I have read an article about MySpace in a fairly recent news article a few weeks back and thought that I should highlight the importance of security in social networking. In the early days of the Internet, most websites were information sites. However, today our web content has gone far from just being informative. Net citizens are beginning to take up their own identities on the Internet through blogs and social networking sites. The concept of verifiable digital identity, its use/misuse, its privacy and its authenticity are becoming critical issues. On-line security becomes the only front-line protection mechanism against these budding problems.

Most average net citizens don’t even care about such issues thinking that it do not concern them. The common respond is, “I don’t really care or it is not important!” Worse of all, they naively believe that their on-line service providers have it all covered. A common respond for this is, “It is a very popular site, they should be safe.” In this article, I hope to discuss about some of the things that net citizens should look out for in any site or software that involves the use of their identity on-line.

The first step to security is to keep your information private and permission controlled. Allowing the whole world to view information about you is a huge security risk. Now, you may ask if that is important. The obvious answer is yes. What is it that they want to do with your information? These information can give them clues to the sites your visit, passwords, user Ids, places you hang out in the real world, your habits, your health, your private life, your bank or credit card information and etc. The information that is gathered about you can then be use to stalk you in the real world, steal and use your identity to do terrorist activities, extort you, blackmail you, bully you, spread rumours and gossip about you and etc. I am sure that if you are creative, you can come up with more horrible things that can happen. Do you know that your service providers are not required by law to protect your information and that you visit and use sites at your own risk? Security is basically your own responsibility. You should never post any information about yourself unless you know you can control how they are accessed. Always remember to take your time to read the security and privacy statements that are provided by most service providers, then decide for yourself if you want to use them. If any service provider that you are looking at do not have any such information, your alarms should start sounding off. If in doubt, you should always question them about how they intent to keep your information safe before signing up for their services. In addition, you can also search for news about the service provider that you are interested in before signing up with them. News articles can sometimes reveal a lot about how secure they are.

Other general things to worry about in regard to keeping your information private includes malicious web spiders and search engines that unknowingly compromise your information. Web servers are all programmed to respond in a specific way when queried. It is this standard protocol or behavior that makes the Internet so widely used. However, web servers also becomes more easily exploitable when configured inappropriately or when bugs are discovered through cleverly crafted probes. In short, web servers can unknowingly pass your private information to a malicious web spider or search engine and make your private information publicly available. In most cases your service provider should have a plan to deal with all these issues. If a service provider shows little concern about protecting your information, perhaps you should reconsider putting them there.

The second step is to ensure that you are connecting to the right services that you desire. Failure to ensure that may result in information leaks that can be used against you. Do you know that there are malicious software and people collecting information about you all the time on the Internet? Hacks such as man-in-the-middle attacks and phishing are on the rise. The goal of the hacks is to steal your private information either by hijacking your information half way to your service provider or by pretending to be your service provider. Being sure that your service provider has the capabilities to keep your information safe and access controlled is not enough. Your service provider needs to ensure that you can connect to them securely and without doubt. Hackers can easily use tools to harvest your information en-route to your service provider and hide their actions using techniques such as network address translation (NAT). Step one only makes sense when you are sure that your information is going to the correct service provider.

The third step is to ensure that your service provider has the capabilities to protect you from third party components that reside on their website or software. Giving users the permission to add custom components on top of their services can and will introduce new security issues. All the other threats we have discussed so far comes from outside your service provider, embedded components on the other hand comes from internal and is viewed as part of the system. Most users have the wrong perception that anything from a secure site or software is safe but this is not true when it comes to third party add-on. Most service provider disclaimer will include a sentence that protects them from such issues. These add-on can sometimes become the security loop hole to the unbreakable fortress. A simple example would be a widget that broadcast your information in plain text residing in a secure website. Add-on includes media players, nice innocent looking widgets, unseen script code and etc. Seeing custom components and widgets on a website should also raise your alert level while browsing because the security risk is higher. Shutting down the browser’s capabilities on third party components can also be a good solution to protect yourself against such threats. Third party components are becoming a greater threat now that almost all social networking sites uses or allows some form of add-on.

Web browser based technologies are more widely published and hence more widely exploited than custom clients. It does not mean that therefore web browser based technologies are less safe, it just means that more people tries to break your system through it than through custom clients.

I hope that the discussion has helped you become better aware of the need for security while social networking on-line and how poor security will result in you paying the price and not your service provider.

This is one of the frequently argued about topics in the last while. I have tried to stay away from it but it seems that I cannot avoid it. There are a few people who have feedback to us that they will never try Hiitch just because they have to download and install it. I guess the terms ‘download and install’ has become the signature of a desktop application. In my personal opinion views such as these are really disappointing to hear. Disappointing not because they are right but because they come from a very narrow and one sided view point. The web browser for example is also a desktop application, even though almost all web based applications are build on top of it. Without a pre-installed OS on your hardware, the web browser is completely useless. Without the web browser installed on your desktop, the billions of web applications sitting out on the Internet is useless. To me, neither the desktop applications are better nor are web based applications superior. They each do well for different purposes.

I think that most users take for granted that because there are already existing desktop applications that help them to do what they want, there is no need for anything else. Some people even goes as far as to suggest that everything else in the computing world should be in the web browser. Which is an even more disappointing notion. The fact is that we need desktop applications and technology in order to access web based applications. Good technology cannot be about one single concept but a combination of many good concepts. The key to creating a good technology, hence good engineering is the idea of using the best tools (or a mix of the best tools) for the job.

Innovation is the key factor that drives technology. Innovation has always been driven by people who can find good but different solutions to a particular problem. And because the problems often differ, the solutions will also differ. Everything else is a matter of personal preference. Whether you like to use your personal email client or Gmail, Yahoo mail and etc. is a matter of personal preference and your data storage needs. Some people like their mails kept on the email client on their laptop for privacy, others prefer them on a pop mail server for easier access with the web browser. The bottom line question then is not which is better but which one best fits your needs. In my opinion, neither one is going to go away anytime soon because both of them are still helping people solve their problems but in different ways.

At Hiitch we follow the principle that good engineering drives innovation and innovation drives technology. We think that social networking and online dating by its nature contains many private information that should not be made easily available on public Internet terminals. Hence, in our opinion we think that any proper solution in this problem domain has to be personalized to the individual user’s desktop. However, the solution must not restrict itself to the desktop but reaches out to other online users on the network. We try to take the best of the web, the desktop and merge them together into a good solution. In this solution we have incorporated good web concepts without compromising security and privacy. Some of the key features that we have build into Hiitch from web based technology are accessibility anywhere, portability of data, community interactions and etc. Desktop features that we have included are direct information delivery, GUI familiarity, security in terms of data storage and privacy of information.

We accept the fact that there will be people who will disagree with us but we also know that there will be other people who will like what we are doing. And we hope that our solution to social networking and online dating will not only meet their needs in this particular area but empower them to succeed in their social life online!

Security is the top most priority in Hiitch. A lot of effort have been put into designing safety mechanisms to help protect our users from malicious threats on the Internet. In this article I will discuss a few of these mechanisms that we have developed and designed to help our users better appreciate the true value of Hiitch. We do not see our security features as a full proof system but we do know that anyone trying to break our system will have their hands full.

Let us start from a few of the protection mechanisms that we have put in place for our users:

Encryption: All the user’s registration information are encrypted both on the local computer and on the remote server. If anyone who is not suppose to access these information manages to get a hold of them, they will still not be able to decipher the details. We do not use static global keys to encrypt these information. Hence, each user has a different set of encryption keys which will provide the most optimal protection in most cases. Coupled with the OS system’s multi-user login protection, the two layer security is good enough to deter even the most advanced crackers. All communication on the Internet uses SSL. SSL basically encrypts the connection so that all data going in and out are undecipherable. So if someone manages to compromise your system or any other computer in your network or along the path that your network packets travel. They can easily setup a snooping software to gather your network data, however, they will not be able to make sense of it.

Password Retrieval: We have added a long list of good security questions that our users can use. Our security questions are very personal and sensitive questions that our users will not easily give out to any other people that they do not trust. We do not allow our users to enter their own security questions because we worry that they may unknowingly breach the whole purpose of having a security question. One good example of a bad security question would be, “What is my pet’s name?”. Your neighbor next door who hates you hears you playing with your pet “dodadi” every evening. Your neighbor goes online to Hiitch and tries your pet name and amazingly gets access to your password, that is provided that your neighbor knows your user Id. We also do not use the email system to send our users their password. This is because we do not have control over other email providers who may breach our security by sending your private password in plain text over the Internet. While the email is traveling to your mail box, it may be routed over several other computers that have been compromised and is snooping for information on the network. In order to break your security question, the cracker must know which question you have selected as your security question and what the answer to that question is. This alone should deter them somewhat as long as the answer to the question has not been compromised.

Privacy Filters: Hiitch has a good set of privacy features that allow our users to customize for themselves who and what they want to allow as public and viewable. No one can view your information if you have set them to private. Privacy features are enforced by our servers and no one can alter them except the owner of the resource. Hackers who wants to alter your settings will need to know the randomly generated access control key before they can even attempt to access your resources. The difficult part for the hacker in regard to the generated access control keys is that it changes every time you login to our network.

Spam Protection: Hiitch has a unique system that allows our users to send email to their contact list people without having to know the email address of the person that they are sending the email to. This provides a great amount of privacy for our users and also avoids spamming issues. If your mail box have spam control then mails sent from our server will be placed there until you agree to accept them. Neither the sender nor the receiver will have access to each others email during the entire mailing process. Except for the people who are in your contact list, no one else can send you emails through our mail system.

Digital Signature Verification: In addition to encryption and SSL, we also use digital signature verification to resolve the identity of the server that our client software is connecting to. In most of the client and server type services, the key worry that users will have is whether the data is going to the correct target destination (server). Our clients request for a digitally signed identification information from the connecting target (server) before sending any sensitive information to it. If the signature can be verified by the clients then we are sure the host server is ours and trusted. If the signature cannot be verified then the clients will refuse any further communication with that server, hence no information has been send to that server. That means that if our client software allow you to connect to any server, then that server must belong to us. This protects our users from hackers using phishing scams and man in the middle attacks.

Access Control Keys: Hiitch uses randomly generated access control keys for every new session to prevent anonymous clients, search engines or web spiders to harvest your personal information on our servers whether directly or indirectly. Making your private data truly private while online. Therefore there is no need to worry about your private information being leaked out into the public Internet from an anonymous client, search engine or web spider pretending to be a web browser.

I hope that this article will help our users to better appreciate the hard work that we have put into our software design and development to ensure their security and privacy. We welcome your participation in helping us improve our security features so that we can better protect you and your information while social networking with us online on Hiitch. So relax and start to get to know people on our network and leave the difficult part to us.

Hiitch is about helping you to succeed in this new digital age of online social networking and Internet communities. Hiitch is an attempt to empower the average online individual with all the right tools and information that he/she needs to create new opportunities for themselves in business, relationships and etc. You need to start hiitching today. Hiitching is about creating new connections that will generate for you new opportunities. When you meet someone on Hiitch, you don’t just add a new contact like in many other social networking solutions. Hiitch was designed to open up for you the whole network that your new contact is connected to. The more people you get to know on Hiitch the more networks you have opened up for yourself. The more networks you have opened up for yourself the more opportunities will be made available. On Hiitch, it is all about who you know. People are the central focus on Hiitch. You don’t search for things that you want on Hiitch, you search for people who are most likely to have them. The greater the number of interesting contacts you have the more valuable your contact will be to other Hiitch users. That is what we think social networking should be all about. Start hiitching now and realize for yourself that online social networking is about to change.