Responsible disclosure should apply to Social Media

A few days ago I discovered a site that I hoped would go mostly unnoticed, unfortunately I was wrong. Hutch Carpenter blogged about it and I decided to expand on my thoughts with this post.

The site is PleaseRobMe.com, @PleaseRobMe on Twitter, (not linked intentionally) and it got some attention by telling the world about people who were not home.  They analyze location aware social network data, mostly Foursquare checkins, and determine when a user is away from home. It’s not magic, if you tell the world you are at Starbucks you are obviously not at home.

UPDATE: It appears that Twitter has suspended @PleaseRobMe. Bravo Twitter

PRM is not an opt-in service, they are scanning the public data stream.

It’s stupid and wrong. Here’s why

The veil of Awareness

From their site,

“The goal of this website is to raise some awareness on this issue and have people think about how they use services like Foursquare, Brightkite, Google Buzz etc. Because all this site is, is a dressed up Twitter search page (link). Everybody can get this information.”

Darn near public servants right? Not hardly.

Yes it’s essential to educate people about the ramifications of the sharing information publicly and geo-social services make this conversation even more important. Are there reasons to be selective about where you check in or if you use the service at all?

Absolutely.

This past evening I had a discussion with a friend who has stopped using Foursquare/Gowalla because she is a single Mom and as she put it, “too many weirdos out there”. I couldn’t applaud her decision enough. She knows the risk, she chose to stop.

But playing the awareness card isn’t a do-what-you-please ticket. Plenty of sites and blogs are talking about social media, privacy, and security concerns and none of them are exposing users.

If you are aware of a problem and others aren’t then you just became responsible with what you do with that information. How we tell others is very important.

Responsible Disclosure in Web 2.0

In the Information Security community there is a practice called responsible disclosure.

In laymans terms if you find a security hole you make the effort to work with the vendor or manufacturer to resolve the issue prior to releasing it to the public. It’s simply a process of fixing the problem without putting people at risk.

Its a concept the folks at PleaseRobMe should take to heart.

There are a 1000 ways to raise awareness and all of them are better than this.

It’s a publicity stunt with marks of juvenile and irresponsible behavior.

One response to “Responsible disclosure should apply to Social Media”

  1. […] Responsible disclosure should apply to Social Media – KnowtheNetwork Sure, let’s add some more rose coloring to those glasses – Shooting at Bubbles Pennsylvania School Sued For Spying On Students Via Webcams – Sean P. Aune LMSD response to ‘invasion of privacy’ allegation – LMSD […]

Leave a Reply