Security on social media is a constant balancing act.
Lots of memes, quizzes, or trending topics look harmless, but if the whole Cambridge Analytica fiasco has taught us anything about social media’s potential pitfalls, paranoia is a much better (and safer) default attitude to have.
The 10-Year Challenge Danger
One thing that seems especially popular now are the “10-Year Challenge” photo collages where you post your first Facebook profile picture and your most recent Facebook profile picture.
While these posts are pretty amusing and certainly a nice walk down memory lane, it’s worth taking a look at the possible motivations behind this viral meme. This is especially important to consider given the recent advancements in machine learning, the training of machine learning, and the improvements in computers recognizing people (and things) in photos.
An interesting post on Wired.com has taken a slightly paranoid look at the whole phenomenon, and while it is true that it’s unlikely that this viral phenomenon was developed to improve facial recognition, it’s also increasingly necessary that all users of social media approach these sorts of viral memes and posts as potentially harmful.
Practically speaking, Facebook has lots of photos, and it’s probably more effective to train photo recognition software on lots of examples of a single person. Having 10 or 100 pictures of a person as they age can make up for weird lighting or angles that may be present in only a single picture.
However, the pictures that are posted under this 10-Year Challenge are (usually) nicely hashtagged (for easy searching and adding to a database) and dated (10 years ago, the date a photo was taken was rarely the same date it was uploaded to Facebook, or the date/time registered by the camera), so in some ways the much smaller and more limited data set may have advantadges. Especially if it is used to optimize and tweak the machine learning algorhthims that have been generated from the massive collection of photos that Facebook already has.
Social Engineering in Quizzes?
The Facebook 10-Year Challenge also reminds me of the “What is your (stripper|blues musician|pimp|whatever) name” quizzes on Facebook (and MySpace and LiveJournal) that were very popular several years ago. While the resulting names are generally pretty amusing, lots of the questions they ask (“Pets name”, “Street you grew up on”) are also security questions on many websites.
This may be overstepping the bounds of normal paranoia, but it’s worth thinking about the whole picture. Consider this:
- To sign up for the quiz or name generator, you often have to give the quiz access to at least *some* of your Facebook info (like your email).
- You post your funny name or quiz result (or whatever), that can easily be reverse-engineered to figure out what your mother’s maiden name (or some other seemingly innocuous info) was.
- You post the results to Facebook or Twitter using some sort of hashtag (which can be easily searched by an automated system and the data can be sorted and saved.
- Most websites have the same 10-20 pre-generated security questions (mother’s maiden name, first pet name, roommate in college, etc.).
And suddenly (at least to me) these silly little quizzes look like they could be some very clever social engineering.
This isn’t to say that all of these types of quizzes are dangerous or identity thieves, or that Facebook is going to be tracking you more after you posted your pictures.
In this day of extreme social media and massive data, though, it is worth thinking about before you put anything online.
