Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
Social network sites (SNSs) such as MySpace, Facebook, Twitter, and Tagged have attracted millions of users, many of whom have integrated these sites into their daily practices. As of this writing, there are hundreds of SNSs, with various technological affordances, supporting a wide range of interests and practices. While their key technological features are fairly consistent, the cultures that emerge around SNSs are varied. Most sites support the maintenance of pre-existing social networks, but others help strangers connect based on shared interests, political views, or activities. Some sites cater to diverse audiences, while others attract people based on common language or shared racial, sexual, religious, or nationality-based identities. Sites also vary in the extent to which they incorporate new information and communication tools, such as mobile connectivity, blogging, and photo/video-sharing. Scholars from disparate fields have examined SNSs in order to understand the practices, implications, culture, and meaning of the sites, as well as users' engagement with them. This special theme section of the Journal of Computer-Mediated Communication brings together a unique collection of articles that analyze a wide spectrum of social network sites using various methodological techniques, theoretical traditions, and analytic approaches. By collecting these articles in this issue, our goal is to showcase some of the interdisciplinary scholarship around these sites. The purpose of this introduction is to provide a conceptual, historical, and scholarly context for the articles in this collection. We begin by defining what constitutes a social network site and then present one perspective on the historical development of SNSs, drawing from personal interviews and public accounts of sites and their changes over time. Following this, we review recent scholarship on SNSs and attempt to contextualize and highlight key works. We conclude with a description of the articles included in this special section and suggestions for future research.
popular terms include "Friends," "Contacts," and "Fans." Most SNSs require bi-directional confirmation for Friendship, but some do not. These one-directional ties are sometimes labeled as "Fans" or "Followers," but many sites call these Friends as well. The term "Friends" can be misleading, because the connection does not necessarily mean friendship in the everyday vernacular sense, and the reasons people connect are varied (boyd, 2006a). The public display of connections is a crucial component of SNSs. The Friends list contains links to each Friend's profile, enabling viewers to traverse the network graph by clicking through the Friends lists. On most sites, the list of Friends is visible to anyone who is permitted to view the profile, although there are exceptions. For instance, some MySpace users have hacked their profiles to hide the Friends display, and LinkedIn allows users to opt out of displaying their network. Most SNSs also provide a mechanism for users to leave messages on their Friends' profiles. This feature typically involves leaving "comments," although sites employ various labels for this feature. In addition, SNSs often have a private messaging feature similar to webmail. While both private messages and comments are popular on most of the major SNSs, they are not universally available. Not all social network sites began as such. QQ started as a Chinese instant messaging service, LunarStorm as a community site, Cyworld as a Korean discussion forum tool, and Skyrock (formerly Skyblog) was a French blogging service before adding SNS features. Classmates.com, a directory of school affiliates launched in 1995, began supporting articulated lists of Friends after SNSs became popular. AsianAvenue, MiGente, and BlackPlanet were early popular ethnic community sites with limited Friends functionality before re-launching in 2005-2006 with SNS features and structure. Beyond profiles, Friends, comments, and private messaging, SNSs vary greatly in their features and user base. Some have photo-sharing or video-sharing capabilities; others have built-in blogging and instant messaging technology. There are mobile-specific SNSs (e.g., Dodgeball), but some web-based SNSs also support limited mobile interactions (e.g., Facebook, MySpace, and Cyworld). Many SNSs target people from specific geographical regions or linguistic groups, although this does not always determine the site's constituency. Orkut, for example, was launched in the United States with an English-only interface, but Portuguese-speaking Brazilians quickly became the dominant user group (Kopytoff, 2004). Some sites are designed with specific ethnic, religious, sexual orientation, political, or other identity-driven categories in mind. There are even SNSs for dogs (Dogster) and cats (Catster), although their owners must manage their profiles. While SNSs are often designed to be widely accessible, many attract homogeneous populations initially, so it is not uncommon to find groups using sites to segregate themselves by nationality, age, educational level, or other factors that typically segment society (Hargittai, this issue), even if that was not the intention of the designers.
Figure 1. Timeline of the launch dates of many major SNSs and dates when community sites relaunched with SNS features Like any brief history of a major phenomenon, ours is necessarily incomplete. In the following section we discuss Friendster, MySpace, and Facebook, three key SNSs that shaped the business, cultural, and research landscape.
Identity Theft
Identity thieves use an individuals personal information to pretend to be them often for financial gain. The information users post about themselves on social networks may make it possible for an identity thief to gather enough information to steal an identity. In 2009, researchers at Carnegie University Mellon published a study showing that it is possible to predict most and sometimes all of an individuals 9-digit Social Security number using information gleaned from social networks and online databases. (See Predicting Social Security Numbers from Public Data by Acquisti and Gross) Information often targeted by identity thieves includes:
Passwords Bank account information Credit card numbers Information stored on a users computer such as contacts Access to the users computer without his or her consent (for example, through malware) Social Security numbers. Remember that the key to identity theft is the Social Security number. Never provide a Social Security number through a social networking service.
Illegitimate third-party applications. These rogue applications may appear similar to other third-party applications but are designed specifically to gather information. This information may be sold to marketers but could also be useful in committing identity theft. These applications may appear as games, quizzes or questionnaires in the format of What Kind of Famous Person Are You? (See ABC's Online Games Can Lead to Identity Theft) False connection requests. Scammers may create fake accounts on social networks and then solicit others to connect with them. These fake accounts may use the names of real people, including acquaintances, or may be entirely imaginary. Once the connection request is accepted, a scammer may be able to see restricted and private information on a users profile. (See ReadWriteWeb's Fake Social Networking Profiles: a New Form of Identity Theft in 2009)
For advice on avoiding identity theft on social networks, see Tips to Stay Safe, Private and Secure. Learn more about protecting yourself from identity theft in general by reading PRC Fact Sheet 17: Coping with Identity Theft: Reducing the Risk of Fraud. If you believe you may be the victim of identity theft, read PRC Fact Sheet 17a: Identity Theft: What to Do if It Happens to You.
Malware
Malware (malicious software) is a term that describes a wide range of programs that install on a users computer often through the use of trickery. Malware can spread quickly on a social network, infecting the computer of a user and then spreading to his or her contacts. This is because the malware may appear to come from a trusted contact, and thus users are more likely to click on links and/or download malicious programs. (See Hijacked Accounts) Some common techniques used in spreading malware include:
Shortened URLs, particularly on status update networks or newsfeeds. These may lead the user to download a virus or visit a website that will attempt to load malware on a users computer. Messages that appear to be from trusted contacts that encourage a user to click on a link, view a video or download a file. An email appearing to be from the social network itself, asking for information or requesting a user click on a link. Third-party applications that infect computers with malicious software and spread it to contacts. (See Third-Party Applications) Fake security alerts applications that pose as virus protection software and inform the user that his or her security software is out-of-date or a threat has been detected.
Social Engineering
There are a variety of social engineering scamming techniques which trick users into entering sensitive information. This section describes a few of the well-known techniques.
Phishing attacks are when emails, instant messages or other messages claiming to be from a trusted source ask for information. For example, an email may appear to be from a bank and could direct a user to enter a password at a fake login page, or tell a user to call a phone number or risk having their account closed. For tips on how to spot and avoid phishing attacks, see FTC Alert How Not to Get Hooked by a 'Phishing' Scam and OnGuardOnline's Phishing page. Some Internet browsers, such as recent versions of
Mozilla Firefox and Internet Explorer, have taken steps to help identify fake websites. (See GetSafe Online's Avoid Criminal Websites for these and other tips.)
Spear phishing is a type of phishing attack that appears to be from a colleague, employer or friend and includes a link or something to download. (This is often the result of account hijacking.) These links or downloads can be malicious, such as viruses or fake websites that solicit personal information. Misleading solicitations. A social network might use social engineering to make people feel obligated to join. This often occurs when one person joins and (often inadvertently) provides the social network with access to his or her contact list. The social network then sends out emails to all of his or her contacts, often implying they are from the individual who joined. For example, it has been reported that Tagged.com solicits contacts of users with emails claiming the recipient has been tagged. These emails state: Is <user name> your friend? Please respond or <user name> may think you said no :( or <user name> sent you photos on Tagged. The recipient may believe this is a personal invitation from the user and feel obligated to join the network, giving out his or her information and perhaps perpetuating the solicitations. See Time's Tagged: The World's Most Annoying Website for more information. Hijacked accounts. A legitimate account may be taken over by an identity thief or malware for the purpose of fraud such as posting spam, sending out malware, stealing the private data of contacts or even soliciting contacts to send money. One typical scenario is when a hijacked account sends out messages stating that the account owner is overseas and in desperate straits. Contacts are urged to immediately wire money. A user may not realize his or her account has been hijacked for quite some time. An attack could also be in the form of a chat conversation.
How is it possible to identify the legitimate messages from the hoaxes? Use an up-to-date email client such as Microsoft Outlook 2007, Outlook Express or Mozilla Thunderbird which have spam filtering enabled and checks for phishing messages (phishing messages are falsified emails that use these tactics to obtain your username, password or other personal information) Never open an attachment unless its from someone you know, and you are expecting to receive it. If you have any doubt, then contact the individual and ask if he/she actually did send it.
Use up-to-date antivirus/anti-malware software on your computer to block any harmful files that you may have accidentally opened. Always use common sense on the web and in email; take an extra moment or two to think about what you have received or are about to do.
Conclusion
Social networking sites can be valuable sales and marketing tools, as well as fun diversions. Inherent in these applications are security risks that can put the individual or a company in a compromising position or at serious risk. Aside from not using these sites at all, end-user education, alongside documented policies and procedures, is the most fundamental protection that exists. A well-informed user will not only help to maintain security, but will also educate others on these issues and establish best practices which can be standardized and updated as applications mature or as new applications come along.
References
Social Network Sites: Definition, History, and Scholarship http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html Social Networking Privacy:How to be Safe, Secure and Social http://www.privacyrights.org/social-networking-privacy The Security Risks of Social Networks http://www.focus.com/fyi/security-risks-social-networks/ Social networking and security risks By Brad Dinerman http://www.gfi.com/whitepapers/Social_Networking_and_Security_Risks.pdf
Prepared by
: :
Muhammad Amirul Bin Talib (3112036181) Muhammad Rais Bin Ibrahim (3112031871) Mohd Noor Rizal Bin Arbain
Lecturer