave you with the quote I reference in the comment above (it can’t hurt to publish it again):

Now, on the case of internet sex crimes against kids, I’m concerned that we’re already off to a bad start here. The public and the professional impression about what’s going on in these kinds of crimes is not in sync with the reality, at least so far as we can ascertain it on the basis of research that we’ve done. And this research has really been based on some large national studies of cases coming to the attention of law enforcement as well as to large national surveys of youth.

If you think about what the public impression is about this crime, it’s really that we have these internet pedophiles who’ve moved from the playground into your living room through the internet connection, who are targeting young children by pretending to be other children who are lying about their ages and their identities and their motives, who are tricking kids into disclosing personal information about themselves or harvesting that information from blogs or websites or social networking sites. Then armed with this information, these criminals stalk children. They abduct them. They rape them, or even worse.

But actually, the research in the cases that we’ve gleaned from actual law enforcement files, for example, suggests a different reality for these crimes. So first fact is that the predominant online sex crime victims are not young children. They are teenagers. There’s almost no victims in the sample that we collected from – a representative sample of law enforcement cases that involved the child under the age of 13.

In the predominant sex crime scenario, doesn’t involve violence, stranger molesters posing online as other children in order to set up an abduction or assault. Only five percent of these cases actually involved violence. Only three percent involved an abduction. It’s also interesting that deception does not seem to be a major factor. Only five percent of the offenders concealed the fact that they were adults from their victims. Eighty percent were quite explicit about their sexual intentions with the youth that they were communicating with.

So these are not mostly violence sex crimes, but they are criminal seductions that take advantage of teenage, common teenage vulnerabilities. The offenders lure teens after weeks of conversations with them, they play on teens’ desires for romance, adventure, sexual information, understanding, and they lure them to encounters that the teams know are sexual in nature with people who are considerably older than themselves.

So for example, Jenna – this is a pretty typical case – 13-year-old girl from a divorced family, frequented sex-oriented chat rooms, had the screen name “Evil Girl.” There she met a guy who, after a number of conversations, admitted he was 45. He flattered her, gave – sent her gifts, jewelry. They talked about intimate things. And eventually, he drove across several states to meet her for sex on several occasions in motel rooms. When he was arrested in her company, she was reluctant to cooperate with the law enforcement authorities.

David Finkelhor, in panel Just The Facts About Online Youth Victimization: Researchers Present the Facts and Debunk Myths, May 2007

Similar Posts:

Posted in Connected Life, Digital Youth, Social Media and the Web | Tagged bebo, children, Citations, criticism, Culture, daily mail, danger, digital youth, Digital Youth, facebook, fear, internet, Media, myspace, ofcon, offline, online, Online Culture, predators, Press, Psychology / Sociology, report, Research, risk, security, social networking, Social Software, stranger danger, Thinking | Leave a comment

Berlin, Belgrade: Two Contrasting Airport Experiences

[fr] Je déteste vraiment la sécurité dans les aéroports. C'est d'une hypocrisie primaire et le résultat principal en est une péjoration du comfort des voyageurs. Je raconte dans ce billet deux expériences contrastées (mes deux derniers vols).

L'aéroport Tegel a Berlin, où tout s'est passé comme sur des roulettes, même si j'ai eu bien peur de rater mon vol (imaginez: je me suis pointée au faux aéroport, moins de deux heures avant décollage). A Tegel, le taxi vous dépose directement au terminal. Le check-in est à 5m de la porte. Le contrôle des passeports est à côté (vraiment) du check-in (disons 3m). Le contrôle sécurité est droit derrière. Et la zone d'attente pour la porte est juste après. De check-in à salle d'attente, 10m et 5 minutes à tout casser.

A Belgrade par contre... Ce fut moins fun. Personnel peu agréable, renseignements médiocres, vilain sandwich tout sec... et pour couronner le tout, "double" sécurité. Eh oui, non seulement faut-il faire la queue pour faire passer aux rayons X toutes ses petites affaires avant le contrôle des passeports, mais encore faut-il passer par le même cirque à la port, pour accéder à la zone d'attente. Je vous passe les chaises en métal et les courants d'air...

Inutile de dire que je suis ravie de rentrer à Lausanne en train depuis Paris, et que j'espère que les grèves continueront à ne pas avoir d'influences sur les TGVs à destination de la Suisse!

Flying out of Berlin could have been a nightmare. It actually turned out to be a rather smooth experience. The nightmarish bit is that I went to the wrong airport to catch my plane. I flew in to Shönefeld (?), so naturally assumed that I would be flying out from there two.

When I arrived at the airport less than two hours before take-off, I checked the departure board and couldn’t find my flight. Suddenly, it hit me: this wasn’t the only airport in Berlin. A brief panicked enquiry at the airport information desk later, I was grabbing a taxi, calling the JAT office in Tegel Airport to explain the situation (they had my ticket waiting there for me), and deciding that 70€ to take the predictable but longer motorway route (it was peak hour and the town was gridlocked) was better than missing my flight.

My taxi driver was nice, reassuring, and cut quite a few lines to get me there on time.

Here is where it became smooth. Like most of you I guess. I’m used to airports where you need to wait in line for check-in, then walk to passport control, wait in line again, then walk to security, wait in line again, then finally, walk to the gate.

None of that nonsense at Tegel Airport. I had been given the terminal number by the person I spoke to at the JAT office, who told me my ticket would be waiting for me at check-in. My taxi dropped me off at the terminal.

I went through the door.

I walked 5 metres.

I waited 2 minutes at check-in, was greeted by a smiling hostess, given my ticket, and checked in.

The door to security — no kidding — was just next to the check-in desks. 10 steps away. And passport control was just before the door to security. And the gate itself (the waiting area) was just behind security. From check-in to the gate: less than 10 meters. Within 5 minutes I was through all of it.

And I wasn’t (by far) the last person to check in. I was early, actually.

Contrast that with my departure from Belgrade, five days later. (Oh, let me mention in passing that I had the most frightening landing of my life in Belgrade. I’m not a frightened flyer, but the weather was really very rough and stormy, with the plane rocking left and right and dropping abruptly as we were approaching the landing strip. And once on the ground, it didn’t stop either — precisely because the plane wasn’t slowing down, and was making dreadful noises. We stopped OK in the end, but from my point of view we were moving way too fast on that runway for way too long.)

Back to my experience this noon in Belgrade Airport. First, I have to say it was overall not very friendly.

I asked the check-in woman where I could change money and eat. She indicated two places for that, which meant I had to change money (lots of dinars) first and eat (paying in dinars) second. Great. Then, the change office didn’t have Swiss francs. Even greater (I now have enough euros to settle down in Paris for a month, nearly.)

I got a really nasty sandwich for a small fraction of the money I had been advised to keep for the meal, and then realised that I could change money on that floor too. They had Swiss francs, but with the amount of dinars I had it was more interesting to change in euros. Then, once I’d gotten rid of all my dinars, I noticed there was at least one other food place — nicer than the one I’d been to, of course.

Oh well.

I queued through security, did my usual Empty Half Your Bag And Get Half Undressed stunt, waited in my socks while the person at security control searched the bags of the woman before me (one person per machine, takes care of searching too, so when a bag is searched, the machine stops too — efficient, isn’t it?), and headed to passport control.

A rather unfriendly woman there gruffly asked me for my boarding pass (it had slipped out of my travel documents into my bag) and put a nasty wet stamp on it before folding it back into my passport. I had to wipe the wet ink off the (thankfully plastified) page with all my personal details.

Once in the “sterile” area, I noticed there were another two places where I could have eaten (oh, well) but no board with flight numbers and gates. I asked a member of staff who was passing by, and she pointed me to the travel information desk where I got the answer I needed.

I walked down the corridor to the gate and was quite surprised to find the place rather empty (this was about 10 minutes before announced boarding time). There was an open door with a corridor leading somewhere cold, and a closed door next to the flight details for the gate, behind which I could see a security machine and a bored young man in a uniform.

There were a few metal seats in the draughty corridor.

I tried to open the closed door, but it was — closed. I made interrogative signs to the young man, who got up to open the door and tell me that this was the right place, only later.

I therefore sat on a draughty metal seat and waited.

Slowly, more people arrived. Airline and airport employees, too. The door opened. Closed. Opened. Closed. Passengers got up and started to form a line (boarding time passed), so I got up too.

And waited in the cold. And cursed at the security machine I could see through the glass door.

You probably know I’m sick of airport security. It’s hypocritical (there mainly to cover some people’s precious arses), basically abusing poor passengers and making our lives miserable when we travel under pretense of keeping us safe from “terrorists”.

Right. So when you make everybody entering one part of the airport (what I call the “sterile area”) go through security and show ID… and you do the same thing again later on… what kind of message are you sending?

You’re basically saying: oh, well, our sterile area isn’t really sterile, you see — we don’t trust our own security screening. So please, let us screen you again. You know, just in case one of you entered this part of the airport without going through security, or managed to sneak a gun or explosives past us.

What do you think my opinion of airport security is now?

The cabin crew went through first, and for a wild moment I thought that maybe this was just for them, because for some reason they might not have had to go through the same long line of waiting for bags to be searched as us.

But I was wrong. One by one, 15 minutes after announced boarding time, we put our stuff in the X-ray machine again. Did I mention it was cold and draughty? I wasn’t happy to be in my socks again. And no, I didn’t feel bad about holding up the line because I put my stuff in four different trays to make sure I don’t raise any flags (got searched for cables in my bag, once — now they go through separate).

Colour me grumpy.

So, now that everybody had been doubly screened and that we were doubly safe, we got to sit down in more draughty metal chairs and wait. And then, stand up in line again and wait.

I am so glad I’m going back to Lausanne by train from Paris.

I just hope the strikes in France continue to not affect connections to Switzerland…

Similar Posts:

Posted in Travels | Tagged airport, Anecdotes, belgrade, belgradeairport, berlin, experience, feedback, flying, jat, passenger, security, tegelairport, travelhell, Travels, TXL, Venting | 12 Comments