I lost all my phone contacts recently, which of course was a pity, but it led to an interesting discovery about privacy. Here’s my story.
I wanted to restore my smart phone to its original state – it started to work pretty slow after some time. The thing is that I simply forgot to copy my contact list backup. Shame on me.
But no use crying over spilled milk. I started installing some apps, configuring etc. and after a while I noticed that I have a few hundred contacts! How’s that? Android simply imported all my Facebook, Twitter, Google+, LinkedIn etc. contacts, merged them, and displayed on the contact list.
Since I didn’t want such a mess in my phone, I found and option that said something like Display only contacts with a phone number and… I still had tons of contacts displayed!
Ok, I admit it was less, but still quite a lot. As it turns out, lots of people enter their private or/and work phone numbers, their home addresses and other personal data. I always had doubts entering such data and saw no particular reason to do that. My friends simply have my phone number, and even if they don’t know my exact address (though they usually know how to get to my place ;)) – there’s no problem asking me anytime. So why would I leave such information on my social media profiles? “Because there’s a field to be filled” or “because I can” are not real reasons.
Now what you probably want to say is that there are privacy settings, right? I can allow such personal information to be displayed only for specific people or groups and no one else will see it. That’s true, but I think it’s rather saying “don’t worry too much” than solving the problem. First of all, we do hear about a bug or inconsistency from time to time – people simply find ways to outsmart those systems. I’m not sure whether one day someone won’t say “Hey, I know how to get someones data from Facebook, even if they don’t allow it. All you have to do is…”
Of course you may think I’m paranoid, the same way I think I’m reasonable not to put some of my information at risk if I simply don’t have to. But there’s actually one more thing about publishing such information. Privacy settings may even work great, people may actually configure all this and keep their addresses top secret. Still, it doesn’t always do the trick.
What I observe (and what worries me) is that it’s pretty easy to make people accept friend requests. “Hey, let’s connect on Facebook!”, “I’d like to add you to my professional network on LinkedIn” and so on – I’m not any kind of a popular person in the web, yet even I get such messages all the time. And people actually respond “sure, why not – that’s what social media are for”.
It’s very nice to make friends, chat, exchange thoughts etc. But it cannot be only “yeah, let’s do it!”, without any thinking whatsoever. Kevin Mitnick (and I’m sure you know the guy) claimed that he used mostly social engineering to get passwords. And this means people simply told him or allowed to easily get such information (for example, they were letting him into the office, where they had yellow notes with their passwords on monitors!).
What I’m saying is that privacy protection systems can be even designed and implemented well, but we are the weakest link. It difficult for most of us to find the right balance between socializing and being reasonable on the Internet. So far, so good – let’s just hope there’s no critical point to be reached here…