Here is How Social Medias Ruin Our Security Awareness Programs

Have you seen this^ yet?

In the past few weeks I’ve seen a flood of these among my acquaintances on Facebook. People perceive it as a funny feature and are happy to share such information with their networks.

All appears to be good, but have we really thought thru consequences of it?

Yeah, that’s one of the most stupid features I’ve seen. It’s tragic given how much effort we – security professionals- put in employees education and teaching masses that they should not disclose too sensitive personal information in public/social medias.
Yet on the other side people have Facebook encouraging users to share all their personal info, and now they went one step further. I wonder if such features at Facebook are ever consulted with their security teams and if they bother to think about potential consequences of it.

We’ve got thousands of InfoSec professionals fighting for removal of “security question & answer” features from products. They devote their personal lives to educate others how to be safe on the Internet, and here comes Facebook messing it all up.

Such features wire people’s mind in a way that they end up feeling and believing that it’s totally fine to share such information with public. For many people Facebook and social networks are an authority as of what is right and what is wrong.

Good luck convincing people on security awareness training that they shouldn’t be posting information about the company or their work. Even if they believe you during the session, they’ll quickly forget about it just a few moments later because they’re constantly bombarded with the opposite information from social medias.

By why does that matter. Aren’t we free to choose what we do online and it’s only a problem for people who disclose too much?

I’m really tired of a narrative in the industry which says “oh, weak and dumb must die. That’s pure Darwinism and laws of evolution so why would I bother“. Holy shit, how dumb it is. I sometimes can’t believe in what I’m hearing, because I have respect for someone for their accomplishments and career growth, yet they spit out such blunt and myopic statements.
If we let people do whatever they want, we’ll end up in chaotic world where we hate to live, yet we’re forced to because there is no alternative.

I do care about such things and I don’t think people are really free in what they do – even if they believe otherwise. There is a difference between allowing people to share photos and urging them to do so.
It’s about the permission model we wire into the society – “Facebook says it’s good, most people do it which means it’s good for us to do the same”. Even tho it may sound ridiculous to you, it is a very real case.

Assuming that people are free to do whatever they want is such a naivete. Most people’s social and mental frame isn’t strong enough to resist following stunned and reckless masses. It wasn’t once in history of a man kind where evil ideologies wrapped in nice, persuading wording pushed very good people to do dumb things against their nature or against the goodwill of others..

People are weak, most people don’t use their freedom wisely and it’s in hands of people with higher conscience to take care of the weaker.

Is the business benefit high enough to justify such risks?

The authority or tech giants should be used cautiously because with power comes responsibility, and it’s not good for society if big corporations avoid taking ownership of their actions.

I wish Facebook led by example. Instead we have things like that new feature, that not only spoil our society but put them in actual danger. Think of kids who like those features and leak huge amount of details by filling out forms supplied by Facebook. Evil creatures who seek to take advantage of unconscious people or kids now have an additional leverage. For free, with minimal effort. Instead of turning life of bad guys into a nightmare we provide them with cheaper and cheaper ways to hack us.

I know that business is all about risk and ROI management. But does Facebook really need to push themselves to such shallow initiatives? Isn’t it enough when they already have all of our personal information, marketing preferences and what not? I get it that it’s next nice feature, but is it really profitable enough to expose users to additional security and privacy risks?

Don’t get me wrong. Facebook is a great platform that transformed the way we communicate, but what is the peak of our tolerance?

On one hand I immensely appreciate the great opportunity Facebook gives us a society and I’m thankful for security tools such as osquery released by Facebook.

On the other hand however, I see them making initiatives like this one and it makes me wonder if it’s just me or the messages they send to the world with their actions are really out of sync. Whatever it is, I am worried that we’re forcing unconscious people to compromise their privacy and we don’t look enough into the future we build for ourselves. I don’t want to live in a world where privacy means nothing, and if we make most people comfortable with being naked, we’ll eventually end up living in a world where we’re forced to follow the crowd.

Curious about your thoughts on this.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.