Archive for No Contest Communications

Participatory disinformation

… over at No Contest Communications.

“Intimate supervision”: Surveillance on campus

This Washington Post report – holy crap:

Short-range phone sensors and campuswide WiFi networks are empowering colleges across the United States to track hundreds of thousands of students more precisely than ever before. Dozens of schools now use such technology to monitor students’ academic performance, analyze their conduct or assess their mental health. …

Instead of GPS coordinates, the schools rely on networks of Bluetooth transmitters and wireless access points to piece together students’ movements from dorm to desk. One company that uses school WiFi networks to monitor movements says it gathers 6,000 location data points per student every day.

School and company officials call location monitoring a powerful booster for student success: If they know more about where students are going, they argue, they can intervene before problems arise. But some schools go even further, using systems that calculate personalized “risk scores” based on factors such as whether the student is going to the library enough.

The dream of some administrators is a university where every student is a model student, adhering to disciplined patterns of behavior that are intimately quantified, surveilled and analyzed.

cross-posted from nocontest.ca

h/t Clarissa

Saving your name

The “Naked Security” blogs published by Sophos remind me how vigilant online publishers – and all organizations, really – have to be to protect their content, their data, even their names. Indeed, the word “vigilance” needs to at the top of our whiteboard every day – and never erased.

When I moved to Vancouver in 1996, I saw that almost no small-cap companies in the exploration and mining business had online presences. This was a good business opportunity. I knew my way around the Internet – coming from Stanford, you had to be – but hadn’t created websites myself. I found a couple of partners who did, and we found a bunch of clients right away.

The first order of business was registering URLs for each client. This typically involved registering four or five: client.com, client.net, clientresources.com, clientresources.net, and clientinvesting.com, for instance. We wanted to make sure that we covered the bases, so to speak. We would use the main URL and make sure that the others “pointed to” the main one.

For a couple of years, on the Internet there was the equivalent of the 19th-century American land rush. Promoters, IT whizzes, managers, communications pros, publishers, inventors, entrepreneurs – everybody, it seemed to me – were staking out their claims to URLs, in essence buying names and making them their own. Whether or not these names were used for actual websites, for some it was just as important that their competitors *didn’t* have these names.

I have a spreadsheet to make sure that I never forget to re-register the “stable” of URLs I own or manage (a few dozen). Two times I missed a deadline; I lost one URL (this still bugs me, as you can imagine) and *miracle of miracles* I got the other one back.

Forgetfuless is one way to lose control of your URL. Having it stolen is another. The other day Sophos blogger John E Dunn published an article called “US gov issues emergency directive after wave of domain hijacking attacks.”

The US Department of Homeland Security (DHS) has issued an emergency directive tightening DNS security after a recent wave of domain hijacking attacks targeting government websites. …

Domain hijacking has been a persistent issue in the commercial world for years, a prime example of which would be the attack that disrupted parts of Craigslist in November 2014.

In that incident, as in every successful every domain hijacking attack, the attackers took over the account used to manage the domains at the registrar, in this case, Network Solutions.

The objective is to change the records so that instead of pointing to the IP address of the correct website it sends visitors to one controlled by the attackers.

This change could have been made using impersonation to persuade the registrar to change the domain settings or by stealing the admin credentials used to manage these remotely. …

Dunn recommends that you verify your company’s IP addresses and “change passwords on all accounts used to manage domain records.” Read his entire post for a longer list of important safeguard measures.

Reposted from nocontest.ca

Good advice

Don’t think with your fingers.

Rental detectives

I’m pretty much an open book to my building manager (thank you, B.!). If I ever have to move into another rental, though, the services provided by a British data-mining company might unnerve me. Writes Stanley Q. Woodvine in Vancouver, BC’s Georgia Straight,

Tenant Assured is a web-based service first made available two weeks ago to landlords around the world. The service essentially forces people to open up their social media accounts to the prying eyes of landlords as part of the process of applying to rent an apartment. …

This is how Tenant Assured works:

A landlord who’s signed-up with Tenant Assured sends all of their rental applicants to a special link on the Tenant Assured website. They are then asked  to provide full access to up to four of their social media profiles—on Facebook, Instagram, LinkedIn and Twitter. These are then thoroughly crawled, scraped, and analyzed by Score Assured. The scrutiny includes conversation threads, private messages, and contact lists. …

Concerns that the service is a gross violation of personal privacy were brushed off by the company, which trotted out the oldest authoritarian assurance about surveillance in the book, namely, “If you’ve got nothing to hide, you’ve got nothing to fear“. Or, as [the company’s] cofounder Steve Thornhill put it … “If you’re living a normal life then, frankly, you have nothing to worry about.”

Thornhill further pointed out that people had to give their consent to the Tenant Assured process and that it was really not much different from a background check or credit rating.

Of course it’s very different … . There are long-standing laws governing credit and background checks and there are processes in place to allow people to see their credit reports and correct inaccuracies.

Although landlords anywhere in the world can sign up for the service—including right here in Vancouver—it’s is not clear what laws in any given jurisdiction could hold such an online service to account.

As a professional communicator, I take great pains not to post anything at all controversial online: very little politics or religion … or anger. (I always ask myself, “What would my students think? My future clients? My Mom?”)

The persona I therefore project is a good deal sunnier and more welcoming than the real thing. Indeed: Last year a girlfriend from high school wrote me, “Bob, I like you so much better online.” Good to know.

Also at nocontest.ca