Think your work Blackberry is private?

Today's Poked column was inspired by a coworker, who came to me with a query I suspect is fairly common, about privacy and our work phones. It made me think that many folks have spent quite a bit of time complaining about Facebook and its privacy issues, but it also made me wonder if they've taken the time to look at another privacy issue: what's being monitored on our work equipment like Blackberries.

It also made me realize that I haven't really read our company's IT policy? It's 13 pages long, single-spaced. If I had read past the first few paragraphs, I would have come across a very clearly stated policy -- on page two -- that details how I have absolutely no "reasonable expectation'' of privacy or confidentiality when I'm using company equipment like a desktop computer or Blackberry, even if I'm using my personal e-mail account.

I wonder if Sgt. Quon of the Ontario, Calif., police department read his company policy before he signed it. His was fairly similar to mine. Still, Quon argued that when the police department read personal text messages he sent from his company-issued pager, they were violating his constitutional right against unreasonable search.

Quon took the case to the Supreme Court, which ruled against him.

The court took care to say that it was a narrow decision, cautioning that it should not be used to establish "far-reaching premises that define the existence, and extent, of privacy expectations of employees using employer-provided communication devices.''

Journalists, like many professionals, practically live on their Blackberries. (Well, not me -- but I do live on my Droid, although I own it.) They have their work e-mail accounts, but also personal e-mail, Facebook and instant messaging, at least, installed on their smartphones.

I've always been skeptical about anything I do on a work computer or device. But I'm just one camp, says employment lawyer Chris Parlo. Parlo, who is based in New York with Morgan Lewis, says there's a whole other group of people out there, like my co-worker, and like Quon, who have different expectations of privacy.

Parlo thinks the Supreme Court decision has put companies and workers on notice.

Employers need to make sure they have policies that are well-known, clear and broad, so it captures all devices, situations and scenarios in which this might be an issue.

Workers need to have a reality check, too, he says. "I think the average worker has to understand that they're not free to do whatever they want, and should pay careful attention to what the employer has told them about what restrictions of personal use are on workplace devices.''

Have you read your company's IT policy? Did it made you switch from one camp to the other?

Posted by Niala Boodhoo on | | Comments (1) | TrackBack (0)

Are we 'dumb' for trusting Facebook?

Business Insider is reporting that when Facebook CEO Mark Zuckerberg was 19 and started the site at Harvard, he sent the following IM convo to a friend:

Zuck Zuckerberg: Yeah so if you ever need info about anyone at Harvard

Zuckerberg: Just ask.

Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How'd you manage that one?

Zuckerberg: People just submitted it.

Zuckerberg: I don't know why.

Zuckerberg: They "trust me"

Zuckerberg: Dumb fucks.

If we assume this information is true, should we care? On one hand, he was 19 when he wrote it and probably just saying it in jest. But it sure doesn't help recent feelings swelling up about Facebook's privacy changes.

Have the changes in Facebook's tools and settings making you rethink how you use Facebook? Or is it not that big of a deal for you?

Posted by Bridget Carey on | | Comments (0) | TrackBack (0)

Sarah K. Noonan: The fake Facebook 'friend' that duped hundreds

Noonan_pic Meet Sarah K. Noonan: She's attractive. She's 27. She lives in Miami and is in a complicated relationship. She's a Democrat with more than 480 friends on Facebook.

And she doesn't exist.

Sarah K. Noonan was a fake account on Facebook that duped 48 friends in my network who added her as a friend. Dozens of her "friends" have told me they added her because they assumed they met the smokey-eyed, dark-haired girl from somewhere before. And they trusted her because they had friends in common with the phony account.

Her profile was created in February as a marketing experiment by the Canadian advertising agency RPCGROUP, and had been friending an average of 20 people a day for the past few weeks. It was removed
from Facebook around 2 p.m. Monday after I interviewed the agency's chief executive, Rod Ponce, about the account.

Ponce said a group of RPCGROUP interns created the Noonan account to explore what makes a trendsetter and how users react to different types of posts. He stressed it was not used in a commercial
way to promote anything and has apologized for any confusion this may have caused.

"We don't want to offend anybody," Ponce said. "It's really to see how people socialized."

In fact, it was so easy for Noonan to get friends, Ponce said it freaked out one of his interns who unfriended anyone he didn't know on his profile. Between 30 to 40 percent of the people Noonan friended accepted the request.

"You accept people and sometimes you don't really know why you're accepting people,'' Ponce said.

Ponce hopes this helps shed light on the value of paying for advertising on Facebook.

"At the end of the day, is it really an effective tool for our clients or is it just a lot of smoke and mirrors?'' Ponce said. "It's about opening up a major can of worms with Facebook and saying, 'How many of
your people are real?' Is it really fair to those that pay for cost-per-impression?''

Ponce sent me this via e-mail Monday afternoon after we chatted over the phone:

Since our conversation we have disabled Sarah K. Noonan's profile and apologize for any confusion this may have caused.

Our Asset Project was in no way malicious in intent, but rather it took shape in the spirit of learning about the nature behind building social networks and in particular evaluating the effectiveness of Facebook as a tool for clients to commercialize their products/services.  Our experiment was initiated at the beginning of the year and stemmed from the lack of a standard ROI formula for our clients. 

There are way too many people who claim to be experts in the social media camp. We don't claim to be experts, but rather built our research through old fashioned collection of empirical data.  Since its inception we have not commercialized, nor have gained any revenues through this project.  We have been accumulating data in regards to evaluating interactions through engagement statements, the role of common interests in building social networks and how easily people create relationships through Facebook.

RPCGROUP's experiment may have been intended as innocent marketing research, but more than 480 people just gave a false account access to their information by adding her as a friend.

It rattled a few of my friends to know they had added a phony account. I contacted everyone listed as a mutual friend between Noonan and me, and every person who responded said they didn't know who she was.

Moments like this reveal that we can be too trusting of a simple profile with a pretty face. Luckily for these people, Noonan wasn't a cyber criminal.

Using a fake name or operation under a false identity is a violation of Facebook's policy. The site also has systems in place to flag or block potential fake accounts, according to Facebook spokesman Simon Axten.

"Users who send lots of messages to non-friends, for example, or whose friend requests are rejected at a high rate, are marked as suspect,'' Axten wrote in an e-mail. "We've built extensive greylists that prevent users from signing up with names commonly associated with fake accounts. There's always room for improvement, which is why we have teams of security experts and engineers working on these systems and developing new ones.''

But Facebook didn't catch ``Noonan'' -- and neither did more than 480 people.

When you consider how "she'' operated, it's easy to see why.

"Noonan'' sent a friend request to practically everyone in The Miami Herald's Business section Facebook page with the message: "Hi, I came across your profile in The Miami Herald Business section page. I am currently expanding my network base and wanted to reach out and say hi.''

Sweet girl sending out a sweet message. What fake account would do that? But the account didn't respond to follow-up messages my co-workers or I sent. Red flag No. 1.

A closer look at her profile raised more eyebrows. Noonan never made a status update or shared a link from the Facebook website. She posted via a paid application used by marketers called Sendible, but a Facebook application was created to disguise the Sendible feature, calling itself ``Mobile Phone.'' So all her time stamps ended with "via Mobile Phone.'' You wouldn't know something was weird unless you clicked on those words. Sendible's CEO, Gavin Hammar, told me the paid service used by Noonan was tied to RPCGROUP.

The third red flag: Not one post on "Sarah's'' wall was from a friend, nor did the account ever interact with friends. The posts were meaningless -- such as a music clip from YouTube, a link to a story from another publication or innocuous thought. ("Long day ... calling it a night.'')

Noonan_large David Clarke, CEO of interactive marketing agency BGT Partners in Aventura, saw Noonan's account and said he's seen more marketers use Facebook accounts to promote material.

"In many instances it is better and easier to get friends than fans -- there is very little difference,'' Clarke said. "It is just too easy to scam Facebook and create a fake person -- especially when you use a young, cute girl as your profile picture.''

Cyber criminals and spammers typically won't waste their time putting that much effort into a profile. Kevin Haley, director at Symantec Security Response, said the bad guys usually "hit and run'' on Facebook by breaking into a real account, spreading malicious links and spam until they get caught. It's not profitable to waste time building a fake account and adding friends.

Haley wrote about The Ghosts of Facebook last week when a fake account posing as a Jacksonville University student got 562 friends without even trying to look as real as Noonan did.

Dave Marcus, director of security research at McAfee, said McAfee partners with Facebook's security team. He's found that as long as there's some friend in common, people will trust and accept a friendship.

"It's amazing how many people 'friend' something,'' Marcus said. ``It's that transient trust thing.''

As in the "real'' world, it's wise to check someone out before you add them as a friend. Do a quick Google search on their name. Or send a nice message asking how they know you or where you met.

It's your profile -- protect it. Facebook can block outsiders from seeing your stuff, but it can't stop the people you let in.


Posted by Bridget Carey on | | Comments (16) | TrackBack (0)

Time to review your Facebook privacy settings again

SkynetAs a sci-fi geek, when I heard of Facebook's changes, the first thing that came to mind was how it's becoming like Skynet -- and I wasn't the only one to think that.

All right, maybe it's an exaggeration to compare Facebook to the artificial intelligence software that tried to destroy mankind in the Terminator movies. But like the ubiquitous Skynet, it is integrating itself into many major websites in new ways.

Facebook is giving outside websites access to the information you make public. You should take the time to go back into your privacy settings and see what new ways it has attached itself to your online life.

For example, go on and you'll see a widget that shows which CNN stories have been shared by people who are your Facebook friends. If you're not logged in to Facebook, it just shows what stories are popular with all Facebook users.

Some of these changes are cool and make sharing quicker -- such as being able to mark that you "like" a website without ever going to Facebook.

Or if you listen to music on , it can recommend playlists based on the artists you like on Facebook.

Your friends on Facebook can also share details about you via the websites they go to -- as long as you make that info available to everyone. The example Facebook uses is when a friend goes to a greeting card website, that site may prompt the friend that your birthday is coming up (if your birthday isn't private).

Here's how to control what is being shared on these sites:

Control what your friends share: Under Privacy settings, click ``Applications and Websites.'' You'll see the option to control what info websites can tap into from your friends' accounts and share (as long as that info is public).

Control what sites automatically personalize: Under the same ``Applications and Websites'' area, the last option is to control ``Instant Personalization.'' Here you can turn it off completely. If you want it to be used for some sites and not others, each site has a way to opt out.

If you come across a site that uses instant personalization, such as, you can click "No, thanks,'' at a Facebook prompt on the top of the page and it won't connect.

Posted by Bridget Carey on | | Comments (1) | TrackBack (0)

Get proactive about sites that post personal information

If you're worried about what personal information is out there on the Web about you, be aware of

I typed in my name and it listed a good deal of information that I would never dare put on my social networks. It listed my address. Everyone in my household. My age. My relationship status. My zodiac. My ethnicity. It didn't know my occupation (ironically the easiest information to find about me).

It listed my interests (which it says are toys and reading). It says I have children when I don't. And for a price you could find out my credit and all the info about me on social networks.

But there is a way to take it off.

According Spokeo's site, it "aggregates publicly available information from phone books, social networks, marketing surveys, real estate listings, business websites, and other public sources. Spokeo does not originate data or publish user-generated content like Facebook or MySpace.''

That should make you think twice before filling out some online survey about your household. Here's how to get delisted from Spokeo:

On the very bottom right of the homepage, click the gray "Privacy'' link. Enter the URL of your profile. Type in an e-mail address. Spokeo then sends a link to that e-mail address for you to get rid of your listing.

My parents aren't even on any social network, but they were on here. As our column often points out, there's a lot on the Internet about you. And even when you think you're being good by using privacy settings in Facebook, it's still hard to control everything.

Be aware that there also are sites that aggregate every little thing you've ever put publicly on the Web and put it in a social search engine. Go to and search your name. It had my old MySpace handle, MySpace picture and an incorrect age. It's all stuff I put on the Web, so it's not terrible, but it's not exactly the image I care to represent my professional persona. You can't delete a profile, but you can become a member and "contribute'' the correct information to any profile.

PeekYou says: "The information on PeekYou is already out there. By organizing that data into a better, more useful search engine, we in turn help the public become more aware of both the potential powers and liabilities associated with public knowledge.''

You can contribute by deleting fields. I deleted a bunch and it still had my name, city I worked in and my job. I can upload a photo I like or write the bio the way I want it -- if I so desire.

On the bright side, these sites typically don't appear high on the list when you search your name on Google, Yahoo! or Bing. The popular social networks you belong to, like Facebook, LinkedIn, YouTube and Twitter, will usually be the first results that show up.

Posted by Bridget Carey on | | Comments (1) | TrackBack (0)

Facebook announces privacy changes

After chats with the Office of the Privacy Commissioner of Canada, Facebook announced it will be making changes to privacy settings over the next 12 months. They include:

  • Better explanations in the privacy policy, such as reasons why they collect birth dates, the difference between account deactivation and deletion, how advertising programs work, and accounts that become memorials for dead users.
  • More encouragement for users to review their privacy settings
  • The creation of a new system for third-party applications to access user information. Facebook's release says it "will require applications to specify the categories of information they wish to access and obtain express consent from the user before any data is shared. In addition, the user will also have to specifically approve any access to their friends' information, which would still be subject to the friend's privacy and application settings."

Posted by Bridget Carey on | | Comments (1) | TrackBack (0)

Facebook for work? It's getting harder to keep business out of your personal network.

If Facebook users were a country, it would have the same amount of people as Indonesia, the world's fifth-most populous country.

So it seems we've reached a point where you shouldn't be creeped out when acquaintances from the business world want to "friend'' you.

Think of it as the modern-day (and recession-friendly) equivalent of a business lunch: They're just getting to know you better because they want to do business with you.

That's because they are sensing what a recent social media study by Anderson Analytics documented: Facebookers are the most loyal social networkers compared to Twitter, MySpace or LinkedIn.

When asked which network they found the most valuable, 75 percent of the 5,000 users surveyed said Facebook.

Tom H.C. Anderson, managing partner at Anderson Analytics, said some business users felt like they got better networking value from Facebook because that's where they got better tidbits of personal information, compared to say, LinkedIn, where it's harder to display your personality.

For example, if you see an executive posted photos of a recent Disney World trip and you were also just there, "it gives you something to talk about in a job interview,'' he said.

That makes it more of a challenge to balance a private social networking life with business interests. We're learning this as we go. Bridget relies heavily on privacy settings that accept a lot of people but limit what they can see.

Niala is still trying to keep Facebook as primarily personal. So although her profile is still open to anyone sending a message, she's turned off "add as a friend'' request to help keep the volume down.

Tell us how you deal with the balance issue -- e-mail us at or post a comment below.

Posted by Bridget Carey on | | Comments (2) | TrackBack (0)

Facebook unveils new privacy settings

Hip, hip hooray! Facebook just announced a new series of privacy settings that will give users much more control over who can see what on Facebook.

Basically, their new Publisher Privacy Control will allow you to choose, each time you publish, exactly who sees it. They're rolling it out slowly, to a small group of users, but it will soon be available to everyone.

Facebook's New Privacy Settings Here's how Facebook's Chief Privacy Officer Chris Kelly described it in the blog post: "For example, you may want to make some posts available to everyone, while restricting others to your friends and family. You should be able to make that decision every time you share something on Facebook, and soon you'll be able to do this."

We're thrilled. Finally, you choose, each time you post something, if this is something you want your coworkers, family or friends to see without having to mess around in the confusing privacy interface. You will even be able to send things directly to just two or three people's walls. And, if you're the type of person, like Bridget and I, who have created "groups" of people, this makes those groups suddenly much more useful.

Boca Raton-based Multiply already had this option since 2004 - Bridget wrote about it back in May for its redesign. (If you want to read Bridget's whole post on it, it's here.) Here's an image what it looks like when you upload something to Multiply:

Multiply privacy

It's not the first time we've seen similarities between the sites. Multiply's CEO Peter Pezaris says they had a news feed before Facebook launched its own version. 

Either way, we think it's great that Facebook has acknowledged what a pain their privacy settings have been to use. We're sure this will be a learning curve for most users, as well, considering some people still can't figure out the difference between a wall post and a status update.

We're looking forward to using this feature - and wondering how well it will work to keep certain parts of your Facebook life private.


I spoke with Michael Gersh, Multiply's COO and co-founder, who talked about how the social networking site has had this privacy feature since it launched in 2004. Multiply's audience tends to be families, aka the "Digital Moms," who want to post high resolution photos of baby's first bath with close connections. He said because of that, connections on Multiply have always been set up so they go into categories, like business contacts or family -- meaning not everyone is a "friend." And you can see what friends of friends have publicly posted without connecting to them.

"Facebook added a lot of features after we had it," Gersh said, adding regardless if Facebook modeled it after them or not, "people look to others for innovation."

Posted by Niala Boodhoo on | | Comments (3) | TrackBack (0)

WITI South Florida pannel discussion on social networking in the workplace

Yesterday Niala and I had the honor of moderating a WITI event where technology gurus from local companies spoke about social networking in the workplace, and the security challenges that come when employees use social media.

The panelists included Pete Nicoletti, vice president of secure information services at Terremark; Jay Patel, senior manager of IT advisory services at KPMG; Gabriel Ruiz, director of technology at ADX Technologies; and Kevin Tracy, a senior consulting systems engineer for network security and mobile solutions at Cisco.

It wasn't easy to take notes when you're the moderator, but I did want to summarize some of the great advice the panelists shared with the group Tuesday night at Cisco's Fort Lauderdale office.

The talk jumped between companies blocking Facebook at work, to horror stories of what can come up when you Google search your name ... but all panelists always came back to the core idea of using common sense and setting a social networking guideline for employees.

Fact is, everyone has different ideas on what is acceptable social networking behavior. A millennial might not see a problem with posting party pictures on their Facebook page, because hey - that's their private life and people should understand that. And someone else might not see anything wrong with sending out public tweets about the company layoffs when they are in the middle of the private meeting. The boss might not see things the same way. So there really needs to be a workplace discussion on professional image and making sure you keep personal stuff private, and always think twice about what you post online. Because even things you delete can hang around on the Web.

Jay Patel said he "avoids social networks like the plague." He was off the grid until he broke down and got a Facebook account to get details on his high school reunion gathering. He sees the value in social media, but the biggest problem he has with it is how easy it is for you to lose control of your professional image. Social networks are evolving at a rapid rate, and the information we post about ourselves is being spread and shared in so many ways that you lose total control over what is being posted about your personal life -- and not even privacy settings can do much good. "The technology can't keep up with the technology," he explained.

Pete Nicoletti stressed to keep personal and work stuff very separate. And for personal things, he thinks it is best to not use your real name so it can't be found easily by employers. Kevin Tracy shared the same tip. In Nicoletti's work, he's seen the worst of the worst of corporate social networking disasters, and some of the nastiest problems occur when you share your password with someone and then that person posts horrible things on your profile under your identity. And damage control with a public relations team ain't a cheap or a quick fix.

Tracy mentioned that Cisco has documents for employees regarding social networking faux pas at work. I think this is a great idea.

You can have security programs and measures in place to protect company data from spilling out -- and it's smart to implement tools like that for the workplace. But Patel said at the end of the day, your biggest security flaw is people.

Does your work have a social networking guideline you have to sign? Is it detailed, or does it just stress to use good judgment? Does your human resource department have a workshop on dos and don'ts? Do you even worry about getting in trouble at work for what you do on social networks in your personal time?

Posted by Bridget Carey on | | Comments (0) | TrackBack (0)

Tips on using social media for your business

Last night at a Social Media Club of South Florida meeting in Fort Lauderdale, Miami Realtor Ines Hegedus-Garcia shared some great tips with the crowd about how to use social media for your business. She runs and uses several forms of social media to market her real estate business. She's also on the advisory board of The Social Media Marketing Institute. You can find her on Twitter as @Ines.

As a real estate agent, she has to face the growing challenge of people finding homes on their own through the Internet. You can pretty much find any product or service with a little Google searching these days. So if you're going to use social media to market your company or services, you need to be clear about what value you bring to the table and how you are unique. What can you bring to your profession that no one else can?

"Find out what you're passionate about and what makes you different," she said, adding, "Be genuine. Don't be something you're not. Be yourself."

She said she spends about 5 to 6 hours a day on social media, which includes blogs, Twitter and Facebook. But if you're not sure how to fit it in your day, start by including it in your schedule and see what works and what doesn't. Of course not everyone can dedicate 5 hours a day.

She said being web savvy is no longer about building a webpage that lists your credentials. It's about being helpful to others you connect with online. Of course Niala and I are always preaching about this very thing -- it's it's about what you bring to the conversation that makes you valuable.

This also plays a part in Twitter netiquette. It's not about how many followers you have. It's about what you bring to the conversation.

"Don't go to your friend's followers and say follow me," she said. "It's not about quantity. If you don't engage these people, you're not going to achieve anything."

Hegedus-Garcia encouraged the crowd to combine their personal life with your professional life. I agree -- but of course there needs to be a balance. She tweets, blogs and posts videos about her love of mojitos to promote the Miami scene and encourage people to move down here, but she doesn't get sloshed. She also doesn't have her children mentioned anywhere on her social networks for their protection -- not even a photo on Facebook. Since she uses Facebook to connect with friends and professionals, mixing private things on Facebook isn't something she feels comfortable about doing.

I can understand that. These days it's getting so hard to keep personal stuff, well, personal on Facebook -- even with privacy settings, there are ways of seeing things.

Another Twitter netiquette tip she gave: The hard sale is not welcome. Don't just push your stuff online without interacting with others. You're human. Don't always be the pushy salesman.

The more people that connect with you online increases your social capital -- it's your online influence with a network of people that trust you. Use that social capitol to help others. If you receive a favor, pay them back.

"Start doing favors before you ask for favors," she said -- like retweeting other people's stuff that you like before you ask for people to help you on Twitter.

She also brought up what Niala and I spoke about in a previous post: Have a human name behind the Twitter account, not just a cold company name.

"If there's no person behind the brand, it loses strength," she said. "If people aren't engaging you, its because they don't think you're human." She added, "People want to talk to you, not a business."

Oh, and you can't just dip a toe in the Twitter pool and give up after a week it doesn't work. "You have to try things for at least six months," she said. "Be consistent about it."

Posted by Bridget Carey on | | Comments (9) | TrackBack (0)

Terms of Service | Privacy Policy | Copyright | About The Miami Herald | Advertise