When so many of my Facebook friends started rushing like lemmings to play the viral “Name ten concerts you attended, with one phony one” game yesterday, I hesitated, and not just because listing Al Jolson, Enrico Caruso and Jenny Lind would reveal my true age. I had just been explaining to a group of Pennsylvania lawyers that they probably weren’t as competent in using technology and social media as they thought they were, and that if there was one thing of value to extract from the last Presidential campaign, it was a searing lesson in the consequences of being naive, lazy and gullible while using the internet. (Yes, I’m looking at you, John Podesta!)
By purest coincidence, yesterday also marked my four hour efforts, involving four phone calls, three phones, two websites, three passwords and a consultant (my son), to switch my e-mail address from Verizon to AOL, since AOL has purchased Verizon’s e-mail business. As I neared the finish line of this ordeal, I encountered AOL’s list of “Secret Security Questions.” One of them was “What was the first concert you attended?‘
Sure enough, this morning the New York Times revealed that internet experts recommend not playing the ten concerts game, or other social media quizzes either. “Privacy experts cautioned it could reveal too much about a person’s background and preferences and sounds like a security question — name the first concert you attended — that you might be asked on a banking, brokerage or similar website to verify your identity,” said the Times.
Michael Kaiser, executive director of the National Cyber Security Alliance, told the paper that while the concerts quiz posed only a moderate security risk (pssst: Moderate risks are still risks), since not every website offered a security question about a person’s first concert, such a list might telegraph information about a user’s age, musical tastes and even religious affiliation, any of which could be used by internet marketers to target the creator. Similarly, the answers to quizzes on Facebook may reveal specifics about a person’s upbringing, culture or other identifying features.
Another privacy expert recommended exercising “vigilance bordering on a little paranoia” in online posts, noting that “We need to understand how we interact can disclose not only specific details but patterns of behavior and often our location, among other things.”
Kaiser concluded with this advice: “People always have to have their eyes wide open when they’re on the internet. It’s the way of the world.”
Except that they don’t have their eyes open. Every fun-loving Facebook user who passed along the concert game was potentially setting up their friends to be hacked. Using the internet, including e-mails, the web and social media, really is like driving on the highway, but a highway with features, potholes, dangers, risks and new traffic patterns that can change daily. Doing so competently and safely requires care, anticipation, caution and skill, and most of us don’t have enough of any of these.
In other words, most of us are too incompetent to use the internet the way we do, and that incompetence can harm us, our families, our friends and our clients.
By the way, here’s my list of concerts (and one’s a lie, though it shouldn’t be)…
1. Victor Borge
2. Jimmy Durante
3. The Happenings
4. Marlene Dietrich
5. Martyn Green
6. Paul McCartney
7. Bonnie Raitt
8. The Neville Brothers
9. Ladysmith Black Mambazo
10. Anna Russell
Hey, only five of them are dead!
Anyone who can figure out anything about me from that list that isn’t readily available elsewhere has earned their hack.