Social steganography?

Steganography was in the news this summer when the FBI revealed that Russian intelligence agents were using steganography to pass secret messages.  Unlike encryption, which mathematically changes a message so that it can’t be read by a third party, steganography hides the message in plain sight — in this case in image files.  With the buzz in the news, there was some discussion on blogs as well.  I’m not sure how I came across it, but Danah Boyd penned an article about steganography in social media.  Boyd talks about a girl named “Carmen”, who quoted lines from a Monty Python movie to communicate distress to her friends while hiding it from her mother.

I took serious issue with the article as an example of steganography.  While it may technically meet the definition since Carmen’s mother apparently does not realize a secret message is being sent, that’s more a matter of serendipity than message obfuscation.  Frankly, it’s a better example of “Carmen’s mom has no taste in movies” than “teens can hide secret messages in Facebook”.  If Carmen’s mom had seen “Life of Brian”, which is undoubtedly older than Carmen, then the steganography fails.

Steganography only works if the recipient knows not to respond in the clear, too. If Carmen’s friend “Jane” had said “aw, what’s wrong”, the whole thing is blown. It’s possible that Carmen and her friends have worked out a protocol ahead of time, but that’s more of a code than a method.  While it would be very trivial to share secret messages on Facebook, but song lyrics from a beloved movie is a pretty bad way to do that.  To me, this article reads like another “OMG YOU WON’T BELIEVE WHAT KIDS ARE DOING ONLINE” piece designed to scare gullible parents.

Is Twitter just a crippled version of IRC?

Back in May, Karsten Wade posted “microblog format/interaction is a crippled, radically transparent form of #IRC. Otherwise, seems to serve same purposes.”  I don’t know if that’s his own conclusion or if he was quoting someone else, but I disagree either way.  The other evening, I had a related discussion with a friend.  Her take was that Twitter is a less-featureful version of Facebook status updates.  I don’t believe that either, but it seems to highlight a problem with Twitter: it’s utility isn’t readily apparent.

Twitter easily supports one-to-one and one-to-many interaction.  Many-to-many is possible, but requires some searching and/or client configuration.  That makes it a rather poor replacement for IRC.  IRC is also more real-time than Twitter is necessarily.  Although Twitter is often used for real-time events, it doesn’t have to be.  The big difference between IRC and Twitter is that IRC is self-contained.  This is a point I made several times during the Mario Marathon, when people in chat felt they were being ignored.  IRC can be very active, but no one outside the channel will notice.  With Twitter, the message gets spread each time someone posts.  If a topic begins to trend, that can pull in even more participants.

There’s a better case for saying Twitter is just like pulling the status updates out of Facebook.  Several people I know post Facebook status updates with their Twitter accounts, so it seems reasonable.  I’d agree that they are mostly the same, but there are a few differences.  The primary difference is that Facebook more easily allows threaded discussion, whereas a tweet stands alone.  Neither way is necessarily better; in certain circumstances one is preferable over another.  There’s also the lack of passive support.  In Facebook, you can “like” a status with impunity.  On Twitter, to express support, you must re-tweet and therefore own the statement.

To me, there’s a clear use for Twitter.  That’s not the case for many people, and until they can figure out a use, they simply won’t use it.

Cyber security month — your private pictures aren’t

Editor’s note (*snerk*): October is National Cyber Security Awareness Month.

One of the most commonly repeated pieces of advice given about privacy on the Internet is “be careful who you allow to see your stuff.” That advice is good, but it doesn’t quite cover it.  Pictures posted on many social networking sites can be set to only be viewed by your friends, or even subsets of friends.  However, there are ways around those protections.  On Facebook, anyone who has access to the picture can copy the picture’s URL and send or post it to others. The URL allows anyone, even people without Facebook accounts to view the picture. On MySpace, there was a way to view any users pictures from a slide show, so long as you knew their ID number (which is easily obtainable).  This has since been fixed, it seems. There are also methods for finding private pictures on Photobucket and other sites.

Beyond the somewhat innocent ways of compromising your pictures, there are also more sinister ways of losing control of your content.  If you have a weak password, or reuse passwords, or let your password be known, you are open to someone compromising your account and removing, changing, or adding content.  This has the potential to be very damaging to your personal life.  And of course, anything that can be viewed on screen can be copied in a screen capture and posted anywhere.

That isn’t to say that your content shouldn’t be controlled.  It is still a wise idea to try to keep tabs on things you don’t want everyone to see.  The important thing to remember is that your private pictures aren’t, and anything on the Internet might eventually make its way into public view.

I could never get the hang of Thursdays

The e-pocalypse seems to be upon us. This morning I tried to upgrade my MacBook to 10.5.8 and it’s been “booting” for the past 45 minutes or so. The evolution-exchange backend keeps failing on my Linux box so I can’t get to my e-mail (interesting side note, it also crashes Pidgin). Twitter and Facebook were down, although Facebook seems to be back now. I feel so isolated!