Alma Anonas-Carpio, for her new blog, Chat Noir, on Dateline Philippines
http://dateline.ph/chatnoir/

Cyberspace is a great place to share all the things you want the world to know and it is the place where your light may shine brightly and uniquely, but there are aspects yo your uniqueness that are best kept offline. Over the years, several antivirus software-makers have warned of identity theft and its consequences, yet netizens still blithely post sensitive personal data – such as their full birthdates – on websites like the social networking giant known as Facebook.

Not a good idea, but the world is filled with people who don’t think posting their birthdates and, by inference similar data on their friends and family members, will cause them harm. Two years after it gathered empirical evidence that Facebook users identities are easily stolen off Facebook, enterprise-level internet security watchdog Sophos is again raising a red flag in the hopes that, this time, their message hits home.

Stealing identities is easier than ever on Facebook, despite the social networking site’s improved security features. Just bare hours ago, Sophos released to technology reporters the results of an independent study it conducted on Facebook. The experiment results are grim and they indicate that, like most security leaks, the laxity of identity security online is a result of user error.

The Sophos data was released in the wake of Facebook’s site overhaul designed to allow users greater control over the privacy of the data they post on the social networking site. But automated responses like Facebook’s new ‘do will not plug the holes its users insistently punch in the safeguards such websites put in place – there is only so much machines and software can do, as humans are the ones capable of thinking and making decisions, not their machines.

How easy is it to steal identities off Facebook? Very, if the Sophos study results are accurate. Sophos created two fictitious users whose names are anagrams of the terms “false identity (Daisy Felettin, aged 21)” and “stolen identity (56-year-old Dinette Stonily),” the first “user” was identified with a profile picture of a cheap rubber duck, while the second fictitious user posted a profile picture of two cats lying on a rug – simulacra of the types of profile picture the run-of-the-mill Facebook user posts. Each user sent out 100 friend requests to randomly-chosen Facebook users in their age groups.

“Within two weeks, a total of 95 strangers chose to befriend Daisy or Dinette,” according to Sophos head of technology for Asia-Pacific Paul Ducklin said in an email to technology reporters. This rate of response was even higher “than when Sophos first performed this experiment two years ago. Worse still, in the latest study, eight Facebookers befriended Dinette without being asked.”

“We assumed things would be better in 2009 but the situation is worse. This really is a wake-up call,” according to Ducklin, who conducted the study. “Our honeymoon period with social networking sites ought to be over by now – but many users still have a ‘couldn’t care less’ attitude to their personal data.”

According to the results of the Sophos experiment, some “89 percent of the 20-somethings and 57 percent of the 50-somethings who befriended Daisy and Dinette also gave away their full-date-of-birth,” Ducklin noted. Dates of birth are considered vital and sensitive data that are used to identify people through their social security numbers, passports and credit card data. “Nearly all the others suppressed their year of birth, but this is often easy to calculate or to guess from other information given out,” Ducklin warned. “Even worse, just under half of the 20-ish crowd, and just under a third of the 50-ish crowd, gave away personal information about their friends and family.”

“People aren’t just handing over their own life story to criminals,” Ducklin said by way of warning, pointing out an oft-repeated refrain among internet security specialists – meaning every anti-virus maker on the planet, including enterprise-level specialists whose clients have the most to lose through employees who may be victimized by identity thieves and money-motivated hackers. “They’re betraying people close to them, too, by helping those cybercrooks build up a detailed picture of their life and their milieu. This is an identity scammer’s dream.”

Ducklin’s email had a ring of urgency, as he said “Sophos is calling on users of social networking sites to think much more strictly about what it means to accept someone as your friend.” He clarified that “we’re not trying to be killjoys. We just want you to be much more circumspect about whom you choose to trust online.”

According to Sophos senior technology consultant Graham Cluely, “10 years ago it would have taken several weeks for con artists and identity thieves to gather this kind of information about a single person.” Now, he said the time to identity theft and forgery is that much shorter: “Social networks have made it easier for the bad guys to scoop up information about innocent members of the public. Everyone must learn to be more careful about how they share information online, or risk becoming the victims of identity thieves.”

To keep your identity and the identities of your kith and kin safe online, Sophos offers these top tips for Facebookers and people who use other social networking sites:

1) Don’t blindly accept friends. Treat a friend as the dictionary does, namely”someone whom you know, like and trust.” A friend is not merely a button you click on. You don’t need, and can’t realistically claim to have, 932 true friends.

2) Learn the privacy system of any social networking site you join. Use restrictive settings by default. You can open up to true friends later. Don’t give away too much too soon.

3) Assume that everything you reveal on a social networking site will be visible on the internet for ever. Once it has been searched, and indexed, and cached, it may later turn up online no matter what steps you take to delete it.

These are warnings that have been said all too often in the two years that have seen the explosion of public soul-baring on the social networks that line the Information Superhighway. Perhaps now is the time to heed that call.