Hosting and security consultant Andrew Waite talked about information security while Chris Stainthorpe, developer at Customer Sure, focused on names and pseudonyms.

Local web and mobile developer Peter Bull was at the event and sent New Media Now his summaries of the both talks.

Security – Why do you need security?

The simplest reason is that you have something someone else wants. You might also need security for compliance issues.

It’s also worth being aware of that an average of one attempt per minute is made on servers online.

Why would anyone target me?

To obtain account/payment details, financial gain or system resources. Ideological reasons can also be a motive for an attack. Your system could cause damage to others or be damaged itself by an attack and be used to store illegal content.

What’s out there?

Automated/bulk attacks, casual/hobbyist attackers, activists, organised crime or even espionage.

How secure do I need to be?

It depends on who you are. You need to balance risk against the resources you are willing to put in. At least focus on attacks hacking toolkits like metasploit enable.

Are firewalls and anti-virus software enough?

You need to know it’s working by testing and remember that just because you haven’t found a problem doesn’t mean it isn’t there. Conduct both in-house and third-party testing which involves network mapping, vulnerability detection, penetration, privilege escalation and maintaining access and then reporting mitigation or fixes.

How to reduce risk?

Identify what the risks are. Security can be expensive so you want to have a good return on investment. Remember however, that nothing is 100% effective. You need to weigh cost to risk & improvement and actually use what you have.

Privacy – What is a name?

It is a label for an identity, a way of identifying a collection of opinions over a long period of time – accountability, ownership and authority.

We believe we are balanced but we can be prejudiced and can be biased against politics, class, sexuality, gender, race or culture. Women experience 25 times more online harassment online and of gay people, about 50% experience bullying online.

We therefore may require a public and a private identity.

Names aren’t as simple as we assume

Some false assumptions about names is that people’s names change only in special circumstances, their names are case sensitive, a dictionary of bad words doesn’t contain peoples’ names or that people even have names.

People might not want to use their real name online but services such as Facebook and Google insist on real names. The reasons for this aren’t well justified – if you are not paying for a service, you’re the product being sold.

Bad citizens are not reduced by the using real names.

You don’t need real names for a good community and Facebook’s real names policy is simply an authoritarian assertion of power over vulnerable people.

What can we do?

Speak up, design for respect and cultivate communities.

Treat this as a design problem and encourage people to participate in a more inclusive way – don’t insist on two names.

Talk and debate about the problems are and how to solve them.

By Peter Bull
@RoguePlanetoid

Guest

The New York Times made a feature of Facebook’s privacy policy in an extensive review of how, when, and where you can make your private stuff private on the world’s largest social network. It turns out that Facebook’s privacy policy is now so complicated that it’s longer than the Constitution of the United States. Take a look at the infographic (which doesn’t quite explain how to hide those pictures of last weekend from your mum) here.

by Pete Hindle

Pete is a guest contributor of New Media Monthly. He’s a North East based researcher/artist/thinker/designer/programmer. Read more about Pete in his blog.

Among the convicted was Google’s chief legal officer, David Drummond, who has said he’s “outraged” by a decision he describes as setting a “chilling precedent”.

Richard Thomas, the UK’s former information commissioner and consultant to the privacy law firm Hunton & Williams, told the BBC that the case is simply “ridiculous” and can be compared to suing the Post Office for hate mail sent in the post.

Prosecutors argued that local privacy laws were violated by not seeking consent of all the parties involved before allowing the video to go online.

Several legal experts have deemed the decision as highly worrying.

According to Thomas, it’s unrealistic to expect firms to monitor everything that goes online.

He said in The Independent: “This ruling is simply inconsistent with the way the internet works. There is no UK data law or European law that I know which could lead to this result, where employees of a company are sentenced to suspended jail sentences for being personally criminally liable for the uploading of a video clip in this way.”

Andy Millmore, head of litigation at the media and entertainment law firm Harbottle & Lewis, said the ruling will have major implications for internet service providers.

He told The Independent: “If upheld, it [the decision] will make it theoretically possible to pursue sites for hosting content which has not been posted with the express permission of the people featured.”

As it’s generally concluded, the sheer amount of content uploaded by users to sites such as YouTube, is far too much for anyone to pre-screen.

A Telegraph article argues that feedback from other users is the only practical monitoring system. The piece also makes the point that our ‘instinctive tendency towards voyeurism’ in is conflict with this means of controlling content. A relevant question to ask in this case might be; why a repulsive video of a disabled child being mocked and beaten up became the most viewed on the service? And even further, how did so many viewers fail to click a button that would have alerted the company to its inappropriate content.

Sources: BBC, The Independent, The Telegraph