I have read an article about MySpace in a fairly recent news article a few weeks back and thought that I should highlight the importance of security in social networking. In the early days of the Internet, most websites were information sites. However, today our web content has gone far from just being informative. Net citizens are beginning to take up their own identities on the Internet through blogs and social networking sites. The concept of verifiable digital identity, its use/misuse, its privacy and its authenticity are becoming critical issues. On-line security becomes the only front-line protection mechanism against these budding problems.

Most average net citizens don’t even care about such issues thinking that it do not concern them. The common respond is, “I don’t really care or it is not important!” Worse of all, they naively believe that their on-line service providers have it all covered. A common respond for this is, “It is a very popular site, they should be safe.” In this article, I hope to discuss about some of the things that net citizens should look out for in any site or software that involves the use of their identity on-line.

The first step to security is to keep your information private and permission controlled. Allowing the whole world to view information about you is a huge security risk. Now, you may ask if that is important. The obvious answer is yes. What is it that they want to do with your information? These information can give them clues to the sites your visit, passwords, user Ids, places you hang out in the real world, your habits, your health, your private life, your bank or credit card information and etc. The information that is gathered about you can then be use to stalk you in the real world, steal and use your identity to do terrorist activities, extort you, blackmail you, bully you, spread rumours and gossip about you and etc. I am sure that if you are creative, you can come up with more horrible things that can happen. Do you know that your service providers are not required by law to protect your information and that you visit and use sites at your own risk? Security is basically your own responsibility. You should never post any information about yourself unless you know you can control how they are accessed. Always remember to take your time to read the security and privacy statements that are provided by most service providers, then decide for yourself if you want to use them. If any service provider that you are looking at do not have any such information, your alarms should start sounding off. If in doubt, you should always question them about how they intent to keep your information safe before signing up for their services. In addition, you can also search for news about the service provider that you are interested in before signing up with them. News articles can sometimes reveal a lot about how secure they are.

Other general things to worry about in regard to keeping your information private includes malicious web spiders and search engines that unknowingly compromise your information. Web servers are all programmed to respond in a specific way when queried. It is this standard protocol or behavior that makes the Internet so widely used. However, web servers also becomes more easily exploitable when configured inappropriately or when bugs are discovered through cleverly crafted probes. In short, web servers can unknowingly pass your private information to a malicious web spider or search engine and make your private information publicly available. In most cases your service provider should have a plan to deal with all these issues. If a service provider shows little concern about protecting your information, perhaps you should reconsider putting them there.

The second step is to ensure that you are connecting to the right services that you desire. Failure to ensure that may result in information leaks that can be used against you. Do you know that there are malicious software and people collecting information about you all the time on the Internet? Hacks such as man-in-the-middle attacks and phishing are on the rise. The goal of the hacks is to steal your private information either by hijacking your information half way to your service provider or by pretending to be your service provider. Being sure that your service provider has the capabilities to keep your information safe and access controlled is not enough. Your service provider needs to ensure that you can connect to them securely and without doubt. Hackers can easily use tools to harvest your information en-route to your service provider and hide their actions using techniques such as network address translation (NAT). Step one only makes sense when you are sure that your information is going to the correct service provider.

The third step is to ensure that your service provider has the capabilities to protect you from third party components that reside on their website or software. Giving users the permission to add custom components on top of their services can and will introduce new security issues. All the other threats we have discussed so far comes from outside your service provider, embedded components on the other hand comes from internal and is viewed as part of the system. Most users have the wrong perception that anything from a secure site or software is safe but this is not true when it comes to third party add-on. Most service provider disclaimer will include a sentence that protects them from such issues. These add-on can sometimes become the security loop hole to the unbreakable fortress. A simple example would be a widget that broadcast your information in plain text residing in a secure website. Add-on includes media players, nice innocent looking widgets, unseen script code and etc. Seeing custom components and widgets on a website should also raise your alert level while browsing because the security risk is higher. Shutting down the browser’s capabilities on third party components can also be a good solution to protect yourself against such threats. Third party components are becoming a greater threat now that almost all social networking sites uses or allows some form of add-on.

Web browser based technologies are more widely published and hence more widely exploited than custom clients. It does not mean that therefore web browser based technologies are less safe, it just means that more people tries to break your system through it than through custom clients.

I hope that the discussion has helped you become better aware of the need for security while social networking on-line and how poor security will result in you paying the price and not your service provider.