I contend that the safest place for your personal information is online, in a social network, and let me tell you why… oh wait, let me set the scene first *moves some chairs around*

I’ve been asked my a million people lately for my opinion on scams online and people having their identity in real life taken because they revealed too much on Facebook or whatevs. I have to say, I tend to fob off the questions. Not because they can’t be answered and, not because securing one’s real life identity from ID theft is not important, but because usually people asking aren’t interested in real answers, just tabloid-like fear-mongering stuff. So I say “it can be managed’ and leave it at that.

But I know that you, dear reader, want the goodies 🙂

Soooo, there are a variety of identity issues online.

  • Is this person who they say they are in real life? Not just name and location but also job, married/unmarried, gender, everything?
  • Are they who they imply they are? In other words, not just name – if my handle is SugarLips, do you assume from my actions that I am a woman in real life?
  • Does this person exist at all? I wouldn’t be the first person to create two persona’s so I can have an argument with myself online. Whaaat? Haven’t you? It’s a nice technique in online communities to address an issue without spotlighting it as an “issue”. And no, I’m not fussed about ‘transparency’ in this case.
  • Is this a group persona? Some famous cases – such as the old cyber-rape case that I vaguely remember Julian Dibbell (?) writing about in the early ’90s – turned out to be a dorm room full of students sharing one account. Account sharing is banned in most social networks btw, and that’s one reason why. Got that in your ToS hmmm? (EDIT: Wiki cyber rape case). Spoke to K from Sony the other day – she thinks that 4inchheels (now hacked) is a group blogger under one name, I tend to agree with her.
  • What aspect of themselves are they showing? And where does identity lie. If a CEO blogs, is s/he being real or just repeating what has been vetted by public relations and the legal team? If a CEO speaks from the heart into a dictaphone and a secretary types it up, is it really from the CEO?

And how does this stuff compare to the Real World? Ever been on a date with Mr Wunnerful who turns out to be … less? Where was Cyrano de Bergerac hiding – under the dinner table? o.O

So a fraudulent offer is where you are offered something that is …err … not what it says on the packet? A funny game on Facebook that copies your contacts list, or a competition form you complete with a pen, or … who cares. As we use online more, there will be more online fraud. Full stop.

from here

So here’s the current figures

How Were Fraudulent Offers Pitched to Victims?

  • In 27 percent of incidents, victims learned about fraudulent offers through print advertising – direct mail advertising (including catalogs), newspaper and magazine advertising, and posters and flyers (Figure 9 and Table 9).
    • Direct mail was the most common form of print advertising cited, and was the medium used in 16 percent of all fraudulent offers. Newspaper and magazine advertising was the medium in 10 percent of cases.
  • The Internet (including general websites, Internet auction sites, and email) was the medium through which victims learned about fraudulent offers in 22 percent of incidents.
    • General websites were responsible for the largest percentage of these cases: In 10 percent of all cases victims said that they first learned about the offer from an Internet website, other than an auction site.
    • Victims indicate that they first learned about the offer from an Internet auction site in only 3 percent of incidents.
  • Television or radio advertising was used in 21 percent of fraud incidents.
  • Telemarketers were the source of information about fraudulent products or services in 9 percent of all cases.

Here’s an example of a beat-up Facebook-applications-can-steal-your-identity-ohmahgawd piece from the BBC. I can’t embed the video cos they don’t allow that. A basic response would be: how many profiles of the 64 million Facebook users do you think leave their page open, public, searchable by Google and available to RSS and API? A reasonable amount one assumes – enough to keep any industrious identity thief happy. The BBC didn’t need to waste time and money (actually an app only takes a few minutes to build) to rip some profile information from Facebook… .

Now here’s my thing – the social network will win against fraud:
How long did the BBC scam application stay up on Facebook for? Before it was found and reported? How long did it take the social network to discover the poor code, and send out alarm bells? Does Facebook use the “wisdom of the crowds” and have developers checking on each others code?

But the big one – did the BBC have the application go viral? What was it’s take up rate? How long before the community figured out it was a trojan and went on the attack? The social network ALWAYS moves fast to discover and disseminate – hey! that’s what social networks do with any content – and if that content is a new application, it needs to be pretty compelling to get a take up of any size. And once taken up, the social network will figure out – someone will keep an eye on the techie/geeky side, there is always one jock in the crowd – and send out a warning.

And hell, we can send out warnings fast over email, SMS, Facebook wall, groups, chat, forums, blogs, wikis, and through ratings/rankings.

I feel sorry for organised crime. They have no clue that the social network is more organised, more protected, more connected – in fact, organised crime is just a little social network. Shared values, shared purpose, shared hiearachy, defined roles, defined leaders, defined etiquette, rituals, subgroups/tribes whatever. And they are now being ranged against by millions of members of Facebook.

Good luck with ripping off profiles, you won’t last long.

I talk a lot about anti-PR and anti-marketing consumer companies (IHateIkea.com type stuff). But they are also good for scams:
www.awitness.org
scamhunter.blogspot.com
www.ripoffreport.com

My favourite is www.scambuster419.co.uk

Incidentally, government departments and banks are now confirming identity by asking you to give dates of letters they have sent you. *hunts thru the trash can* ASIC gave me a hard time yesterday 🙁

Oh and one final note: the long tail of the Brand of One (you) means you have to be good. As you develop your identity online (filling out profiles), so you gain reputation (we remember you, and start to recognise you), and then trust (we start to identify if you give good advice or are a bit of ditz). Don’t do too many shonky things – you are too easy to track and everyone is connected to everyone these days.

In others words, be good! (and yes, I’m intentionally ignoring the issues of dataportability)