Children and privacy on social networks
On April 19, Ivan Kaspersky, the 20-year-old son of prominent Russian businessman Eugene Kaspersky, was kidnapped on his way to work at a Moscow-based security company. Ivan was freed unharmed four days later after a special operation involving Russian law enforcement officials and Kaspersky security personnel. It was later discovered that the kidnappers had closely monitored Ivan's social networking account to gain information about his movements and personal security level.
The following article was written by Eugene Kaspersky, who is the founder and chief executive of Kaspersky Lab, and posted to his Facebook page on May 12, 2011.
No geeky computer security stuff in this post. No technical details about social networking scams or Twitter worms or malicious Facebook apps or whatever. You can always get this sort of information at first hand from a variety of trustworthy sources like Securelist (http://www.securelist.com/en/) or Threatpost (http://threatpost.com/) to name a few.
There is something of a much greater concern I would like to talk about. Our children’s safety on social networks.
You heard a lot about the latest incident with my son Ivan, which has successfully ended up with the bad guys caught and no one hurt.
The investigation has revealed that the kidnappers were actively using social networks by scanning for personal information about possible victims and understanding their daily routine. The data was later used for planning the crime. At this time we can only guess what was the main reason was as to why they decided to target Ivan.
However, personally I believe the main reason was the excessive availability of his personal information on the major Russian social network VKontakte that allowed the criminals to track down his movements, monitor updates and estimate his personal security level.
To make it clear for the international audience let me explain that VKontakte is based on the same approach as Facebook and has over 100 million registered users. It allows people to maintain rich user profiles, post updates, notes, photos... Well, if you read this you know what you can do in Facebook.
Just the time to say mea culpa. I made a mistake by not taking care and educating Ivan on the best practices of exposing personal data in social networks. Don’t you make the same mistake. Act now to safeguard your children against unwanted eventualities.
Social networks have brought personal communication and exposure to a new level. They allow people to be as open as possible, feeling free to share their thoughts and letting their friends and colleagues be a part of their lives. I see no evil intent here and believe this approach illustrates the way that people will continue to behave and communicate in the future.
However, apart from a wide range of computer security threats, the other side of social networking is physical safety.
According to Insidefacebook.com 46.4% of Facebook users are under 25 and 20.6% are under 17 years old. Teenagers and young adults are very passionate about networking and rarely take into consideration the consequences of over-sharing. The “friends race” and poor privacy settings awareness contribute to the mess and your personal information can float directly into the hands of people with less than friendly intentions. The OnGuard Online states that 22% of 16-24 year olds don’t know the people they share information with on social networks.
And remember that kidnapping or sex predators are just one of the possible threats here. People need to think that once something has been posted on the internet, it will be there forever. Tomorrow our kids may deeply regret their social networking activity of today. It may influence their career, social status, relations and present a fertile ground for blackmailing in the future.
I strongly believe we should act in two directions.
Firstly, social networks must introduce age-related features to minimize the risks associated with uncontrolled personal data exposure. For example user profiles with limited functionality, content pre-(post-)moderation by parents, and specific privacy and visibility settings (especially for geo-location services). I like the idea to allow kids set up their profiles as their parents’ subaccounts. Alternatively parents can use parental control features in security software to allow access to approved and monitored profiles only.
Secondly, educational measures to help children understand the threats of social networking and best practices of online socializing. I recommend to parents who are seeking advice read from OnGuardOnline’s “Safety Tips for Tweens and Teens” (http://www.onguardonline.gov/topics/social-networking-sites.aspx). At the same time safety and security of social networks should become a part of secondary education.
At Kaspersky Lab we conduct regular public trainings for teenagers and young adults and actively lobby to include the data security classes in school systems. There is a dedicated fully not-for-profit educational program dubbed Kaspersky Academy (http://www.kasperskyacademy.com/en/), funded by our company worldwide. It was founded years ago as part of our corporate mission and has gradually expanded across the globe This is available for any University or school who is willing to participate.. We like to also get involved in public initiatives that aim at educating younger generations about the dangers of the internet – such as Safer Internet Day in the United Kingdom (http://www.itsmorethanagame.eu/).
One may think the first measure is too draconian and the second one will not work. I have a strong feeling of Déjà vu from the mid 90s when many people refused using anti-virus software because it was slowing down other operations.
Security and usability is always a matter of a well-balanced compromise. The Laissez-faire approach may and inevitably will lead to unpleasant surprises. The total control is also not an option as we have to respect our kid’s privacy and nourish their personal opinion. Families should find their own solution to this issue, as I don’t see a one-fits-all recipe. For example make kids play the privacy game and be proud of protecting their present and future.
Like it or not, social networks aren’t going anywhere anytime soon – they’re here to stay. We must act according to what social networks really are - a double edged sword. We should enjoy their benefits while not forgetting about all the threats they can bring. I am absolutely confident that we should do something immediately to minimize social networking risks to our children and avoid something irretrievable from happening.
Prevention is better than cure.
Talk about privacy and safety in social networks with your kids now!
PS: here is a great selection of infographics about social networking! http://www.pamorama.net/2011/01/30/65-terrific-social-media-infographics/
Comment by Geekbabe, posted 5/16/2011, 2:39 PM:
I remember when news of this horrific crime became public & cannot imagine the terror Ivan & his family must have gone thru. a nightmare.
I think many families are confused by the ever shifting rules of social networks like Facebook, coupled with a teen's need for increased privacy & a parent's wish to not appear over controlling.We are sadly hearing too many stories of social networking gone wrong.
Thank you Onlinemom & Kaspersky for helping us keep our families safe!