As if everyone doesn’t know already, MySpace is being sued for failing to protect one of its users. I am not going to delve into the details of the case – plenty of speculation already abounds – but I will say I agree that failure to properly supervise a child can be a precursor to problems in almost any environment. I was covertly supervised catching fish off “borrowed” john boats, jumping my BMX bike too short over the neighbors’ flowerbeds, and crashing my go cart into the tires of parked cars on the street – I didn’t understand it, but there was generally some adult around being held accountable. In the internet age, that no longer seems the case.
Some colleagues and I recently launched Tot Jot, geared towards parents of small children, and we presumed a high level of privacy was a foregone conclusion. We leveraged what meager contribution I could make on the matter from my workings over at Spamroll, but I still thought it would still be a good idea to see how the other side works. So I took the plunge and joined MySpace – the goal being to analyze, from a beginner user’s perspective, what makes MySpace so potentially dangerous.
Now, for what I found….
Uh, not much
Hate to disappoint you, but I don’t have any real blatant issues with the way the site is run. No, I didn’t try hammering a style sheet with a cross-site scripting exploit, and no, I didn’t try passing a home-cooked virus to someone via messaging. Those are potential problems that Fox Interactive should take care of on their own. Furthermore, I didn’t try to harrass some underage participant under the guise of being an underage participant – that is an issue for users (and in the case of the underage, for their parents). Considering the sheer number of users on MySpace, the relatively frequency of trouble is probably no more significant than what occurs in the real world – you just hear less about the latter because the citizenry is immune to it – they don’t want to admit the problem is more likely to happen in their own home. You hear about it via MySpace because the mainstream media needs all the attention it can get. Scott Granneman of Security Focus aptly focuses on the mass hysteria begin created by the media – I concur with him wholeheartedly.
As for solutions…
Passing a COPPA agreement to users is not going to stop this type of issue, as users will just lie. Requiring a credit card to join (a favorite web age verification system nowadays), won’t stop it either. Unless MySpace charges, kids are going to grab that wallet after the parents go to bed, enter that card number, and the parents won’t ever know. For goodness sakes, the lawsuit screams of lying about ages anyway – none of these checks are going to bring any additional security to the table. Bruce Schneier noted that MySpace is beefing up its security by allowing restriction of full profile information, but more as a measure to cover its butt in the case of additional lawsuits. That (a lawsuit) is all the previously mentioned measures are going to mitigate, but the change in profile functionality is a different matter altogether.
I say it is a good move to allow users to restrict access to their profiles. And MySpace could go one step further by tightening down the friends and friends of friends functionality too. At Tot Jot, we purposefully restricted user profiles on their behalf, to prevent the inadvertent disclosure of profile information. In fact, we kept profile information to a minimum, and further restricted friends access by creating a one step friends list – you can see who someone’s friends are, but not friends of friends. We made it relatively mistake proof, because we felt our potential userbase was less inclined to understand additional, optional complexity. MySpace, however, is made up of a lot of moderately tech saavy, style-sheet loving, spare-time-on-their-hands types, and they could easily allow the option of restricting profiles, friends list access, etc. Unfortunately, that probably won’t happen, as it would clearly stem MySpace’s growth. And if they are already doing it somehow, they certainly aren’t pubicizing it very well.
If I was a parent of a child on MySpace, I’d be a lot more worried about the government archiving my kid’s records for eternity. Bureaucrats possess less than grand wisdom when it comes to matters like technology (to the point of sounding just plain stupid) – next thing you know, your child will be blacklisted from public educational institutions because he posted his or her thoughts on government waste on a MySpace page. I say give the kid a scholarship – he or she could be a future President. Meanwhile, parents should learn to ignore the hysteria, as well as spend a little more time supervising their children’s online activities.
I once asked how all this growth could be happening at MySpace, questioning whether spyware might be involved. Now, I don’t think that is the case. What I did find is that by putting together an almost non-existent profile on MySpace (I mean devoid of virtually any information besides the required birthday), I seemed to have attracted a lot of interest. Yes, I’ve made a lot of friends on MySpace, although those friends seem to be a lot like me – not very real. Initial friends in my “extended network” (whatever that means), as well as subsequent requests to allow others to “be my friend” (which turned out to be relatively thin in profile, but with lots of friends of their own), lends me to believe there is some gaming going on.
Or maybe that is the real allure of MySpace – making unreal amounts of unreal friends, without really trying. Regardless, the title of this post could easily have been Taming the MySpace Media Frenzy.
And yes, for those who were wondering who my first friend was, his name was Tom.
Seems the MySpace/spyware issue (mentioned in comments) is a spyware company action afterall, and in violation of the MySpace TOSs to boot. The reaction from Zango, when outed, was to dance around the issue (i.e. blame everyone else). I say the Zango executives should quit their day jobs and run for office.