Careful when handling consumer trust

I recommend the article Identity & Trust: The Keys to the Game in Winning the Hearts (and Wallets) of the Consumer by Allison Cerra. Allison comes from a telecom background and had an early perspective on the value of what she calls the 3Ps. These are presentation (how a consumer constructs and manages an ideal image of himself), protection (data privacy) and preference (helping a consumer make choices). She speaks of the gold mine of opportunity in targeting experiences and applications for consumers.

Read More

600,000 identities compromised per day at Facebook

Facebook put out an infograph revealing that 600,000 identities are compromised per day. That’s a lot of identities. Continuing from a previous post of mine, you could perhaps conclude that Facebook Connect is suitable for casual identity, but not for strong identity.

It’s not that Facebook isn’t trying to protect identities.The infograph reveals an impressive array of risk management tools. Facebook certainly look like they are setting themselves up to be a strong identity provider.

I suggest that the casual value of Facebook to most people is what gets in the way of Facebook acting as a strong identity source. People chose weaker passwords and are less inclined to be serious about account recovery steps then they would be with a bank, PayPal or even email account. A second issue is that users are more susceptible to phishing and spam issues by virtue of Facebook being a popular target with a large attack surface. Not to mention that users may be a little wary of Facebook’s track record of leaky privacy and therefore less willing to give up vital data needed to protect their identity (e.g. cell phone numbers and security questions).

For a further examination of the issue of Facebook identity compromises please read this Sophos article.

Identity, Facebook, Google, Linkedin, the Government

There is an interesting post by Om Malik over at GigaOm suggesting how Google can get it mojo back from Facebook.

Taking a slight spin on this, I make the observation that a large part of Facebook's value is your identity and your associations and Facebook's willingness to leverage this information elsewhere on the web (Facebook Connect). Facebook Connect is becoming the most common way to login to other sites. The reputation of your identity is increased by your associations: it requires a consipricy to create a fake Facebook account and have N friends, the presence of which increases your identity's reputation.

Read More

Wired: Facebook privacy

Continuing on my theme of whinging about Facebook privacy policies, I thought this was a pretty good article.

Facebook Privacy Loss Creep

More Facebook default opt-in shenanigans. I'm not sure whether this one bothers me so much, but here's why this may be a problem for you and how to turn off the possibility of your friends giving away your location on your behalf. Sigh.

Somewhat Improved Facebook Privacy Controls

Facebook has made some reasonable, but not perfect, fixes to the user interface for changing privacy settings. A few things are better exposed, such as the list of applications that have access to your data, and what data you are sharing with who. But it's still broken because you can't, in one place, tighten your security settings.

Read More

Help me understand Facebook and Privacy?

Help me out here. I’m trying to understand how Facebook’s new move to share my information with other sites is okay (Hint: I’m not a teenager, so aim your explanation accordingly). Take LikeButton.me as an example. I’ve never explicitly trusted this site with any information. Yet they know the names of my friends, and yet all I did was visit this site? Visit = type URL, click return.

Read More